Details
-
Bug
-
Status: Closed
-
Resolution: Fixed
-
7.2.X, Master
-
7.2.x, 7.1.x, 7.0.x
-
Committed
-
4
-
Regression Bug
Description
Steps to reproduce:
- Visit the following malicious URL
- http://localhost:8080/group/control_panel/manage?p_p_id=132&p_p_lifecycle=0&p_p_state=maximized&p_p_mode=view&_132_struts_action=%2Fplugins_admin%2Fedit_plugin&_132_pluginId=116&_132_pluginType=portlet&_132_title=Activities&_132_moduleId=%3Cscript%3Ealert(%22xss%22);%3C/script%3E
- http://localhost:8080/group/control_panel/manage?p_p_id=132&p_p_lifecycle=0&p_p_state=maximized&p_p_mode=view&_132_struts_action=%2Fplugins_admin%2Fedit_plugin&_132_pluginId=116&_132_pluginType=portlet&_132_title=Activities&_132_moduleId=%3Cscript%3Ealert(%22xss%22);%3C/script%3E&_2_backURL=%22%3E%3Cscript%3Ealert%28%27xss%27%29;%3C/script%3E
- http://localhost:8080/group/control_panel/manage?p_p_id=132&p_p_lifecycle=0&p_p_state=maximized&p_p_mode=view&_132_struts_action=%2Fplugins_admin%2Fedit_plugin&_132_pluginId=116&_132_pluginType=portlet&_132_title=Activities&_132_moduleId=%3Cscript%3Ealert(%22xss%22);%3C/script%3E&_2_backURL=alert%28%27xss%27%29
Expected Result: This portlet could not be found. Please redeploy it or remove it from the page. message displays and no error throws.
Actual Result: This portlet could not be found. Please redeploy it or remove it from the page. message dislays but NPE throws and details as following
2019-08-01 03:09:15.516 ERROR [http-nio-8080-exec-2][IncludeTag:128] Current URL /group/control_panel/manage?p_p_id=132&p_p_lifecycle=0&p_p_state=maximized&p_p_mode=view&_132_struts_action=%2Fplugins_admin%2Fedit_plugin&_132_pluginId=116&_132_pluginType=portlet&_132_title=Activities&_132_moduleId=%3Cscript%3Ealert(%22xss%22);%3C/script%3E&_2_backURL=%22%3E%3Cscript%3Ealert%28%27xss%27%29;%3C/script%3E generates exception: null
java.lang.NullPointerException
at com.liferay.portal.model.impl.PortletImpl.getControlPanelEntryInstance(PortletImpl.java:772)
at com.liferay.portal.service.permission.PortletPermissionImpl.hasControlPanelAccessPermission(PortletPermissionImpl.java:538)
at com.liferay.portal.kernel.service.permission.PortletPermissionUtil.hasControlPanelAccessPermission(PortletPermissionUtil.java:311)
at com.liferay.layout.type.controller.control.panel.internal.model.ControlPanelLayoutTypeAccessPolicy.checkAccessAllowedToPortlet(ControlPanelLayoutTypeAccessPolicy.java:58)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
at com.liferay.portal.servlet.DirectRequestDispatcher.include(DirectRequestDispatcher.java:64)
at com.liferay.portal.servlet.DirectRequestDispatcherFactoryImpl$IndirectRequestDispatcher.include(DirectRequestDispatcherFactoryImpl.java:199)
at com.liferay.portal.servlet.ClassLoaderRequestDispatcherWrapper.doDispatch(ClassLoaderRequestDispatcherWrapper.java:79)
at com.liferay.portal.servlet.ClassLoaderRequestDispatcherWrapper.include(ClassLoaderRequestDispatcherWrapper.java:53)
at com.liferay.taglib.util.IncludeTag.includePage(IncludeTag.java:398)
at com.liferay.taglib.util.IncludeTag.include(IncludeTag.java:374)
at com.liferay.taglib.util.IncludeTag.doInclude(IncludeTag.java:217)
at com.liferay.taglib.util.IncludeTag.doEndTag(IncludeTag.java:88)
at freemarker.ext.jsp.TagTransformModel$TagWriter.endEvaluation(TagTransformModel.java:400)
at freemarker.ext.jsp.TagTransformModel$TagWriter.afterBody(TagTransformModel.java:388)
at freemarker.core.Environment.visitAndTransform(Environment.java:427)
at freemarker.core.UnifiedCall.accept(UnifiedCall.java:107)
at freemarker.core.Environment.visit(Environment.java:324)
at freemarker.core.MixedContent.accept(MixedContent.java:54)
Attachments
Issue Links
- is caused by
-
- Closed