Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-132639

Internal server error when incorrect portlet ID is passed

Details

    • Bug
    • Status: Verified
    • Resolution: Unresolved
    • 7.3.6 CE GA7
    • None
    • Control Menu
    • None
    • 4

    Description

      From Personal Menu (clicking on avatar) you can navigate to specific portlet displayed on a virtual /manage/ page by specifying the portlet ID. There are some pre-defined entries for Notifications or pending Workflow items, but this URL can be crafted

      However, there is no input validation for this ID so when a non-existing ID is used, the NPE is thrown (recorded in the log).

      You can try here https://liferay.dev/manage?p_p_id=nonsense

      Attachments

        Activity

          People

            support-lep@liferay.com SE Support
            honyk Jan Tošovský
            Kiyoshi Lee Kiyoshi Lee
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              1 year, 26 weeks, 1 day ago

              Packages

                Version Package