tapestry-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (TAP5-2436) Don't throw an IllgealArgumentException on illegal chars in the url
Date Wed, 12 Aug 2015 09:00:51 GMT

    [ https://issues.apache.org/jira/browse/TAP5-2436?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14693173#comment-14693173
] 

ASF subversion and git services commented on TAP5-2436:
-------------------------------------------------------

Commit a05f9618630db905feeb307ead6dcef2e6a5c3bc in tapestry-5's branch refs/heads/master from
[~jkemnade]
[ https://git-wip-us.apache.org/repos/asf?p=tapestry-5.git;h=a05f961 ]

TAP5-2436: if the activation context contains illegal characters, respond with a HTTP 404
status


> Don't throw an IllgealArgumentException on illegal chars in the url
> -------------------------------------------------------------------
>
>                 Key: TAP5-2436
>                 URL: https://issues.apache.org/jira/browse/TAP5-2436
>             Project: Tapestry 5
>          Issue Type: Improvement
>          Components: tapestry-core
>    Affects Versions: 5.4
>            Reporter: quurks
>            Assignee: Jochen Kemnade
>              Labels: patch
>             Fix For: 5.4
>
>         Attachments: 0001-TAP5-2436-if-the-activation-context-contains-illegal.patch
>
>
> A few days ago some tool tried to find vulnerabilites by checking urls like /pageid=99999'
. This lead to dozens of exception reports like 
> Exception type: java.lang.IllegalArgumentException
> Message: Input string 'pageid=99999'' is not valid; the character '=' at position 7 is
not valid.
> This should either be a custom exception type, so it can be handled without parsing the
IllegalArgumentException message or it should be a 400 - Bad request, which would also allow
for a custom error page.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message