You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tapestry.apache.org by jk...@apache.org on 2015/08/12 11:00:20 UTC

[2/2] tapestry-5 git commit: TAP5-2436: if the activation context contains illegal characters, respond with a HTTP 404 status

TAP5-2436: if the activation context contains illegal characters, respond with a HTTP 404 status


Project: http://git-wip-us.apache.org/repos/asf/tapestry-5/repo
Commit: http://git-wip-us.apache.org/repos/asf/tapestry-5/commit/a05f9618
Tree: http://git-wip-us.apache.org/repos/asf/tapestry-5/tree/a05f9618
Diff: http://git-wip-us.apache.org/repos/asf/tapestry-5/diff/a05f9618

Branch: refs/heads/master
Commit: a05f9618630db905feeb307ead6dcef2e6a5c3bc
Parents: 18829d4
Author: Jochen Kemnade <jo...@eddyson.de>
Authored: Wed Aug 12 10:44:29 2015 +0200
Committer: Jochen Kemnade <jo...@eddyson.de>
Committed: Wed Aug 12 10:59:41 2015 +0200

----------------------------------------------------------------------
 .../services/ComponentEventLinkEncoderImpl.java | 15 ++++++----
 .../ComponentEventLinkEncoderImplTest.java      | 31 ++++++++++++++++++++
 2 files changed, 41 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/tapestry-5/blob/a05f9618/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/ComponentEventLinkEncoderImpl.java
----------------------------------------------------------------------
diff --git a/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/ComponentEventLinkEncoderImpl.java b/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/ComponentEventLinkEncoderImpl.java
index 5baec01..79d90cc 100644
--- a/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/ComponentEventLinkEncoderImpl.java
+++ b/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/ComponentEventLinkEncoderImpl.java
@@ -486,7 +486,6 @@ public class ComponentEventLinkEncoderImpl implements ComponentEventLinkEncoder
         {
             return null;
         }
-
         String canonicalized = componentClassResolver.canonicalizePageName(pageName);
 
         // If the page is only visible to the whitelist, but the request is not on the whitelist, then
@@ -495,12 +494,18 @@ public class ComponentEventLinkEncoderImpl implements ComponentEventLinkEncoder
         {
             return null;
         }
+        try
+        {
+            EventContext activationContext = contextPathEncoder.decodePath(pageActivationContext);
 
-        EventContext activationContext = contextPathEncoder.decodePath(pageActivationContext);
-
-        boolean loopback = request.getParameter(TapestryConstants.PAGE_LOOPBACK_PARAMETER_NAME) != null;
+            boolean loopback = request.getParameter(TapestryConstants.PAGE_LOOPBACK_PARAMETER_NAME) != null;
 
-        return new PageRenderRequestParameters(canonicalized, activationContext, loopback);
+            return new PageRenderRequestParameters(canonicalized, activationContext, loopback);
+        } catch (IllegalArgumentException e)
+        {
+            // TAP5-2436
+            return null;
+        }
     }
 
     private boolean isWhitelistOnlyAndNotValid(String canonicalized)

http://git-wip-us.apache.org/repos/asf/tapestry-5/blob/a05f9618/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/ComponentEventLinkEncoderImplTest.java
----------------------------------------------------------------------
diff --git a/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/ComponentEventLinkEncoderImplTest.java b/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/ComponentEventLinkEncoderImplTest.java
index a9f615f..78e71c5 100644
--- a/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/ComponentEventLinkEncoderImplTest.java
+++ b/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/ComponentEventLinkEncoderImplTest.java
@@ -478,4 +478,35 @@ public class ComponentEventLinkEncoderImplTest extends InternalBaseTestCase
 
         verify();
     }
+
+    @Test
+    // TAP5-2436
+    public void illegal_activation_context_leads_to_http_404() throws Exception
+    {
+        ComponentClassResolver resolver = mockComponentClassResolver();
+        Request request = mockRequest();
+        Response response = mockResponse();
+        LocalizationSetter ls = mockLocalizationSetter();
+        MetaDataLocator metaDataLocator = neverWhitelistProtected();
+
+        train_getPath(request, "/foo/pageid=123");
+        train_setLocaleFromLocaleName(ls, "foo", false);
+
+        train_isPageName(resolver, "foo/pageid=123", false);
+        train_isPageName(resolver, "foo", false);
+        train_isPageName(resolver, "", true);
+
+        train_canonicalizePageName(resolver, "", "Index");
+
+        replay();
+
+        ComponentEventLinkEncoderImpl linkEncoder = new ComponentEventLinkEncoderImpl(resolver, contextPathEncoder, ls,
+                response, null, null, null, true, null, "", metaDataLocator, null);
+
+        PageRenderRequestParameters parameters = linkEncoder.decodePageRenderRequest(request);
+
+        assertNull(parameters);
+
+        verify();
+    }
 }