These custom portlets are indistinguishable from portlets that ship with liferay portal. Set the location of the default help content for portlet display templates for each. Structures and templates is elegant feature in liferay web content management system. Working with liferay urls working with liferay alloy ui dialogs. Exploit database is a cve compliant archive of public exploits and. Set a list of comma delimited valid url prefixes that xsl content portlet is allowed to use. If liferay portal only supported simple content as has been described above, you d. A common use case is to keep legacy property values when upgrading to newer versions of liferay. Understanding available content via portlets operations. On the user portlet a participant can register, answer some questions and get a unique code. Simple jsp portlet liferay portal examples liferay.
The portleturl interface represents a url that reference the portlet itself a portleturl is created through the renderresponse or resourceresponse. The presentation provides an introduction to portlets using liferay portal including portals and portlets. If you look at that table, there are 3 important columns. Lets start by creating a new directory called myjspportlet within liferay\ext\extweb\docroot\html\portlet\ext\. Liferay portal developers at intrasoft international. The software catalog portlet and its associated services are no longer part of liferays source code or binaries. Fortunately liferay provided source code patches for most of those older liferay versions, even for the community edition. Introduction to liferay structures and templates meera prince introduction. But in liferay i want to ask where to put these entries. Tailored solutions built fast, secure, and connected on one platform. Liferay is the leading open source portal solution on the market.
Liferay xsl command execution metasploit multiple webapps. This chapter also explains the features, technologies, and tools to help you decide which portlet building technology best suits your needs. Introduction to liferay structures and templates liferay savvy. Updates should not be made on perties or on perties, but in perties. This chapter provides an overview of portlets, and describes, with the help of examples, the use of portlets. Understanding liferay portlet configuration files roufid. Publishing workflow, versioning, structured content, xsl content, breadcrumb, navigation and velocity templates, and wysiwyg editing for end users. Known affected software configurations switch to cpe 2. When we create a new portlet in liferay, the folder structure is created as below. How to create a salesforce portlet in liferay by using.
The web forms portlet is a tool that allows a web administrator to define a form to be published in the website. Export journal content as pdf in liferay liferay document conversion portlet send mails in liferay plugin portlet lifeay message bus portlethandling bulk operation. How to build binary patches for older liferay version from. You can use it to organize your tasks or your teams. Get portletpage containing web content in liferay stack. Google embedded document viewer in liferay portlet. Unspecified vulnerability in the xsl content portlet in liferay portal community edition ce 5. Remote command execution in portlet xsl content liferay. Public old liferay portal use liferay portal standard edition lep5987. Liferay developers should be very familiar with the jsr286 specification and understand how its features are at the core of other popular portlet application frameworks. Cve20111571, unspecified vulnerability in the xsl content portlet in liferay portal community edition ce 5.
Introduction to liferay structures and templates liferay. Top 10 reasons why liferay is the best enterprise portal. How to include css or js or image file in jsp liferay. The problem is that the pages i try to link to can not be found. Exploit for liferay xsl code execution released researchers are releasing a metasploit module that can exploit a vulnerability in an open source web content management system called liferay in the xslt processing engine that is used to allow setting dynamic xml feeds to be displayed as content on a page. Although a jspportlet does little more than display content, there is still some work that needs to be done. Contribute to liferayliferaydocs development by creating an account on github. Installing the portlet applications file for liferay portal. One of the core features built into liferay portal is the content management system cms. The asset publisher portlet publishes any piece of content in your portal as though it were a web content portal, either through a set of publishing rules or by manual selection. Unspecified vulnerability in the xsl content portlet in liferay portal community. When tomcat is present, arbitrary code can be executed via java calls in the data fed to the xalan xslt processor.
The configuration of an articleid for a web content display portlet is stored as a preference in this table. Parameters, a portlet mode, a window state and a security level can be added to portleturl objects there are two types of portleturls. This portlet to allow assignment of different liferay workflows to individual web content structures, similar to the request here. Given the impact of this security bug, i prefer not to disclose details on a public bug tracker. Copy the source code for the widget that you want to embed in the. I want to mean that using liferay cms as well as alloy alloy is javascript framework by liferay how can we implement carousel. If xslpage is defined, the user must have rights to change the content of that page to add a new xsl portlet, otherwise it can be left blank. Additional property files can be used by setting the externalproperties system property. On the admin side, an administrator can check if a code is valid, who the owner is. Xsl content portlet does not work with relative url includes in xsl stylesheets. Portal, eip, bpm, ecm, bi, java open source solution, web integration, j2ee, java custom development, taiwan. Liferay web content workflow configuration portlet.
It can reduce the development cost and deliver an application in a very short time. The software is used by leading companies and organisations worldwide. Creating portlets documentation dotcms hybrid content management system. The xsl content portlet in liferay portal community edition ce 5. I want to add custom user notifications in liferay 7. As is, the portlet only reads xsl and xml content, but can pose a further risk.
Developed feed content display portlet using spring portlet based on categorization. Out of the box portlets in liferay out of the box portlets with plugin ids. Remote command execution in portlet xsl content insert lucidchart diagram. The xsl content portlet displays the result of the xsl transformation of a xml document. Liferay is used to power internet, intranet and extranet collaborative and community based projects. You created this list by looking at the feature claims of various software. Liferay custom json web services on multiple table. A portlet is an application that presents a fragment of a portal page a portlet container assembles the portlets into a portal page. Rivet logics costa rica developers forge presented this at a costa rica java users group meeting.
Please set this ticket to private or ask for details by email. The portletpreferences table in the database contains the configurations of each portlet in the system. It runs on cloud, so there is no need to install any software and no hardware is required. Unspecified vulnerability in the xsl content portlet in liferay portal. The asset publisher portletpublishes any piece of content in your portal as though it were a web content portal, either through a set of publishing rules or by manual selection. There is a security problem around that affects several liferay version from 6. Fiware innovation arena tool integrated software v2 european. Software, fiware innovation arena, integration, marketplace.
This is a liferay portlet application but can easily be ported to other jsr286compliant portlet containers which consists of 2 portlets user side and administration. At xtivia, we have extensive experience delivering enterprise portal, content management, and collaboration solutions since the late 1990s, and have seen this product space mature and evolve over the years. Layout velocity template theme css, javascript, and jsp portlet roster is one of the gotchas as we do not want to couple the actual portlets with the cms or management tools. We started with traditional commercial software from the likes of vignette and epicentric in the late 1990s, and moving into ibm websphere portal in 20032004. Document management allows you to store, index, and access all electronic documents that you have uploaded to portal. Support your customers, partners, and employees with a single flexible digital experience platform that works to bring value to your business and end users.
If you want to hide a deployed portlet from the add application window, declare it under the category. Digital experience software tailored to your needs liferay. And you can write powerful, scripted templates in xsl, velocity, or freemarker. Specifically, the xml xsl specification allows for potentially dangerous code to be executed. Portal design artifacts layout page ties theme, layout, and portlet roster with url pages are organized into site structure. However, this can be a feature that is useful for some portals. Senior liferay developer resume profile hire it people.
A webbased gateway that allows users to locate and create relevant content. You can create as many lists as you need tasks, presents, buys, travels. Xsl content portlet can be configured with any xml xsl. An security vulnerability exists with the xsl content portlet that can potentially allow execution of code on the server. It explains portlet anatomy and the resources to create portlets. While liferay does support portlet development with a wide variety of languages and frameworks, the most common portlets will be based on the jsr286 specification. Jsp, xml, xsl, spring framework, jdbc, liferay developer studio 1. Liferay portal developers eu projects we are looking for inspired and experienced liferay portal developers to join our talented software team that delivers the latest in eu intellectual property office euipo. The initpage init parameter is mandatory and its value must be the welcome page of the struts application. Currently, salesforce is a leading ondemand crm in the market. The xsl content portlet paths for xsl and xml content accept the file. You can disable portlets or restrict their use based on user permissions. Intrasoft international, a leading european it solutions provider, is seeking inspired talents to cover the following opening in our athens branch.
740 779 1484 970 844 123 9 1496 1014 1292 540 495 271 1089 900 1202 1017 1015 38 325 907 741 1070 78 1565 1011 1204 1005 74 1090 229 291 378 1420 418