[TAP5-2436] Don't throw an IllgealArgumentException on illegal chars in the url - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 5.4
Fix Version/s: 5.4
Component/s: tapestry-core
Labels:
- patch

Description

A few days ago some tool tried to find vulnerabilites by checking urls like /pageid=99999' . This lead to dozens of exception reports like

Exception type: java.lang.IllegalArgumentException
Message: Input string 'pageid=99999'' is not valid; the character '=' at position 7 is not valid.

This should either be a custom exception type, so it can be handled without parsing the IllegalArgumentException message or it should be a 400 - Bad request, which would also allow for a custom error page.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

0001-TAP5-2436-if-the-activation-context-contains-illegal.patch
12/Aug/15 08:47
4 kB
Jochen Kemnade

Activity

People

Assignee:: Jochen Kemnade

Reporter:: quurks

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 03/Jan/15 16:43

Updated:: 12/Aug/15 10:30

Resolved:: 12/Aug/15 09:00