Uploaded image for project: 'PUBLIC - Liferay Portal Enterprise Edition'
  1. PUBLIC - Liferay Portal Enterprise Edition
  2. LPE-9395

User input is written to logs and may not be sanitized

    Details

      Description

      User input is written to logs and may not be sanitized.

      The following properties were added to portal.properties:

      log.sanitizer.enabled=true
      Set this to true to enable the log sanitizer.

      log.sanitizer.escape.html.enabled=false
      Set whether to encode HTML data in log messages.

      log.sanitizer.replacement.character=95
      Specify the code point of the character to replace forbidden characters.

      log.sanitizer.whitelist.characters=9,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126
      Specify characters to allow in log messages.

        Attachments

          Activity

            People

            Assignee:
            jonathan.mccann Jonathan McCann
            Reporter:
            tamas.molnar Tamas Molnar
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Packages

                Version Package
                6.1.X EE