You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by "Hudson (JIRA)" <ji...@apache.org> on 2010/09/25 20:25:36 UTC
[jira] Commented: (WICKET-3076) UrlUtils.isRelative returns false
if URL parameter contains an absolute URL
[ https://issues.apache.org/jira/browse/WICKET-3076?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12914855#action_12914855 ]
Hudson commented on WICKET-3076:
--------------------------------
Integrated in Apache Wicket 1.5.x #362 (See [https://hudson.apache.org/hudson/job/Apache%20Wicket%201.5.x/362/])
WICKET-3076 UrlUtils.isRelative returns false if URL parameter contains an absolute URL
Use regular expression to check whether the passed url string starts with 'scheme://'
> UrlUtils.isRelative returns false if URL parameter contains an absolute URL
> ---------------------------------------------------------------------------
>
> Key: WICKET-3076
> URL: https://issues.apache.org/jira/browse/WICKET-3076
> Project: Wicket
> Issue Type: Bug
> Components: wicket
> Affects Versions: 1.4.7
> Reporter: Michael Gottschalk
> Assignee: Martin Grigorov
> Fix For: 1.4.13, 1.5-M3
>
>
> I have a page that gets a return path for a back link as a parameter. A link to this page looks like this:
> ./mypage?return=http://example.com
> In WebRequestCodingStrategy.encode, this URL is returned by pathForTarget.
> Then it is checked whether this URL is relative using UrlUtils.isRelative. The URL is apparently relative, but UrlUtils.isRelative returns false, since the check contains:
> (url.indexOf("://") < 0
> this is false for the above example. Thus, an incorrect path is returned by WebRequestCodingStrategy.encode (relative path resolution does not take place).
> A fix for the problem would be to check for
> !(url.startsWith("http://") || url.startsWith("https://"))
> Or, if other protocols should also be supported, a regular expression like "^[^/?]*://" should work.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.