Return-Path: X-Original-To: apmail-struts-issues-archive@minotaur.apache.org Delivered-To: apmail-struts-issues-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id E040710691 for ; Sun, 29 Dec 2013 14:29:17 +0000 (UTC) Received: (qmail 30054 invoked by uid 500); 29 Dec 2013 14:29:09 -0000 Delivered-To: apmail-struts-issues-archive@struts.apache.org Received: (qmail 29946 invoked by uid 500); 29 Dec 2013 14:29:02 -0000 Mailing-List: contact issues-help@struts.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@struts.apache.org Delivered-To: mailing list issues@struts.apache.org Received: (qmail 29916 invoked by uid 99); 29 Dec 2013 14:28:57 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 29 Dec 2013 14:28:57 +0000 Date: Sun, 29 Dec 2013 14:28:56 +0000 (UTC) From: "Bruce Phillips (JIRA)" To: issues@struts.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Comment Edited] (WW-4259) Parameter is NULL when Submitting form with parameters using URL contains querystring consisted of some fields MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/WW-4259?page=3Dcom.atlassian.ji= ra.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=3D1385835= 2#comment-13858352 ]=20 Bruce Phillips edited comment on WW-4259 at 12/29/13 2:28 PM: -------------------------------------------------------------- I cannot reproduce the problem you report in Struts 2.3.16. When I use s:form action=3D"hello.action?field1=3D%{field1}&field2=3D%{fiel= d2}" The result in the jsp is just action=3D"hello.action" I believe due to recent security fixes the query string is stripped off. If you are encountering this problem in Struts 2.3.16 please upload a compl= ete Maven example project that I can use to duplicate the problem you are r= eporting. was (Author: bphillips): I cannot reproduce the problem you report in Struts 2.3.16. When I use s:form action=3D"hello.action?field1=3D%{field1}&field2=3D%{fiel= d2}" The result in the asp is just action=3D"hello.action" I believe due to recent security fixes the query string is stripped off. If you are encountering this problem in Struts 2.3.16 please upload a compl= ete Maven example project that I can use to duplicate the problem you are r= eporting. > Parameter is NULL when Submitting form with parameters using URL contains= querystring consisted of some fields > -------------------------------------------------------------------------= ------------------------------------- > > Key: WW-4259 > URL: https://issues.apache.org/jira/browse/WW-4259 > Project: Struts 2 > Issue Type: Bug > Environment: Struts: 2.3.16 > JRE: 7.0 > Tomcat: 7.0 > Reporter: Yorozuya Kazuyuki > Assignee: Bruce Phillips > Priority: Minor > Fix For: 2.3.17 > > Attachments: ServletUrlRenderer.java.patch > > > h3. Phenomenon > 1. Submitting form with parameters using URL contains querystring consist= ed of some fields. > {noformat} > > {noformat} > Field1, field2 are member of Test class. > Each setter is implemented in this class. > \\ > 2. When form tag in struts is interpreted as in HTML, "action" atrribute = is this. > {noformat} > action=3D"Test.action?field1=3Dvalue1&amp;field2=3Dvalue2" > {noformat} > Due to duplication of "amp;", it causes field2 member to fail to recieve = value. > therefore, field2 member equals NULL always. > =20 > \\ > Desired result 2. is this. > {noformat} > action=3D"Test.action?field1=3Dvalue1&field2=3Dvalue2" > {noformat} > \\ > h3. Cause > Character entity reference about "&" is executed twice. > Executed points are as follow. > -------------------------------------------------------------------------= ------- > =E3=83=BB/core/src/main/java/org/apache/struts2/views/util/DefaultUrlHelp= er.java > {noformat} > String buildUrl( > String action, HttpServletRequest request, HttpServletResponse response,= =20 > Map params, String scheme, boolean includeContext, > boolean encodeResult, boolean forceAddSchemeHostAndPort, boolean escapeA= mp > ) > {noformat} > =E3=83=BB/core/src/main/resources/template/simple/form-common.ftl > {noformat} > <#if parameters.action??> > action=3D"${parameters.action?html}"<#rt/> > > {noformat} > -------------------------------------------------------------------------= ------- > h3. Solution > "escapeAmp" in method "DefaultUrlHelper.buildUrl" is set false.=20 > My patch file is attached. -- This message was sent by Atlassian JIRA (v6.1.5#6160)