[WICKET-591] SignInPanel is not returning raw input - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Trivial
Resolution: Fixed
Affects Version/s: 1.2.6
Fix Version/s: 1.3.0-beta2
Component/s: wicket-auth-roles
Labels:
None
Environment:
All

Description

The SignInPanel's getPassword()-method is returning the password via "password.getModelObjectAsString();". This will filter any "special" characters like !,$, or & from the input. For (strong?) passwords this may not be desirable. (See also http://cwiki.apache.org/WICKET/validating-passwordtextfield.html)

I fixed this by returning "password.getInput();" from the method, although this may introduce other security-problems like SQL-injection.

Maybe a flag would be better solution?

Attachments

Activity

People

Assignee:: Alastair Maw

Reporter:: Holger Szillat

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 25/May/07 13:50

Updated:: 18/Jun/07 04:47

Resolved:: 18/Jun/07 04:47