-
Type:
Bug
-
Status: Closed
-
Resolution: Fixed
-
Affects Version/s: 7.0.X EE, Master
-
Fix Version/s: 7.0.0 DXP FP31, 7.0.5 CE GA6, 7.0.X, Master
-
Component/s: Core Infrastructure
-
Branch Version/s:7.0.x
-
Backported to Branch:Committed
-
Story Points:0.25
-
Fix Priority:3
-
Git Pull Request:
Description:
When attempting to access URLs with over 2000 characters, the user will receive an error on redirect.
Cause:
Due to Httpimpl.shortenURL(String, int), when attempting to shorten the URL, the redirect, _backURL, _returnToFullPageURL, and _redirect parameters can potentially be shortened incorrectly. This is because if the count variable reaches 0, we incorrectly return null, causing any necessary parameter data to be lost, but without discarding the parameter key.
For example, the following URL would be shortened from
http://google.com?redirect=http://redirect1.com?redirect=http://nestedRedirect.com?redirect=http://nestedNestedRedirect.com?redirect=http://finalNestedRedirect.com¶meter=levelOneParameter
to
http://google.com?redirect=parameter=levelOneParameter
when it should be (since the count variable is hard-coded to 2)
http://google.com?redirect=http://redirect1.com?redirect=http://nestedRedirect.com?redirect=http://nestedNestedRedirect.com¶meter=levelOneParameter
(Note, the encoding would be different for a real URL).
Solution:
Rather than returning null if count is 0, we should instead gather and return the url and all the non-nested parameters. This will prevent there from being more than 3 redirects, and shorten the URL.
Steps to Reproduce:
- Set redirect.url.security.mode=domain in portal-ext.properties. This allows the URL to become very long very quickly.
- Go to the left-hand side menu > Content > Knowledge Base
- Create a new folder "Folder 1".
- Within Folder 1, create a new folder, "Folder 2".
- Within Folder 2, create a new folder, "Folder 3".
- Within Folder 3, create an article.
- Attempt to save the article
Expected Results:
Article is saved and the page is redirected to Folder 3
Actual Results:
There is an error message on the page, the following error is thrown within the console (however, the article is saved)
ERROR [http-nio-8080-exec-8][render_portlet_jsp:131] null java.lang.IllegalArgumentException: _com_liferay_knowledge_base_web_portlet_AdminPortlet_parentResourcePrimKey=521857&_com_liferay_knowledge_base_web_portlet_AdminPortlet_parentResourceClassNameId=10639&p_p_auth=8n6i8REf is not a valid redirect at com.liferay.portlet.ActionResponseImpl.sendRedirect(ActionResponseImpl.java:37) at com.liferay.portal.kernel.portlet.LiferayPortlet.sendRedirect(LiferayPortlet.java:614) at com.liferay.portal.kernel.portlet.LiferayPortlet.processAction(LiferayPortlet.java:111) at com.liferay.portal.kernel.portlet.bridges.mvc.MVCPortlet.processAction(MVCPortlet.java:260) at com.liferay.portlet.FilterChainImpl.doFilter(FilterChainImpl.java:71) at com.liferay.portal.kernel.portlet.PortletFilterUtil.doFilter(PortletFilterUtil.java:48) at com.liferay.portal.kernel.servlet.PortletServlet.service(PortletServlet.java:107) at javax.servlet.http.HttpServlet.service(HttpServlet.java:729) at org.eclipse.equinox.http.servlet.internal.registration.EndpointRegistration.service(EndpointRegistration.java:153) at org.eclipse.equinox.http.servlet.internal.servlet.ResponseStateHandler.processRequest(ResponseStateHandler.java:62) at org.eclipse.equinox.http.servlet.internal.context.DispatchTargets.doDispatch(DispatchTargets.java:117) at org.eclipse.equinox.http.servlet.internal.servlet.RequestDispatcherAdaptor.include(RequestDispatcherAdaptor.java:48) at com.liferay.portlet.InvokerPortletImpl.invoke(InvokerPortletImpl.java:530) at com.liferay.portlet.InvokerPortletImpl.invokeAction(InvokerPortletImpl.java:576) at com.liferay.portlet.InvokerPortletImpl.processAction(InvokerPortletImpl.java:334) at com.liferay.portal.monitoring.internal.portlet.MonitoringInvokerPortlet.processAction(MonitoringInvokerPortlet.java:189) at com.liferay.portlet.PortletContainerImpl._processAction(PortletContainerImpl.java:386) at com.liferay.portlet.PortletContainerImpl.processAction(PortletContainerImpl.java:118) at com.liferay.portlet.SecurityPortletContainerWrapper.processAction(SecurityPortletContainerWrapper.java:94) at com.liferay.portlet.RestrictPortletContainerWrapper.processAction(RestrictPortletContainerWrapper.java:75)
Reproduced in Master: 96b8e2acf49c4f5fe669e1357577dd450abc98b9
Reproduced in 70x: 497c166e07c8530bd17ec53bdc7ed539b8991039