Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-73606

When attempting to shorten URL, redirect parameters are filled with bad data

    Details

      Description

      Description:

      When attempting to access URLs with over 2000 characters, the user will receive an error on redirect.

      Cause:

      Due to Httpimpl.shortenURL(String, int), when attempting to shorten the URL, the redirect, _backURL, _returnToFullPageURL, and _redirect parameters can potentially be shortened incorrectly.  This is because if the count variable reaches 0, we incorrectly return null, causing any necessary parameter data to be lost, but without discarding the parameter key.

      For example, the following URL would be shortened from

      http://google.com?redirect=http://redirect1.com?redirect=http://nestedRedirect.com?redirect=http://nestedNestedRedirect.com?redirect=http://finalNestedRedirect.com&parameter=levelOneParameter

      to

      http://google.com?redirect=parameter=levelOneParameter

      when it should be (since the count variable is hard-coded to 2)

      http://google.com?redirect=http://redirect1.com?redirect=http://nestedRedirect.com?redirect=http://nestedNestedRedirect.com&parameter=levelOneParameter

      (Note, the encoding would be different for a real URL).

      Solution:

      Rather than returning null if count is 0, we should instead gather and return the url and all the non-nested parameters.  This will prevent there from being more than 3 redirects, and shorten the URL.

      Steps to Reproduce:

      1. Set redirect.url.security.mode=domain in portal-ext.properties.  This allows the URL to become very long very quickly.
      2. Go to the left-hand side menu > Content > Knowledge Base
      3. Create a new folder "Folder 1".
      4. Within Folder 1, create a new folder, "Folder 2".
      5. Within Folder 2, create a new folder, "Folder 3".
      6. Within Folder 3, create an article.
      7. Attempt to save the article

      Expected Results:

      Article is saved and the page is redirected to Folder 3

      Actual Results:

      There is an error message on the page, the following error is thrown within the console (however, the article is saved)

      ERROR [http-nio-8080-exec-8][render_portlet_jsp:131] null
      java.lang.IllegalArgumentException: _com_liferay_knowledge_base_web_portlet_AdminPortlet_parentResourcePrimKey=521857&_com_liferay_knowledge_base_web_portlet_AdminPortlet_parentResourceClassNameId=10639&p_p_auth=8n6i8REf is not a valid redirect
      	at com.liferay.portlet.ActionResponseImpl.sendRedirect(ActionResponseImpl.java:37)
      	at com.liferay.portal.kernel.portlet.LiferayPortlet.sendRedirect(LiferayPortlet.java:614)
      	at com.liferay.portal.kernel.portlet.LiferayPortlet.processAction(LiferayPortlet.java:111)
      	at com.liferay.portal.kernel.portlet.bridges.mvc.MVCPortlet.processAction(MVCPortlet.java:260)
      	at com.liferay.portlet.FilterChainImpl.doFilter(FilterChainImpl.java:71)
      	at com.liferay.portal.kernel.portlet.PortletFilterUtil.doFilter(PortletFilterUtil.java:48)
      	at com.liferay.portal.kernel.servlet.PortletServlet.service(PortletServlet.java:107)
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
      	at org.eclipse.equinox.http.servlet.internal.registration.EndpointRegistration.service(EndpointRegistration.java:153)
      	at org.eclipse.equinox.http.servlet.internal.servlet.ResponseStateHandler.processRequest(ResponseStateHandler.java:62)
      	at org.eclipse.equinox.http.servlet.internal.context.DispatchTargets.doDispatch(DispatchTargets.java:117)
      	at org.eclipse.equinox.http.servlet.internal.servlet.RequestDispatcherAdaptor.include(RequestDispatcherAdaptor.java:48)
      	at com.liferay.portlet.InvokerPortletImpl.invoke(InvokerPortletImpl.java:530)
      	at com.liferay.portlet.InvokerPortletImpl.invokeAction(InvokerPortletImpl.java:576)
      	at com.liferay.portlet.InvokerPortletImpl.processAction(InvokerPortletImpl.java:334)
      	at com.liferay.portal.monitoring.internal.portlet.MonitoringInvokerPortlet.processAction(MonitoringInvokerPortlet.java:189)
      	at com.liferay.portlet.PortletContainerImpl._processAction(PortletContainerImpl.java:386)
      	at com.liferay.portlet.PortletContainerImpl.processAction(PortletContainerImpl.java:118)
      	at com.liferay.portlet.SecurityPortletContainerWrapper.processAction(SecurityPortletContainerWrapper.java:94)
      	at com.liferay.portlet.RestrictPortletContainerWrapper.processAction(RestrictPortletContainerWrapper.java:75)
      

      Reproduced in Master: 96b8e2acf49c4f5fe669e1357577dd450abc98b9

      Reproduced in 70x: 497c166e07c8530bd17ec53bdc7ed539b8991039

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              louis.zhang Louis Zhang (Inactive)
              Reporter:
              christopher.kian Christopher Kian
              Participants of an Issue:
              Recent user:
              Brian Wulbern
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Days since last comment:
                1 year, 44 weeks, 5 days ago

                  Packages

                  Version Package
                  7.0.0 DXP FP31
                  7.0.5 CE GA6
                  7.0.X
                  Master