[ https://issues.apache.org/jira/browse/TAP5-2436?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14693173#comment-14693173
]
ASF subversion and git services commented on TAP5-2436:
-------------------------------------------------------
Commit a05f9618630db905feeb307ead6dcef2e6a5c3bc in tapestry-5's branch refs/heads/master from
[~jkemnade]
[ https://git-wip-us.apache.org/repos/asf?p=tapestry-5.git;h=a05f961 ]
TAP5-2436: if the activation context contains illegal characters, respond with a HTTP 404
status
> Don't throw an IllgealArgumentException on illegal chars in the url
> -------------------------------------------------------------------
>
> Key: TAP5-2436
> URL: https://issues.apache.org/jira/browse/TAP5-2436
> Project: Tapestry 5
> Issue Type: Improvement
> Components: tapestry-core
> Affects Versions: 5.4
> Reporter: quurks
> Assignee: Jochen Kemnade
> Labels: patch
> Fix For: 5.4
>
> Attachments: 0001-TAP5-2436-if-the-activation-context-contains-illegal.patch
>
>
> A few days ago some tool tried to find vulnerabilites by checking urls like /pageid=99999'
. This lead to dozens of exception reports like
> Exception type: java.lang.IllegalArgumentException
> Message: Input string 'pageid=99999'' is not valid; the character '=' at position 7 is
not valid.
> This should either be a custom exception type, so it can be handled without parsing the
IllegalArgumentException message or it should be a 400 - Bad request, which would also allow
for a custom error page.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
|