[
https://issues.apache.org/jira/browse/WW-4669?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15398785#comment-15398785
]
Lukasz Lenart commented on WW-4669:
-----------------------------------
It was mentioned here http://struts.apache.org/docs/s2-035.html as a potenially
vulnerable solution - you can always write your own {{ActionMapper}} based on
{{DefaultActionMapper}} and override just {{cleanupActionName}}. Right now I'm
wondering if instead of throwing exception it would be better to return a
default action name ...
https://struts.apache.org/docs/actionmapper.html#ActionMapper-CustomActionMapper
https://github.com/apache/struts/blob/master/core/src/main/java/org/apache/struts2/dispatcher/mapper/DefaultActionMapper.java#L385-L391
> Struts 2.5.1 gives errors on unexpected action names
> ----------------------------------------------------
>
> Key: WW-4669
> URL: https://issues.apache.org/jira/browse/WW-4669
> Project: Struts 2
> Issue Type: Bug
> Components: Core Actions, Documentation
> Affects Versions: 2.5.1
> Reporter: Mitth'raw'nuruodo
> Fix For: 2.5.3
>
>
> As of Struts 2.5.1 (specifically, commit
> 27ca165ddbf81c84bafbd083b99a18d89cc49ca7), URLs containing unexpected
> characters are rejected, instead of cleaned up. This breaks the interaction
> of one of our clients, who unfortunately is using braces in their URL
> (matched at our end by a wildcard).
> We want to keep specifying a strict list of allowed characters, for cleanup
> purposes, but we can't do that if it will break interactions with customers.
> What was the purpose of changing this behavior? I can't find anything about
> it in the changelog.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
