Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-74998

Errors thrown when parsing FreeMarker templates show code in the portlet



      When parsing a Freemarker template, if the template has an error, the entire code for the template is displayed in the web browser. It was originally determined in LPS-64920 this was a feature, however upon further discussion in PTR-160, the new functionality should be the code is displayed only for users with UPDATE permissions to the template. This would prevent regular users from being exposed to template code, but still allow for admin-type users to view the erroneous code.

      Further discussion regarding this issue can be found in LPP-27064, including the behavior of different user types

      Steps to reproduce (for 6.2):
      1. In clean bundle of 6.2 go to Admin > content
      2. Create a basic Web content structure
      3. Create a template based on this structure and use FreeMarker code that will cause a parser error (used this code for testing):

      Company Id: ${companyId}


      Journal Article Service: <#assign JournalArticleService = serviceLocator.findService("com.liferay.portlet.journal.service.JournalArticleService")>${JournalArticleService}


      User Service: <#assign UserService = serviceLocator.findService("com.liferay.portal.service.UserService")>${UserService}


      Layout Local Service: <#assign LayoutLocalService = serviceLocator.findService("com.liferay.portal.service.LayoutLocalService")>${LayoutLocalService}

      4. Create a web content article using this structure.
      5. Go to the home page and add a web content display portlet.
      6. Select the article made in step 4 to display

      Expected result: For regular users, error message displays ("An error occurs while processing the template.") and a stack trace is shown in the log. For admin users, the template code is displayed on the page as well.
      Actual result: For all users, the error and information in the log are present, but much more extra information including the code used for the web content template is also shown in the portlet.

      In master, a similar behavior can be reproduced, but by using an application display template rather than web content template.




            Unassigned Unassigned
            christopher.kian Christopher Kian
            0 Vote for this issue
            1 Start watching this issue




                Version Package
                7.4.1 CE GA2 DXP 7,4
                7.4.13 DXP GA1