You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@wicket.apache.org by "Martin Tzvetanov Grigorov (Jira)" <ji...@apache.org> on 2019/10/07 18:57:00 UTC

[jira] [Created] (WICKET-6708) FormComponent should read only the GET/POST parameters of the request, not both

Martin Tzvetanov Grigorov created WICKET-6708:
-------------------------------------------------

             Summary: FormComponent should read only the GET/POST parameters of the request, not both
                 Key: WICKET-6708
                 URL: https://issues.apache.org/jira/browse/WICKET-6708
             Project: Wicket
          Issue Type: Bug
          Components: wicket
    Affects Versions: 9.0.0-M3, 7.15.0, 8.6.1
            Reporter: Martin Tzvetanov Grigorov
            Assignee: Martin Tzvetanov Grigorov


org.apache.wicket.markup.html.form.FormComponent#getInputAsArray() currently uses org.apache.wicket.request.Request#getRequestParameters() to read the value(s) of their respective parameter.

It should use only the parameters for the actual method (GET or POST) instead to prevent any data leakage.

If form submit is in place then the method mismatch should be handled at org.apache.wicket.markup.html.form.Form#onMethodMismatch()



--
This message was sent by Atlassian Jira
(v8.3.4#803005)