[
https://issues.apache.org/jira/browse/WW-4834?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16112948#comment-16112948
]
ASF GitHub Bot commented on WW-4834:
------------------------------------
Github user atcazzual commented on the issue:
https://github.com/apache/struts/pull/157
The expression did not seem to work at all until I escaped the slashes,
changing `/` to `\/`
Once I got it working, there then seems to be a bug in the new expression
when matching on URLs that use IP addresses. The grouping has changed causing
two problems with matching IP addresses.
1. The dot `.` character that delimits the octets in an IP address only
applies to the last condition, `25[0-5]\.` on line 57, instead of all
conditions for an IP octet. This makes matching most IP address fail. The
only IPs that will match would need to have 3-digit octets for the first three
where the first two-digits are `25`. _NOTE: This seems to have been resolved
by the commit above._
2. The conditions for the last octet are no longer grouped (line 58) making
the OR `|` operator act on what was a higher level group. Because of this, the
fourth octet would have to be only one or two digits.
For example, only IPs like the following will pass validation:
http://**25**3.**25**4.**25**5.1 (mostly resolved by the commit above)
http://**25**3.**25**4.**25**5.12 (mostly resolved by the commit above)
After the commit above, any IP with 3 digits in the last octet will **not**
pass validation:
http<nolink>://1.2.3.**100**
http<nolink>://1.2.3.**255**
> Improve RegEx used to validate URLs
> -----------------------------------
>
> Key: WW-4834
> URL: https://issues.apache.org/jira/browse/WW-4834
> Project: Struts 2
> Issue Type: Improvement
> Components: Core, XML Validators
> Affects Versions: 2.3.33, 2.5.12
> Reporter: Lukasz Lenart
> Fix For: 2.3.34, 2.5.13
>
>
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
