[
https://issues.apache.org/jira/browse/WICKET-4803?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13575858#comment-13575858
]
Jan Riehn edited comment on WICKET-4803 at 2/11/13 4:02 PM:
------------------------------------------------------------
Hej Martin,
maybe the problem is not well demonstrated. this issue can be reconstructed
using the wicket 1.5.9 quickstart
[http://wicket.apache.org/start/quickstart.html]. An invalid request like
"http://localhost:8080/?%%%"; throws the following exception:
java.lang.IllegalArgumentException: URLDecoder: Illegal hex characters in
escape (%) pattern - For input string: "%%"
at org.apache.wicket.request.UrlDecoder.decode(UrlDecoder.java:162)
at org.apache.wicket.request.UrlDecoder.decode(UrlDecoder.java:76)
at org.apache.wicket.request.Url.decodeParameter(Url.java:601)
at org.apache.wicket.request.Url.parseQueryParameter(Url.java:104)
at org.apache.wicket.request.Url.parse(Url.java:243)
at
org.apache.wicket.protocol.http.servlet.ServletWebRequest.getContextRelativeUrl(ServletWebRequest.java:222)
at
org.apache.wicket.protocol.http.servlet.ServletWebRequest.<init>(ServletWebRequest.java:126)
at
org.apache.wicket.protocol.http.servlet.ServletWebRequest.<init>(ServletWebRequest.java:83)
at
org.apache.wicket.protocol.http.WebApplication.newWebRequest(WebApplication.java:413)
at
org.apache.wicket.protocol.http.WebApplication.createWebRequest(WebApplication.java:458)
at
org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:183)
at
org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:244)
at
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1326)
at
org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:479)
at
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:119)
at
org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:520)
at
org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:227)
at
org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:940)
at
org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:409)
at
org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:186)
at
org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:874)
at
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)
at
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:110)
at org.eclipse.jetty.server.Server.handle(Server.java:349)
at
org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:441)
at
org.eclipse.jetty.server.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:904)
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:565)
at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:217)
at
org.eclipse.jetty.server.BlockingHttpConnection.handle(BlockingHttpConnection.java:50)
at
org.eclipse.jetty.server.bio.SocketConnector$ConnectorEndPoint.run(SocketConnector.java:245)
at
org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:598)
at
org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:533)
at java.lang.Thread.run(Unknown Source)
Is there any advice on how to handle such invalid requests?
was (Author: jriehn):
Hej Martin,
maybe the problem is not well demonstrated. this issue can be reconstructed
using the wicket 1.5.9 quickstart
[http://wicket.apache.org/start/quickstart.html]. An invalid request like
"http://localhost:8080/?%%%"; throws the following exception:
java.lang.IllegalArgumentException: URLDecoder: Illegal hex characters in
escape (%) pattern - For input string: "%%"
at org.apache.wicket.request.UrlDecoder.decode(UrlDecoder.java:162)
at org.apache.wicket.request.UrlDecoder.decode(UrlDecoder.java:76)
at org.apache.wicket.request.Url.decodeParameter(Url.java:601)
at org.apache.wicket.request.Url.parseQueryParameter(Url.java:104)
at org.apache.wicket.request.Url.parse(Url.java:243)
at
org.apache.wicket.protocol.http.servlet.ServletWebRequest.getContextRelativeUrl(ServletWebRequest.java:222)
at
org.apache.wicket.protocol.http.servlet.ServletWebRequest.<init>(ServletWebRequest.java:126)
at
org.apache.wicket.protocol.http.servlet.ServletWebRequest.<init>(ServletWebRequest.java:83)
at
org.apache.wicket.protocol.http.WebApplication.newWebRequest(WebApplication.java:413)
at
org.apache.wicket.protocol.http.WebApplication.createWebRequest(WebApplication.java:458)
at
org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:183)
at
org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:244)
at
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1326)
at
org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:479)
at
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:119)
at
org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:520)
at
org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:227)
at
org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:940)
at
org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:409)
at
org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:186)
at
org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:874)
at
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)
at
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:110)
at org.eclipse.jetty.server.Server.handle(Server.java:349)
at
org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:441)
at
org.eclipse.jetty.server.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:904)
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:565)
at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:217)
at
org.eclipse.jetty.server.BlockingHttpConnection.handle(BlockingHttpConnection.java:50)
at
org.eclipse.jetty.server.bio.SocketConnector$ConnectorEndPoint.run(SocketConnector.java:245)
at
org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:598)
at
org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:533)
at java.lang.Thread.run(Unknown Source)
Is there any advice on how to handle such invalid request?
> Unwrapped IllegalArgumentException in WicketURLDecoder
> ------------------------------------------------------
>
> Key: WICKET-4803
> URL: https://issues.apache.org/jira/browse/WICKET-4803
> Project: Wicket
> Issue Type: Bug
> Components: wicket
> Affects Versions: 1.5.8
> Reporter: Johan Heylen
> Priority: Minor
> Attachments: WICKET-4803-quickstart-testcase-and-example.zip
>
>
> In the class: org.apache.wicket.protocol.http.WicketURLDecoder there are two
> IllegalArgumentException which should be wrapped in WicketRuntimeException,
> otherwise they are caught by the exception handler form the servlet container
> (jetty, tomcat, ...) which then uses their http 500 error code configuration
> instead of the exception handling of wicket.
> Wrapping them would be good for consistency and help manage runtime
> exceptions.
> These are the two exceptions:
> throw new IllegalArgumentException("URLDecoder: Incomplete trailing escape
> (%) pattern");
> throw new IllegalArgumentException("URLDecoder: Illegal hex characters in
> escape (%) pattern - " + e.getMessage());
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
