[jira] [Updated] (WW-4448) Parameters are not encoded by ServletRedirectAction before checking for valid URI

Tue, 13 Jan 2015 15:58:59 -0800 

     [ 
https://issues.apache.org/jira/browse/WW-4448?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Mitth'raw'nuruodo updated WW-4448:
----------------------------------
    Description: 
https://issues.apache.org/jira/browse/WW-4187 changed ServletRedirectResult to 
use java.net.URI to check whether a redirect URL is actually a path. However, 
it does not encode parameters first, which will often result in a URL being 
deemed invalid (eg if one of the parameters contains spaces) and thus being 
treated as a path.

Where I work, we actually don't want parameters to be appended to our absolute 
redirects at all, but I can't see a way to disable this...DefaultResultFactory 
doesn't seem to be configurable.

  was:
https://issues.apache.org/jira/browse/WW-4187 changed ServletRedirectResult to 
use java.net.URI to check whether a redirect URL is actually a path. However, 
it does not encode parameters first, which will often result in a URL being 
deemed invalid (eg if one of the parameters contains spaces) and thus being 
treated as a path.

We actually don't want parameters to be appended to our absolute redirects at 
all, but I can't see a way to disable this...DefaultResultFactory doesn't seem 
to be configurable.


> Parameters are not encoded by ServletRedirectAction before checking for valid 
> URI
> ---------------------------------------------------------------------------------
>
>                 Key: WW-4448
>                 URL: https://issues.apache.org/jira/browse/WW-4448
>             Project: Struts 2
>          Issue Type: Bug
>          Components: Core Actions
>    Affects Versions: 2.3.20
>            Reporter: Mitth'raw'nuruodo
>              Labels: encoding, redirect, url
>
> https://issues.apache.org/jira/browse/WW-4187 changed ServletRedirectResult 
> to use java.net.URI to check whether a redirect URL is actually a path. 
> However, it does not encode parameters first, which will often result in a 
> URL being deemed invalid (eg if one of the parameters contains spaces) and 
> thus being treated as a path.
> Where I work, we actually don't want parameters to be appended to our 
> absolute redirects at all, but I can't see a way to disable 
> this...DefaultResultFactory doesn't seem to be configurable.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to