You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by jc...@apache.org on 2010/04/15 17:44:03 UTC
svn commit: r934460 -
/wicket/branches/wicket-1.4.x/wicket/src/main/java/org/apache/wicket/request/RequestParameters.java
Author: jcompagner
Date: Thu Apr 15 15:44:02 2010
New Revision: 934460
URL: http://svn.apache.org/viewvc?rev=934460&view=rev
Log:
protection against url altering, setting a very high number of the url depth would mean a very large string would be generated.
Modified:
wicket/branches/wicket-1.4.x/wicket/src/main/java/org/apache/wicket/request/RequestParameters.java
Modified: wicket/branches/wicket-1.4.x/wicket/src/main/java/org/apache/wicket/request/RequestParameters.java
URL: http://svn.apache.org/viewvc/wicket/branches/wicket-1.4.x/wicket/src/main/java/org/apache/wicket/request/RequestParameters.java?rev=934460&r1=934459&r2=934460&view=diff
==============================================================================
--- wicket/branches/wicket-1.4.x/wicket/src/main/java/org/apache/wicket/request/RequestParameters.java (original)
+++ wicket/branches/wicket-1.4.x/wicket/src/main/java/org/apache/wicket/request/RequestParameters.java Thu Apr 15 15:44:02 2010
@@ -42,6 +42,8 @@ import org.apache.wicket.protocol.http.r
*/
public class RequestParameters implements IClusterable
{
+ private static final int MAX_URL_DEPTH = 75;
+
private static final long serialVersionUID = 1L;
/** the full path to a component (might be just the page). */
@@ -358,6 +360,8 @@ public class RequestParameters implement
*/
public void setUrlDepth(int urlDepth)
{
+ if (urlDepth > MAX_URL_DEPTH)
+ throw new RuntimeException("Url depth to large: " + urlDepth);
this.urlDepth = urlDepth;
}