Solved: lafPath variable in standard portal

Former Member · ‎04-10-2012

Hi,

I am looking at html code from standard page in Portal as following :

<HEAD>

<TITLE>SAP Enterprise Portal</TITLE>

var lafPath = getParameter("lafPath");

var lafFile1Path = lafPath + "/themes/portal/sap_standard/ctrl/ctrl_ie5.css";

var lafFile2Path = lafPath + "/themes/portal/sap_standard/prtl/prtl_ie5.css";

var lafFile3Path = lafPath + "/themes/portal/sap_standard/prtl_std/prtl_std_ie5.css";

document.write("<LINK REL=stylesheet HREF=\"" + lafFile1Path + "\">");

document.write("<LINK REL=stylesheet HREF=\"" + lafFile2Path + "\">");

document.write("<LINK REL=stylesheet HREF=\"" + lafFile3Path + "\">");

</script>

</HEAD>

I have no idea where the variable is set. Can you advise me.

Thank you,

Noppong

Former Member · ‎04-10-2012

Hi Noppong,

The script https://<hostname>/irj/portalapps/com.sap.portal.admin.propertyeditor/html/ModalMsg.h

tml accepts user input as variable lafPath. This variable appears to be

being inserted directly into a Javascript request for a further URL

without sufficient input validation.

Regards

Shrikant

lafPath variable in standard portal