From: markt <markt@13f79535-47bb-0310-9956-ffa450edef68>
Date: Tue, 23 Nov 2010 17:59:49 +0000 (+0000)
Subject: Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=50318
X-Git-Url: https://git.internetallee.de/?a=commitdiff_plain;h=53ee07ac13b5ea48648614f35aeb037ab996c7b1;p=tomcat7.0

Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=50318
Avoid NPE when viewing session detail for expired sessions

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@1038235 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index aca59a5ca..6d72bcb33 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -290,31 +290,35 @@
         Improve Tomcat Logging documentation. (kkolinko)
       </update>
       <fix>
-        <bug>50303</bug>: Update JNDI how-to to reflect new JavaMail download
-        location and that JAF is now included in Java SE 6. (markt) 
+        <bug>50303</bug>: Update JNDI how-to to reflect the new JavaMail
+        download location and that JAF is now included in Java SE 6. (markt) 
       </fix>
       <fix>
-        Fix ordering functionality on sessions page for HTML Manager 
+        Fix ordering functionality on sessions page for the HTML Manager 
         application. (markt)
       </fix>
       <fix>
-        Fix primary sessions not always being treated as such in HTML Manager 
-        application. (markt)
+        Fix primary sessions not always being treated as such in the HTML
+        Manager application. (markt)
       </fix>
       <fix>
-        Fix message not being displayed after session attribute removal in HTML
-        Manager application. (markt)
+        Fix message not being displayed after session attribute removal in the
+        HTML Manager application. (markt)
       </fix>
       <fix>
-        <bug>50310</bug>: Fix display of Servlet information in Manager
+        <bug>50310</bug>: Fix display of Servlet information in the Manager
         application. (markt)
       </fix>
       <fix>
-        CVE-2010-4172: Multiple XSS in Manager application. (markt/kkolinko)
+        CVE-2010-4172: Multiple XSS in the Manager application. (markt/kkolinko)
       </fix>
       <fix>
-        <bug>50316</bug>: Fix display of negative values in Manager application.
-        (kkolinko)
+        <bug>50316</bug>: Fix display of negative values in the Manager 
+        application. (kkolinko)
+      </fix>
+      <fix>
+        <bug>50318</bug>: Avoid NPE when trying to view session detail for an
+        expired session in the Manager application. (markt)
       </fix>
     </changelog>
   </subsection>
diff --git a/webapps/manager/WEB-INF/jsp/sessionDetail.jsp b/webapps/manager/WEB-INF/jsp/sessionDetail.jsp
index 2cef06629..d711f7f6c 100644
--- a/webapps/manager/WEB-INF/jsp/sessionDetail.jsp
+++ b/webapps/manager/WEB-INF/jsp/sessionDetail.jsp
@@ -32,8 +32,14 @@
    String version = (String) request.getAttribute("version");
    ContextName cn = new ContextName(path, version);
    Session currentSession = (Session)request.getAttribute("currentSession");
-   HttpSession currentHttpSession = currentSession.getSession();
-   String currentSessionId = JspHelper.escapeXml(currentSession.getId());
+   String currentSessionId = null;
+   HttpSession currentHttpSession = null;
+   if (currentSession != null) {
+       currentHttpSession = currentSession.getSession();
+       currentSessionId = JspHelper.escapeXml(currentSession.getId());
+   } else {
+       currentSessionId = "Session invalidated";
+   }
    String submitUrl = JspHelper.escapeXml(response.encodeURL(
            ((HttpServletRequest) pageContext.getRequest()).getRequestURI() +
            "?path=" + path + "&version=" + version));
@@ -50,118 +56,122 @@
     <title>Sessions Administration: details for <%= currentSessionId %></title>
 </head>
 <body>
-<h1>Details for Session <%= currentSessionId %></h1>
-
-<table style="text-align: left;" border="0">
-  <tr>
-    <th>Session Id</th>
-    <td><%= currentSessionId %></td>
-  </tr>
-  <tr>
-    <th>Guessed Locale</th>
-    <td><%= JspHelper.guessDisplayLocaleFromSession(currentSession) %></td>
-  </tr>
-  <tr>
-    <th>Guessed User</th>
-    <td><%= JspHelper.guessDisplayUserFromSession(currentSession) %></td>
-  </tr>
-  <tr>
-    <th>Creation Time</th>
-    <td><%= JspHelper.getDisplayCreationTimeForSession(currentSession) %></td>
-  </tr>
-  <tr>
-    <th>Last Accessed Time</th>
-    <td><%= JspHelper.getDisplayLastAccessedTimeForSession(currentSession) %></td>
-  </tr>
-  <tr>
-    <th>Session Max Inactive Interval</th>
-    <td><%= JspHelper.secondsToTimeString(currentSession.getMaxInactiveInterval()) %></td>
-  </tr>
-  <tr>
-    <th>Used Time</th>
-    <td><%= JspHelper.getDisplayUsedTimeForSession(currentSession) %></td>
-  </tr>
-  <tr>
-    <th>Inactive Time</th>
-    <td><%= JspHelper.getDisplayInactiveTimeForSession(currentSession) %></td>
-  </tr>
-  <tr>
-    <th>TTL</th>
-    <td><%= JspHelper.getDisplayTTLForSession(currentSession) %></td>
-  </tr>
-</table>
-
-<form method="post" action="<%= submitUrl %>">
-  <div>
-    <input type="hidden" name="sessionId" value="<%= currentSessionId %>" />
-    <input type="hidden" name="action" value="sessionDetail" />
-    <%
-    if ("Primary".equals(request.getParameter("sessionType"))) {
-    %>
-      <input type="hidden" name="sessionType" value="Primary" />
-    <%
-    }
-    %>    <input type="submit" value="Refresh" />
-  </div>
-</form>
+<% if (currentHttpSession == null) { %>
+   <h1><%=currentSessionId%></h1>
+<% } else { %>
+   <h1>Details for Session <%= currentSessionId %></h1>
 
-<div class="error"><%= JspHelper.escapeXml(request.getAttribute("error")) %></div>
-<div class="message"><%= JspHelper.escapeXml(request.getAttribute("message")) %></div>
-
-<table style="text-align: left;" border="1" cellpadding="2" cellspacing="2">
-<% int nAttributes = 0;
-   Enumeration attributeNamesEnumeration = currentHttpSession.getAttributeNames();
-   while (attributeNamesEnumeration.hasMoreElements()) {
-       attributeNamesEnumeration.nextElement();
-       ++nAttributes;
-   }
-%>
-    <caption style="font-variant: small-caps;"><%= JspHelper.formatNumber(nAttributes) %> attributes</caption>
-    <thead>
-        <tr>
-            <th>Remove Attribute</th>
-            <th>Attribute name</th>
-            <th>Attribute value</th>
-        </tr>
-    </thead>
-    <%--tfoot>
-        <tr>
-            <td colspan="3" style="text-align: center;">
-                TODO: set Max Inactive Interval on sessions
-            </td>
-        </tr>
-    </tfoot--%>
-    <tbody>
-<% attributeNamesEnumeration = currentHttpSession.getAttributeNames();
-   while (attributeNamesEnumeration.hasMoreElements()) {
-       String attributeName = (String) attributeNamesEnumeration.nextElement();
-%>
-        <tr>
-            <td align="center">
-                <form method="post" action="<%= submitUrl %>">
-                    <div>
-                        <input type="hidden" name="action" value="removeSessionAttribute" />
-                        <input type="hidden" name="sessionId" value="<%= currentSessionId %>" />
-                        <input type="hidden" name="attributeName" value="<%= JspHelper.escapeXml(attributeName) %>" />
-                        <%
-                          if ("Primary".equals(request.getParameter("sessionType"))) {
-                        %>
-                          <input type="submit" value="Remove" />
-                          <input type="hidden" name="sessionType" value="Primary" />
-                        <%
-                          } else {
-                            out.print("Primary sessions only");
-                          }
-                        %>
-                    </div>
-                </form>
-            </td>
-            <td><%= JspHelper.escapeXml(attributeName) %></td>
-            <td><% Object attributeValue = currentHttpSession.getAttribute(attributeName); %><span title="<%= attributeValue == null ? "" : attributeValue.getClass().toString() %>"><%= JspHelper.escapeXml(attributeValue) %></span></td>
-        </tr>
-<% } // end while %>
-    </tbody>
-</table>
+   <table style="text-align: left;" border="0">
+     <tr>
+       <th>Session Id</th>
+       <td><%= currentSessionId %></td>
+     </tr>
+     <tr>
+       <th>Guessed Locale</th>
+       <td><%= JspHelper.guessDisplayLocaleFromSession(currentSession) %></td>
+     </tr>
+     <tr>
+       <th>Guessed User</th>
+       <td><%= JspHelper.guessDisplayUserFromSession(currentSession) %></td>
+     </tr>
+     <tr>
+       <th>Creation Time</th>
+       <td><%= JspHelper.getDisplayCreationTimeForSession(currentSession) %></td>
+     </tr>
+     <tr>
+       <th>Last Accessed Time</th>
+       <td><%= JspHelper.getDisplayLastAccessedTimeForSession(currentSession) %></td>
+     </tr>
+     <tr>
+       <th>Session Max Inactive Interval</th>
+       <td><%= JspHelper.secondsToTimeString(currentSession.getMaxInactiveInterval()) %></td>
+     </tr>
+     <tr>
+       <th>Used Time</th>
+       <td><%= JspHelper.getDisplayUsedTimeForSession(currentSession) %></td>
+     </tr>
+     <tr>
+       <th>Inactive Time</th>
+       <td><%= JspHelper.getDisplayInactiveTimeForSession(currentSession) %></td>
+     </tr>
+     <tr>
+       <th>TTL</th>
+       <td><%= JspHelper.getDisplayTTLForSession(currentSession) %></td>
+     </tr>
+   </table>
+   
+   <form method="post" action="<%= submitUrl %>">
+     <div>
+       <input type="hidden" name="sessionId" value="<%= currentSessionId %>" />
+       <input type="hidden" name="action" value="sessionDetail" />
+       <%
+       if ("Primary".equals(request.getParameter("sessionType"))) {
+       %>
+         <input type="hidden" name="sessionType" value="Primary" />
+       <%
+       }
+       %>    <input type="submit" value="Refresh" />
+     </div>
+   </form>
+    
+   <div class="error"><%= JspHelper.escapeXml(request.getAttribute("error")) %></div>
+   <div class="message"><%= JspHelper.escapeXml(request.getAttribute("message")) %></div>
+   
+   <table style="text-align: left;" border="1" cellpadding="2" cellspacing="2">
+   <% int nAttributes = 0;
+      Enumeration attributeNamesEnumeration = currentHttpSession.getAttributeNames();
+      while (attributeNamesEnumeration.hasMoreElements()) {
+          attributeNamesEnumeration.nextElement();
+          ++nAttributes;
+      }
+   %>
+       <caption style="font-variant: small-caps;"><%= JspHelper.formatNumber(nAttributes) %> attributes</caption>
+       <thead>
+           <tr>
+               <th>Remove Attribute</th>
+               <th>Attribute name</th>
+               <th>Attribute value</th>
+           </tr>
+       </thead>
+       <%--tfoot>
+           <tr>
+               <td colspan="3" style="text-align: center;">
+                   TODO: set Max Inactive Interval on sessions
+               </td>
+           </tr>
+       </tfoot--%>
+       <tbody>
+   <% attributeNamesEnumeration = currentHttpSession.getAttributeNames();
+      while (attributeNamesEnumeration.hasMoreElements()) {
+          String attributeName = (String) attributeNamesEnumeration.nextElement();
+   %>
+           <tr>
+               <td align="center">
+                   <form method="post" action="<%= submitUrl %>">
+                       <div>
+                           <input type="hidden" name="action" value="removeSessionAttribute" />
+                           <input type="hidden" name="sessionId" value="<%= currentSessionId %>" />
+                           <input type="hidden" name="attributeName" value="<%= JspHelper.escapeXml(attributeName) %>" />
+                           <%
+                             if ("Primary".equals(request.getParameter("sessionType"))) {
+                           %>
+                             <input type="submit" value="Remove" />
+                             <input type="hidden" name="sessionType" value="Primary" />
+                           <%
+                             } else {
+                               out.print("Primary sessions only");
+                             }
+                           %>
+                       </div>
+                   </form>
+               </td>
+               <td><%= JspHelper.escapeXml(attributeName) %></td>
+               <td><% Object attributeValue = currentHttpSession.getAttribute(attributeName); %><span title="<%= attributeValue == null ? "" : attributeValue.getClass().toString() %>"><%= JspHelper.escapeXml(attributeValue) %></span></td>
+           </tr>
+   <% } // end while %>
+       </tbody>
+   </table>
+<% } // endif%>
 
 <form method="post" action="<%=submitUrl%>">
   <p style="text-align: center;">