Uploaded image for project: 'Wicket'
  1. Wicket
  2. WICKET-2552

CreditCardValidator accepts invalid inputs

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.4.4, 1.5-M1
    • Component/s: wicket
    • Labels:
      None

      Description

      (1) The onValidate() method of the CreditCardValidator class returns true for invalid inputs with null or unicode character such as 4\0\0\0\0\0\0\0\0\0\0\0\0\0\0.
      (2) Also there is no length check on the input, therefore even invalid length inputs such as 9845 are accepted.
      (3) There is no check for invalid issuer identifier, i.e., 840898920205250 is accepted, where 84XXXX is not a valid issuer identifier

        Attachments

        1. CreditCardValidatorTest.java
          5 kB
          Joachim Rohde
        2. WICKET-2552-fix.patch
          23 kB
          Joachim Rohde

          Activity

            People

            • Assignee:
              jdonnerstag Juegen Donnerstag
              Reporter:
              mrmarri Madhuri Marri
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: