SignInPanel is not returning raw input
--------------------------------------
Key: WICKET-591
URL: https://issues.apache.org/jira/browse/WICKET-591
Project: Wicket
Issue Type: Bug
Components: wicket-auth-roles
Affects Versions: 1.2.6
Environment: All
Reporter: Holger Szillat
Priority: Trivial
The SignInPanel's getPassword()-method is returning the password via
"password.getModelObjectAsString();". This will filter any "special" characters
like !,$, or & from the input. For (strong?) passwords this may not be
desirable. (See also
http://cwiki.apache.org/WICKET/validating-passwordtextfield.html)
I fixed this by returning "password.getInput();" from the method, although this
may introduce other security-problems like SQL-injection.
Maybe a flag would be better solution?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
