Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-70662

Misleading tooltip in Source column when viewing a portal property that has been obfuscated



      If you use the portal property admin.obfuscated.properties to obfuscate a portal property, and then override that property with the Control Panel, the incorrect tooltip will be displayed in the Source column. The tooltip will claim that the value of the property is derived from the portal.properties file or one of its extensions. If an admin has access to portal-ext.properties and wishes to know the value of this property, they will believe that can discover the value of the property by simply looking inside portal-ext.properties. This will cause them to mistakenly believe that they know the value of the property, when, in fact, they do not.

      Steps to Reproduce

      1. Add the following line to portal-ext.properties:
      2. Start up the portal and log in as the admin user.
      3. Navigate to Control Panel > Configuration > Instance Settings > Authentication.
      4. Uncheck the "Allow users to request forgotten passwords?" box and save the configuration.
      5. Navigate to Control Panel > Configuration > Server Administration > Properties > Portal Properties.
      6. Search for "company.security.send.password".
      7. Hover over and read the tooltip in the Source column

      Expected result: The tooltip says that the value of the property has been overridden by the Control Panel.
      Actual result: The tooltip says that the value of the property was derived from portal.properties or one of its extension files.

      Reproduced in
      master (7cbe6dd7f4c96b9b5e4250f7003c32ddc34414c0)
      ee-7.0.x (3f09681cf6eaa15b88560a1dd1efd61b9794e998)
      Not reproduced in ee-6.2.x because LPS-70340 has not been committed to ee-6.2.x yet. Once this fix gets committed, we will backport it to ee-6.2.x together with LPS-70340.


          Issue Links



              • Assignee:
                hong.zhao Hong Zhao
                michael.bowerman Michael Bowerman (Inactive)
                Participants of an Issue:
                Recent user:
                Csaba Turcsan
              • Votes:
                0 Vote for this issue
                1 Start watching this issue


                • Created:
                  Days since last comment:
                  3 years, 30 weeks, 1 day ago


                  Version Package
                  6.2.X EE
                  7.0.0 DXP SP2
                  7.0.0 DXP FP13
                  7.0.0 DXP SP3
                  7.0.3 CE GA4