[jira] [Resolved] (WICKET-6708) FormComponent should read only the GET/POST parameters of the request, not both

Martin Tzvetanov Grigorov (Jira) Wed, 09 Oct 2019 05:40:48 -0700


     [ 
https://issues.apache.org/jira/browse/WICKET-6708?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Martin Tzvetanov Grigorov resolved WICKET-6708.
-----------------------------------------------
    Fix Version/s: 7.16.0
                   9.0.0-M4
                   8.7.0
       Resolution: Fixed

> FormComponent should read only the GET/POST parameters of the request, not 
> both
> -------------------------------------------------------------------------------
>
>                 Key: WICKET-6708
>                 URL: https://issues.apache.org/jira/browse/WICKET-6708
>             Project: Wicket
>          Issue Type: Bug
>          Components: wicket
>    Affects Versions: 8.6.1, 7.15.0, 9.0.0-M3
>            Reporter: Martin Tzvetanov Grigorov
>            Assignee: Martin Tzvetanov Grigorov
>            Priority: Major
>             Fix For: 8.7.0, 9.0.0-M4, 7.16.0
>
>
> org.apache.wicket.markup.html.form.FormComponent#getInputAsArray() currently 
> uses org.apache.wicket.request.Request#getRequestParameters() to read the 
> value(s) of their respective parameter.
> It should use only the parameters for the actual method (GET or POST) instead 
> to prevent any data leakage.
> If form submit is in place then the method mismatch should be handled at 
> org.apache.wicket.markup.html.form.Form#onMethodMismatch()



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Resolved] (WICKET-6708) FormComponent should read only the GET/POST parameters of the request, not both

Reply via email to