https://issues.apache.org/bugzilla/show_bug.cgi?id=53469
Mark Thomas changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|---
https://issues.apache.org/bugzilla/show_bug.cgi?id=53469
mgrigorov changed:
What|Removed |Added
Status|RESOLVED|REOPENED
Resolution|INVALID
https://issues.apache.org/bugzilla/show_bug.cgi?id=53469
mgrigorov changed:
What|Removed |Added
CC||mgrigo...@apache.org
--
You are recei
https://issues.apache.org/bugzilla/show_bug.cgi?id=53469
Mark Thomas changed:
What|Removed |Added
Status|REOPENED|RESOLVED
Resolution|---
https://issues.apache.org/bugzilla/show_bug.cgi?id=53469
--- Comment #4 from mgrigorov ---
OK, thanks!
In this case I'll let the reporter follow up with a test case that demonstrates
the problem with the urls provided in Wicket Jira.
--
You are receiving this mail because:
You are the assignee
https://issues.apache.org/bugzilla/show_bug.cgi?id=53469
--- Comment #5 from Thyzz ---
Created attachment 29043
--> https://issues.apache.org/bugzilla/attachment.cgi?id=29043&action=edit
Sample app source
According to Martin in https://issues.apache.org/jira/browse/WICKET-4645
This still seems
https://issues.apache.org/bugzilla/show_bug.cgi?id=53469
Thyzz changed:
What|Removed |Added
Status|RESOLVED|REOPENED
Resolution|INVALID
https://issues.apache.org/bugzilla/show_bug.cgi?id=53469
Mark Thomas changed:
What|Removed |Added
Status|REOPENED|RESOLVED
Resolution|---
https://issues.apache.org/bugzilla/show_bug.cgi?id=53469
papegaaij changed:
What|Removed |Added
Status|RESOLVED|REOPENED
Resolution|INVALID
https://issues.apache.org/bugzilla/show_bug.cgi?id=53469
papegaaij changed:
What|Removed |Added
CC||emond.papega...@topicus.nl
--
You are
https://issues.apache.org/bugzilla/show_bug.cgi?id=53469
--- Comment #9 from Mark Thomas ---
(In reply to comment #8)
> The problem lies in the fact that encodeURL rewrites the url to absolute. I
> think this should only be done in encodeRedirectURL.
That is a fair point. We'll get that addresse
https://issues.apache.org/bugzilla/show_bug.cgi?id=53469
--- Comment #10 from papegaaij ---
(In reply to comment #9)
> > Suppose you are at /a/b and you click a link to /a/b/c/d. This page contains
> > a link to /1/2. Wicket renders all urls relative, so the link to /1/2 will
> > be ../../../1/2
https://issues.apache.org/bugzilla/show_bug.cgi?id=53469
--- Comment #11 from Mark Thomas ---
OK. I see what the problem is here. It isn't quite as clear cut as comment #8
suggests.
To determine if the URL should be encoded, Tomcat attempts the following
checks:
a) is it not an intra-document re
https://issues.apache.org/bugzilla/show_bug.cgi?id=53469
--- Comment #12 from papegaaij ---
In my opinion, Tomcat should not convert relative URLs to absolute in
encodeURL. That should only be done in encodeRedirectURL. encodeURL can still
perform normalization, as long as it preserves relative U
https://issues.apache.org/bugzilla/show_bug.cgi?id=53469
--- Comment #13 from mgrigorov ---
I agree with Emond.
By Servlet spec (actually the javadoc of
javax.servlet.http.HttpServletResponse#sendRedirect) only #sendRedirect()
should convert the url from relative to absolute. I think this is the
https://issues.apache.org/bugzilla/show_bug.cgi?id=53469
--- Comment #14 from Mark Thomas ---
Folks, please re-read comment #11.
The output of encodeURL() is not and never will be normalized.
However, the Javadoc for encodeURL() allows/requires Tomcat to check if the
session needs to be encoded
https://issues.apache.org/bugzilla/show_bug.cgi?id=53469
--- Comment #15 from papegaaij ---
Ok, things are getting more clear to me now. Isn't it better to assume that
relative URLs always fall within the webapplication? The worst thing that could
happen, is that a jsessionid gets appended where
https://issues.apache.org/bugzilla/show_bug.cgi?id=53469
--- Comment #16 from Mark Thomas ---
I have fixed the IAE in trunk and 7.0.x.
I am leaving this open while I wait for clarification from the Servlet EG as to
how relative URLs passed to encodeURL should be treated.
See http://java.net/jir
https://issues.apache.org/bugzilla/show_bug.cgi?id=53469
--- Comment #17 from wansho...@hotmail.com ---
(In reply to comment #16)
> I have fixed the IAE in trunk and 7.0.x.
>
> I am leaving this open while I wait for clarification from the Servlet EG as
> to how relative URLs passed to encodeURL
https://issues.apache.org/bugzilla/show_bug.cgi?id=53469
--- Comment #18 from mgrigorov ---
(In reply to comment #16)
> I have fixed the IAE in trunk and 7.0.x.
Unfortunately with this fix apps that work only with jsessionid encoded in the
url will still break. If JSESSIONID is in a cookie then
https://issues.apache.org/bugzilla/show_bug.cgi?id=53469
--- Comment #19 from mgrigorov ---
I think I found the solution. Wicket can pass always an absolute url to the web
container for encoding. Wicket knows the current base url and can make it
absolute safely. This way the web container will on
https://issues.apache.org/bugzilla/show_bug.cgi?id=53469
Mark Thomas changed:
What|Removed |Added
Status|REOPENED|NEEDINFO
--- Comment #20 from Mark T
https://issues.apache.org/bugzilla/show_bug.cgi?id=53469
--- Comment #21 from Tino Kissig ---
At our current system we're getting the IllegalArgumentException when Tomcat
tries to normalize such a relative url for a redirect.
java.lang.IllegalArgumentException
at org.apache.catalina.connecto
https://issues.apache.org/bugzilla/show_bug.cgi?id=53469
Tino Kissig changed:
What|Removed |Added
CC||tino.kis...@exedio.com
--
You are r
https://issues.apache.org/bugzilla/show_bug.cgi?id=53469
--- Comment #22 from mgrigorov ---
Wicket has a fix in versions 1.5.9 (not released yet) and 6.1.0.
Which version do you use ?
--
You are receiving this mail because:
You are the assignee for the bug.
https://issues.apache.org/bugzilla/show_bug.cgi?id=53469
--- Comment #23 from Tino Kissig ---
(In reply to comment #22)
> Wicket has a fix in versions 1.5.9 (not released yet) and 6.1.0.
> Which version do you use ?
Unfortunately we still use 1.4.18 and don't have the resources yet to upgrade
to
https://issues.apache.org/bugzilla/show_bug.cgi?id=53469
Mark Thomas changed:
What|Removed |Added
Status|NEEDINFO|RESOLVED
Resolution|---
https://issues.apache.org/bugzilla/show_bug.cgi?id=53469
--- Comment #25 from Jackie Rosen ---
*** Bug 260998 has been marked as a duplicate of this bug. ***
Seen from the domain http://volichat.com
Page where seen: http://volichat.com/adult-chat-rooms
Marked for reference. Resolved as fixed @bug
28 matches
Mail list logo
