[jira] [Updated] (WICKET-4432) Possible to escape from package resource scope by inserting escaped slash (%2F)

Peter Ertl (Updated) (JIRA) Fri, 24 Feb 2012 17:20:11 -0800

     [ 
https://issues.apache.org/jira/browse/WICKET-4432?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Peter Ertl updated WICKET-4432:
-------------------------------

    Affects Version/s: 1.5.3
        Fix Version/s: 1.5.5
                       1.4.20
    
> Possible to escape from package resource scope by inserting escaped slash 
> (%2F)
> -------------------------------------------------------------------------------
>
>                 Key: WICKET-4432
>                 URL: https://issues.apache.org/jira/browse/WICKET-4432
>             Project: Wicket
>          Issue Type: Bug
>          Components: wicket
>    Affects Versions: 1.5.3, 1.5.4
>            Reporter: Sebastiaan van Erk
>            Assignee: Peter Ertl
>            Priority: Critical
>             Fix For: 1.4.20, 1.5.5
>
>
> For example, the wicket.properties file is in the classpath:/ but you can 
> retrieve it from the java.lang.String scope as follows:
> http://localhost:8080/wicket/resource/java.lang.String/%2Fwicket.properties,/

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Updated] (WICKET-4432) Possible to escape from package resource scope by inserting escaped slash (%2F)

Reply via email to