[
https://issues.apache.org/jira/browse/WICKET-591?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alastair Maw updated WICKET-591:
--------------------------------
Fix Version/s: 1.3.0-beta3
> SignInPanel is not returning raw input
> --------------------------------------
>
> Key: WICKET-591
> URL: https://issues.apache.org/jira/browse/WICKET-591
> Project: Wicket
> Issue Type: Bug
> Components: wicket-auth-roles
> Affects Versions: 1.2.6
> Environment: All
> Reporter: Holger Szillat
> Priority: Trivial
> Fix For: 1.3.0-beta3
>
>
> The SignInPanel's getPassword()-method is returning the password via
> "password.getModelObjectAsString();". This will filter any "special"
> characters like !,$, or & from the input. For (strong?) passwords this may
> not be desirable. (See also
> http://cwiki.apache.org/WICKET/validating-passwordtextfield.html)
> I fixed this by returning "password.getInput();" from the method, although
> this may introduce other security-problems like SQL-injection.
> Maybe a flag would be better solution?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
