Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-27146

Guests can view names and emailadresses of all Liferay users

    XMLWordPrintable

    Details

    • Fix Priority:
      3

      Description

      As an unauthenticated user it is possible to retrieve the names and email adresses of all Liferay users

      To retrieve a list of all users simply issue the following request

      http://localhost:8080/c/search/open_search?p=1&c=5000&keywords=entryClassName:com.liferay.portal.model.User

      Getting to the email adresses is a bit more involved, because these are not included in the response. But it is still possible to get to them by utilizing wildcard searches. The following request will return all users who's email address start with a "b"

      http://localhost:8080/c/search/open_search?p=1&c=5000&keywords=emailAddress:b*

      By adding a letter at a time to the emailAddress parameter its possible to eventually get someone's full email address

        Attachments

          Issue Links

          duplicates

          Regression Bug - Used by Liferay QA to indicate an issue discovered during regression testing LPS-25877 Search portlet returns results that should not appear

          • Closed

            Activity

              People

              Assignee:
              samuel.kong Samuel Kong
              Reporter:
              jelmer Jelmer Kuperus (Inactive)
              Participants of an Issue:
              Recent user:
              Brian Wulbern
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Days since last comment:
                10 years, 15 weeks, 2 days ago

                  Packages

                  Version Package
                  --Sprint 11/12
                  6.2.0 CE M2