You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@wicket.apache.org by "Andreas Sahlbach (JIRA)" <ji...@apache.org> on 2008/12/16 21:44:46 UTC

[jira] Created: (WICKET-1983) Most UrlEncoding Strategies fail to encode "/" (and "\") in a practical way

Most UrlEncoding Strategies fail to encode "/" (and "\") in a practical way
---------------------------------------------------------------------------

                 Key: WICKET-1983
                 URL: https://issues.apache.org/jira/browse/WICKET-1983
             Project: Wicket
          Issue Type: Bug
          Components: wicket
    Affects Versions: 1.4-RC1
            Reporter: Andreas Sahlbach


Most UrlEncodingStrategies encode PageParameters simply by escaping the using octed codes. For example a page parameter "a/b" will be encoded into "a%2Fb".
BookmarkablePageRequestTargetUrlCodingStrategy for example would generate an URL that looks like this: http://localhost/mypage/bez/a%2Fb/ for a parameter called "bez" and the value "a/b". 

This is correct according to RFC 2396, but most http servers don't accept encoded path separators for security reasons. (See e.g. apache option AllowEncodedSlashes). My version of tomcat also does not accept these kind of urls and delivers "Bad request" for such urls. 

I would like to suggest to do some special double ecoding for these problematic cases ("/" and "\" are affected I guess), so that no special options are needed to be tweaked. Not sure if it's even possible to let tomcat server such an url. 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (WICKET-1983) Improve encoding of forward and backward slashes

Posted by "Igor Vaynberg (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/WICKET-1983?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Igor Vaynberg updated WICKET-1983:
----------------------------------

    Issue Type: Wish  (was: Bug)
       Summary: Improve encoding of forward and backward slashes  (was: Most UrlEncoding Strategies fail to encode "/" (and "\") in a practical way)

this is not a bug, we do everything according to the rfc. you can say this is a bug in containers if they do not correctly process rfc encoded requests.

we will consider doing some sort of special encoding of these two characters later

> Improve encoding of forward and backward slashes
> ------------------------------------------------
>
>                 Key: WICKET-1983
>                 URL: https://issues.apache.org/jira/browse/WICKET-1983
>             Project: Wicket
>          Issue Type: Wish
>          Components: wicket
>    Affects Versions: 1.4-RC1
>            Reporter: Andreas Sahlbach
>
> Most UrlEncodingStrategies encode PageParameters simply by escaping the using octed codes. For example a page parameter "a/b" will be encoded into "a%2Fb".
> BookmarkablePageRequestTargetUrlCodingStrategy for example would generate an URL that looks like this: http://localhost/mypage/bez/a%2Fb/ for a parameter called "bez" and the value "a/b". 
> This is correct according to RFC 2396, but most http servers don't accept encoded path separators for security reasons. (See e.g. apache option AllowEncodedSlashes). My version of tomcat also does not accept these kind of urls and delivers "Bad request" for such urls. 
> I would like to suggest to do some special double ecoding for these problematic cases ("/" and "\" are affected I guess), so that no special options are needed to be tweaked. Not sure if it's even possible to let tomcat serve such an url. 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (WICKET-1983) Most UrlEncoding Strategies fail to encode "/" (and "\") in a practical way

Posted by "Andreas Sahlbach (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/WICKET-1983?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Andreas Sahlbach updated WICKET-1983:
-------------------------------------

    Description: 
Most UrlEncodingStrategies encode PageParameters simply by escaping the using octed codes. For example a page parameter "a/b" will be encoded into "a%2Fb".
BookmarkablePageRequestTargetUrlCodingStrategy for example would generate an URL that looks like this: http://localhost/mypage/bez/a%2Fb/ for a parameter called "bez" and the value "a/b". 

This is correct according to RFC 2396, but most http servers don't accept encoded path separators for security reasons. (See e.g. apache option AllowEncodedSlashes). My version of tomcat also does not accept these kind of urls and delivers "Bad request" for such urls. 

I would like to suggest to do some special double ecoding for these problematic cases ("/" and "\" are affected I guess), so that no special options are needed to be tweaked. Not sure if it's even possible to let tomcat serve such an url. 

  was:
Most UrlEncodingStrategies encode PageParameters simply by escaping the using octed codes. For example a page parameter "a/b" will be encoded into "a%2Fb".
BookmarkablePageRequestTargetUrlCodingStrategy for example would generate an URL that looks like this: http://localhost/mypage/bez/a%2Fb/ for a parameter called "bez" and the value "a/b". 

This is correct according to RFC 2396, but most http servers don't accept encoded path separators for security reasons. (See e.g. apache option AllowEncodedSlashes). My version of tomcat also does not accept these kind of urls and delivers "Bad request" for such urls. 

I would like to suggest to do some special double ecoding for these problematic cases ("/" and "\" are affected I guess), so that no special options are needed to be tweaked. Not sure if it's even possible to let tomcat server such an url. 


> Most UrlEncoding Strategies fail to encode "/" (and "\") in a practical way
> ---------------------------------------------------------------------------
>
>                 Key: WICKET-1983
>                 URL: https://issues.apache.org/jira/browse/WICKET-1983
>             Project: Wicket
>          Issue Type: Bug
>          Components: wicket
>    Affects Versions: 1.4-RC1
>            Reporter: Andreas Sahlbach
>
> Most UrlEncodingStrategies encode PageParameters simply by escaping the using octed codes. For example a page parameter "a/b" will be encoded into "a%2Fb".
> BookmarkablePageRequestTargetUrlCodingStrategy for example would generate an URL that looks like this: http://localhost/mypage/bez/a%2Fb/ for a parameter called "bez" and the value "a/b". 
> This is correct according to RFC 2396, but most http servers don't accept encoded path separators for security reasons. (See e.g. apache option AllowEncodedSlashes). My version of tomcat also does not accept these kind of urls and delivers "Bad request" for such urls. 
> I would like to suggest to do some special double ecoding for these problematic cases ("/" and "\" are affected I guess), so that no special options are needed to be tweaked. Not sure if it's even possible to let tomcat serve such an url. 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Closed: (WICKET-1983) Improve encoding of forward and backward slashes

Posted by "Igor Vaynberg (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/WICKET-1983?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Igor Vaynberg closed WICKET-1983.
---------------------------------

    Resolution: Duplicate

> Improve encoding of forward and backward slashes
> ------------------------------------------------
>
>                 Key: WICKET-1983
>                 URL: https://issues.apache.org/jira/browse/WICKET-1983
>             Project: Wicket
>          Issue Type: Wish
>          Components: wicket
>    Affects Versions: 1.4-RC1
>            Reporter: Andreas Sahlbach
>
> Most UrlEncodingStrategies encode PageParameters simply by escaping the using octed codes. For example a page parameter "a/b" will be encoded into "a%2Fb".
> BookmarkablePageRequestTargetUrlCodingStrategy for example would generate an URL that looks like this: http://localhost/mypage/bez/a%2Fb/ for a parameter called "bez" and the value "a/b". 
> This is correct according to RFC 2396, but most http servers don't accept encoded path separators for security reasons. (See e.g. apache option AllowEncodedSlashes). My version of tomcat also does not accept these kind of urls and delivers "Bad request" for such urls. 
> I would like to suggest to do some special double ecoding for these problematic cases ("/" and "\" are affected I guess), so that no special options are needed to be tweaked. Not sure if it's even possible to let tomcat serve such an url. 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.