This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/struts.git
The following commit(s) were added to refs/heads/master by this push: new dcc53ae WW-4945 Logs missing action invocation as WARN dcc53ae is described below commit dcc53aebf983f6c0a48932262facb81f5d82815c Author: Lukasz Lenart <lukaszlen...@apache.org> AuthorDate: Sat Jan 2 18:44:55 2021 +0100 WW-4945 Logs missing action invocation as WARN --- core/src/main/java/org/apache/struts2/views/jsp/TagUtils.java | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/core/src/main/java/org/apache/struts2/views/jsp/TagUtils.java b/core/src/main/java/org/apache/struts2/views/jsp/TagUtils.java index e4c1645..8b8c647 100644 --- a/core/src/main/java/org/apache/struts2/views/jsp/TagUtils.java +++ b/core/src/main/java/org/apache/struts2/views/jsp/TagUtils.java @@ -23,6 +23,8 @@ import com.opensymphony.xwork2.ActionInvocation; import com.opensymphony.xwork2.config.ConfigurationException; import com.opensymphony.xwork2.util.ValueStack; import com.opensymphony.xwork2.util.ValueStackFactory; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; import org.apache.struts2.RequestUtils; import org.apache.struts2.ServletActionContext; import org.apache.struts2.dispatcher.ApplicationMap; @@ -41,6 +43,8 @@ import java.util.Map; public class TagUtils { + private static final Logger LOG = LogManager.getLogger(TagUtils.class); + public static ValueStack getStack(PageContext pageContext) { HttpServletRequest req = (HttpServletRequest) pageContext.getRequest(); ValueStack stack = ServletActionContext.getValueStack(req); @@ -88,6 +92,9 @@ public class TagUtils { ActionInvocation invocation = context.getActionInvocation(); if (invocation == null) { + TagUtils.LOG.warn("ActionInvocation is null, tag has been executed out of the Action and this can lead " + + "to a security vulnerability, please read http://struts.apache.org/security/#never-expose-jsp-files-directly !"); + ActionMapping mapping = mapper.getMapping(request, Dispatcher.getInstance().getConfigurationManager());