Updated Branches: refs/heads/master a5dbb3c9a -> 569e1cdf5
WICKET-4432: Possible to escape from package resource scope by inserting escaped slash (%2F) Project: http://git-wip-us.apache.org/repos/asf/wicket/repo Commit: http://git-wip-us.apache.org/repos/asf/wicket/commit/569e1cdf Tree: http://git-wip-us.apache.org/repos/asf/wicket/tree/569e1cdf Diff: http://git-wip-us.apache.org/repos/asf/wicket/diff/569e1cdf Branch: refs/heads/master Commit: 569e1cdf564c22d8976feba56158b69648739132 Parents: a5dbb3c Author: Peter Ertl <[email protected]> Authored: Sat Feb 25 02:24:07 2012 +0100 Committer: Peter Ertl <[email protected]> Committed: Sat Feb 25 02:24:07 2012 +0100 ---------------------------------------------------------------------- .../mapper/BasicResourceReferenceMapper.java | 6 ++++++ 1 files changed, 6 insertions(+), 0 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/wicket/blob/569e1cdf/wicket-core/src/main/java/org/apache/wicket/request/mapper/BasicResourceReferenceMapper.java ---------------------------------------------------------------------- diff --git a/wicket-core/src/main/java/org/apache/wicket/request/mapper/BasicResourceReferenceMapper.java b/wicket-core/src/main/java/org/apache/wicket/request/mapper/BasicResourceReferenceMapper.java index b239737..bb4414e 100755 --- a/wicket-core/src/main/java/org/apache/wicket/request/mapper/BasicResourceReferenceMapper.java +++ b/wicket-core/src/main/java/org/apache/wicket/request/mapper/BasicResourceReferenceMapper.java @@ -95,6 +95,12 @@ class BasicResourceReferenceMapper extends AbstractResourceReferenceMapper { String segment = url.getSegments().get(i); + // skip possibly malicious segments + if (segment.contains("/")) + { + return null; + } + // remove caching information if (i + 1 == segmentsSize && Strings.isEmpty(segment) == false) {
