You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by jc...@apache.org on 2008/10/04 23:45:35 UTC
svn commit: r701718 - in
/wicket/trunk/wicket/src/main/java/org/apache/wicket:
protocol/http/request/CryptedUrlWebRequestCodingStrategy.java
protocol/http/request/urlcompressing/UrlCompressingWebCodingStrategy.java
util/crypt/AbstractCrypt.java
Author: jcompagner
Date: Sat Oct 4 14:45:35 2008
New Revision: 701718
URL: http://svn.apache.org/viewvc?rev=701718&view=rev
Log:
from 1.3: better error handling when the crypt fails
better decoding of the decoded params
Modified:
wicket/trunk/wicket/src/main/java/org/apache/wicket/protocol/http/request/CryptedUrlWebRequestCodingStrategy.java
wicket/trunk/wicket/src/main/java/org/apache/wicket/protocol/http/request/urlcompressing/UrlCompressingWebCodingStrategy.java
wicket/trunk/wicket/src/main/java/org/apache/wicket/util/crypt/AbstractCrypt.java
Modified: wicket/trunk/wicket/src/main/java/org/apache/wicket/protocol/http/request/CryptedUrlWebRequestCodingStrategy.java
URL: http://svn.apache.org/viewvc/wicket/trunk/wicket/src/main/java/org/apache/wicket/protocol/http/request/CryptedUrlWebRequestCodingStrategy.java?rev=701718&r1=701717&r2=701718&view=diff
==============================================================================
--- wicket/trunk/wicket/src/main/java/org/apache/wicket/protocol/http/request/CryptedUrlWebRequestCodingStrategy.java (original)
+++ wicket/trunk/wicket/src/main/java/org/apache/wicket/protocol/http/request/CryptedUrlWebRequestCodingStrategy.java Sat Oct 4 14:45:35 2008
@@ -262,7 +262,7 @@
}
catch (Exception ex)
{
- return onError(ex);
+ return onError(ex, url);
}
}
return null;
@@ -272,14 +272,20 @@
* @param ex
*
* @return decoded URL
+ * @deprecated Use {@link #onError(Exception, String)}
*/
protected String onError(final Exception ex)
{
- log.error("Invalid URL", ex);
-
throw new HackAttackException("Invalid URL");
}
+ protected String onError(final Exception ex, String url)
+ {
+ log.error("Invalid URL: " + url, ex);
+
+ return onError(ex);
+ }
+
/**
* Try to shorten the querystring without loosing information. Note: WebRequestWithCryptedUrl
* must implement exactly the opposite logic.
@@ -386,8 +392,12 @@
// Remove the 'x' parameter which contains ALL the encoded params
parameterMap.remove("x");
- String decodedParamReplacement = encodedParamReplacement;
- decodedParamReplacement = WicketURLDecoder.QUERY_INSTANCE.decode(encodedParamReplacement);
+ // first replace all & with & else the they wont be encoded because there where
+ // encrypted.
+ String decodedParamReplacement = Strings.replaceAll(encodedParamReplacement, "&",
+ "&").toString();
+
+ decodedParamReplacement = WicketURLDecoder.QUERY_INSTANCE.decode(decodedParamReplacement);
// Add ALL of the params from the decoded 'x' param
ValueMap params = new ValueMap();
Modified: wicket/trunk/wicket/src/main/java/org/apache/wicket/protocol/http/request/urlcompressing/UrlCompressingWebCodingStrategy.java
URL: http://svn.apache.org/viewvc/wicket/trunk/wicket/src/main/java/org/apache/wicket/protocol/http/request/urlcompressing/UrlCompressingWebCodingStrategy.java?rev=701718&r1=701717&r2=701718&view=diff
==============================================================================
--- wicket/trunk/wicket/src/main/java/org/apache/wicket/protocol/http/request/urlcompressing/UrlCompressingWebCodingStrategy.java (original)
+++ wicket/trunk/wicket/src/main/java/org/apache/wicket/protocol/http/request/urlcompressing/UrlCompressingWebCodingStrategy.java Sat Oct 4 14:45:35 2008
@@ -60,7 +60,7 @@
* @return the encoded url
*/
protected CharSequence encode(RequestCycle requestCycle,
- IListenerInterfaceRequestTarget requestTarget)
+ IListenerInterfaceRequestTarget requestTarget)
{
final RequestListenerInterface rli = requestTarget.getRequestListenerInterface();
@@ -89,7 +89,7 @@
url.append(page.getId());
url.append(Component.PATH_SEPARATOR);
url.append(((WebPage)page).getUrlCompressor().getUIDForComponentAndInterface(component,
- listenerName));
+ listenerName));
listenerName = null;
}
else
@@ -131,10 +131,10 @@
{
url.append(params.getUrlDepth());
}
- if (IActivePageBehaviorListener.INTERFACE.getName().equals(listenerName))
+ if (IActivePageBehaviorListener.INTERFACE.getName().equals(rli.getName()))
{
url.append(url.indexOf("?") > -1 ? "&" : "?").append(
- IGNORE_IF_NOT_ACTIVE_PARAMETER_NAME).append("=true");
+ IGNORE_IF_NOT_ACTIVE_PARAMETER_NAME).append("=true");
}
return requestCycle.getOriginalResponse().encodeURL(url);
}
Modified: wicket/trunk/wicket/src/main/java/org/apache/wicket/util/crypt/AbstractCrypt.java
URL: http://svn.apache.org/viewvc/wicket/trunk/wicket/src/main/java/org/apache/wicket/util/crypt/AbstractCrypt.java?rev=701718&r1=701717&r2=701718&view=diff
==============================================================================
--- wicket/trunk/wicket/src/main/java/org/apache/wicket/util/crypt/AbstractCrypt.java (original)
+++ wicket/trunk/wicket/src/main/java/org/apache/wicket/util/crypt/AbstractCrypt.java Sat Oct 4 14:45:35 2008
@@ -68,7 +68,7 @@
}
catch (UnsupportedEncodingException ex)
{
- throw new WicketRuntimeException(ex.getMessage());
+ throw new WicketRuntimeException("Error decoding text: " + text, ex);
}
}
@@ -125,7 +125,7 @@
* @throws GeneralSecurityException
*/
protected abstract byte[] crypt(final byte[] input, final int mode)
- throws GeneralSecurityException;
+ throws GeneralSecurityException;
/**
* Decrypts an encrypted, but Base64 decoded byte array into a byte array.
@@ -142,8 +142,8 @@
}
catch (GeneralSecurityException e)
{
- throw new WicketRuntimeException("Unable to decrypt the text '" + encrypted.toString() +
- "'", e);
+ throw new WicketRuntimeException("Unable to decrypt the text '" +
+ new String(encrypted) + "'", e);
}
}
@@ -156,7 +156,7 @@
* @throws GeneralSecurityException
*/
private final byte[] encryptStringToByteArray(final String plainText)
- throws GeneralSecurityException
+ throws GeneralSecurityException
{
try
{