Create
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Community resources
Community resources
Community resources
- Community
- Products
- Confluence
- Questions
- See page content from restricted pages
See page content from restricted pages
Hey,
I found a way to get access to restricted pages by using confiForms. It was more a random finding by building up a page finder.
The use case was to get the page creator or spacekey only with the knowledge of the page ID (e.g. https://confluence.example.com/pages/viewpage.action?pageId=1234567), usually without having access to the page itself.
Anyway, I build up a page finder (see source code below) and thought it would be nice to get also the content from the page in a storage format field (content), by clicking a button (content=[entry.page.bodyAsString]). This works pretty well, but it works also for pages where I have no access to it.
Is this common or known? Or better question, is this okay? It looks like a kind of security breach for restricted pages? It works also if I have no access to the space as well!
<ac:layout>
<ac:layout-section ac:type="two_left_sidebar">
<ac:layout-cell>
<p class="auto-cursor-target">
<br/>
</p>
<ac:structured-macro ac:macro-id="415f0f36-6167-49e1-8bee-a72e76e28088" ac:name="confiform" ac:schema-version="1">
<ac:parameter ac:name="formName">finder</ac:parameter>
<ac:rich-text-body>
<p class="auto-cursor-target">
<br/>
</p>
<ac:structured-macro ac:macro-id="42d29baf-5040-40ee-9253-a0ad0f13912c" ac:name="confiform-entry-register" ac:schema-version="1">
<ac:parameter ac:name="overrideSaveButtonLabel">Find</ac:parameter>
<ac:parameter ac:name="type">Embedded</ac:parameter>
<ac:rich-text-body>
<p>
<ac:structured-macro ac:macro-id="ba8258aa-f330-4d0c-ab32-7c6722fd1fb1" ac:name="confiform-field" ac:schema-version="1">
<ac:parameter ac:name="overrideLabel">Coyp/Paste Page ID</ac:parameter>
<ac:parameter ac:name="fieldName">pagenumber</ac:parameter>
<ac:parameter ac:name="withLabel">true</ac:parameter>
<ac:parameter ac:name="showLabelOnOwnLine">true</ac:parameter>
</ac:structured-macro>
</p>
</ac:rich-text-body>
</ac:structured-macro>
<p>
<br/>
</p>
<p>
<ac:structured-macro ac:macro-id="96707733-26ca-4a16-aa07-f2559aefd2c1" ac:name="confiform-field-definition" ac:schema-version="1">
<ac:parameter ac:name="fieldName">pagenumber</ac:parameter>
<ac:parameter ac:name="fieldLabel">pageid</ac:parameter>
<ac:parameter ac:name="fieldDescription">e.g. 08174711</ac:parameter>
<ac:parameter ac:name="type">text</ac:parameter>
</ac:structured-macro>
</p>
<p>
<ac:structured-macro ac:macro-id="46b2afe2-d3b7-4d29-b17f-fb85bf10a6ac" ac:name="confiform-field-definition" ac:schema-version="1">
<ac:parameter ac:name="fieldName">page</ac:parameter>
<ac:parameter ac:name="fieldLabel">page</ac:parameter>
<ac:parameter ac:name="values">true</ac:parameter>
<ac:parameter ac:name="type">page</ac:parameter>
</ac:structured-macro>
</p>
<p>
<ac:structured-macro ac:macro-id="6ae57610-e7ee-41ed-bb74-0e666151c429" ac:name="confiform-field-definition" ac:schema-version="1">
<ac:parameter ac:name="fieldName">content</ac:parameter>
<ac:parameter ac:name="fieldLabel">Content</ac:parameter>
<ac:parameter ac:name="type">storageformat</ac:parameter>
</ac:structured-macro>
</p>
<p>
<ac:structured-macro ac:macro-id="219ea156-a0c8-44a7-92fc-3e72ee8ea068" ac:name="confiform-field-definition" ac:schema-version="1">
<ac:parameter ac:name="fieldName">update</ac:parameter>
<ac:parameter ac:name="fieldLabel">Update</ac:parameter>
<ac:parameter ac:name="values">Get page content</ac:parameter>
<ac:parameter ac:name="extras">content=[entry.page.bodyAsString]</ac:parameter>
<ac:parameter ac:name="type">action_button</ac:parameter>
</ac:structured-macro>
</p>
<ac:structured-macro ac:macro-id="1510db3d-30ca-427e-ab64-7b6b6e0a002f" ac:name="confiform-ifttt" ac:schema-version="1">
<ac:parameter ac:name="action">Create ConfiForms Entry</ac:parameter>
<ac:parameter ac:name="event">onCreated</ac:parameter>
<ac:parameter ac:name="title">entryId=[entry.id]&page.id=[entry.pagenumber]</ac:parameter>
<ac:rich-text-body>
<p>
<br/>
</p>
</ac:rich-text-body>
</ac:structured-macro>
<p class="auto-cursor-target">
<br/>
</p>
</ac:rich-text-body>
</ac:structured-macro>
<p class="auto-cursor-target">
<br/>
</p>
</ac:layout-cell>
<ac:layout-cell>
<p class="auto-cursor-target">
<br/>
</p>
<ac:structured-macro ac:macro-id="a30d3c4e-524c-4ca5-9553-1153d2064b87" ac:name="confiform-table" ac:schema-version="1">
<ac:parameter ac:name="formName">finder</ac:parameter>
<ac:rich-text-body>
<p>
<ac:structured-macro ac:macro-id="3ad69f2c-f8e7-4b4b-86aa-bd5c2bcc4a93" ac:name="confiform-field" ac:schema-version="1">
<ac:parameter ac:name="overrideLabel">Page Name</ac:parameter>
<ac:parameter ac:name="fieldName">page</ac:parameter>
</ac:structured-macro>
</p>
<p>
<ac:structured-macro ac:macro-id="956d435f-2604-4a78-a2d0-8b4d0859f4a4" ac:name="confiform-field" ac:schema-version="1">
<ac:parameter ac:name="overrideLabel">Page ID</ac:parameter>
<ac:parameter ac:name="fieldName">page.id</ac:parameter>
</ac:structured-macro>
</p>
<p>
<ac:structured-macro ac:macro-id="0be1b38b-193c-4d2b-b0fe-39d9d1abff16" ac:name="confiform-field" ac:schema-version="1">
<ac:parameter ac:name="overrideLabel">Space key</ac:parameter>
<ac:parameter ac:name="fieldName">page.spaceKey</ac:parameter>
</ac:structured-macro>
</p>
<p>
<ac:structured-macro ac:macro-id="1e971a2f-88c3-42a1-80d2-6463f98b3af7" ac:name="confiform-field" ac:schema-version="1">
<ac:parameter ac:name="overrideLabel">Creator</ac:parameter>
<ac:parameter ac:name="fieldName">page.creatorName</ac:parameter>
</ac:structured-macro>
</p>
<p>
<ac:structured-macro ac:macro-id="846485bf-2070-4143-9b3d-7e8727dfaaec" ac:name="confiform-field" ac:schema-version="1">
<ac:parameter ac:name="overrideLabel">Request by</ac:parameter>
<ac:parameter ac:name="fieldName">createdBy</ac:parameter>
</ac:structured-macro>
</p>
<p>
<ac:structured-macro ac:macro-id="aa940edc-09c2-4bd7-a336-d6e48590bdc0" ac:name="confiform-field" ac:schema-version="1">
<ac:parameter ac:name="overrideLabel">Request on</ac:parameter>
<ac:parameter ac:name="fieldName">created</ac:parameter>
</ac:structured-macro>
</p>
<p>
<ac:structured-macro ac:macro-id="90a26ecd-1b6b-41d5-9b84-e721fe3f63b2" ac:name="confiform-field" ac:schema-version="1">
<ac:parameter ac:name="fieldName">update</ac:parameter>
</ac:structured-macro>
</p>
<ac:structured-macro ac:macro-id="2803f303-0696-4ae1-bcbe-767f2df7bd54" ac:name="confiform-entry-viewer" ac:schema-version="1">
<ac:rich-text-body>
<p>
<ac:structured-macro ac:macro-id="77434f87-aa7c-4d8c-b087-ee707dbc2218" ac:name="confiform-field" ac:schema-version="1">
<ac:parameter ac:name="fieldName">content</ac:parameter>
</ac:structured-macro>
</p>
</ac:rich-text-body>
</ac:structured-macro>
<p class="auto-cursor-target">
<br/>
</p>
</ac:rich-text-body>
</ac:structured-macro>
<p class="auto-cursor-target">
<br/>
</p>
</ac:layout-cell>
</ac:layout-section>
</ac:layout>
Regards,
Michael
1 answer
Hey, I got the info you have updated this issue with v3.5.6. Unfortunately, now I am not longer able to get any informations about a page. I guess this is a sideeffect of taking care of the security.
Anyway, now I am struggeling again to get info who I have to contact if I am facing a page where I have no access on the page or the space. In my opinion, the page.creator and page.spaceKey would have been a nice info to get without the required permissions. Are there any other ways to get this infos?
Was this helpful?
Thanks!
Copyright © 2025 Atlassian
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.