Uploaded image for project: 'Wicket'
  1. Wicket
  2. WICKET-6708

FormComponent should read only the GET/POST parameters of the request, not both

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 8.6.1, 7.15.0, 9.0.0-M3
    • 8.7.0, 9.0.0-M4, 7.16.0
    • wicket
    • None

    Description

      org.apache.wicket.markup.html.form.FormComponent#getInputAsArray() currently uses org.apache.wicket.request.Request#getRequestParameters() to read the value(s) of their respective parameter.

      It should use only the parameters for the actual method (GET or POST) instead to prevent any data leakage.

      If form submit is in place then the method mismatch should be handled at org.apache.wicket.markup.html.form.Form#onMethodMismatch()

      Attachments

        Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. WICKET-6807 Fake Submitting Button

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Activity

            People

              mgrigorov Martin Tzvetanov Grigorov
              mgrigorov Martin Tzvetanov Grigorov
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: