-
Type:
Bug
-
Status: Closed
-
Resolution: Fixed
-
Affects Version/s: 6.1.30 EE GA3, 6.1.X EE, 6.2.10 EE GA1, 7.0.0 Beta 1
-
Fix Version/s: 6.1.X EE, 6.2.X EE, 7.0.0 Beta 3
-
Labels:
-
Branch Version/s:6.2.x, 6.1.x
-
Backported to Branch:Committed
-
Story Points:1.5
-
Fix Priority:3
-
Git Pull Request:
com.liferay.portal.util.PortalImpl.escapeRedirect(String url) logs on DEBUG level if the given url would redirect to a domain or IP address that is not allowed:
12:28:48,065 DEBUG [http-bio-8080-exec-6][PortalImpl:841] Redirect URL http://myip.asd:8080/group/control_panel/manage/-/server/resources?refererPlid=20185&controlPanelCategory=configuration&_137_delta=0&_137_cur=0 is not allowed
However, we should use WARN to let portal server administrators distinguish easily attempts (based on the log) to redirect to an invalid location.
- relates
-
LPE-14624 Update PortalImpl escapeRedirect and use WARN instead of DEBUG to notify the Admins when the redirect to a given domain or IP address is forbidden
-
- Closed
-