[magnolia-dev] [JIRA] (MGNLFORUM-282) Make sure that we do not write user generated content to log file

Mon, 03 Nov 2014 20:22:30 -0800
Issue Type: Bug Bug
Assignee: Unassigned
Created: 04/Nov/14 5:21 AM
Description:

In DefaultForumManager, line 549, we might write out user generated content to the log file, thus allowing log forging.

            try {
                final Content firstMessage = firstMsgProp.getReferencedContent();
                final NodeData validatedProp = firstMessage.getNodeData(VALIDATED_PROPERTY);
                return (!validatedProp.isExist() && showUnvalidatedMessages) || (validatedProp.isExist() && validatedProp.getBoolean());
            } catch (RepositoryException e) {
                log.error("Couldn't check if thread[" + content + "] could to be shown: " + e.getMessage(), e);
                return false;
            }
Project: Magnolia Forum Module
Priority: Neutral Neutral
Reporter: Cheng Hu
Security Level: Public
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira


----------------------------------------------------------------
For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to: <[email protected]>
----------------------------------------------------------------

Reply via email to