[CONFSERVER-95889] Getting HTTP 400 while saving page from a template or from a copy by using the close button.

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 7.19.26, 8.9.5, 9.0.2, 8.5.14
Affects Version/s: 8.5.9, 7.19.22
Component/s: Security
Labels:
- sec-escape

Support reference count:
1
Symptom Severity:
Severity 3 - Minor
UIS:
1
Bug Fix Policy:
View Atlassian Server bug fix policy

Issue Summary

This is reproducible on Data Center: yes

Pages and blogs containing path traversal strings (../ ..\ .../ ...) cannot be saved using a close button. The 400 error shows up.

Steps to Reproduce

Create a new template
create a new page from template (try your custom template, blog post, other templates like DACI, etc)
put ../ ..\ .../ ...\ in the title and body
close the edit mode using Close button

Create a new page with ../ ..\ .../ ...\ in the body and in the title
copy the page
close the new page using Close button.

Expected Results

The draft should be saved.

Actual Results

The page shows 400

following endpoints are causing 400 error:

docreateblogpost.action
docreatepagefromtemplate.action
docreatepage.action

Workaround

Remove ../ ..\ .../ ...\ strings from the input fields. Save the page using Publish button.

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List

image-2024-05-24-10-47-50-947.png
67 kB
24/May/2024 12:47 AM

follows

CONFSERVER-93655 Getting HTTP 400 while saving page by using the close button.

Closed

CONFSERVER-94256 Getting HTTP 400 while saving a page template or Stylesheet

Closed

mentioned in: Page Failed to load

Akshay Rai added a comment - 13/Aug/2024 7:20 AM

A fix for this issue is available in Confluence Server and Data Center 9.0.2
Upgrade now or check out the Release Notes to see what other issues are resolved.

Akshay Rai added a comment - 13/Aug/2024 7:20 AM A fix for this issue is available in Confluence Server and Data Center 9.0.2 Upgrade now or check out the Release Notes to see what other issues are resolved.

Akshay Rai added a comment - 06/Aug/2024 12:38 PM

A fix for this issue is available in Confluence Server and Data Center 8.5.14
Upgrade now or check out the Release Notes to see what other issues are resolved.

Akshay Rai added a comment - 06/Aug/2024 12:38 PM A fix for this issue is available in Confluence Server and Data Center 8.5.14 Upgrade now or check out the Release Notes to see what other issues are resolved.

Akshay Rai added a comment - 06/Aug/2024 9:40 AM

A fix for this issue is available in Confluence Server and Data Center 7.19.26.
Upgrade now or check out the Release Notes to see what other issues are resolved.

Akshay Rai added a comment - 06/Aug/2024 9:40 AM A fix for this issue is available in Confluence Server and Data Center 7.19.26. Upgrade now or check out the Release Notes to see what other issues are resolved.

Akshay Rai added a comment - 30/Jul/2024 10:58 AM

A fix for this issue is available in Confluence Server and Data Center 8.9.5.
Upgrade now or check out the Release Notes to see what other issues are resolved.

Akshay Rai added a comment - 30/Jul/2024 10:58 AM A fix for this issue is available in Confluence Server and Data Center 8.9.5. Upgrade now or check out the Release Notes to see what other issues are resolved.

agawron added a comment - 24/May/2024 1:03 AM - edited

2f50ce82706f Thank you for your message in this ticket https://jira.atlassian.com/browse/CONFSERVER-94256. We tested stylesheets and they seem fine. Although we found this issue while saving drafts using the close button. Is it what you are experiencing? If not, can you provide the exact steps to reproduce your issue?

agawron added a comment - 24/May/2024 1:03 AM - edited 2f50ce82706f Thank you for your message in this ticket https://jira.atlassian.com/browse/CONFSERVER-94256 . We tested stylesheets and they seem fine. Although we found this issue while saving drafts using the close button. Is it what you are experiencing? If not, can you provide the exact steps to reproduce your issue?

Assignee:: Kusal Kithul-Godage

Reporter:: agawron

Affected customers:: 0 This affects my team

Watchers:: 4 Start watching this issue

Created:: 24/May/2024 12:50 AM

Updated:: 04/Sep/2024 11:45 PM

Resolved:: 30/Jul/2024 6:35 AM

Confluence Data Center

Details

Description

Issue Summary

Steps to Reproduce

Expected Results

Actual Results

Workaround

Attachments

Attachments

Issue Links

Forms

Activity

Collapse comment: Akshay Rai added a comment - 13/Aug/2024 7:20 AM

Expand comment: Akshay Rai added a comment - 13/Aug/2024 7:20 AM

Collapse comment: Akshay Rai added a comment - 06/Aug/2024 12:38 PM

Expand comment: Akshay Rai added a comment - 06/Aug/2024 12:38 PM

Collapse comment: Akshay Rai added a comment - 06/Aug/2024 9:40 AM

Expand comment: Akshay Rai added a comment - 06/Aug/2024 9:40 AM

Collapse comment: Akshay Rai added a comment - 30/Jul/2024 10:58 AM

Expand comment: Akshay Rai added a comment - 30/Jul/2024 10:58 AM

Collapse comment: agawron added a comment - 24/May/2024 1:03 AM, Edited by agawron - 24/May/2024 1:13 AM

Expand comment: agawron added a comment - 24/May/2024 1:03 AM, Edited by agawron - 24/May/2024 1:13 AM

People

Dates