UrlUtils.isRelative returns false if URL parameter contains an absolute URL
---------------------------------------------------------------------------
Key: WICKET-3076
URL: https://issues.apache.org/jira/browse/WICKET-3076
Project: Wicket
Issue Type: Bug
Components: wicket
Affects Versions: 1.4.7
Reporter: Michael Gottschalk
I have a page that gets a return path for a back link as a parameter. A link to
this page looks like this:
./mypage?return=http://example.com
In WebRequestCodingStrategy.encode, this URL is returned by pathForTarget.
Then it is checked whether this URL is relative using UrlUtils.isRelative. The
URL is apparently relative, but UrlUtils.isRelative returns false, since the
check contains:
(url.indexOf("://") < 0
this is false for the above example. Thus, an incorrect path is returned by
WebRequestCodingStrategy.encode (relative path resolution does not take place).
A fix for the problem would be to check for
!(url.startsWith("http://";) || url.startsWith("https://";))
Or, if other protocols should also be supported, a regular expression like
"^[^/?]*://" should work.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
