[jira] [Resolved] (WICKET-4432) Possible to escape from package resource scope by inserting escaped slash (%2F)

Peter Ertl (Resolved) (JIRA) Sat, 25 Feb 2012 10:38:11 -0800

     [ 
https://issues.apache.org/jira/browse/WICKET-4432?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Peter Ertl resolved WICKET-4432.
--------------------------------

       Resolution: Invalid
    Fix Version/s:     (was: 1.5.5)
                       (was: 1.4.20)
                       (was: 6.0.0)
    
> Possible to escape from package resource scope by inserting escaped slash 
> (%2F)
> -------------------------------------------------------------------------------
>
>                 Key: WICKET-4432
>                 URL: https://issues.apache.org/jira/browse/WICKET-4432
>             Project: Wicket
>          Issue Type: Bug
>          Components: wicket
>    Affects Versions: 1.5.3, 1.5.4, 6.0.0
>            Reporter: Sebastiaan van Erk
>            Assignee: Peter Ertl
>            Priority: Critical
>
> For example, the wicket.properties file is in the classpath:/ but you can 
> retrieve it from the java.lang.String scope as follows:
> http://localhost:8080/wicket/resource/java.lang.String/%2Fwicket.properties,/

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Resolved] (WICKET-4432) Possible to escape from package resource scope by inserting escaped slash (%2F)

Reply via email to