You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@wicket.apache.org by jc...@apache.org on 2008/10/27 11:17:11 UTC

svn commit: r708127 - /wicket/branches/wicket-1.3.x/jdk-1.4/wicket/src/main/java/org/apache/wicket/protocol/http/request/CryptedUrlWebRequestCodingStrategy.java

Author: jcompagner
Date: Mon Oct 27 03:17:09 2008
New Revision: 708127

URL: http://svn.apache.org/viewvc?rev=708127&view=rev
Log:
throw page expired message if an url couldnt be decrypted correctly. (the url was tampered with by an attacker or the session was really expired, both ways a page expired is fine)

Modified:
    wicket/branches/wicket-1.3.x/jdk-1.4/wicket/src/main/java/org/apache/wicket/protocol/http/request/CryptedUrlWebRequestCodingStrategy.java

Modified: wicket/branches/wicket-1.3.x/jdk-1.4/wicket/src/main/java/org/apache/wicket/protocol/http/request/CryptedUrlWebRequestCodingStrategy.java
URL: http://svn.apache.org/viewvc/wicket/branches/wicket-1.3.x/jdk-1.4/wicket/src/main/java/org/apache/wicket/protocol/http/request/CryptedUrlWebRequestCodingStrategy.java?rev=708127&r1=708126&r2=708127&view=diff
==============================================================================
--- wicket/branches/wicket-1.3.x/jdk-1.4/wicket/src/main/java/org/apache/wicket/protocol/http/request/CryptedUrlWebRequestCodingStrategy.java (original)
+++ wicket/branches/wicket-1.3.x/jdk-1.4/wicket/src/main/java/org/apache/wicket/protocol/http/request/CryptedUrlWebRequestCodingStrategy.java Mon Oct 27 03:17:09 2008
@@ -26,6 +26,7 @@
 import org.apache.wicket.Request;
 import org.apache.wicket.RequestCycle;
 import org.apache.wicket.WicketRuntimeException;
+import org.apache.wicket.protocol.http.PageExpiredException;
 import org.apache.wicket.protocol.http.RequestUtils;
 import org.apache.wicket.protocol.http.WicketURLDecoder;
 import org.apache.wicket.protocol.http.WicketURLEncoder;
@@ -270,13 +271,12 @@
 	 */
 	protected String onError(final Exception ex)
 	{
-		throw new HackAttackException("Invalid URL");
+		throw new PageExpiredException("Invalid URL");
 	}
 
 	protected String onError(final Exception ex, String url)
 	{
-		log.error("Invalid URL: " + url, ex);
-
+		log.info("Invalid URL: " + url + ", message:" + ex.getMessage());
 		return onError(ex);
 	}