Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-95889

Getting HTTP 400 while saving page from a template or from a copy by using the close button.

XMLWordPrintable

      Issue Summary

      This is reproducible on Data Center: yes

      Pages and blogs containing path traversal strings (../ ..\ .../ ...) cannot be saved using a close button. The 400 error shows up. 

      Steps to Reproduce

      1. Create a new template
      2. create a new page from template (try your custom template, blog post, other templates like DACI, etc)
      3. put ../ ..\ .../ ...\ in the title and body
      4. close the edit mode using Close button

      OR

      1. Create a new page with ../ ..\ .../ ...\ in the body and in the title
      2. copy the page
      3. close the new page using Close button.

      Expected Results

      The draft should be saved.

      Actual Results

      The page shows 400

      following endpoints are causing 400 error:

      • docreateblogpost.action
      • docreatepagefromtemplate.action
      • docreatepage.action 

      Workaround

      Remove ../ ..\ .../ ...\ strings from the input fields. Save the page using Publish button.

        1. image-2024-05-24-10-47-50-947.png
          image-2024-05-24-10-47-50-947.png
          67 kB

              854eef6f5746 Kusal Kithul-Godage
              d5dce7b13926 agawron
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: