WebCenter Portal Page with Query Parameter Value '~' fails with Error
(Doc ID 2652787.1)
Last updated on MAY 23, 2024
Applies to:
Oracle WebCenter Portal - Version 12.2.1.3.190416 and laterOracle WebCenter Portal for OCI - Version 12.2.1.4_24.2 and later
Information in this document applies to any platform.
Symptoms
Receive an error when a query parameter has a value with '~'. For example, if a sample portal is accessed using /webcenter/portal/testportal?test=~1, this will return error:
SecurityConfiguration for ESAPI.Authenticator not found in ESAPI.properties. Using default: org.owasp.esapi.reference.FileBasedAuthenticator
<[SECURITY FAILURE Anonymous:null@unknown -> /DefaultName/IntrusionDetector] Invalid input: context=HTTP Query String : test=~1, type(HTTP_QUERY_PATTERN_STRING)=^[[\w_\?\\\/\.\&\,\- =\%+\*!:#()]]+$, input=test=~1
org.owasp.esapi.errors.ValidationException: HTTP Query String : test=~1: Invalid input. Please conform to regex ^[[\w_\?\\\/\.\&\,\- =\%+\*!:#()]]+$ with a maximum length of 2000
at org.owasp.esapi.reference.validation.StringValidationRule.checkWhitelist(StringValidationRule.java:144)
at org.owasp.esapi.reference.validation.StringValidationRule.getValid(StringValidationRule.java:306)
at org.owasp.esapi.reference.DefaultValidator.getValidInput(DefaultValidator.java:213)
at oracle.webcenter.webcenterapp.utils.WCRequestValidator.esValidate(WCRequestValidator.java:145)
at oracle.webcenter.webcenterapp.utils.WCRequestValidator.validate(WCRequestValidator.java:125)
at oracle.webcenter.webcenterapp.utils.WCRequestValidator.validate(WCRequestValidator.java:79)
Changes
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Changes |
| Cause |
| Solution |