[2/2] tapestry-5 git commit: TAP5-2436: if the activation context contains illegal characters, respond with a HTTP 404 status

Wed, 12 Aug 2015 02:00:36 -0700 

TAP5-2436: if the activation context contains illegal characters, respond with 
a HTTP 404 status


Project: http://git-wip-us.apache.org/repos/asf/tapestry-5/repo
Commit: http://git-wip-us.apache.org/repos/asf/tapestry-5/commit/a05f9618
Tree: http://git-wip-us.apache.org/repos/asf/tapestry-5/tree/a05f9618
Diff: http://git-wip-us.apache.org/repos/asf/tapestry-5/diff/a05f9618

Branch: refs/heads/master
Commit: a05f9618630db905feeb307ead6dcef2e6a5c3bc
Parents: 18829d4
Author: Jochen Kemnade <[email protected]>
Authored: Wed Aug 12 10:44:29 2015 +0200
Committer: Jochen Kemnade <[email protected]>
Committed: Wed Aug 12 10:59:41 2015 +0200

----------------------------------------------------------------------
 .../services/ComponentEventLinkEncoderImpl.java | 15 ++++++----
 .../ComponentEventLinkEncoderImplTest.java      | 31 ++++++++++++++++++++
 2 files changed, 41 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/tapestry-5/blob/a05f9618/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/ComponentEventLinkEncoderImpl.java
----------------------------------------------------------------------
diff --git 
a/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/ComponentEventLinkEncoderImpl.java
 
b/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/ComponentEventLinkEncoderImpl.java
index 5baec01..79d90cc 100644
--- 
a/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/ComponentEventLinkEncoderImpl.java
+++ 
b/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/ComponentEventLinkEncoderImpl.java
@@ -486,7 +486,6 @@ public class ComponentEventLinkEncoderImpl implements 
ComponentEventLinkEncoder
         {
             return null;
         }
-
         String canonicalized = 
componentClassResolver.canonicalizePageName(pageName);
 
         // If the page is only visible to the whitelist, but the request is 
not on the whitelist, then
@@ -495,12 +494,18 @@ public class ComponentEventLinkEncoderImpl implements 
ComponentEventLinkEncoder
         {
             return null;
         }
+        try
+        {
+            EventContext activationContext = 
contextPathEncoder.decodePath(pageActivationContext);
 
-        EventContext activationContext = 
contextPathEncoder.decodePath(pageActivationContext);
-
-        boolean loopback = 
request.getParameter(TapestryConstants.PAGE_LOOPBACK_PARAMETER_NAME) != null;
+            boolean loopback = 
request.getParameter(TapestryConstants.PAGE_LOOPBACK_PARAMETER_NAME) != null;
 
-        return new PageRenderRequestParameters(canonicalized, 
activationContext, loopback);
+            return new PageRenderRequestParameters(canonicalized, 
activationContext, loopback);
+        } catch (IllegalArgumentException e)
+        {
+            // TAP5-2436
+            return null;
+        }
     }
 
     private boolean isWhitelistOnlyAndNotValid(String canonicalized)

http://git-wip-us.apache.org/repos/asf/tapestry-5/blob/a05f9618/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/ComponentEventLinkEncoderImplTest.java
----------------------------------------------------------------------
diff --git 
a/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/ComponentEventLinkEncoderImplTest.java
 
b/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/ComponentEventLinkEncoderImplTest.java
index a9f615f..78e71c5 100644
--- 
a/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/ComponentEventLinkEncoderImplTest.java
+++ 
b/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/ComponentEventLinkEncoderImplTest.java
@@ -478,4 +478,35 @@ public class ComponentEventLinkEncoderImplTest extends 
InternalBaseTestCase
 
         verify();
     }
+
+    @Test
+    // TAP5-2436
+    public void illegal_activation_context_leads_to_http_404() throws Exception
+    {
+        ComponentClassResolver resolver = mockComponentClassResolver();
+        Request request = mockRequest();
+        Response response = mockResponse();
+        LocalizationSetter ls = mockLocalizationSetter();
+        MetaDataLocator metaDataLocator = neverWhitelistProtected();
+
+        train_getPath(request, "/foo/pageid=123");
+        train_setLocaleFromLocaleName(ls, "foo", false);
+
+        train_isPageName(resolver, "foo/pageid=123", false);
+        train_isPageName(resolver, "foo", false);
+        train_isPageName(resolver, "", true);
+
+        train_canonicalizePageName(resolver, "", "Index");
+
+        replay();
+
+        ComponentEventLinkEncoderImpl linkEncoder = new 
ComponentEventLinkEncoderImpl(resolver, contextPathEncoder, ls,
+                response, null, null, null, true, null, "", metaDataLocator, 
null);
+
+        PageRenderRequestParameters parameters = 
linkEncoder.decodePageRenderRequest(request);
+
+        assertNull(parameters);
+
+        verify();
+    }
 }

Reply via email to