You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by "Martin Tzvetanov Grigorov (Jira)" <ji...@apache.org> on 2019/10/07 18:57:00 UTC
[jira] [Created] (WICKET-6708) FormComponent should read only the
GET/POST parameters of the request, not both
Martin Tzvetanov Grigorov created WICKET-6708:
-------------------------------------------------
Summary: FormComponent should read only the GET/POST parameters of the request, not both
Key: WICKET-6708
URL: https://issues.apache.org/jira/browse/WICKET-6708
Project: Wicket
Issue Type: Bug
Components: wicket
Affects Versions: 9.0.0-M3, 7.15.0, 8.6.1
Reporter: Martin Tzvetanov Grigorov
Assignee: Martin Tzvetanov Grigorov
org.apache.wicket.markup.html.form.FormComponent#getInputAsArray() currently uses org.apache.wicket.request.Request#getRequestParameters() to read the value(s) of their respective parameter.
It should use only the parameters for the actual method (GET or POST) instead to prevent any data leakage.
If form submit is in place then the method mismatch should be handled at org.apache.wicket.markup.html.form.Form#onMethodMismatch()
--
This message was sent by Atlassian Jira
(v8.3.4#803005)