APAR status
Closed as unreproducible in next release.
Error description
When searching for schedules, if the percent character is used as a wild card parameter, the resulting search list can result in problems enabling or disabling schedules. The screen will either timeout or return a Bad Request, if the enable or disable button is pressed, after searching with the % character. Searches with out the % character are successful, and do not have this problem.
Local fix
B2BISFG-51770
Problem summary
Users Affected: All Problem Description: UI session times out or reports Bad Request when disabling or enabling a schedule, if the schedule search included the percent character, %. The Jetty and sci logs include the errors: 2020-02-13 17:48:22.222] ALL 000000000000 GLOBAL_SCOPE 2020-02-13 17:48:22,221:ERROR :qtp1406676657-3063: exception in authenticating csrf token [system]: SCUIcsrfFilter [2020-02-13 17:48:22.222] ALL 000000000000 GLOBAL_SCOPE 2020-02-13 17:48:22,222:ERROR :qtp1406676657-3063: [1581616102222] 400: Unable to parse URI query [system]: SCUIcsrfFilter [2020-02-13 17:48:22.222] ALL 000000000000 GLOBAL_SCOPE 2020-02-13 17:48:22,222:ERRORDTL:qtp1406676657-3063: [1581616102222]org.eclipse.jetty.http.BadMessageException: 400: Unable to parse URI query at org.eclipse.jetty.server.Request.getParameters(Request.java:405) at org.eclipse.jetty.server.Request.getParameter(Request.java:1025) at com.sterlingcommerce.security.csrf.SCUIcsrfHelper._validate(SCUI csrfHelper.java:75) at com.sterlingcommerce.security.csrf.SCUIcsrfTokenValidator.valida te(SCUIcsrfTokenValidator.java:66) at com.sterlingcommerce.security.csrf.SCUIcsrfFilter.validateReques t(SCUIcsrfFilter.java:143) at com.sterlingcommerce.security.csrf.SCUIcsrfFilter.doFilter(SCUIc srfFilter.java:62) Platforms Affected: All
Problem conclusion
Resolution Summary: A code fix is provided. Changed the Enable/Disable button URL to encode the search string, so it is CSRF safe. Delivered in: 6000203
Temporary fix
Comments
APAR Information
APAR number
IT32361
Reported component name
STR B2B INTEGRA
Reported component ID
5725D0600
Reported release
602
Status
CLOSED UR1
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2020-03-30
Closed date
2020-11-26
Last modified date
2020-12-01
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
STR B2B INTEGRA
Fixed component ID
5725D0600
Applicable component levels
[{"Line of Business":{"code":"LOB59","label":"Sustainability Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS3JSW","label":"IBM Sterling B2B Integrator"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"602"}]
Document Information
Modified date:
02 December 2020