Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-61774

Update PortalImpl escapeRedirect and use WARN instead of DEBUG to notify the Admins when the redirect to a given domain or IP address is forbidden

    XMLWordPrintable

    Details

      Description

      com.liferay.portal.util.PortalImpl.escapeRedirect(String url) logs on DEBUG level if the given url would redirect to a domain or IP address that is not allowed:

      12:28:48,065 DEBUG [http-bio-8080-exec-6][PortalImpl:841] Redirect URL http://myip.asd:8080/group/control_panel/manage/-/server/resources?refererPlid=20185&controlPanelCategory=configuration&_137_delta=0&_137_cur=0 is not allowed

      However, we should use WARN to let portal server administrators distinguish easily attempts (based on the log) to redirect to an invalid location.

        Attachments

        1. fix61774.png
          fix61774.png
          32 kB
        2. fix61774master.png
          fix61774master.png
          29 kB
        3. reproduce61774.png
          reproduce61774.png
          16 kB

          Issue Links

          relates

          Bug - A problem which impairs or prevents the functions of the product. LPE-14624 Update PortalImpl escapeRedirect and use WARN instead of DEBUG to notify the Admins when the redirect to a given domain or IP address is forbidden

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

            Activity

              People

              Assignee:
              ian.song Ian Song (Inactive)
              Reporter:
              tibor.lipusz Tibor Lipusz
              Participants of an Issue:
              Recent user:
              Esther Sanz
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Days since last comment:
                5 years, 8 weeks, 1 day ago

                  Packages

                  Version Package
                  6.1.X EE
                  6.2.X EE
                  7.0.0 Beta 3