[CONFSERVER-94153] Page tree on side bar not rendering page title correctly when title contains path traversal strings

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 8.8.0, 7.19.19, 8.5.6
Affects Version/s: 8.7.2, 7.19.18, 8.5.5
Component/s: Navigation - Sidebar
Labels:

Support reference count:
1
Symptom Severity:
Severity 3 - Minor
UIS:
1
Bug Fix Policy:
View Atlassian Server bug fix policy

Issue Summary

This is reproducible on Data Center: (yes)

If the page title contains one of the following characters sets, the page tree displays as

$htmlUtil.htmlEncode($content.displayTitle)

../ 
..\ 
/.. 
\..

Steps to Reproduce

Create a page, with one of the above strings in the title.
Publish/save
Check the links in the Page Tree on side bar

Expected Results

All the links should display encoded results of displayTitle.

Actual Results

Title is not encoded correctly

Workaround

There is no obvious workaround found.

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List

image-2024-01-23-21-08-27-472.png
458 kB
23/Jan/2024 10:08 AM

duplicates

CONFSERVER-94640 Page title is incorrectly displayed under page tree if the title has patterns( ../ or ..\)

Closed

is duplicated by

CONFSERVER-94171 Page title contains the dots (..) then it shows different name into Page Tree

Closed

mentioned in: Page Failed to load

KVB Collab Team added a comment - 06/Mar/2024 8:02 AM

It is not fixed in v7.19.19.

KVB Collab Team added a comment - 06/Mar/2024 8:02 AM It is not fixed in v7.19.19.

Aakash Jain added a comment - 08/Feb/2024 8:46 PM

A fix for this issue is available in Confluence Server and Data Center 8.5.6.
Upgrade now or check out the Release Notes to see what other issues are resolved.

Aakash Jain added a comment - 08/Feb/2024 8:46 PM A fix for this issue is available in Confluence Server and Data Center 8.5.6. Upgrade now or check out the Release Notes to see what other issues are resolved.

Aakash Jain added a comment - 08/Feb/2024 8:29 PM

A fix for this issue is available in Confluence Server and Data Center 7.19.19.
Upgrade now or check out the Release Notes to see what other issues are resolved.

Aakash Jain added a comment - 08/Feb/2024 8:29 PM A fix for this issue is available in Confluence Server and Data Center 7.19.19. Upgrade now or check out the Release Notes to see what other issues are resolved.

Assignee:: Jordan Anslow

Reporter:: Jing Zheng

Affected customers:: 2 This affects my team

Watchers:: 4 Start watching this issue

Created:: 23/Jan/2024 10:19 AM

Updated:: 04/Sep/2024 11:45 PM

Resolved:: 08/Feb/2024 11:31 AM

Confluence Data Center

Details

Description

Issue Summary

Steps to Reproduce

Expected Results

Actual Results

Workaround

Attachments

Attachments

Issue Links

Forms

Activity

Collapse comment: KVB Collab Team added a comment - 06/Mar/2024 8:02 AM

Expand comment: KVB Collab Team added a comment - 06/Mar/2024 8:02 AM

Collapse comment: Aakash Jain added a comment - 08/Feb/2024 8:46 PM

Expand comment: Aakash Jain added a comment - 08/Feb/2024 8:46 PM

Collapse comment: Aakash Jain added a comment - 08/Feb/2024 8:29 PM

Expand comment: Aakash Jain added a comment - 08/Feb/2024 8:29 PM

People

Dates