-
Type:
Regression Bug
-
Status: Closed
-
Resolution: Fixed
-
Affects Version/s: 7.2.X, Master
-
Fix Version/s: 7.0.0 DXP FP87, 7.0.10.12 DXP SP12, 7.0.X, 7.1.10 DXP FP13, 7.1.X, 7.2.10 DXP FP2, 7.2.10.1 DXP SP1, 7.2.1 CE GA2, 7.2.X, 7.3.10 DXP GA1, Master
-
Component/s: Portal Services
-
Branch Version/s:7.2.x, 7.1.x, 7.0.x
-
Backported to Branch:Committed
-
Fix Priority:4
-
Last Working Version:
-
Git Pull Request:
Steps to reproduce:
- Visit the following malicious URL
- http://localhost:8080/group/control_panel/manage?p_p_id=132&p_p_lifecycle=0&p_p_state=maximized&p_p_mode=view&_132_struts_action=%2Fplugins_admin%2Fedit_plugin&_132_pluginId=116&_132_pluginType=portlet&_132_title=Activities&_132_moduleId=%3Cscript%3Ealert(%22xss%22);%3C/script%3E
- http://localhost:8080/group/control_panel/manage?p_p_id=132&p_p_lifecycle=0&p_p_state=maximized&p_p_mode=view&_132_struts_action=%2Fplugins_admin%2Fedit_plugin&_132_pluginId=116&_132_pluginType=portlet&_132_title=Activities&_132_moduleId=%3Cscript%3Ealert(%22xss%22);%3C/script%3E&_2_backURL=%22%3E%3Cscript%3Ealert%28%27xss%27%29;%3C/script%3E
- http://localhost:8080/group/control_panel/manage?p_p_id=132&p_p_lifecycle=0&p_p_state=maximized&p_p_mode=view&_132_struts_action=%2Fplugins_admin%2Fedit_plugin&_132_pluginId=116&_132_pluginType=portlet&_132_title=Activities&_132_moduleId=%3Cscript%3Ealert(%22xss%22);%3C/script%3E&_2_backURL=alert%28%27xss%27%29
Expected Result: This portlet could not be found. Please redeploy it or remove it from the page. message displays and no error throws.
Actual Result: This portlet could not be found. Please redeploy it or remove it from the page. message dislays but NPE throws and details as following
2019-08-01 03:09:15.516 ERROR [http-nio-8080-exec-2][IncludeTag:128] Current URL /group/control_panel/manage?p_p_id=132&p_p_lifecycle=0&p_p_state=maximized&p_p_mode=view&_132_struts_action=%2Fplugins_admin%2Fedit_plugin&_132_pluginId=116&_132_pluginType=portlet&_132_title=Activities&_132_moduleId=%3Cscript%3Ealert(%22xss%22);%3C/script%3E&_2_backURL=%22%3E%3Cscript%3Ealert%28%27xss%27%29;%3C/script%3E generates exception: null
java.lang.NullPointerException
at com.liferay.portal.model.impl.PortletImpl.getControlPanelEntryInstance(PortletImpl.java:772)
at com.liferay.portal.service.permission.PortletPermissionImpl.hasControlPanelAccessPermission(PortletPermissionImpl.java:538)
at com.liferay.portal.kernel.service.permission.PortletPermissionUtil.hasControlPanelAccessPermission(PortletPermissionUtil.java:311)
at com.liferay.layout.type.controller.control.panel.internal.model.ControlPanelLayoutTypeAccessPolicy.checkAccessAllowedToPortlet(ControlPanelLayoutTypeAccessPolicy.java:58)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
at com.liferay.portal.servlet.DirectRequestDispatcher.include(DirectRequestDispatcher.java:64)
at com.liferay.portal.servlet.DirectRequestDispatcherFactoryImpl$IndirectRequestDispatcher.include(DirectRequestDispatcherFactoryImpl.java:199)
at com.liferay.portal.servlet.ClassLoaderRequestDispatcherWrapper.doDispatch(ClassLoaderRequestDispatcherWrapper.java:79)
at com.liferay.portal.servlet.ClassLoaderRequestDispatcherWrapper.include(ClassLoaderRequestDispatcherWrapper.java:53)
at com.liferay.taglib.util.IncludeTag.includePage(IncludeTag.java:398)
at com.liferay.taglib.util.IncludeTag.include(IncludeTag.java:374)
at com.liferay.taglib.util.IncludeTag.doInclude(IncludeTag.java:217)
at com.liferay.taglib.util.IncludeTag.doEndTag(IncludeTag.java:88)
at freemarker.ext.jsp.TagTransformModel$TagWriter.endEvaluation(TagTransformModel.java:400)
at freemarker.ext.jsp.TagTransformModel$TagWriter.afterBody(TagTransformModel.java:388)
at freemarker.core.Environment.visitAndTransform(Environment.java:427)
at freemarker.core.UnifiedCall.accept(UnifiedCall.java:107)
at freemarker.core.Environment.visit(Environment.java:324)
at freemarker.core.MixedContent.accept(MixedContent.java:54)
- is caused by
-
LPS-98789
IllegalStateException is thrown when accessing a page with a WAB using Spring MVC and while simultaneously re-deploying the same WAB (cont.)
- Closed