struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lukasz Lenart (JIRA)" <>
Subject [jira] [Commented] (WW-4669) Struts 2.5.1 gives errors on unexpected action names
Date Fri, 29 Jul 2016 06:17:20 GMT


Lukasz Lenart commented on WW-4669:

It was mentioned here as a potenially vulnerable
solution - you can always write your own {{ActionMapper}} based on {{DefaultActionMapper}}
and override just {{cleanupActionName}}. Right now I'm wondering if instead of throwing exception
it would be better to return a default action name ...

> Struts 2.5.1 gives errors on unexpected action names
> ----------------------------------------------------
>                 Key: WW-4669
>                 URL:
>             Project: Struts 2
>          Issue Type: Bug
>          Components: Core Actions, Documentation
>    Affects Versions: 2.5.1
>            Reporter: Mitth'raw'nuruodo
>             Fix For: 2.5.3
> As of Struts 2.5.1 (specifically, commit 27ca165ddbf81c84bafbd083b99a18d89cc49ca7), URLs
containing unexpected characters are rejected, instead of cleaned up. This breaks the interaction
of one of our clients, who unfortunately is using braces in their URL (matched at our end
by a wildcard).
> We want to keep specifying a strict list of allowed characters, for cleanup purposes,
but we can't do that if it will break interactions with customers.
> What was the purpose of changing this behavior? I can't find anything about it in the

This message was sent by Atlassian JIRA

View raw message