1. UNIFYNow Forum
  2. Bugs
0
Fixed

Particular / exceptional group configurations can prevent core functionality

Tony Sheehy 14 years ago updated by anonymous 9 years ago 3

A particular set of group configurations can prevent the user from the use of core system functionality.

If a field is populated with data for which the length surpasses the maximum content string length quota - and it is not caught by the controller before being sent to the service - an exception will be thrown {and will not be gracefully caught by EventBroker.

{info}By default the Maximum content string length quota is 8192.{info}

This can have serious ramifications - first consider the following example:

  • A group is created with a name or description that breaches the above Maximum content string length quota
  • It is not caught by the Controller, and a potentially dangerous set of user input is sent to the service.
  • The service considers this input as valid - and registers it against the configuration engine.
  • However, the Maximum content string length quota will now throw an exception whenever the dangerous input is displayed on screen.
  • Using the example of a dangerously configured group, this includes:
    • The groups index page
    • The group edit / update page
    • The operation list home page
      And any other page that needs to retrieve the configuration of a dangerously configured group.
      Consider extrapolating this problem to any potentially unprotected fields.
Adam van Vliet 14 years ago

Corrected WCF endpoint.

Patrick Johannessen 13 years ago

Tony, can you please confirm this issue has been resolved.

Tony Sheehy 13 years ago

Tested and confirmed complete.

Customer support service by UserEcho