Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-95889

Getting HTTP 400 while saving page from a template or from a copy by using the close button.

XMLWordPrintable

      Issue Summary

      This is reproducible on Data Center: yes

      Pages and blogs containing path traversal strings (../ ..\ .../ ...) cannot be saved using a close button. The 400 error shows up. 

      Steps to Reproduce

      1. Create a new template
      2. create a new page from template (try your custom template, blog post, other templates like DACI, etc)
      3. put ../ ..\ .../ ...\ in the title and body
      4. close the edit mode using Close button

      OR

      1. Create a new page with ../ ..\ .../ ...\ in the body and in the title
      2. copy the page
      3. close the new page using Close button.

      Expected Results

      The draft should be saved.

      Actual Results

      The page shows 400

      following endpoints are causing 400 error:

      • docreateblogpost.action
      • docreatepagefromtemplate.action
      • docreatepage.action 

      Workaround

      Remove ../ ..\ .../ ...\ strings from the input fields. Save the page using Publish button.

        1. image-2024-05-24-10-47-50-947.png
          image-2024-05-24-10-47-50-947.png
          67 kB

            [CONFSERVER-95889] Getting HTTP 400 while saving page from a template or from a copy by using the close button.

            Niraj Bhawnani made changes -
            Labels Original: sec-escape security-escape New: sec-escape
            Niraj Bhawnani made changes -
            Labels Original: security-escape New: sec-escape security-escape

            Akshay Rai added a comment -

            A fix for this issue is available in Confluence Server and Data Center 9.0.2
            Upgrade now or check out the Release Notes to see what other issues are resolved.

            Akshay Rai added a comment - A fix for this issue is available in Confluence Server and Data Center 9.0.2 Upgrade now or check out the Release Notes to see what other issues are resolved.

            Akshay Rai added a comment -

            A fix for this issue is available in Confluence Server and Data Center 8.5.14
            Upgrade now or check out the Release Notes to see what other issues are resolved.

            Akshay Rai added a comment - A fix for this issue is available in Confluence Server and Data Center 8.5.14 Upgrade now or check out the Release Notes to see what other issues are resolved.
            Akshay Rai made changes -
            Fix Version/s Original: 8.5.13 [ 108816 ]
            Akshay Rai made changes -
            Fix Version/s New: 8.5.14 [ 108954 ]

            Akshay Rai added a comment -

            A fix for this issue is available in Confluence Server and Data Center 7.19.26.
            Upgrade now or check out the Release Notes to see what other issues are resolved.

            Akshay Rai added a comment - A fix for this issue is available in Confluence Server and Data Center 7.19.26. Upgrade now or check out the Release Notes to see what other issues are resolved.
            Kusal Kithul-Godage made changes -
            Fix Version/s Original: 9.0.1 [ 108911 ]
            Fix Version/s New: 9.0.2 [ 109029 ]

            Akshay Rai added a comment -

            A fix for this issue is available in Confluence Server and Data Center 8.9.5.
            Upgrade now or check out the Release Notes to see what other issues are resolved.

            Akshay Rai added a comment - A fix for this issue is available in Confluence Server and Data Center 8.9.5. Upgrade now or check out the Release Notes to see what other issues are resolved.

              854eef6f5746 Kusal Kithul-Godage
              d5dce7b13926 agawron
              Affected customers:
              0 This affects my team
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: