Details
-
Bug
-
Status: Closed
-
Resolution: Fixed
-
6.1.30 EE GA3, 6.1.X EE, 6.2.10 EE GA1, 7.0.0 Beta 1
-
6.2.x, 6.1.x
-
Committed
-
1.5
-
3
Description
com.liferay.portal.util.PortalImpl.escapeRedirect(String url) logs on DEBUG level if the given url would redirect to a domain or IP address that is not allowed:
12:28:48,065 DEBUG [http-bio-8080-exec-6][PortalImpl:841] Redirect URL http://myip.asd:8080/group/control_panel/manage/-/server/resources?refererPlid=20185&controlPanelCategory=configuration&_137_delta=0&_137_cur=0 is not allowed
However, we should use WARN to let portal server administrators distinguish easily attempts (based on the log) to redirect to an invalid location.
Attachments
Issue Links
- relates
-
LPE-14624 Update PortalImpl escapeRedirect and use WARN instead of DEBUG to notify the Admins when the redirect to a given domain or IP address is forbidden
-
- Closed
-