Well done, and thank you very much Martin ! Will test the new snapshot asap...
Best regards, Sebastien On Mon, Nov 24, 2014 at 8:25 PM, Martin Grigorov <[email protected]> wrote: > Fixed with 8e00eb9 > > Martin Grigorov > Wicket Training and Consulting > https://twitter.com/mtgrigorov > > On Mon, Nov 24, 2014 at 9:10 PM, Martin Grigorov <[email protected]> > wrote: > > > I've found the issue: > > > > var params = []; > > var pp = params.concat(null); // => pp = [null] > > jQuery.param(pp) // => "=" > > > > I'll add some checks > > > > Martin Grigorov > > Wicket Training and Consulting > > https://twitter.com/mtgrigorov > > > > On Thu, Nov 20, 2014 at 11:08 AM, Sebastien <[email protected]> wrote: > > > >> Hi Martin, > >> > >> Yes, the component [1] actually uses an ajax request with a > >> CallbackParameter > >> The output js looks like: > >> > >> jQuery(function() { jQuery('#root8').kendoMenu({ "select": function (e) > { > >> var attrs = > >> {"u":"./MyPage?3-1.IBehaviorListener.0-menu&id=1","c":"menud"}; > >> var params = [{"name":"hash","value":e.item.id}]; > >> attrs.ep = params.concat(attrs.ep); > >> Wicket.Ajax.ajax(attrs); > >> }}); > >> }); > >> > >> > >> FYI, I've just tested with a standard Link, and it does not repro... > >> > >> Thanks again, > >> Sebastien > >> > >> [1] > >> > >> > https://github.com/sebfz1/wicket-jquery-ui/blob/master/wicket-kendo-ui/src/main/java/com/googlecode/wicket/kendo/ui/widget/menu/MenuBehavior.java#L127 > >> > >> > >> > >> On Thu, Nov 20, 2014 at 9:28 AM, Martin Grigorov <[email protected]> > >> wrote: > >> > >> > Improved PageParametersEncoder to skip query string parameters without > >> name > >> > because this may lead to logs flooding by an attacker. > >> > See https://issues.apache.org/jira/browse/WICKET-5770 > >> > > >> > It would be good to improve Wicket to not produce such urls too. First > >> we > >> > need to identify where they are created. > >> > Is this an Ajax request ? > >> > > >> > Martin Grigorov > >> > Wicket Training and Consulting > >> > https://twitter.com/mtgrigorov > >> > > >> > On Wed, Nov 19, 2014 at 10:53 PM, Martin Grigorov < > [email protected] > >> > > >> > wrote: > >> > > >> > > Looking at > >> > > > >> > > >> > https://issues.apache.org/jira/issues/?jql=project%20%3D%20WICKET%20AND%20fixVersion%20%3D%207.0.0-M5 > >> > > only > >> > > https://issues.apache.org/jira/browse/WICKET-5759 looks somehow > >> related. > >> > > > >> > > Are CallbackParameters used in your code ? > >> > > > >> > > Martin Grigorov > >> > > Wicket Training and Consulting > >> > > https://twitter.com/mtgrigorov > >> > > > >> > > On Wed, Nov 19, 2014 at 7:28 PM, Sebastien <[email protected]> > wrote: > >> > > > >> > >> Right Martin, there is something weird (&=&): > >> > >> > >> > >> > >> > > >> > MyPage?1-1.IBehaviorListener.0-menu&hash=menuitem-1685872454&=&_=1416417363334 > >> > >> > >> > >> Using -M4, i've got this url: > >> > >> > >> > >> > >> > > >> > MyPage?0-1.IBehaviorListener.0-menu&hash=menuitem-1754318150&_=1416417641051 > >> > >> > >> > >> Just for the explanation, 'hash' is used by the menu widget. > >> #onClick is > >> > >> still triggered in addition to the direct link (a#href) but I don't > >> > think > >> > >> that's the cause of the issue... > >> > >> > >> > >> Thanks, > >> > >> Sebastien. > >> > >> > >> > >> > >> > >> On Wed, Nov 19, 2014 at 4:32 PM, Martin Grigorov < > >> [email protected]> > >> > >> wrote: > >> > >> > >> > >> > Hi Sebastien, > >> > >> > > >> > >> > Please check what request parameters are being sent in the > browser > >> dev > >> > >> > tools. > >> > >> > Are there any? > >> > >> > On Nov 19, 2014 5:05 PM, "Sebastien" <[email protected]> wrote: > >> > >> > > >> > >> > > fyi, this is not related to wicket-native-websocket, I've got > the > >> > same > >> > >> > > stacktrace with the default WicketFilter > >> > >> > > > >> > >> > > at > >> > >> > > > >> > >> > > > >> > >> > > >> > >> > >> > > >> > org.apache.wicket.request.cycle.RequestCycle.resolveRequestHandler(RequestCycle.java:189) > >> > >> > > [wicket-core-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT] > >> > >> > > at > >> > >> > > > >> > >> > > > >> > >> > > >> > >> > >> > > >> > org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:219) > >> > >> > > [wicket-core-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT] > >> > >> > > at > >> > >> > > > >> > >> > > > >> > >> > > >> > >> > >> > > >> > org.apache.wicket.request.cycle.RequestCycle.processRequestAndDetach(RequestCycle.java:293) > >> > >> > > [wicket-core-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT] > >> > >> > > *at > >> > >> > > > >> > >> > > > >> > >> > > >> > >> > >> > > >> > org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:261) > >> > >> > > [wicket-core-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]* > >> > >> > > at > >> > >> > > > >> > >> > > > >> > >> > > >> > >> > >> > > >> > org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:203) > >> > >> > > [wicket-core-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT] > >> > >> > > at > >> > >> > > > >> > >> > > > >> > >> > > >> > >> > >> > > >> > org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:284) > >> > >> > > [wicket-core-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT] > >> > >> > > > >> > >> > > > >> > >> > > > >> > >> > > On Wed, Nov 19, 2014 at 3:42 PM, Sebastien <[email protected]> > >> > wrote: > >> > >> > > > >> > >> > > > Hi devs, > >> > >> > > > > >> > >> > > > Seems to be a problem with latest snapshot. For an unknown > >> reason > >> > >> I've > >> > >> > > got > >> > >> > > > the stacktrace below on each page of my application I am > >> trying to > >> > >> > reach > >> > >> > > > (after clicking a link, which url comes from > >> > RequestCycle#urlFor.). > >> > >> > > > > >> > >> > > > This is *not* repro with 7.0.0-M4 > >> > >> > > > If someone has an idea of what has changed and what can cause > >> the > >> > >> > issue, > >> > >> > > > this will be nice. I am not sure to have time to make a > >> quickstart > >> > >> this > >> > >> > > > week... > >> > >> > > > > >> > >> > > > Best regards & thanks in advance, > >> > >> > > > Sebastien. > >> > >> > > > > >> > >> > > > > >> > >> > > > ERROR [org.apache.wicket.DefaultExceptionMapper] Unexpected > >> error > >> > >> > > > occurred: java.lang.IllegalArgumentException: Argument 'name' > >> may > >> > >> not > >> > >> > be > >> > >> > > > null or empty. > >> > >> > > > at > >> org.apache.wicket.util.lang.Args.notEmpty(Args.java:64) > >> > >> > > > [wicket-util-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT] > >> > >> > > > at > >> > >> > > > > >> > >> > > > >> > >> > > >> > >> > >> > > >> > org.apache.wicket.request.mapper.parameter.PageParameters.add(PageParameters.java:290) > >> > >> > > > [wicket-request-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT] > >> > >> > > > at > >> > >> > > > > >> > >> > > > >> > >> > > >> > >> > >> > > >> > org.apache.wicket.request.mapper.parameter.PageParameters.add(PageParameters.java:284) > >> > >> > > > [wicket-request-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT] > >> > >> > > > at > >> > >> > > > > >> > >> > > > >> > >> > > >> > >> > >> > > >> > org.apache.wicket.request.mapper.parameter.PageParametersEncoder.decodePageParameters(PageParametersEncoder.java:50) > >> > >> > > > [wicket-request-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT] > >> > >> > > > at > >> > >> > > > > >> > >> > > > >> > >> > > >> > >> > >> > > >> > org.apache.wicket.request.mapper.AbstractMapper.extractPageParameters(AbstractMapper.java:155) > >> > >> > > > [wicket-request-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT] > >> > >> > > > at > >> > >> > > > > >> > >> > > > >> > >> > > >> > >> > >> > > >> > org.apache.wicket.core.request.mapper.AbstractBookmarkableMapper.extractPageParameters(AbstractBookmarkableMapper.java:615) > >> > >> > > > [wicket-core-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT] > >> > >> > > > at > >> > >> > > > > >> > >> > > > >> > >> > > >> > >> > >> > > >> > org.apache.wicket.core.request.mapper.PackageMapper.parseRequest(PackageMapper.java:161) > >> > >> > > > [wicket-core-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT] > >> > >> > > > at > >> > >> > > > > >> > >> > > > >> > >> > > >> > >> > >> > > >> > org.apache.wicket.core.request.mapper.AbstractBookmarkableMapper.mapRequest(AbstractBookmarkableMapper.java:346) > >> > >> > > > [wicket-core-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT] > >> > >> > > > at > >> > >> > > > > >> > >> > > > >> > >> > > >> > >> > >> > > >> > org.apache.wicket.request.mapper.CompoundRequestMapper.mapRequest(CompoundRequestMapper.java:150) > >> > >> > > > [wicket-request-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT] > >> > >> > > > at > >> > >> > > > > >> > >> > > > >> > >> > > >> > >> > >> > > >> > org.apache.wicket.request.cycle.RequestCycle.resolveRequestHandler(RequestCycle.java:189) > >> > >> > > > [wicket-core-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT] > >> > >> > > > at > >> > >> > > > > >> > >> > > > >> > >> > > >> > >> > >> > > >> > org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:219) > >> > >> > > > [wicket-core-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT] > >> > >> > > > at > >> > >> > > > > >> > >> > > > >> > >> > > >> > >> > >> > > >> > org.apache.wicket.request.cycle.RequestCycle.processRequestAndDetach(RequestCycle.java:293) > >> > >> > > > [wicket-core-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT] > >> > >> > > > at > >> > >> > > > > >> > >> > > > >> > >> > > >> > >> > >> > > >> > org.apache.wicket.protocol.ws.AbstractUpgradeFilter.processRequestCycle(AbstractUpgradeFilter.java:59) > >> > >> > > > > >> [wicket-native-websocket-core-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT] > >> > >> > > > at > >> > >> > > > > >> > >> > > > >> > >> > > >> > >> > >> > > >> > org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:203) > >> > >> > > > [wicket-core-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT] > >> > >> > > > at > >> > >> > > > > >> > >> > > > >> > >> > > >> > >> > >> > > >> > org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:284) > >> > >> > > > [wicket-core-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT] > >> > >> > > > at > >> > >> > > > > >> > >> > >> io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60) > >> > >> > > > [undertow-servlet-1.0.15.Final.jar:1.0.15.Final] > >> > >> > > > at > >> > >> > > > > >> > >> > > > >> > >> > > >> > >> > >> > > >> > io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132) > >> > >> > > > [undertow-servlet-1.0.15.Final.jar:1.0.15.Final] > >> > >> > > > at > >> > >> > > > > >> > >> > > > >> > >> > > >> > >> > >> > > >> > io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:85) > >> > >> > > > [undertow-servlet-1.0.15.Final.jar:1.0.15.Final] > >> > >> > > > at > >> > >> > > > > >> > >> > > > >> > >> > > >> > >> > >> > > >> > io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:61) > >> > >> > > > [undertow-servlet-1.0.15.Final.jar:1.0.15.Final] > >> > >> > > > at > >> > >> > > > > >> > >> > > > >> > >> > > >> > >> > >> > > >> > io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) > >> > >> > > > [undertow-servlet-1.0.15.Final.jar:1.0.15.Final] > >> > >> > > > at > >> > >> > > > > >> > >> > > > >> > >> > > >> > >> > >> > > >> > org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) > >> > >> > > > at > >> > >> > > > > >> > >> > > > >> > >> > > >> > >> > >> > > >> > io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) > >> > >> > > > [undertow-core-1.0.15.Final.jar:1.0.15.Final] > >> > >> > > > at > >> > >> > > > > >> > >> > > > >> > >> > > >> > >> > >> > > >> > io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:113) > >> > >> > > > [undertow-servlet-1.0.15.Final.jar:1.0.15.Final] > >> > >> > > > at > >> > >> > > > > >> > >> > > > >> > >> > > >> > >> > >> > > >> > io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:56) > >> > >> > > > [undertow-servlet-1.0.15.Final.jar:1.0.15.Final] > >> > >> > > > at > >> > >> > > > > >> > >> > > > >> > >> > > >> > >> > >> > > >> > io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) > >> > >> > > > [undertow-core-1.0.15.Final.jar:1.0.15.Final] > >> > >> > > > at > >> > >> > > > > >> > >> > > > >> > >> > > >> > >> > >> > > >> > io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45) > >> > >> > > > [undertow-core-1.0.15.Final.jar:1.0.15.Final] > >> > >> > > > at > >> > >> > > > > >> > >> > > > >> > >> > > >> > >> > >> > > >> > io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:61) > >> > >> > > > [undertow-servlet-1.0.15.Final.jar:1.0.15.Final] > >> > >> > > > at > >> > >> > > > > >> > >> > > > >> > >> > > >> > >> > >> > > >> > io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58) > >> > >> > > > [undertow-core-1.0.15.Final.jar:1.0.15.Final] > >> > >> > > > at > >> > >> > > > > >> > >> > > > >> > >> > > >> > >> > >> > > >> > io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70) > >> > >> > > > [undertow-servlet-1.0.15.Final.jar:1.0.15.Final] > >> > >> > > > at > >> > >> > > > > >> > >> > > > >> > >> > > >> > >> > >> > > >> > io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76) > >> > >> > > > [undertow-core-1.0.15.Final.jar:1.0.15.Final] > >> > >> > > > at > >> > >> > > > > >> > >> > > > >> > >> > > >> > >> > >> > > >> > io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) > >> > >> > > > [undertow-core-1.0.15.Final.jar:1.0.15.Final] > >> > >> > > > at > >> > >> > > > > >> > >> > > > >> > >> > > >> > >> > >> > > >> > org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) > >> > >> > > > at > >> > >> > > > > >> > >> > > > >> > >> > > >> > >> > >> > > >> > io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) > >> > >> > > > [undertow-core-1.0.15.Final.jar:1.0.15.Final] > >> > >> > > > at > >> > >> > > > > >> > >> > > > >> > >> > > >> > >> > >> > > >> > io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) > >> > >> > > > [undertow-core-1.0.15.Final.jar:1.0.15.Final] > >> > >> > > > at > >> > >> > > > > >> > >> > > > >> > >> > > >> > >> > >> > > >> > io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:240) > >> > >> > > > [undertow-servlet-1.0.15.Final.jar:1.0.15.Final] > >> > >> > > > at > >> > >> > > > > >> > >> > > > >> > >> > > >> > >> > >> > > >> > io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:227) > >> > >> > > > [undertow-servlet-1.0.15.Final.jar:1.0.15.Final] > >> > >> > > > at > >> > >> > > > > >> > >> > > > >> > >> > > >> > >> > >> > > >> > io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:73) > >> > >> > > > [undertow-servlet-1.0.15.Final.jar:1.0.15.Final] > >> > >> > > > at > >> > >> > > > > >> > >> > > > >> > >> > > >> > >> > >> > > >> > io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:146) > >> > >> > > > [undertow-servlet-1.0.15.Final.jar:1.0.15.Final] > >> > >> > > > at > >> > >> > > > > >> > >> > io.undertow.server.Connectors.executeRootHandler(Connectors.java:177) > >> > >> > > > [undertow-core-1.0.15.Final.jar:1.0.15.Final] > >> > >> > > > at > >> > >> > > > > >> > >> > > >> > > io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:727) > >> > >> > > > [undertow-core-1.0.15.Final.jar:1.0.15.Final] > >> > >> > > > at > >> > >> > > > > >> > >> > > > >> > >> > > >> > >> > >> > > >> > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) > >> > >> > > > [rt.jar:1.7.0_65] > >> > >> > > > at > >> > >> > > > > >> > >> > > > >> > >> > > >> > >> > >> > > >> > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) > >> > >> > > > [rt.jar:1.7.0_65] > >> > >> > > > at java.lang.Thread.run(Thread.java:745) > >> [rt.jar:1.7.0_65] > >> > >> > > > > >> > >> > > > >> > >> > > >> > >> > >> > > > >> > > > >> > > >> > > > > >
