Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-132639

Internal server error when incorrect portlet ID is passed

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Verified
    • Resolution: Unresolved
    • Affects Version/s: 7.3.6 CE GA7
    • Fix Version/s: None
    • Component/s: Control Menu
    • Labels:
      None
    • Fix Priority:
      4

      Description

      From Personal Menu (clicking on avatar) you can navigate to specific portlet displayed on a virtual /manage/ page by specifying the portlet ID. There are some pre-defined entries for Notifications or pending Workflow items, but this URL can be crafted

      However, there is no input validation for this ID so when a non-existing ID is used, the NPE is thrown (recorded in the log).

      You can try here https://liferay.dev/manage?p_p_id=nonsense

        Attachments

          Activity

            People

            Assignee:
            support-lep@liferay.com SE Support
            Reporter:
            honyk Jan Tošovský
            Participants of an Issue:
            Recent user:
            Thalita Celi (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Days since last comment:
              34 weeks, 1 day ago

                Packages

                Version Package