[WICKET-3076] UrlUtils.isRelative returns false if URL parameter contains an absolute URL - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 1.4.7
Fix Version/s: 1.4.13, 1.5-M3
Component/s: wicket
Labels:
None

Description

I have a page that gets a return path for a back link as a parameter. A link to this page looks like this:

./mypage?return=http://example.com

In WebRequestCodingStrategy.encode, this URL is returned by pathForTarget.
Then it is checked whether this URL is relative using UrlUtils.isRelative. The URL is apparently relative, but UrlUtils.isRelative returns false, since the check contains:

(url.indexOf("://") < 0

this is false for the above example. Thus, an incorrect path is returned by WebRequestCodingStrategy.encode (relative path resolution does not take place).

A fix for the problem would be to check for

!(url.startsWith("http://") || url.startsWith("https://"))

Or, if other protocols should also be supported, a regular expression like "^[^/?]*://" should work.

Attachments

Activity

People

Assignee:: Martin Tzvetanov Grigorov

Reporter:: Michael Gottschalk

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 23/Sep/10 14:56

Updated:: 25/Sep/10 18:24

Resolved:: 25/Sep/10 17:13