struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alexandru Popescu ☀" <the.mindstorm.mailingl...@gmail.com>
Subject Re: DynamicForwardAction for your consideration
Date Thu, 30 Aug 2007 09:23:18 GMT
On 8/30/07, jpedro <pedro.joao@gmail.com> wrote:
>
> Not quite, it will only enter in an infinite recursion in the same way that a
> struts action will if it has a forward to it self.
>
> In this action that would only occour if the default forward were to
> "/dosemething.do", something like
> <forward name="default" path="/dosomething.do" />, because in any other case
> the first forward would be to the "/dosemething.do" and the second forward
> would be to the default forward, that shouldn't be the "/dosemething.do".
>
> So you see, the risk of infinite recursion is the same that in any other
> struts action.
>
> Best regards,
> JP
>

JP in big terms I agree with you. But as long as your stuff is using
request parameters this means that it exposes the app to external
exploits. The other risk you are mentioning is just internal to you
app and your dev.

bests,
./alex
--
.w( the_mindstorm )p.

>
> Alexandru Popescu ☀ wrote:
> >
> > If I'm reading it correctly there is a risk of infinite recursion in
> > there (if the parameter is the same as the current action).
> >
> > bests,
> > ./alex
> > --
> > .w( the_mindstorm )p.
> >
> >
> > On 8/28/07, jpedro <pedro.joao@gmail.com> wrote:
> >>
> >> Hi,
> >>
> >> I have written this Action for a project. It uses the parameter of a
> >> mapped
> >> action and gets the parameter's value from the request to execute the
> >> action
> >> forward.
> >>
> >> Also it has a default forward that is used when the forward parameter is
> >> not
> >> present in the request.
> >>
> >> The action code is:
> >>
> >> public class DynamicForwardAction extends Action {
> >>
> >>    public ActionForward execute(ActionMapping mapping, ActionForm form,
> >> HttpServletRequest req,
> >>       HttpServletResponse resp) throws Exception {
> >>
> >>          ActionForward forward =
> >> mapping.findForward(req.getParameter(mapping.getParameter()));
> >>          return (forward != null) ? forward :
> >> mapping.findForward("default");
> >>    }
> >> }
> >>
> >> An example of the mapping of this Action is:
> >>
> >> <action path="/dosomething"
> >>                 type=" DynamicForwardAction"
> >>                 validate="false"
> >>                 parameter="option">
> >>         <forward name="opt1" path="app.forward1" />
> >>         <forward name="opt2" path="app.forward2" />
> >>         <forward name="default" path="app.defaultfForward" />
> >> </action>
> >>
> >> If this action is invoked with something like
> >> "/dosomething.do?option=op1"
> >> the specified forward "op1" will be executed.
> >>
> >> If you think that this action may be useful for struts, fell free to
> >> include
> >> it.
> >>
> >> Best regards,
> >> JP
> >>
> >> --
> >> View this message in context:
> >> http://www.nabble.com/DynamicForwardAction-for-your-consideration-tf4341571.html#a12367415
> >> Sent from the Struts - Dev mailing list archive at Nabble.com.
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
> >> For additional commands, e-mail: dev-help@struts.apache.org
> >>
> >>
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
> > For additional commands, e-mail: dev-help@struts.apache.org
> >
> >
> >
>
> --
> View this message in context: http://www.nabble.com/DynamicForwardAction-for-your-consideration-tf4341571.html#a12403370
> Sent from the Struts - Dev mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
> For additional commands, e-mail: dev-help@struts.apache.org
>
>
Mime
View raw message