Ok, done:
https://issues.apache.org/jira/browse/WICKET-1992
Regards,
Sebastiaan
Jeremy Thomerson wrote:
Could you file a JIRA on this?
On Mon, Dec 22, 2008 at 9:10 AM, Sebastiaan van Erk wrote:
Hi All,
I've just run into what I consider a bit of a security issue with the
SharedResourceRequ
Could you file a JIRA on this?
On Mon, Dec 22, 2008 at 9:10 AM, Sebastiaan van Erk wrote:
> Hi All,
>
> I've just run into what I consider a bit of a security issue with the
> SharedResourceRequestTarget. It allows me to load files from the /WEB-INF
> directory (though I have to guess the file na
Ok, scratch that.
Overlooked a .toLowerCase(). :-) Sorry about that.
Regards,
Sebastiaan
Sebastiaan van Erk wrote:
As a side note, the PackageResourceGuard which checks for the
"properties" extension among others does not look to be failsafe either.
At least in my development configuration t
As a side note, the PackageResourceGuard which checks for the
"properties" extension among others does not look to be failsafe either.
At least in my development configuration the WebAppClassLoader of Tomcat
which eventually resolves the resource returns a file: url to for
example the .propert
Hi All,
I've just run into what I consider a bit of a security issue with the
SharedResourceRequestTarget. It allows me to load files from the
/WEB-INF directory (though I have to guess the file names).
For example, if I see there is some bookmarkable page in the app with
the name com.myapp.