Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-139438

Incorrect response from MB RSS with invalid groupId

    Details

      Description

      1. Add a Message Boards widget to a page
      2. Open the Message Boards RSS feed (URL should look something like http://localhost:8080/c/message_boards/rss?plid=14&groupId=20125)
        • Note that that HTTP response code is 200
      3. Change the URL to use a groupId that does not exist (e.g., http://localhost:8080/c/message_boards/rss?plid=14&groupId=99999)
        • Note that the HTTP response code is 404 and a "Not Found" error is shown
      4. Change the URL to use groupId=-1 (e.g., http://localhost:8080/c/message_boards/rss?plid=14&groupId=-1)

       

      Result:

      • The HTTP response code is 200
      • The browser shows a error:
        • Firefox error: XML Parsing Error: no root element found
        • Chrome/Edge error: This XML file does not appear to have any style information associated with it.

      Expected Result
      Same behavior as step 3: A 404 response code and a "Not Found" error

       

       

      Rapid7 Vulnerability Info

      App: Liferay DXP 7.4
      ID: bae2729f-7f2a-4b33-b339-3579037f8068

        Attachments

          Activity

            People

            Assignee:
            yvonne.han Yvonne Han
            Reporter:
            samuel.kong Samuel Kong
            Participants of an Issue:
            Recent user:
            Clarissa Velazquez
            Engineering Assignee:
            Adolfo Pérez
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Days since last comment:
              30 weeks, 2 days ago

                Packages

                Version Package
                7.2.10 DXP FP16
                7.2.X
                7.3.10.3 DXP SP3
                7.3.X
                7.4.13 DXP GA1
                7.4.3.4 CE GA4
                Master