wicket git commit: WICKET-6230 Infinite redirection when using UrlPathPageParametersEncoder

Wed, 24 Aug 2016 14:57:10 -0700 

Repository: wicket
Updated Branches:
  refs/heads/wicket-6.x 5c688a3e7 -> e838d029f


WICKET-6230 Infinite redirection when using UrlPathPageParametersEncoder

Treat specially only "." and "..". Any longer sequence of dots should be left 
as is.


Project: http://git-wip-us.apache.org/repos/asf/wicket/repo
Commit: http://git-wip-us.apache.org/repos/asf/wicket/commit/e838d029
Tree: http://git-wip-us.apache.org/repos/asf/wicket/tree/e838d029
Diff: http://git-wip-us.apache.org/repos/asf/wicket/diff/e838d029

Branch: refs/heads/wicket-6.x
Commit: e838d029f179e0b80c9035aff9d232d92c261963
Parents: 5c688a3
Author: Martin Tzvetanov Grigorov <[email protected]>
Authored: Wed Aug 24 23:54:59 2016 +0200
Committer: Martin Tzvetanov Grigorov <[email protected]>
Committed: Wed Aug 24 23:56:44 2016 +0200

----------------------------------------------------------------------
 .../wicket/request/cycle/UrlRendererTest.java   | 49 ++++++++++++++++++++
 .../org/apache/wicket/request/UrlRenderer.java  |  4 +-
 2 files changed, 51 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/wicket/blob/e838d029/wicket-core/src/test/java/org/apache/wicket/request/cycle/UrlRendererTest.java
----------------------------------------------------------------------
diff --git 
a/wicket-core/src/test/java/org/apache/wicket/request/cycle/UrlRendererTest.java
 
b/wicket-core/src/test/java/org/apache/wicket/request/cycle/UrlRendererTest.java
index 4fa06c0..391b450 100644
--- 
a/wicket-core/src/test/java/org/apache/wicket/request/cycle/UrlRendererTest.java
+++ 
b/wicket-core/src/test/java/org/apache/wicket/request/cycle/UrlRendererTest.java
@@ -629,4 +629,53 @@ public class UrlRendererTest extends Assert
                String renderedUrl = renderer.renderUrl(urlWithFragment);
                
assertEquals("http://localhost:8080/redirect#access_token=123456";, renderedUrl);
        }
+
+       /**
+        * https://issues.apache.org/jira/browse/WICKET-6230
+        */
+       @Test
+       public void renderUrlWithManyDotsAtTheBeginning1()
+       {
+               UrlRenderer renderer = new UrlRenderer(new 
MockWebRequest(Url.parse("a")));
+
+               String renderedUrl = renderer.renderUrl(Url.parse("...abc"));
+               assertEquals("./...abc", renderedUrl);
+       }
+
+
+       /**
+        * https://issues.apache.org/jira/browse/WICKET-6230
+        */
+       @Test
+       public void renderUrlWithManyDotsAtTheBeginning2()
+       {
+               UrlRenderer renderer = new UrlRenderer(new 
MockWebRequest(Url.parse("a/b")));
+
+               String renderedUrl = renderer.renderUrl(Url.parse("...abc"));
+               assertEquals("../...abc", renderedUrl);
+       }
+
+       /**
+        * https://issues.apache.org/jira/browse/WICKET-6230
+        */
+       @Test
+       public void renderUrlWithManyDotsAtTheEnd1()
+       {
+               UrlRenderer renderer = new UrlRenderer(new 
MockWebRequest(Url.parse("a")));
+
+               String renderedUrl = renderer.renderUrl(Url.parse("abc..."));
+               assertEquals("./abc...", renderedUrl);
+       }
+
+       /**
+        * https://issues.apache.org/jira/browse/WICKET-6230
+        */
+       @Test
+       public void renderUrlWithManyDotsAtTheEnd2()
+       {
+               UrlRenderer renderer = new UrlRenderer(new 
MockWebRequest(Url.parse("a/b")));
+
+               String renderedUrl = renderer.renderUrl(Url.parse("abc..."));
+               assertEquals("../abc...", renderedUrl);
+       }
 }

http://git-wip-us.apache.org/repos/asf/wicket/blob/e838d029/wicket-request/src/main/java/org/apache/wicket/request/UrlRenderer.java
----------------------------------------------------------------------
diff --git 
a/wicket-request/src/main/java/org/apache/wicket/request/UrlRenderer.java 
b/wicket-request/src/main/java/org/apache/wicket/request/UrlRenderer.java
index 7c7a9dd..e9f6a6a 100644
--- a/wicket-request/src/main/java/org/apache/wicket/request/UrlRenderer.java
+++ b/wicket-request/src/main/java/org/apache/wicket/request/UrlRenderer.java
@@ -286,14 +286,14 @@ public class UrlRenderer
                String renderedUrl = relativeUrl.toString();
 
                // sanitize start
-               if (!renderedUrl.startsWith("..") && !renderedUrl.equals("."))
+               if (renderedUrl.startsWith("...") || 
(!renderedUrl.startsWith("..") && !renderedUrl.equals(".")))
                {
                        // WICKET-4260
                        renderedUrl = "./" + renderedUrl;
                }
 
                // add trailing slash if the url has no query string and ends 
with ..
-               if (renderedUrl.indexOf('?') == -1 && 
renderedUrl.endsWith(".."))
+               if (renderedUrl.indexOf('?') == -1 && 
(renderedUrl.endsWith("..") && renderedUrl.endsWith("...") == false))
                {
                        // WICKET-4401
                        renderedUrl = renderedUrl + '/';

Reply via email to