[LPS-13762] XSL Content Portlet can utilize file:/// to potentially access files on the system - Liferay Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Resolution: Fixed
Affects Version/s: 5.1.2, 5.2.3, 6.0.5 GA
Fix Version/s: 6.0.6 GA, 6.1.0 CE RC1
Component/s: Content Display Widgets > XSL Content widget
Labels:
None
Environment:
Win7, Linux, Tomcat 6.x, GlassFish

Branch Version/s:

6.0.x, 5.2.x, 5.1.x
Backported to Branch:

Committed

Description

The XSL Content Portlet paths for XSL and XML content accept the "file:///" path, granting it access to files across the system and outside of the path for the appserver. As is, the portlet only reads XSL and XML content, but can pose a further risk.

Attachments

Issue Links

relates

LPE-3692 XSL Content portlet can be configured with file:// URL

Closed

Activity

People

Assignee:: Hugo Huijser (Inactive)

Reporter:: Jonas Choi (Inactive)

Participants of an Issue:: Hugo Huijser, Jonas Choi

Recent user:: Kiyoshi Lee

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 09/Nov/10 9:17 AM

Updated:: 05/Jan/13 9:16 PM

Resolved:: 21/Jan/11 10:45 AM

Days since last comment:: 12 years, 31 weeks, 3 days ago

Packages

Version	Package
6.0.6 GA
6.1.0 CE RC1