Affects Version/s: 6.2.10 EE GA1, 7.0.0 M3
Fix Version/s: 7.0.0 M2
Steps to reproduce:
- Start liferay 6.2.x in jboss 7
- Go to control panel- server administration - script console
- Use attached script with groovy language. It adds 500 pages to default site
- Go to Site Administration - Site pages - public pages - export
- Selected Pages, Site Pages Settings, Theme Settings, Logo -> Click "Change"
- Open chrome developer toolbar and select network - preserve log
- Expand tree, select all pages and pulse ok
- In developer toolbar - network, select manage request.
- See Form data
- In server, you could see this error:
Caused by: java.lang.IllegalStateException: More than the maximum number of request parameters (GET plus POST) for a single request () were detected. Any parameters beyond this limit have been ignored. To change this limit, set the maxParameterCount attribute on the Connector.
Here, there is one parameter per each page in the "select page" tree. If that tree had more than 500 nodes, then, the request will have more than 500 POST parameters. As result, some application servers tend to reject the request due security reasons:
"The number of parameters was limited in all web servers to plug the hashmap collision denial of service attack."