Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-25642

Wrong validation of 'selection list' structure fields



      Steps to reproduce:

      • Go to control panel, web content section. Select "structures" tab.
      • Create a new structure.
      • Press "add row" buttion, then add a field "age" of type "selection list"
      • Press the + button at the right of the field to add a new option for the selector.
      • Type ">10 & <20" in the first field, type "teenager" in the second field.
      • Save the structure
      • Try to edit the structure again

      Observed behavior:

      • Structure edition page is partially loaded. The "XML Schema Definition" section is never loaded
      • Following error appears:
        10:43:29,576 ERROR [IncludeTag:426] Current URL /group/control_panel/manage?p_p_id=15&p_p_lifecycle=0&p_p_state=maximized&p_p_mode=view&doAsGroupId=10180&refererPlid=10183&_15_struts_action=%2Fjournal%2Fedit_structure&_15_redirect=http%3A%2F%2Flocalhost%3A8585%2Fgroup%2Fcontrol_panel%2Fmanage%3Fp_p_id%3D15%26p_p_lifecycle%3D0%26p_p_state%3Dmaximized%26p_p_mode%3Dview%26doAsGroupId%3D10180%26refererPlid%3D10183%26_15_tabs1%3Dstructures%26_15_refererPlid%3D10183%26_15_doAsGroupId%3D10180%26_15_struts_action%3D%252Fjournal%252Fview&_15_groupId=10180&_15_structureId=10603 generates exception: An exception occurred processing JSP page /html/portlet/journal/edit_structure.jsp at line 218
        215:                            <table class="taglib-search-iterator">
        217:                            <%
        218:                            Document doc = SAXReaderUtil.read(xsd);
        220:                            Element root = doc.getRootElement();


      10:43:29,582 ERROR [IncludeTag:154] com.liferay.portal.kernel.xml.DocumentException: Error on line 5 of document  : The entity name must immediately follow the '&' in the entity reference. Nested exception: The entity name must immediately follow the '&' in the entity reference.
              at com.liferay.portal.xml.SAXReaderImpl.read(SAXReaderImpl.java:403)
              at com.liferay.portal.xml.SAXReaderImpl.read(SAXReaderImpl.java:381)
              at com.liferay.portal.xml.SAXReaderImpl.read(SAXReaderImpl.java:413)
              at com.liferay.portal.kernel.xml.SAXReaderUtil.read(SAXReaderUtil.java:151)
              at org.apache.jsp.html.portlet.journal.edit_005fstructure_jsp._jspService(edit_005fstructure_jsp.java:1804)

      Expected behavior:

      • Structure should be editable normally

      More details:
      Structures created before LPS-15761 may not be editable after that commit.

      The root cause is that a specific validation was done on the 'name', then switched to validate the 'type' of each list item. Values for 'type' entered before the commit (correctly validated) may contain characters that caused new validation check to fail. The 'type' is called 'value' in the drag'n'drop structure editor available from the web content edition page.

      Changing the 'type' is not an acceptable solution: if you edit the structure and change the 'type' for allowing structure to be saved, web content created before this change will hold an unexisting value so the web content editor will lose the 'name' displayed in the combo-box.

      In addition, both before and after that commit, some characters pass the current validation and make the SAXReader to fail when parsing the structure.

      To fix this issue:

      • Current validation should be removed
      • XML entities (characters such as '&' and '>') should be encoded by the front-end and saved in a escaped form.


          Issue Links



              • Votes:
                0 Vote for this issue
                0 Start watching this issue


                • Created:
                  Days since last comment:
                  8 years, 4 weeks ago


                  Version Package
                  6.0.X EE
                  --Sprint 12/11
                  6.1.0 CE RC1
                  6.1.20 EE GA2
                  6.2.0 CE M2