Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-26915

Make uniform key for JSON methods cache in JSONServiceAction

    Details

      Description

      The key created in JSONServiceAction#getMethodAndParameterTypes() for caching methods is built using method name and given service parameter names. Therefore, the following two calls are the same:

      http://localhost:8080/c/portal/json_service?serviceClassName=com.liferay.portal.service.GroupServiceUtil&serviceMethodName=getGroup&serviceParameters=[groupId]&serviceParameterTypes=[long]&groupId=10445
      http://localhost:8080/c/portal/json_service?serviceClassName=com.liferay.portal.service.GroupServiceUtil&serviceMethodName=getGroup&serviceParameters=[groupId_1]&serviceParameterTypes=[long]&groupId_1=10445
      

      but they will create two entries in cache. As these methods are given by user, some may use this in malicious way to fill up the memory.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              support-lep@liferay.com SE Support
              Reporter:
              igor.spasic Igor Spasic (Inactive)
              Participants of an Issue:
              Recent user:
              Esther Sanz
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Days since last comment:
                9 years, 14 weeks, 6 days ago

                  Packages

                  Version Package
                  6.0.X EE
                  6.1.1 CE GA2
                  6.1.20 EE GA2
                  --Sprint 11/12
                  6.2.0 CE M2