[jira] [Commented] (WICKET-6230) Infinite redirection when using UrlPathPageParametersEncoder

Daniel Stoch (JIRA) Fri, 19 Aug 2016 04:32:11 -0700

    [ 
https://issues.apache.org/jira/browse/WICKET-6230?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15428024#comment-15428024
 ]


Daniel Stoch commented on WICKET-6230:
--------------------------------------

But this "aaa..." is a value for parameter with name "text". So this value can 
be entered by a user.

> Infinite redirection when using UrlPathPageParametersEncoder
> ------------------------------------------------------------
>
>                 Key: WICKET-6230
>                 URL: https://issues.apache.org/jira/browse/WICKET-6230
>             Project: Wicket
>          Issue Type: Bug
>          Components: wicket
>    Affects Versions: 6.22.0, 6.24.0
>            Reporter: Daniel Stoch
>         Attachments: mountingtest.zip
>
>
> When you mount page with UrlPathPageParametersEncoder:
> {code}
> mount(new MountedMapper("/test", TestPage.class, new 
> UrlPathPageParametersEncoder()));
> {code}
> and then user pass a special parameter value in url which ends with more than 
> one dot and slash (eg. "../", ".../", etc.) then application starts endless 
> redirects. It leads to error in browser such as:
> {quote}
> The page isn’t redirecting properly
> {quote}
> Without last slash everything works ok.
> I have attached a quickstart. Run this application and enter the following 
> url in your browser:
> {code}
> http://localhost:8080/test/text/aaa.../
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (WICKET-6230) Infinite redirection when using UrlPathPageParametersEncoder

Reply via email to