|
If you were logged in you would be able to see more operations.
|
|
|
| Resolution Date: |
06/May/07 08:01 PM
|
|
Wicket uses HttpServletRequest.getPathInfo() to get the the URL. The returned string is already URL decoded, so when the request parameter pair contains %2F, it will be returned as '/', so the request pair will be broken (the same applies to other characters like '+' etc). This was cseen with Jetty 6 and Tomcat 5.5.
Wicket should use HttpServletRequest.getRequestURI() or getRequestURL() as this seems to return URL as it was passed to the server.
|
|
Description
|
Wicket uses HttpServletRequest.getPathInfo() to get the the URL. The returned string is already URL decoded, so when the request parameter pair contains %2F, it will be returned as '/', so the request pair will be broken (the same applies to other characters like '+' etc). This was cseen with Jetty 6 and Tomcat 5.5.
Wicket should use HttpServletRequest.getRequestURI() or getRequestURL() as this seems to return URL as it was passed to the server. |
Show » |
| No work has yet been logged on this issue.
|
|
Bug
Resolved
Critical
Parameters of nice URL's pages with 'sensitive' characters
