Problem Statement
The rules include endpoint (/api/portlet/rules/include) can receive an invalid or non-existent id query parameter. In that case, the server responds with a JSP runtime error (e.g. JasperException for include.jsp) instead of a normal HTTP error response.
Current behavior:
When id is missing, invalid, or does not match an existing contentlet, the response is a 500-style error page rather than a clear HTTP status.
Expected behavior:
Invalid or missing id → 400 Bad Request (or equivalent) with a clear message.
Valid id format but no matching content → 404 Not Found (or equivalent).
No parsing/runtime exception for invalid input; all request-derived values used in the response should be validated and safely handled so the response is predictable.
Steps to Reproduce
Deploy dotCMS (e.g. 25.07.10 LTS).
Call the rules include URL with an id parameter that is invalid, or does not correspond to an existing contentlet (e.g. empty, wrong format, or non-existent identifier).
Observe the response: a server error / parsing exception page instead of a 400 or 404 response.
Acceptance Criteria
- Invalid or missing id → 400 Bad Request and a clear error message; no exception stack trace in the response.
- Valid id but content not found → 404 Not Found; no exception stack trace.
- No runtime errors for invalid input; proper validation and error handling for the id.
dotCMS Version
25.07.10 LTS
Latest
Severity
Medium - Some functionality impacted
Links
https://helpdesk.dotcms.com/a/tickets/35594
Problem Statement
The rules include endpoint (/api/portlet/rules/include) can receive an invalid or non-existent id query parameter. In that case, the server responds with a JSP runtime error (e.g. JasperException for include.jsp) instead of a normal HTTP error response.
Current behavior:
When id is missing, invalid, or does not match an existing contentlet, the response is a 500-style error page rather than a clear HTTP status.
Expected behavior:
Invalid or missing id → 400 Bad Request (or equivalent) with a clear message.
Valid id format but no matching content → 404 Not Found (or equivalent).
No parsing/runtime exception for invalid input; all request-derived values used in the response should be validated and safely handled so the response is predictable.
Steps to Reproduce
Deploy dotCMS (e.g. 25.07.10 LTS).
Call the rules include URL with an id parameter that is invalid, or does not correspond to an existing contentlet (e.g. empty, wrong format, or non-existent identifier).
Observe the response: a server error / parsing exception page instead of a 400 or 404 response.
Acceptance Criteria
dotCMS Version
25.07.10 LTS
Latest
Severity
Medium - Some functionality impacted
Links
https://helpdesk.dotcms.com/a/tickets/35594