You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by "Thomas Aulinger (JIRA)" <ji...@apache.org> on 2010/10/14 11:35:33 UTC
[jira] Created: (WICKET-3106) Security: Possible Redirection to
foreign Page by using BrowserInfoPage's PageParameter
Security: Possible Redirection to foreign Page by using BrowserInfoPage's PageParameter
----------------------------------------------------------------------------------------
Key: WICKET-3106
URL: https://issues.apache.org/jira/browse/WICKET-3106
Project: Wicket
Issue Type: Bug
Components: wicket
Affects Versions: 1.4.12
Reporter: Thomas Aulinger
Priority: Critical
By link manipulation as a BookmarkableLink it is possible to redirect a User to foreign pages (probably without users notice).
Example:
http://wicketstuff.org/wicket14/compref/?wicket:bookmarkablePage=:org.apache.wicket.markup.html.pages.BrowserInfoPage&cto=http://www.google.de
Reason:
"Fallback"- Constructor in org.apache.wicket.markup.html.pages.BrowserInfoPage accepts every "cto" -PageParameter unevaluated regarding protocoll prefex.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (WICKET-3106) Security: Possible Redirection to
foreign Page by using BrowserInfoPage's PageParameter
Posted by "Hudson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WICKET-3106?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12921091#action_12921091 ]
Hudson commented on WICKET-3106:
--------------------------------
Integrated in Apache Wicket 1.5.x #402 (See [https://hudson.apache.org/hudson/job/Apache%20Wicket%201.5.x/402/])
Issue: WICKET-3106
> Security: Possible Redirection to foreign Page by using BrowserInfoPage's PageParameter
> ----------------------------------------------------------------------------------------
>
> Key: WICKET-3106
> URL: https://issues.apache.org/jira/browse/WICKET-3106
> Project: Wicket
> Issue Type: Bug
> Components: wicket
> Affects Versions: 1.4.12
> Reporter: Thomas Aulinger
> Assignee: Igor Vaynberg
> Priority: Critical
> Fix For: 1.4.13, 1.5-M3
>
> Original Estimate: 2h
> Remaining Estimate: 2h
>
> By link manipulation as a BookmarkableLink it is possible to redirect a User to foreign pages (probably without users notice).
> Example:
> http://wicketstuff.org/wicket14/compref/?wicket:bookmarkablePage=:org.apache.wicket.markup.html.pages.BrowserInfoPage&cto=http://www.google.de
> Reason:
> "Fallback"- Constructor in org.apache.wicket.markup.html.pages.BrowserInfoPage accepts every "cto" -PageParameter unevaluated regarding protocol prefex.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (WICKET-3106) Security: Possible Redirection to
foreign Page by using BrowserInfoPage's PageParameter
Posted by "Thomas Aulinger (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WICKET-3106?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Thomas Aulinger updated WICKET-3106:
------------------------------------
Description:
By link manipulation as a BookmarkableLink it is possible to redirect a User to foreign pages (probably without users notice).
Example:
http://wicketstuff.org/wicket14/compref/?wicket:bookmarkablePage=:org.apache.wicket.markup.html.pages.BrowserInfoPage&cto=http://www.google.de
Reason:
"Fallback"- Constructor in org.apache.wicket.markup.html.pages.BrowserInfoPage accepts every "cto" -PageParameter unevaluated regarding protocol prefex.
was:
By link manipulation as a BookmarkableLink it is possible to redirect a User to foreign pages (probably without users notice).
Example:
http://wicketstuff.org/wicket14/compref/?wicket:bookmarkablePage=:org.apache.wicket.markup.html.pages.BrowserInfoPage&cto=http://www.google.de
Reason:
"Fallback"- Constructor in org.apache.wicket.markup.html.pages.BrowserInfoPage accepts every "cto" -PageParameter unevaluated regarding protocoll prefex.
> Security: Possible Redirection to foreign Page by using BrowserInfoPage's PageParameter
> ----------------------------------------------------------------------------------------
>
> Key: WICKET-3106
> URL: https://issues.apache.org/jira/browse/WICKET-3106
> Project: Wicket
> Issue Type: Bug
> Components: wicket
> Affects Versions: 1.4.12
> Reporter: Thomas Aulinger
> Priority: Critical
> Original Estimate: 2h
> Remaining Estimate: 2h
>
> By link manipulation as a BookmarkableLink it is possible to redirect a User to foreign pages (probably without users notice).
> Example:
> http://wicketstuff.org/wicket14/compref/?wicket:bookmarkablePage=:org.apache.wicket.markup.html.pages.BrowserInfoPage&cto=http://www.google.de
> Reason:
> "Fallback"- Constructor in org.apache.wicket.markup.html.pages.BrowserInfoPage accepts every "cto" -PageParameter unevaluated regarding protocol prefex.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (WICKET-3106) Security: Possible Redirection to
foreign Page by using BrowserInfoPage's PageParameter
Posted by "Igor Vaynberg (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WICKET-3106?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Igor Vaynberg resolved WICKET-3106.
-----------------------------------
Resolution: Fixed
Fix Version/s: 1.5-M3
1.4.13
Assignee: Igor Vaynberg
> Security: Possible Redirection to foreign Page by using BrowserInfoPage's PageParameter
> ----------------------------------------------------------------------------------------
>
> Key: WICKET-3106
> URL: https://issues.apache.org/jira/browse/WICKET-3106
> Project: Wicket
> Issue Type: Bug
> Components: wicket
> Affects Versions: 1.4.12
> Reporter: Thomas Aulinger
> Assignee: Igor Vaynberg
> Priority: Critical
> Fix For: 1.4.13, 1.5-M3
>
> Original Estimate: 2h
> Remaining Estimate: 2h
>
> By link manipulation as a BookmarkableLink it is possible to redirect a User to foreign pages (probably without users notice).
> Example:
> http://wicketstuff.org/wicket14/compref/?wicket:bookmarkablePage=:org.apache.wicket.markup.html.pages.BrowserInfoPage&cto=http://www.google.de
> Reason:
> "Fallback"- Constructor in org.apache.wicket.markup.html.pages.BrowserInfoPage accepts every "cto" -PageParameter unevaluated regarding protocol prefex.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (WICKET-3106) Security: Possible Redirection to
foreign Page by using BrowserInfoPage's PageParameter
Posted by "Hudson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WICKET-3106?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12921083#action_12921083 ]
Hudson commented on WICKET-3106:
--------------------------------
Integrated in Apache Wicket 1.4.x #204 (See [https://hudson.apache.org/hudson/job/Apache%20Wicket%201.4.x/204/])
Issue: WICKET-3106
> Security: Possible Redirection to foreign Page by using BrowserInfoPage's PageParameter
> ----------------------------------------------------------------------------------------
>
> Key: WICKET-3106
> URL: https://issues.apache.org/jira/browse/WICKET-3106
> Project: Wicket
> Issue Type: Bug
> Components: wicket
> Affects Versions: 1.4.12
> Reporter: Thomas Aulinger
> Assignee: Igor Vaynberg
> Priority: Critical
> Fix For: 1.4.13, 1.5-M3
>
> Original Estimate: 2h
> Remaining Estimate: 2h
>
> By link manipulation as a BookmarkableLink it is possible to redirect a User to foreign pages (probably without users notice).
> Example:
> http://wicketstuff.org/wicket14/compref/?wicket:bookmarkablePage=:org.apache.wicket.markup.html.pages.BrowserInfoPage&cto=http://www.google.de
> Reason:
> "Fallback"- Constructor in org.apache.wicket.markup.html.pages.BrowserInfoPage accepts every "cto" -PageParameter unevaluated regarding protocol prefex.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.