You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by "Martin Grigorov (JIRA)" <ji...@apache.org> on 2011/05/01 19:17:03 UTC
[jira] [Resolved] (WICKET-3659) Resource path with ../ prints
warning, is replaced with null/ but still works.
[ https://issues.apache.org/jira/browse/WICKET-3659?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Martin Grigorov resolved WICKET-3659.
-------------------------------------
Resolution: Duplicate
Duplicate of WICKET-3650
> Resource path with ../ prints warning, is replaced with null/ but still works.
> ------------------------------------------------------------------------------
>
> Key: WICKET-3659
> URL: https://issues.apache.org/jira/browse/WICKET-3659
> Project: Wicket
> Issue Type: Bug
> Components: wicket-core
> Affects Versions: 1.4.16
> Reporter: Ondra Žižka
>
> I have a HTML page in org/xy/web/foobar/FooPage.html
> Then there's org/xy/web/files/favicon.ico
> The HTML page contains
> {code}
> <wicket:link>
> <link rel="shortcut icon" href="../files/favicon.ico" type="image/x-icon">
> </wicket:link>
> {code}
> This warning is printed:
> May 1, 2011 6:26:22 PM org.apache.wicket.SharedResources resourceKey SEVERE: Your path looks like: ../files/favicon.ico
> May 1, 2011 6:26:22 PM org.apache.wicket.SharedResources resourceKey SEVERE: For security reasons moving up '../' is disabled by default. Please see
> May 1, 2011 6:26:22 PM org.apache.wicket.SharedResources resourceKey SEVERE: IResourceSettings.getParentFolderPlaceholder() and PackageResourceGuard for more details
> However, the rendered code contains path
> resources/org.xy.web.foo.FooPage/null/files/favicon.ico"
> And the file is served.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira