[
https://issues.apache.org/jira/browse/WICKET-1597?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Doug Donohoe updated WICKET-1597:
---------------------------------
Attachment: FixedMixedParamUrlCodingStrategy.java
Sorry for the delay in responding.
After discovering this problem with nulls, I found more problems with other
characters like ".", "/", "\" and the ".." string.
These are problem characters because they are often interpreted by the browser
or servlet container as path traversal characters. For example ".." means go
to the parent and "./" is often stipped as redundant.
I fixed these issues locally with the attached file. This was successfully
used in the DD Poker search page:
http://online.ddpoker.com/search
Basically, it allows one to type in any search character and have it retained
properly in a URL.
> MixedParamUrlCodingStrategy bugs
> --------------------------------
>
> Key: WICKET-1597
> URL: https://issues.apache.org/jira/browse/WICKET-1597
> Project: Wicket
> Issue Type: Bug
> Components: wicket
> Affects Versions: 1.3.3
> Environment: Firefox
> Reporter: Doug Donohoe
> Assignee: Matej Knopp
> Priority: Minor
> Fix For: 1.4-RC2
>
> Attachments: FixedMixedParamUrlCodingStrategy.java,
> patch-MixedParamUrlCodingStrategy-WICKET-1597.diff,
> patch-MixedParamUrlCodingStrategyTest-WICKET-1597.diff
>
>
> If a parameter is missing, it is default to "" as seen below.
> if (foundParameter)
> {
> for (int i = 0; i <= lastSpecifiedParameter; i++)
> {
> String parameterName = parameterNames[i];
> final Object param =
> parameters.get(parameterName);
> String value = param instanceof String[] ?
> ((String[])param)[0] : (String)param;
> if (value == null)
> {
> value = ""; // <===== THIS LINE RIGHT
> HERE
> }
> url.append(urlEncode(value)).append("/");
> parameterNamesToAdd.remove(parameterName);
> }
> }
> If the parameter is in the middle, you end up with a URL that looks like:
> foo.com/mypage/param1//param3
> The "//" causes images and CSS to not be found (at least on firefox).
> I fixed this locally by setting the value to "-", and looking for that on the
> way in.
> foo.com/mypage/param1/-/param3
> I'm not sure if this fix would break anything else, so I'm not sure if I
> should submit a patch. One possible issue is if someone is passing '-' as a
> real value and expects it to be there. I could make '-' the default and
> allow someone to change it via API...
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
