Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-18116

text() function does not work in xpath evaluation on XML API

    • Icon: Bug Bug
    • Resolution: Not A Defect
    • Icon: Major Major
    • core
    • Jenkins v1.5.15

      get http://myserver/job/jobname/185/api/xml?xpath=/*/number
      <number>185</number>

      get http://myserver/job/jobname/185/api/xml?xpath=/*/number/text()
      Error 330 (net::ERR_CONTENT_DECODING_FAILED): Unknown error.

          [JENKINS-18116] text() function does not work in xpath evaluation on XML API

          This has been disabled for security.
          For more infirmation and details on how to manually enable it again please see JENKINS-16877

          Geoff Cummings added a comment - This has been disabled for security. For more infirmation and details on how to manually enable it again please see JENKINS-16877

          Ivan Kurnosov added a comment -

          @Geoff Cummings:

          it should be 403 then, not 330

          Ivan Kurnosov added a comment - @Geoff Cummings: it should be 403 then, not 330

          Geoff Cummings added a comment - - edited

          hmm.. 403 if I try a wget, but chrome gives the Error 330 (net::ERR_CONTENT_DECODING_FAILED): Unknown error.

          wget "https://ci.jenkins-ci.org/view/Jenkins%20core/api/xml?xpath=/listView/job[1]/name/text()"
          --2013-06-20 12:28:55--  https://ci.jenkins-ci.org/view/Jenkins%20core/api/xml?xpath=/listView/job[1]/name/text()
          Resolving ci.jenkins-ci.org (ci.jenkins-ci.org)... 63.246.20.93
          Connecting to ci.jenkins-ci.org (ci.jenkins-ci.org)|63.246.20.93|:443... connected.
          HTTP request sent, awaiting response... 403 Forbidden
          2013-06-20 12:28:55 ERROR 403: Forbidden.
          

          Geoff Cummings added a comment - - edited hmm.. 403 if I try a wget, but chrome gives the Error 330 (net::ERR_CONTENT_DECODING_FAILED): Unknown error. wget "https: //ci.jenkins-ci.org/view/Jenkins%20core/api/xml?xpath=/listView/job[1]/name/text()" --2013-06-20 12:28:55-- https: //ci.jenkins-ci.org/view/Jenkins%20core/api/xml?xpath=/listView/job[1]/name/text() Resolving ci.jenkins-ci.org (ci.jenkins-ci.org)... 63.246.20.93 Connecting to ci.jenkins-ci.org (ci.jenkins-ci.org)|63.246.20.93|:443... connected. HTTP request sent, awaiting response... 403 Forbidden 2013-06-20 12:28:55 ERROR 403: Forbidden.

          Ivan Kurnosov added a comment -

          @Geoff Cummings

          that's weird, thanks

          Ivan Kurnosov added a comment - @Geoff Cummings that's weird, thanks

          Daniel Beck added a comment -

          This issue is caused by the fix to a security issue, see the advisory. It also explains how to work around that problem. However, a better solution exists since 1.537 in Plugins providing an implementation of the SecureRequester interface, e.g.:

          https://wiki.jenkins-ci.org/display/JENKINS/Secure+Requester+Whitelist+Plugin

          I'm resolving this as not a defect, because it's a deliberate change because of security concerns. That it shows a content decoding error instead of "Access Denied" is a different, less important issue.

          Daniel Beck added a comment - This issue is caused by the fix to a security issue, see the advisory . It also explains how to work around that problem. However, a better solution exists since 1.537 in Plugins providing an implementation of the SecureRequester interface, e.g.: https://wiki.jenkins-ci.org/display/JENKINS/Secure+Requester+Whitelist+Plugin I'm resolving this as not a defect , because it's a deliberate change because of security concerns. That it shows a content decoding error instead of "Access Denied" is a different, less important issue.

          Code changed in jenkins
          User: Daniel Beck
          Path:
          core/src/main/java/hudson/model/Api.java
          http://jenkins-ci.org/commit/jenkins/0a241aafdbdf3ad15d34efa3077658c5770b9195
          Log:
          [JENKINS-17374 JENKINS-18116] Don't set gzip header for error

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Daniel Beck Path: core/src/main/java/hudson/model/Api.java http://jenkins-ci.org/commit/jenkins/0a241aafdbdf3ad15d34efa3077658c5770b9195 Log: [JENKINS-17374 JENKINS-18116] Don't set gzip header for error

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: changelog.html http://jenkins-ci.org/commit/jenkins/f56a3bdae5baa68a7427efdface0a04028e7d010 Log: JENKINS-17374 JENKINS-18116 Noting merge of #1260. Compare: https://github.com/jenkinsci/jenkins/compare/3f8fc4e2ec5b...f56a3bdae5ba

          dogfood added a comment -

          Integrated in jenkins_main_trunk #3430
          [JENKINS-17374 JENKINS-18116] Don't set gzip header for error (Revision 0a241aafdbdf3ad15d34efa3077658c5770b9195)
          JENKINS-17374 JENKINS-18116 Noting merge of #1260. (Revision f56a3bdae5baa68a7427efdface0a04028e7d010)

          Result = SUCCESS
          daniel-beck : 0a241aafdbdf3ad15d34efa3077658c5770b9195
          Files :

          • core/src/main/java/hudson/model/Api.java

          Jesse Glick : f56a3bdae5baa68a7427efdface0a04028e7d010
          Files :

          • changelog.html

          dogfood added a comment - Integrated in jenkins_main_trunk #3430 [JENKINS-17374 JENKINS-18116] Don't set gzip header for error (Revision 0a241aafdbdf3ad15d34efa3077658c5770b9195) JENKINS-17374 JENKINS-18116 Noting merge of #1260. (Revision f56a3bdae5baa68a7427efdface0a04028e7d010) Result = SUCCESS daniel-beck : 0a241aafdbdf3ad15d34efa3077658c5770b9195 Files : core/src/main/java/hudson/model/Api.java Jesse Glick : f56a3bdae5baa68a7427efdface0a04028e7d010 Files : changelog.html

          Daniel Beck added a comment -

          Nominating the content decoding fix as lts-candidate.

          Daniel Beck added a comment - Nominating the content decoding fix as lts-candidate.

          Code changed in jenkins
          User: Daniel Beck
          Path:
          core/src/main/java/hudson/model/Api.java
          http://jenkins-ci.org/commit/jenkins/58e6c7ba4d7fafc9dcfd349476876e2876b86d5b
          Log:
          [JENKINS-17374 JENKINS-18116] Don't set gzip header for error

          (cherry picked from commit 0a241aafdbdf3ad15d34efa3077658c5770b9195)

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Daniel Beck Path: core/src/main/java/hudson/model/Api.java http://jenkins-ci.org/commit/jenkins/58e6c7ba4d7fafc9dcfd349476876e2876b86d5b Log: [JENKINS-17374 JENKINS-18116] Don't set gzip header for error (cherry picked from commit 0a241aafdbdf3ad15d34efa3077658c5770b9195)

            Unassigned Unassigned
            navado Robert Navado
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: