Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-24031

LiferayRequestDispatcher implements bad pattern matching which can lead to the wrong dispatcher being invoked

    Details

      Description

      Suppose two paths are registered like:

      /c/*
      and
      /configuration/*

      Depending on the ordering, the matching logic, when a request is made for /configuration/something, the LiferayRequestDispatcher will iterate through the registered servletURLPatterns patterns and for each will do:

      				if (urlPattern.endsWith("/*")) {
      					pos = urlPattern.indexOf("/*");
      
      					urlPattern = urlPattern.substring(0, pos);
      					...
      

      The result of which takes /c/* and produces /c which is later used for matching like:

      					if (pathNoQueryString.startsWith(urlPattern)) {
      						...
      

      which matches /c to /configuration/something.

      We have to make sure that we only remove the * and not the /.

      Therefore the first step should be:

      				if (urlPattern.endsWith("/*")) {
      					pos = urlPattern.indexOf("/*");
      
      					urlPattern = urlPattern.substring(0, pos + 1);
      					...
      

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                7 years, 46 weeks ago

                Packages

                Version Package
                6.1.0 CE RC1
                --Sprint 11/12
                6.2.0 CE M2