search

headwirecom / peregrine-cms

an api first, head optional cms with based on vuejs and apache sling
Apache License 2.0
52 stars 31 forks source link

Author can drag and drop image and it results in a screen freeze #672

Closed reggie7 closed 3 years ago

reggie7 commented 3 years ago

The author is allowed to grab image with a mouse and drop it elsewhere to cause a disallowed network call that results in an error and screen freeze of the page.

To Reproduce Steps to reproduce the behavior:

  1. Create a new Tenant and open e.g. the index page,
  2. Add an image at the page bottom,
  3. Make sure you have the image component in focus,
  4. Grab the image (not the image component) with a mouse cursor and drop it somewhere else as if you were trying to move the component up.

Expected behavior It's either not allowed or nothing happens or the movement is performed.

Actual behavior There is a network error and the page stays grayed out.

Screenshots 1 dragging

2 after drop

3 logs

4 error

Desktop

Additional Context


1: "    at com.peregrine.admin.resource.AdminResourceHandlerService.moveNode(AdminResourceHandlerService.java:821)"
2: "    at com.peregrine.admin.servlets.MoveNodeTo.handleRequest(MoveNodeTo.java:100)"
3: "    at com.peregrine.commons.servlets.AbstractBaseServlet.doRequest(AbstractBaseServlet.java:93)"
4: "    at com.peregrine.commons.servlets.AbstractBaseServlet.doPost(AbstractBaseServlet.java:87)"
5: "    at org.apache.sling.api.servlets.SlingAllMethodsServlet.mayService(SlingAllMethodsServlet.java:146)"
6: "    at org.apache.sling.api.servlets.SlingSafeMethodsServlet.service(SlingSafeMethodsServlet.java:342)"
7: "    at org.apache.sling.api.servlets.SlingSafeMethodsServlet.service(SlingSafeMethodsServlet.java:374)"
8: "    at org.apache.sling.engine.impl.request.RequestData.service(RequestData.java:552)"
9: "    at org.apache.sling.engine.impl.filter.SlingComponentFilterChain.render(SlingComponentFilterChain.java:44)"
10: "   at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:82)"
11: "   at org.apache.sling.engine.impl.SlingRequestProcessorImpl.processComponent(SlingRequestProcessorImpl.java:283)"
12: "   at org.apache.sling.engine.impl.filter.RequestSlingFilterChain.render(RequestSlingFilterChain.java:49)"
13: "   at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:82)"
14: "   at com.peregrine.versions.VersioningRequestFilter.doFilter(VersioningRequestFilter.java:51)"
15: "   at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:72)"
16: "   at org.apache.sling.engine.impl.debug.RequestProgressTrackerLogFilter.doFilter(RequestProgressTrackerLogFilter.java:110)"
17: "   at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:72)"
18: "   at org.apache.sling.i18n.impl.I18NFilter.doFilter(I18NFilter.java:131)"
19: "   at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:72)"
20: "   at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:78)"
21: "   at org.apache.sling.engine.impl.SlingRequestProcessorImpl.doProcessRequest(SlingRequestProcessorImpl.java:151)"
22: "   at org.apache.sling.engine.impl.SlingMainServlet.service(SlingMainServlet.java:250)"
23: "   at org.apache.felix.http.base.internal.handler.ServletHandler.handle(ServletHandler.java:123)"
24: "   at org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:86)"
25: "   at org.apache.sling.junit.impl.servlet.TestLogServlet$TestNameLoggingFilter.doFilter(TestLogServlet.java:257)"
26: "   at org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:142)"
27: "   at org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:81)"
28: "   at org.apache.sling.i18n.impl.I18NFilter.doFilter(I18NFilter.java:131)"
29: "   at org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:142)"
30: "   at org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:81)"
31: "   at org.apache.sling.engine.impl.log.RequestLoggerFilter.doFilter(RequestLoggerFilter.java:75)"
32: "   at org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:142)"
33: "   at org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:81)"
34: "   at org.apache.sling.engine.impl.parameters.RequestParameterSupportConfigurer.doFilter(RequestParameterSupportConfigurer.java:67)"
35: "   at org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:142)"
36: "   at org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:81)"
37: "   at org.apache.felix.http.base.internal.dispatch.Dispatcher$1.doFilter(Dispatcher.java:146)"
38: "   at org.apache.felix.http.base.internal.whiteboard.WhiteboardManager$2.doFilter(WhiteboardManager.java:1002)"
39: "   at org.apache.felix.http.sslfilter.internal.SslFilter.doFilter(SslFilter.java:97)"
40: "   at org.apache.felix.http.base.internal.handler.PreprocessorHandler.handle(PreprocessorHandler.java:136)"
41: "   at org.apache.felix.http.base.internal.whiteboard.WhiteboardManager$2.doFilter(WhiteboardManager.java:1008)"
42: "   at org.apache.felix.http.base.internal.whiteboard.WhiteboardManager.invokePreprocessors(WhiteboardManager.java:1012)"
43: "   at org.apache.felix.http.base.internal.dispatch.Dispatcher.dispatch(Dispatcher.java:91)"
44: "   at org.apache.felix.http.base.internal.dispatch.DispatcherServlet.service(DispatcherServlet.java:49)"
45: "   at javax.servlet.http.HttpServlet.service(HttpServlet.java:725)"
46: "   at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:763)"
47: "   at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:551)"
48: "   at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)"
49: "   at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1610)"
50: "   at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)"
51: "   at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1363)"
52: "   at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)"
53: "   at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:489)"
54: "   at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1580)"
55: "   at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)"
56: "   at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1278)"
57: "   at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)"
58: "   at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:221)"
59: "   at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)"
60: "   at org.eclipse.jetty.server.Server.handle(Server.java:500)"
61: "   at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:383)"
62: "   at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:547)"
63: "   at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:375)"
64: "   at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:273)"
65: "   at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)"
66: "   at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)"
67: "   at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117)"
68: "   at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)"
69: "   at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)"
70: "   at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)"
71: "   at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129)"
72: "   at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:375)"
73: "   at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:806)"
74: "   at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:938)"
75: "   at java.base/java.lang.Thread.run(Thread.java:834)"
76: "Caused by: com.peregrine.admin.resource.AdminResourceHandler$ManagementException: Cannot move resource '/content/test_2/pages/index' below itself or one of its descendants '/content/test_2/pages/index/jcr:content/nebf8e89b-7765-4d9c-9e19-bff3f4d03a7b'"
77: "   at com.peregrine.admin.resource.AdminResourceHandlerService.moveNode(AdminResourceHandlerService.java:811)"
78: "   ... 74 more"
message: "Failed to Move Resource. From: '/content/test_2/pages/index' to: '/content/test_2/pages/index/jcr:content/nebf8e89b-7765-4d9c-9e19-bff3f4d03a7b/n18f5aba5-9653-4db0-9a20-13092813533f'"```
reusr1 commented 3 years ago

@Felix-Puetz we should make sure only components can be dropped