I've found the issue: var params = []; var pp = params.concat(null); // => pp = [null] jQuery.param(pp) // => "="
I'll add some checks Martin Grigorov Wicket Training and Consulting https://twitter.com/mtgrigorov On Thu, Nov 20, 2014 at 11:08 AM, Sebastien <[email protected]> wrote: > Hi Martin, > > Yes, the component [1] actually uses an ajax request with a > CallbackParameter > The output js looks like: > > jQuery(function() { jQuery('#root8').kendoMenu({ "select": function (e) { > var attrs = {"u":"./MyPage?3-1.IBehaviorListener.0-menu&id=1","c":"menud"}; > var params = [{"name":"hash","value":e.item.id}]; > attrs.ep = params.concat(attrs.ep); > Wicket.Ajax.ajax(attrs); > }}); > }); > > > FYI, I've just tested with a standard Link, and it does not repro... > > Thanks again, > Sebastien > > [1] > > https://github.com/sebfz1/wicket-jquery-ui/blob/master/wicket-kendo-ui/src/main/java/com/googlecode/wicket/kendo/ui/widget/menu/MenuBehavior.java#L127 > > > > On Thu, Nov 20, 2014 at 9:28 AM, Martin Grigorov <[email protected]> > wrote: > > > Improved PageParametersEncoder to skip query string parameters without > name > > because this may lead to logs flooding by an attacker. > > See https://issues.apache.org/jira/browse/WICKET-5770 > > > > It would be good to improve Wicket to not produce such urls too. First we > > need to identify where they are created. > > Is this an Ajax request ? > > > > Martin Grigorov > > Wicket Training and Consulting > > https://twitter.com/mtgrigorov > > > > On Wed, Nov 19, 2014 at 10:53 PM, Martin Grigorov <[email protected]> > > wrote: > > > > > Looking at > > > > > > https://issues.apache.org/jira/issues/?jql=project%20%3D%20WICKET%20AND%20fixVersion%20%3D%207.0.0-M5 > > > only > > > https://issues.apache.org/jira/browse/WICKET-5759 looks somehow > related. > > > > > > Are CallbackParameters used in your code ? > > > > > > Martin Grigorov > > > Wicket Training and Consulting > > > https://twitter.com/mtgrigorov > > > > > > On Wed, Nov 19, 2014 at 7:28 PM, Sebastien <[email protected]> wrote: > > > > > >> Right Martin, there is something weird (&=&): > > >> > > >> > > > MyPage?1-1.IBehaviorListener.0-menu&hash=menuitem-1685872454&=&_=1416417363334 > > >> > > >> Using -M4, i've got this url: > > >> > > >> > > > MyPage?0-1.IBehaviorListener.0-menu&hash=menuitem-1754318150&_=1416417641051 > > >> > > >> Just for the explanation, 'hash' is used by the menu widget. #onClick > is > > >> still triggered in addition to the direct link (a#href) but I don't > > think > > >> that's the cause of the issue... > > >> > > >> Thanks, > > >> Sebastien. > > >> > > >> > > >> On Wed, Nov 19, 2014 at 4:32 PM, Martin Grigorov < > [email protected]> > > >> wrote: > > >> > > >> > Hi Sebastien, > > >> > > > >> > Please check what request parameters are being sent in the browser > dev > > >> > tools. > > >> > Are there any? > > >> > On Nov 19, 2014 5:05 PM, "Sebastien" <[email protected]> wrote: > > >> > > > >> > > fyi, this is not related to wicket-native-websocket, I've got the > > same > > >> > > stacktrace with the default WicketFilter > > >> > > > > >> > > at > > >> > > > > >> > > > > >> > > > >> > > > org.apache.wicket.request.cycle.RequestCycle.resolveRequestHandler(RequestCycle.java:189) > > >> > > [wicket-core-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT] > > >> > > at > > >> > > > > >> > > > > >> > > > >> > > > org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:219) > > >> > > [wicket-core-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT] > > >> > > at > > >> > > > > >> > > > > >> > > > >> > > > org.apache.wicket.request.cycle.RequestCycle.processRequestAndDetach(RequestCycle.java:293) > > >> > > [wicket-core-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT] > > >> > > *at > > >> > > > > >> > > > > >> > > > >> > > > org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:261) > > >> > > [wicket-core-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]* > > >> > > at > > >> > > > > >> > > > > >> > > > >> > > > org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:203) > > >> > > [wicket-core-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT] > > >> > > at > > >> > > > > >> > > > > >> > > > >> > > > org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:284) > > >> > > [wicket-core-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT] > > >> > > > > >> > > > > >> > > > > >> > > On Wed, Nov 19, 2014 at 3:42 PM, Sebastien <[email protected]> > > wrote: > > >> > > > > >> > > > Hi devs, > > >> > > > > > >> > > > Seems to be a problem with latest snapshot. For an unknown > reason > > >> I've > > >> > > got > > >> > > > the stacktrace below on each page of my application I am trying > to > > >> > reach > > >> > > > (after clicking a link, which url comes from > > RequestCycle#urlFor.). > > >> > > > > > >> > > > This is *not* repro with 7.0.0-M4 > > >> > > > If someone has an idea of what has changed and what can cause > the > > >> > issue, > > >> > > > this will be nice. I am not sure to have time to make a > quickstart > > >> this > > >> > > > week... > > >> > > > > > >> > > > Best regards & thanks in advance, > > >> > > > Sebastien. > > >> > > > > > >> > > > > > >> > > > ERROR [org.apache.wicket.DefaultExceptionMapper] Unexpected > error > > >> > > > occurred: java.lang.IllegalArgumentException: Argument 'name' > may > > >> not > > >> > be > > >> > > > null or empty. > > >> > > > at > org.apache.wicket.util.lang.Args.notEmpty(Args.java:64) > > >> > > > [wicket-util-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT] > > >> > > > at > > >> > > > > > >> > > > > >> > > > >> > > > org.apache.wicket.request.mapper.parameter.PageParameters.add(PageParameters.java:290) > > >> > > > [wicket-request-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT] > > >> > > > at > > >> > > > > > >> > > > > >> > > > >> > > > org.apache.wicket.request.mapper.parameter.PageParameters.add(PageParameters.java:284) > > >> > > > [wicket-request-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT] > > >> > > > at > > >> > > > > > >> > > > > >> > > > >> > > > org.apache.wicket.request.mapper.parameter.PageParametersEncoder.decodePageParameters(PageParametersEncoder.java:50) > > >> > > > [wicket-request-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT] > > >> > > > at > > >> > > > > > >> > > > > >> > > > >> > > > org.apache.wicket.request.mapper.AbstractMapper.extractPageParameters(AbstractMapper.java:155) > > >> > > > [wicket-request-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT] > > >> > > > at > > >> > > > > > >> > > > > >> > > > >> > > > org.apache.wicket.core.request.mapper.AbstractBookmarkableMapper.extractPageParameters(AbstractBookmarkableMapper.java:615) > > >> > > > [wicket-core-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT] > > >> > > > at > > >> > > > > > >> > > > > >> > > > >> > > > org.apache.wicket.core.request.mapper.PackageMapper.parseRequest(PackageMapper.java:161) > > >> > > > [wicket-core-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT] > > >> > > > at > > >> > > > > > >> > > > > >> > > > >> > > > org.apache.wicket.core.request.mapper.AbstractBookmarkableMapper.mapRequest(AbstractBookmarkableMapper.java:346) > > >> > > > [wicket-core-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT] > > >> > > > at > > >> > > > > > >> > > > > >> > > > >> > > > org.apache.wicket.request.mapper.CompoundRequestMapper.mapRequest(CompoundRequestMapper.java:150) > > >> > > > [wicket-request-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT] > > >> > > > at > > >> > > > > > >> > > > > >> > > > >> > > > org.apache.wicket.request.cycle.RequestCycle.resolveRequestHandler(RequestCycle.java:189) > > >> > > > [wicket-core-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT] > > >> > > > at > > >> > > > > > >> > > > > >> > > > >> > > > org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:219) > > >> > > > [wicket-core-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT] > > >> > > > at > > >> > > > > > >> > > > > >> > > > >> > > > org.apache.wicket.request.cycle.RequestCycle.processRequestAndDetach(RequestCycle.java:293) > > >> > > > [wicket-core-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT] > > >> > > > at > > >> > > > > > >> > > > > >> > > > >> > > > org.apache.wicket.protocol.ws.AbstractUpgradeFilter.processRequestCycle(AbstractUpgradeFilter.java:59) > > >> > > > [wicket-native-websocket-core-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT] > > >> > > > at > > >> > > > > > >> > > > > >> > > > >> > > > org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:203) > > >> > > > [wicket-core-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT] > > >> > > > at > > >> > > > > > >> > > > > >> > > > >> > > > org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:284) > > >> > > > [wicket-core-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT] > > >> > > > at > > >> > > > > > >> io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60) > > >> > > > [undertow-servlet-1.0.15.Final.jar:1.0.15.Final] > > >> > > > at > > >> > > > > > >> > > > > >> > > > >> > > > io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132) > > >> > > > [undertow-servlet-1.0.15.Final.jar:1.0.15.Final] > > >> > > > at > > >> > > > > > >> > > > > >> > > > >> > > > io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:85) > > >> > > > [undertow-servlet-1.0.15.Final.jar:1.0.15.Final] > > >> > > > at > > >> > > > > > >> > > > > >> > > > >> > > > io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:61) > > >> > > > [undertow-servlet-1.0.15.Final.jar:1.0.15.Final] > > >> > > > at > > >> > > > > > >> > > > > >> > > > >> > > > io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) > > >> > > > [undertow-servlet-1.0.15.Final.jar:1.0.15.Final] > > >> > > > at > > >> > > > > > >> > > > > >> > > > >> > > > org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) > > >> > > > at > > >> > > > > > >> > > > > >> > > > >> > > > io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) > > >> > > > [undertow-core-1.0.15.Final.jar:1.0.15.Final] > > >> > > > at > > >> > > > > > >> > > > > >> > > > >> > > > io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:113) > > >> > > > [undertow-servlet-1.0.15.Final.jar:1.0.15.Final] > > >> > > > at > > >> > > > > > >> > > > > >> > > > >> > > > io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:56) > > >> > > > [undertow-servlet-1.0.15.Final.jar:1.0.15.Final] > > >> > > > at > > >> > > > > > >> > > > > >> > > > >> > > > io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) > > >> > > > [undertow-core-1.0.15.Final.jar:1.0.15.Final] > > >> > > > at > > >> > > > > > >> > > > > >> > > > >> > > > io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45) > > >> > > > [undertow-core-1.0.15.Final.jar:1.0.15.Final] > > >> > > > at > > >> > > > > > >> > > > > >> > > > >> > > > io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:61) > > >> > > > [undertow-servlet-1.0.15.Final.jar:1.0.15.Final] > > >> > > > at > > >> > > > > > >> > > > > >> > > > >> > > > io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58) > > >> > > > [undertow-core-1.0.15.Final.jar:1.0.15.Final] > > >> > > > at > > >> > > > > > >> > > > > >> > > > >> > > > io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70) > > >> > > > [undertow-servlet-1.0.15.Final.jar:1.0.15.Final] > > >> > > > at > > >> > > > > > >> > > > > >> > > > >> > > > io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76) > > >> > > > [undertow-core-1.0.15.Final.jar:1.0.15.Final] > > >> > > > at > > >> > > > > > >> > > > > >> > > > >> > > > io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) > > >> > > > [undertow-core-1.0.15.Final.jar:1.0.15.Final] > > >> > > > at > > >> > > > > > >> > > > > >> > > > >> > > > org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) > > >> > > > at > > >> > > > > > >> > > > > >> > > > >> > > > io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) > > >> > > > [undertow-core-1.0.15.Final.jar:1.0.15.Final] > > >> > > > at > > >> > > > > > >> > > > > >> > > > >> > > > io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) > > >> > > > [undertow-core-1.0.15.Final.jar:1.0.15.Final] > > >> > > > at > > >> > > > > > >> > > > > >> > > > >> > > > io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:240) > > >> > > > [undertow-servlet-1.0.15.Final.jar:1.0.15.Final] > > >> > > > at > > >> > > > > > >> > > > > >> > > > >> > > > io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:227) > > >> > > > [undertow-servlet-1.0.15.Final.jar:1.0.15.Final] > > >> > > > at > > >> > > > > > >> > > > > >> > > > >> > > > io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:73) > > >> > > > [undertow-servlet-1.0.15.Final.jar:1.0.15.Final] > > >> > > > at > > >> > > > > > >> > > > > >> > > > >> > > > io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:146) > > >> > > > [undertow-servlet-1.0.15.Final.jar:1.0.15.Final] > > >> > > > at > > >> > > > > > >> io.undertow.server.Connectors.executeRootHandler(Connectors.java:177) > > >> > > > [undertow-core-1.0.15.Final.jar:1.0.15.Final] > > >> > > > at > > >> > > > > > >> > > > io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:727) > > >> > > > [undertow-core-1.0.15.Final.jar:1.0.15.Final] > > >> > > > at > > >> > > > > > >> > > > > >> > > > >> > > > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) > > >> > > > [rt.jar:1.7.0_65] > > >> > > > at > > >> > > > > > >> > > > > >> > > > >> > > > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) > > >> > > > [rt.jar:1.7.0_65] > > >> > > > at java.lang.Thread.run(Thread.java:745) > [rt.jar:1.7.0_65] > > >> > > > > > >> > > > > >> > > > >> > > > > > > > > >
