Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-47725

Unable to edit Web Content when journal.article.force.autogenerate.id=false and the articleId contains special characters

    Details

      Description

      0- Set

      journal.article.force.autogenerate.id=false

      1- Add "Web Content Display" to the home page
      2- Add a new Web Content: set the following value as ID:

      ID777"><script>alert(2000)</script>
      

      3- Add dummy title & content. Save

      You can save the Web Content without validation errors: Suspicious
      No XSS happens upon reloading the page: Fine
      Click on the "Edit" icon: --> Edit form gets loaded successfully : Fine

      4- Go to Admin/Content
      5- Click on the article you've just created to open for editing:

      Result === 62x @ 53c9263d5f5d2a61f59cea29863e58b17574f679:
      The portal loads an empty edit form

      Result === master @49abc19400b5e16b4fc821746c1dd225ea31d8dc: you get NPE:

      11:08:51,565 ERROR [http-bio-8080-exec-40][IncludeTag:129] Current URL /group/control_panel/manage?p_p_auth=6v93Imgx&p_p_id=15&p_p_lifecycle=0&p_p_state=maximized&p_p_mode=view&doAsGroupId=10187&refererPlid=10190&controlPanelCategory=current_site.content&_15_groupId=10187&_15_redirect=http%3A%2F%2Flocalhost%3A8080%2Fgroup%2Fcontrol_panel%2Fmanage%3Fp_p_auth%3D6v93Imgx%26p_p_id%3D15%26p_p_lifecycle%3D0%26p_p_state%3Dmaximized%26p_p_mode%3Dview%26doAsGroupId%3D10187%26refererPlid%3D10190%26controlPanelCategory%3Dcurrent_site.content&_15_struts_action=%2Fjournal%2Fedit_article&_15_backURL=http%3A%2F%2Flocalhost%3A8080%2Fgroup%2Fcontrol_panel%2Fmanage%3Fp_p_auth%3D6v93Imgx%26p_p_id%3D15%26p_p_lifecycle%3D0%26p_p_state%3Dmaximized%26p_p_mode%3Dview%26doAsGroupId%3D10187%26refererPlid%3D10190%26controlPanelCategory%3Dcurrent_site.content&_15_articleId=ID777%26%23034%3B%26gt%3B%26lt%3BSCRIPT%26gt%3BALERT%282000%29%26lt%3B%2FSCRIPT%26gt%3B&_15_version=1.0&_15_folderId=0 generates exception: null
      java.lang.NullPointerException
      	at org.apache.jsp.html.portlet.journal.edit_005farticle_jsp._jspService(edit_005farticle_jsp.java:811)
      	at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
      	at com.liferay.portal.servlet.DirectRequestDispatcher.include(DirectRequestDispatcher.java:57)
      	at com.liferay.portal.servlet.ClassLoaderRequestDispatcherWrapper.doDispatch(ClassLoaderRequestDispatcherWrapper.java:78)
      	at com.liferay.portal.servlet.ClassLoaderRequestDispatcherWrapper.include(ClassLoaderRequestDispatcherWrapper.java:53)
      	at com.liferay.taglib.util.IncludeTag.include(IncludeTag.java:295)
      	at com.liferay.taglib.util.IncludeTag.doInclude(IncludeTag.java:192)
      	at com.liferay.taglib.util.IncludeTag.doEndTag(IncludeTag.java:83)
      	at org.apache.jsp.html.common.themes.portlet_jsp._jspService(portlet_jsp.java:3872)
      	at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
      	at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:432)
      	at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:390)
      	at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334)
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
      	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:116)
      	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilter.doFilter(InvokerFilter.java:97)
      

        Attachments

        1. fixed.png
          fixed.png
          101 kB
        2. reproduced.png
          reproduced.png
          72 kB
        3. reproduced-62.png
          reproduced-62.png
          50 kB

          Issue Links

            Activity

              People

              Assignee:
              hong.zhao Hong Zhao (Inactive)
              Reporter:
              tibor.lipusz Tibor Lipusz
              Participants of an Issue:
              Recent user:
              Marta Elicegui
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Days since last comment:
                6 years, 29 weeks, 1 day ago

                  Packages

                  Version Package
                  6.2.2 CE GA3
                  6.2.X EE
                  7.0.0 M1