Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-139438

Incorrect response from MB RSS with invalid groupId

    XMLWordPrintable

Details

    Description

      1. Add a Message Boards widget to a page
      2. Open the Message Boards RSS feed (URL should look something like http://localhost:8080/c/message_boards/rss?plid=14&groupId=20125)
        • Note that that HTTP response code is 200
      3. Change the URL to use a groupId that does not exist (e.g., http://localhost:8080/c/message_boards/rss?plid=14&groupId=99999)
        • Note that the HTTP response code is 404 and a "Not Found" error is shown
      4. Change the URL to use groupId=-1 (e.g., http://localhost:8080/c/message_boards/rss?plid=14&groupId=-1)

       

      Result:

      • The HTTP response code is 200
      • The browser shows a error:
        • Firefox error: XML Parsing Error: no root element found
        • Chrome/Edge error: This XML file does not appear to have any style information associated with it.

      Expected Result
      Same behavior as step 3: A 404 response code and a "Not Found" error

       

       

      Rapid7 Vulnerability Info

      App: Liferay DXP 7.4
      ID: bae2729f-7f2a-4b33-b339-3579037f8068

      Attachments

        Activity

          People

            yvonne.han Yvonne Han
            samuel.kong Samuel Kong
            Austin Chiang Austin Chiang
            Adolfo Pérez Adolfo Pérez
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:
              1 year, 33 weeks, 1 day ago

              Packages

                Version Package
                7.2.10 DXP FP16
                7.2.X
                7.3.10.3 DXP SP3
                7.3.X
                7.4.13 DXP GA1
                7.4.3.4 CE GA4
                Master