chaddn Posted January 18, 2012 Share Posted January 18, 2012 I just installed a clean copy of 4.5.0 CP (on 64bit Centos 5) and imported my 3.7.1 repository. I noticed that on any of my report schedules that I have multiple email recipients I am unable to make changes to those schedules. As soon as I submit the changes I get the following error:"The server has encountered an error. Please excuse the inconvenience. An error has occurred. Please contact your system administrator. (5321)"I also get this error if I try to create a new schedule to multiple email recipients. If I leave only one email address in the To field, it will save the schedule just fine. I am separating the email addresses with commas just as I always have. Here is what jasperserver.log shows pertaining to this:"Invalid input: context=toAddresses-ViewRepository_Schedule_OutputSettings_context, type(Email)=^[\p{L}\p{M}\p{N}._%'-]+@[\p{L}\p{M}\p{N}.-]+\.[a-zA-Z]{2,4}$, input=testa@gmail.com,testb@gmail.comorg.owasp.esapi.errors.ValidationException: toAddresses-ViewRepository_Schedule_OutputSettings_context: Invalid input. Please conform to regex ^[\p{L}\p{M}\p{N}._%'-]+@[\p{L}\p{M}\p{N}.-]+\.[a-zA-Z]{2,4}$ with a maximum length of 200 at org.owasp.esapi.reference.validation.StringValidationRule.checkWhitelist(StringValidationRule.java:144)" Is this a bug or did the address delimiter change? I've been wrestling with this upgrade all afternoon (fixing other report compatability issues) and this is the last one to address so I can move us to the new version. Please help!Thanks!Chadd Link to comment Share on other sites More sharing options...
chaddn Posted January 19, 2012 Author Share Posted January 19, 2012 So it looks like this is an issue with the input validation in the new Security Configuration. If I set "security.validation.input.on=false" then I can add multiple email addresses no problem. Now the question is are there any other negative effects (besides no input validation) if I turn that off? Link to comment Share on other sites More sharing options...
dr_memory Posted January 24, 2012 Share Posted January 24, 2012 Running into this as well myself. Turning off all input validation strikes me as a bad idea; is the regex adjustable from anywhere in properties? Link to comment Share on other sites More sharing options...
rrizzi Posted January 24, 2012 Share Posted January 24, 2012 Hi guys, I too have the same problem.May I kindly ask you from where did you disabled the validation?Thanks,raf Link to comment Share on other sites More sharing options...
chaddn Posted January 24, 2012 Author Share Posted January 24, 2012 in WEB-INF/classes/esapi/security-config.properties set security.validation.input.on=false Link to comment Share on other sites More sharing options...
ehaque Posted January 31, 2012 Share Posted January 31, 2012 I got the same problem while creating/editing any report. Then I set "security.validation.input.on=false" and everything is working now. I am using XP (32 bit) SP3. Putting input validation false is not a good idea I think (though I dont know any option). Is this a bug or I have missed something while installing? Can anybody please help!!! Link to comment Share on other sites More sharing options...
kaiben Posted February 20, 2012 Share Posted February 20, 2012 I recently installed a fresh 4.5 and I'm having this problem too. I tried colon, semi-colon, using the former with and without spaces but to no avail.If the regex stated by chaddn is correct, then this is a bug as the regex does not test for more than one address. br,Ben Link to comment Share on other sites More sharing options...
brooneyx1 Posted February 22, 2012 Share Posted February 22, 2012 Posted to the wrong thread, but still applicable to this one: If I set to false it breaks resource upload. I got this to work by editting the file:WEB-INF/classes/esapi/security-config.propertiesAnd setting:security.validation.input.on=trueI had it set it to false previously in order to fix a bug in scheduled email. With a multi user recipient list, scheduling breaks unless I set this to false. So setting it to false fixed that bug and caused this one. Anyone else have a different fix for the email bug ?Can you all check if you have this values set to false also ? Post Edited by brooneyx1 at 02/22/2012 15:46 Link to comment Share on other sites More sharing options...
gianferr Posted March 9, 2012 Share Posted March 9, 2012 Try replacing in {JasperHome}/apache-tomcat/webapps/jasperserver/WEB-INF/classes/esapi/validation.propertiesValidator.Email=^[\\p{L}\\p{M}\\p{N}._%'-]+@[\\p{L}\\p{M}\\p{N}.-]+\\.[a-zA-Z]{2,4}$withValidator.Email=^[\\p{L}\\p{M}\\p{N}._%'-]+@[\\p{L}\\p{M}\\p{N}.-]+\\.[a-zA-Z]{2,4}(,[\\p{L}\\p{M}\\p{N}._%'-]+@[\\p{L}\\p{M}\\p{N}.-]+\\.[a-zA-Z]{2,4})*$ Seems working! Link to comment Share on other sites More sharing options...
dmromey Posted March 10, 2012 Share Posted March 10, 2012 Tried this, still getting the same error. Link to comment Share on other sites More sharing options...
kaiben Posted March 16, 2012 Share Posted March 16, 2012 gianferrWrote: Try replacing in {JasperHome}/apache-tomcat/webapps/jasperserver/WEB-INF/classes/esapi/validation.properties Validator.Email=^[\p{L}\p{M}\p{N}._%'-]+@[\p{L}\p{M}\p{N}.-]+\.[a-zA-Z]{2,4}$ with Validator.Email=^[\p{L}\p{M}\p{N}._%'-]+@[\p{L}\p{M}\p{N}.-]+\.[a-zA-Z]{2,4}(,[\p{L}\p{M}\p{N}._%'-]+@[\p{L}\p{M}\p{N}.-]+\.[a-zA-Z]{2,4})*$ Seems working! Thanks, that worked for me!Note however that your regex does not allow for spaces between the comma and the next address. Although JasperServer will insert a space next time you open the output pane and thus saving will fail again. So the final solution would be this one:Validator.Email=^[\p{L}\p{M}\p{N}._%'-]+@[\p{L}\p{M}\p{N}.-]+\.[a-zA-Z]{2,4}(, *[\p{L}\p{M}\p{N}._%'-]+@[\p{L}\p{M}\p{N}.-]+\.[a-zA-Z]{2,4})*$ BR,Ben Link to comment Share on other sites More sharing options...
mgeise Posted March 16, 2012 Share Posted March 16, 2012 All,Here is what the final fix to this will be. This issue will be fixed in the next release. the fix is this:1. add new rule to validation.propertiesValidator.EmailAddresses=^[\\p{L}\\p{M}\\p{N}._%'-\\@\\,\\;\\s]+$this uses similar regex to Validation.Email but is not concerned aboutstructure2. apply the new rule to the parameter in question. edit /esapi/security.properties.mailNotification.toAddresses=AlphaDot,EmailAddresses,2000,true,toAddresses-ViewRepository_Schedule_OutputSettings_context[/code] Link to comment Share on other sites More sharing options...
kcd Posted March 20, 2012 Share Posted March 20, 2012 Here is a fix below. Actually Jasperserver should be spliting the email addresses and validating them individually but this will work.You might as well fix queries too, also below Or if you get sick of it, effectively disable a validator like soValidator.Email=^.*$ Code:# Validator.Email=^[\\p{L}\\p{M}\\p{N}._%'-]+@[\\p{L}\\p{M}\\p{N}.-]+\\.[a-zA-Z]{2,4}$# Allow multiple emailsValidator.Email=^[\\p{L}\\p{M}\\p{N}._%'-]+@[\\p{L}\\p{M}\\p{N}.-]+\\.[a-zA-Z]{2,4}[\\s*,\\s*[\\p{L}\\p{M}\\p{N}._%'-]+@[\\p{L}\\p{M}\\p{N}.-]+\\.[a-zA-Z]{2,4}]*$# Validator.ValidSQL=^\\s*((?i)select)\\s+[^;]+$# Fixed for stored procedures etcValidator.ValidSQL=^\\s*(?i)(with\\s+.*)?(select|call|exec(ute)?)\\s+[^;]+$ Link to comment Share on other sites More sharing options...
kcd Posted March 20, 2012 Share Posted March 20, 2012 Whoops, didn't see there was a page 2 when I hit reply.... mgeise has a more complete answer Link to comment Share on other sites More sharing options...
pintoyakoob Posted June 25, 2012 Share Posted June 25, 2012 Your solution helped me security.validation.input.on=false Link to comment Share on other sites More sharing options...
shmee Posted June 26, 2012 Share Posted June 26, 2012 Do you know when the next release is scheduled? Also I used the Validator.EmailAddresses regex for Validation.Email and it seems to be working. Link to comment Share on other sites More sharing options...
mgeise Posted June 26, 2012 Share Posted June 26, 2012 Timing for the next community release will likely be in another around 2-3 months from now. Link to comment Share on other sites More sharing options...
sohan04 Posted June 28, 2012 Share Posted June 28, 2012 Hi,I also found the same problem,after analyzing the jasper server email validator i found comma pattern was missing, i have made it able to wrok as per my requirement .^([\\p{L}\\p{M}\\p{N}._%'-]+@[\\p{L}\\p{M}\\p{N}.-]+\\.[a-zA-Z]{2,4}[,]?)+$Regards,SohanCode:^([\\p{L}\\p{M}\\p{N}._%'-]+@[\\p{L}\\p{M}\\p{N}.-]+\\.[a-zA-Z]{2,4}[,]?)+$ Link to comment Share on other sites More sharing options...
sohan04 Posted June 28, 2012 Share Posted June 28, 2012 Hi,I also found the same problem,after analyzing the jasper server email validator i found comma pattern was missing, i have made it able to wrok as per my requirement .^([\\p{L}\\p{M}\\p{N}._%'-]+@[\\p{L}\\p{M}\\p{N}.-]+\\.[a-zA-Z]{2,4}[,]?)+$Regards,SohanCode:^([\\p{L}\\p{M}\\p{N}._%'-]+@[\\p{L}\\p{M}\\p{N}.-]+\\.[a-zA-Z]{2,4}[,]?)+$ Link to comment Share on other sites More sharing options...
sohan04 Posted July 4, 2012 Share Posted July 4, 2012 dmromeyWrote: Tried this, still getting the same error. Code:Hi,I have analyzed the regex and found that jasper have no validations for comma(,) so i reconstructed the regex Validator.Email=^([\p{L}\p{M}\p{N}._%'-]+@[\p{L}\p{M}\p{N}.-]+\.[a-zA-Z]{2,4}[,]?)+$Here you have comma separated email-id's but there is one clause all the mail id's should be valid i mean there should be no spaces between comma's,domain name must b valid etc.Regards,Sohan Link to comment Share on other sites More sharing options...
tvandenbrink Posted July 19, 2012 Share Posted July 19, 2012 Changed the regex in jasper/apache-tomcat/webapps/jasperserver/WEB-INF/classes/esapi/validation.properties to the following:Validator.Email=^(([\\p{L}\\p{M}\\p{N}._%'-]+@[\\p{L}\\p{M}\\p{N}.:-]+\\.[a-zA-Z]{2,4})+[\\,]?)+$This way you can add multiple emailaddresses. NOTE!!! Don't put spaces between the email addresses. email@addres.com,email2@address.com,email3@address.com Cheers, Tijmen Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now