BrowserInfoPage.java

ivaynberg Thu, 14 Oct 2010 11:52:30 -0700

Author: ivaynberg
Date: Thu Oct 14 18:51:30 2010
New Revision: 1022649

URL: http://svn.apache.org/viewvc?rev=1022649&view=rev
Log:


Issue: WICKET-3106

Modified:
    
wicket/trunk/wicket/src/main/java/org/apache/wicket/markup/html/pages/BrowserInfoPage.java

Modified: 
wicket/trunk/wicket/src/main/java/org/apache/wicket/markup/html/pages/BrowserInfoPage.java
URL: 
http://svn.apache.org/viewvc/wicket/trunk/wicket/src/main/java/org/apache/wicket/markup/html/pages/BrowserInfoPage.java?rev=1022649&r1=1022648&r2=1022649&view=diff
==============================================================================
--- 
wicket/trunk/wicket/src/main/java/org/apache/wicket/markup/html/pages/BrowserInfoPage.java
 (original)
+++ 
wicket/trunk/wicket/src/main/java/org/apache/wicket/markup/html/pages/BrowserInfoPage.java
 Thu Oct 14 18:51:30 2010
@@ -73,10 +73,6 @@ public class BrowserInfoPage extends Web
        public BrowserInfoPage(PageParameters parameters)
        {
                String to = parameters.get("cto").toString();
-               if (to == null)
-               {
-                       throw new IllegalArgumentException("parameter cto must 
be provided!");
-               }
                setContinueTo(to);
                initComps();
                RequestCycle requestCycle = getRequestCycle();
@@ -109,10 +105,6 @@ public class BrowserInfoPage extends Web
         */
        public BrowserInfoPage(final String continueTo)
        {
-               if (continueTo == null)
-               {
-                       throw new IllegalArgumentException("Argument continueTo 
must be not null");
-               }
                setContinueTo(continueTo);
                initComps();
        }
@@ -190,6 +182,32 @@ public class BrowserInfoPage extends Web
         */
        protected final void setContinueTo(String continueTo)
        {
+               if (continueTo == null)
+               {
+                       throw new IllegalArgumentException("Argument continueTo 
must not be null");
+               }
+               else if (continueTo.contains("://"))
+               {
+                       // prevent attackers from redirecting to any url by 
appending &cto=http://<someurl> to
+                       // the query string, eg
+                       // 
http://wicketstuff.org/wicket14/compref/?wicket:bookmarkablePage=:org.apache.wicket.markup.html.pages.BrowserInfoPage&cto=http://www.google.de
+                       // WICKET-3106
+                       throw new IllegalArgumentException("continuTo url : " + 
continueTo +
+                               " must be relative to the current server.")
+                       {
+                               /**
+                                * No stack trace. We won't tell the hackers 
about the internals of wicket in case
+                                * stack traces are enabled
+                                * 
+                                * @see java.lang.Throwable#getStackTrace()
+                                */
+                               @Override
+                               public StackTraceElement[] getStackTrace()
+                               {
+                                       return new StackTraceElement[0];
+                               }
+                       };
+               }
                this.continueTo = continueTo;
        }
 }

svn commit: r1022649 - /wicket/trunk/wicket/src/main/java/org/apache/wicket/markup/html/pages/BrowserInfoPage.java

Reply via email to