Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-94256

Getting HTTP 400 while saving a page template or Stylesheet

      Issue Summary

      This is reproducible on Data Center: (yes)

      This is a continuation of the bug CONFSERVER-93655 - Getting HTTP 400 while saving page by using the close button..

      If the page template contains one of the following character sets in the content the saving process gets a HTTP 400 message.

      ../ 
      ..\ 
      …/ 
      …\
      

      Steps to Reproduce

      1. Create a fresh instance with Confluence 8.5.5
      2. Create a new page template by navigating to General Configuration —> Global Templates and Blueprints
      3. Insert ../ to the template and save it
      4. Gets HTTP 400

      The same issue can be reproduce if we try to add the code in Stylesheet as well. This actually works correctly, we don't want to let path traversal strings in stylesheets.

      1. Choose Administration   > General Configuration > Stylesheet
      2. Choose Edit.
      3. Insert ../ to the template and save it
      4. Gets HTTP 400

      Expected Results

      The saving process should be completed properly.

      Actual Results

      Getting HTTP 400 message after clicking the save button.

      Workaround

      Replace the below character sets with ./ or .\ to resolve the save process.

      ../ 
      ..\ 
      …/ 
      …\
      

            [CONFSERVER-94256] Getting HTTP 400 while saving a page template or Stylesheet

            NOT fixed in v8.5.9!!

            Once you try to copy a page containing ../ ..\ in header or/and body you still(!!) encounter HTTP 400.

            This is really a mess!!

            KVB Collab Team added a comment - NOT fixed in v8.5.9!! Once you try to copy a page containing ../ ..\ in header or/and body you still(!!) encounter HTTP 400. This is really a mess!!

            A fix for this issue is available in Confluence Server and Data Center 8.5.9.
            Upgrade now or check out the Release Notes to see what other issues are resolved.

            James Whitehead added a comment - A fix for this issue is available in Confluence Server and Data Center 8.5.9. Upgrade now or check out the Release Notes to see what other issues are resolved.

            A fix for this issue is available in Confluence Data Center 8.9.1.
            Upgrade now or check out the Release Notes to see what other issues are resolved.

            James Whitehead added a comment - A fix for this issue is available in Confluence Data Center 8.9.1. Upgrade now or check out the Release Notes to see what other issues are resolved.

            A fix for this issue is available in Confluence Server and Data Center 7.19.22.
            Upgrade now or check out the Release Notes to see what other issues are resolved.

            James Whitehead added a comment - A fix for this issue is available in Confluence Server and Data Center 7.19.22. Upgrade now or check out the Release Notes to see what other issues are resolved.

            Still happens in v7.19.19 when you try to copy a page in which ../ is used either in headline or body and save it.
            HTTP 400 shows up again once you hit the save button.

            KVB Collab Team added a comment - Still happens in v7.19.19 when you try to copy a page in which ../ is used either in headline or body and save it. HTTP 400 shows up again once you hit the save button.

              d5dce7b13926 agawron
              ae95049760ab Kaan Çalışkan
              Affected customers:
              6 This affects my team
              Watchers:
              15 Start watching this issue

                Created:
                Updated:
                Resolved: