Github user atcazzual commented on the issue:
https://github.com/apache/struts/pull/157
The expression did not seem to work at all until I escaped the slashes,
changing `/` to `\/`
Once I got it working, there then seems to be a bug in the new expression
when matching on URLs that use IP addresses. The grouping has changed causing
two problems with matching IP addresses.
1. The dot `.` character that delimits the octets in an IP address only
applies to the last condition, `25[0-5]\.` on line 57, instead of all
conditions for an IP octet. This makes matching most IP address fail. The
only IPs that will match would need to have 3-digit octets for the first three
where the first two-digits are `25`. _NOTE: This seems to have been resolved
by the commit above._
2. The conditions for the last octet are no longer grouped (line 58) making
the OR `|` operator act on what was a higher level group. Because of this, the
fourth octet would have to be only one or two digits.
For example, only IPs like the following will pass validation:
http://**25**3.**25**4.**25**5.1 (mostly resolved by the commit above)
http://**25**3.**25**4.**25**5.12 (mostly resolved by the commit above)
After the commit above, any IP with 3 digits in the last octet will **not**
pass validation:
http<nolink>://1.2.3.**100**
http<nolink>://1.2.3.**255**
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
