Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-64920

Errors thrown when parsing FreeMarker templates show code in the portlet


    • Type: Bug
    • Status: Closed
    • Resolution: Won't Fix
    • Affects Version/s: 6.2.10 EE GA1, 6.2.X EE, 7.0.1 CE GA2
    • Fix Version/s: None
    • Component/s: Templates, ~[Archived] WCM
    • Labels:


      If an exception is thrown while parsing a template for web content, then a portlet that attempts to display this web content will reveal the code used for the template while showing the error message.

      Steps to reproduce (for 6.2):
      1. In clean bundle of 6.2 go to Admin > content
      2. Create a basic Web content structure
      3. Create a template based on this structure and use FreeMarker code that will cause a parser error (used this code for testing):

      Company Id: ${companyId}


      Journal Article Service: <#assign JournalArticleService = serviceLocator.findService("com.liferay.portlet.journal.service.JournalArticleService")>${JournalArticleService}


      User Service: <#assign UserService = serviceLocator.findService("com.liferay.portal.service.UserService")>${UserService}


      Layout Local Service: <#assign LayoutLocalService = serviceLocator.findService("com.liferay.portal.service.LayoutLocalService")>${LayoutLocalService}

      4. Create a web content article using this structure.
      5. Go to the home page and add a web content display portlet.
      6. Select the article made in step 4 to display

      Expected result: error message displays ("An error occurs while processing the template.") and more details and a stack trace are shown in the log (as of a security update, serviceLocator is inaccessible by default for FreeMarker web content templates)
      Actual result: the error and information in the log are present, but much more extra information including some that reveals the code used for the web content template are also shown in the portlet, visible to any user.

      In master, a similar behavior can be reproduced, but by using an application display template rather than web content template.

      Reproduced in master: 11c5aa284f55b35b4ee6945c7f83c2b242519467
      Reproduced in 6.2.x branch: 249ac52ab67ad25e649d99d9b3543515d625b8a6


          Issue Links



              julio.camarero Julio Camarero (Inactive)
              alec.shay Alec Shay
              Participants of an Issue:
              Recent user:
              Esther Sanz
              0 Vote for this issue
              0 Start watching this issue


                Days since last comment:
                5 years, 40 weeks, 6 days ago


                  Version Package