[
https://issues.apache.org/jira/browse/WICKET-3076?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12914855#action_12914855
]
Hudson commented on WICKET-3076:
--------------------------------
Integrated in Apache Wicket 1.5.x #362 (See
[https://hudson.apache.org/hudson/job/Apache%20Wicket%201.5.x/362/])
WICKET-3076 UrlUtils.isRelative returns false if URL parameter contains an
absolute URL
Use regular expression to check whether the passed url string starts with
'scheme://'
> UrlUtils.isRelative returns false if URL parameter contains an absolute URL
> ---------------------------------------------------------------------------
>
> Key: WICKET-3076
> URL: https://issues.apache.org/jira/browse/WICKET-3076
> Project: Wicket
> Issue Type: Bug
> Components: wicket
> Affects Versions: 1.4.7
> Reporter: Michael Gottschalk
> Assignee: Martin Grigorov
> Fix For: 1.4.13, 1.5-M3
>
>
> I have a page that gets a return path for a back link as a parameter. A link
> to this page looks like this:
> ./mypage?return=http://example.com
> In WebRequestCodingStrategy.encode, this URL is returned by pathForTarget.
> Then it is checked whether this URL is relative using UrlUtils.isRelative.
> The URL is apparently relative, but UrlUtils.isRelative returns false, since
> the check contains:
> (url.indexOf("://") < 0
> this is false for the above example. Thus, an incorrect path is returned by
> WebRequestCodingStrategy.encode (relative path resolution does not take
> place).
> A fix for the problem would be to check for
> !(url.startsWith("http://";) || url.startsWith("https://";))
> Or, if other protocols should also be supported, a regular expression like
> "^[^/?]*://" should work.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
