Mike Jumper created GUACAMOLE-2131:
--------------------------------------
Summary: User update may fail with NPE
Key: GUACAMOLE-2131
URL: https://issues.apache.org/jira/browse/GUACAMOLE-2131
Project: Guacamole
Issue Type: Bug
Components: guacamole
Affects Versions: 1.6.0
Reporter: Mike Jumper
Fix For: 1.6.1
We implement additional filtering and sanity checks on submitted attributes to
remove any that are not specifically declared, determining whether
{{getUserAttributes()}} or {{getUserPreferenceAttributes()}} applies based on
the identity of the object being updated. This works, but the filtering is
based on the username submitted in the received JSON object, which is not
reliable and will not necessarily exist. If the username happens to not be
submitted in the JSON, the update attempt will fail.
In practice, this makes no difference to real-world behavior (there are no
extensions that rely on this filtering, the filtering is not a documented
aspect of the application, and the UI always submits this value), but this
should be fixed.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
