You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2019/10/07 19:05:00 UTC
[jira] [Commented] (WICKET-6708) FormComponent should read only the
GET/POST parameters of the request, not both
[ https://issues.apache.org/jira/browse/WICKET-6708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16946149#comment-16946149 ]
ASF subversion and git services commented on WICKET-6708:
---------------------------------------------------------
Commit 0c19cf8f1ba9d1677303fa7a38c1df04c9becd3f in wicket's branch refs/heads/master from Martin Tzvetanov Grigorov
[ https://gitbox.apache.org/repos/asf?p=wicket.git;h=0c19cf8 ]
WICKET-6708 FormComponent should read only the GET/POST parameters of the request, not both
> FormComponent should read only the GET/POST parameters of the request, not both
> -------------------------------------------------------------------------------
>
> Key: WICKET-6708
> URL: https://issues.apache.org/jira/browse/WICKET-6708
> Project: Wicket
> Issue Type: Bug
> Components: wicket
> Affects Versions: 8.6.1, 7.15.0, 9.0.0-M3
> Reporter: Martin Tzvetanov Grigorov
> Assignee: Martin Tzvetanov Grigorov
> Priority: Major
>
> org.apache.wicket.markup.html.form.FormComponent#getInputAsArray() currently uses org.apache.wicket.request.Request#getRequestParameters() to read the value(s) of their respective parameter.
> It should use only the parameters for the actual method (GET or POST) instead to prevent any data leakage.
> If form submit is in place then the method mismatch should be handled at org.apache.wicket.markup.html.form.Form#onMethodMismatch()
--
This message was sent by Atlassian Jira
(v8.3.4#803005)