Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-49143

Host header validation is not applied consistently and doesn't whitelist IPv6 localhost address [::1]

Details

    Description

      Steps to reproduce

      Test1:
      1, Start portal
      2, Navigate to http://[::1]:8080

      Expected result: portal is displayed
      Actual result: browser is redirected to localhost:8080

      Test 2:
      1, Map alpha.cz to 127.0.0.1 in the hosts file
      2, Sign in to portal
      3, Add Documents & Media portlet
      4, Upload a file
      5, Display the file details, example url (cleaned for better understanding): http://localhost:8080/?p_p_id=20&_20_struts_action=%2Fdocument_library%2Fview_file_entry&_20_fileEntryId=10522
      6, Replace localhost with alpha.cz, example: http://alpha.cz:8080/?p_p_id=20&_20_struts_action=%2Fdocument_library%2Fview_file_entry&_20_fileEntryId=10522
      7, Display HTML source of the page

      Expected result: alpha.cz is not present in the page HTML source
      Actual result: multiple occurences of "alpha" in the HTML

      Attachments

        Issue Links

          Activity

            People

              shitian.zhang Shitian "Shelton" Zhang (Inactive)
              tomas.polesovsky Tomáš Polešovský
              Marta Elicegui Marta Elicegui
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                8 years, 16 weeks, 1 day ago

                Packages

                  Version Package
                  6.1.X EE
                  6.2.2 CE GA3
                  6.2.X EE
                  7.0.0 M3