-
Bug
-
Resolution: Fixed
-
Low
-
7.19.18, 8.5.5, 8.5.6
-
8
-
Severity 3 - Minor
-
16
-
Issue Summary
This is reproducible on Data Center: (yes)
This is a continuation of the bug CONFSERVER-93655 - Getting HTTP 400 while saving page by using the close button..
If the page template contains one of the following character sets in the content the saving process gets a HTTP 400 message.
../ ..\ …/ …\
Steps to Reproduce
- Create a fresh instance with Confluence 8.5.5
- Create a new page template by navigating to General Configuration —> Global Templates and Blueprints
- Insert ../ to the template and save it
- Gets HTTP 400
The same issue can be reproduce if we try to add the code in Stylesheet as well. This actually works correctly, we don't want to let path traversal strings in stylesheets.
- Choose Administration
> General Configuration > Stylesheet.
- Choose Edit.
- Insert ../ to the template and save it
- Gets HTTP 400
Expected Results
The saving process should be completed properly.
Actual Results
Getting HTTP 400 message after clicking the save button.
Workaround
Replace the below character sets with ./ or .\ to resolve the save process.
../ ..\ …/ …\
- followed by
-
CONFSERVER-95889 Getting HTTP 400 while saving page from a template or from a copy by using the close button.
-
- Closed
-
- is related to
-
CONFSERVER-93655 Getting HTTP 400 while saving page by using the close button.
-
- Closed
-
NOT fixed in v8.5.9!!
Once you try to copy a page containing ../ ..\ in header or/and body you still(!!) encounter HTTP 400.
This is really a mess!!