0
Fixed

Particular / exceptional group configurations can prevent core functionality

Tony Sheehy 7 years ago • updated by anonymous 3 years ago 3

A particular set of group configurations can prevent the user from the use of core system functionality.

If a field is populated with data for which the length surpasses the maximum content string length quota - and it is not caught by the controller before being sent to the service - an exception will be thrown {and will not be gracefully caught by EventBroker.

{info}By default the Maximum content string length quota is 8192.{info}

This can have serious ramifications - first consider the following example:

  • A group is created with a name or description that breaches the above Maximum content string length quota
  • It is not caught by the Controller, and a potentially dangerous set of user input is sent to the service.
  • The service considers this input as valid - and registers it against the configuration engine.
  • However, the Maximum content string length quota will now throw an exception whenever the dangerous input is displayed on screen.
  • Using the example of a dangerously configured group, this includes:
    • The groups index page
    • The group edit / update page
    • The operation list home page
      And any other page that needs to retrieve the configuration of a dangerously configured group.
      Consider extrapolating this problem to any potentially unprotected fields.

Tony, can you please confirm this issue has been resolved.

Tested and confirmed complete.