[
https://issues.apache.org/jira/browse/WW-5029?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16822361#comment-16822361
]
ASF subversion and git services commented on WW-5029:
-----------------------------------------------------
Commit fb38a919c9f6494cb0d3fbd83c11741c62eb3143 in struts's branch
refs/heads/struts-2-5-x from JCgH4164838Gh792C124B5
[ https://gitbox.apache.org/repos/asf?p=struts.git;h=fb38a91 ]
Proposed fix for WW-5029 for the 2.5.x branch (#347)
* Proposed fix for WW-5029 for the 2.5.x branch:
- NOTE: If the PR is accepted please credit Maxime Clement for this change as
they found
the issue, identified the probable cause/related details and opened the
JIRA.
- Updated XWorkConfigurationProvider buildAllowedMethods(),
loadGlobalAllowedMethods() so that
they now handle situations when a SAX parser produces multiple elements to
represent the tag
body value.
- No changes to unit tests.
* Update commit to fix weakness identified by Maxime Clement:
- Implementation should now properly concatenate the node children values
together (as a single unified string)
in both buildAllowedMethods(), loadGlobalAllowedMethods() - before generating
the method Set to be added.
- Made some eligible variables final.
* Update commit to provide new unit tests:
- Added unit tests to confirm the fixes for buildAllowedMethods(),
loadGlobalAllowedMethods()
- Added Mock DOM classes sufficient for these tests.
- Added unit tests to cover buildResults() and loadGlobalResults().
> The content allowed-methods tag of the XML configuration is sometimes
> truncated
> -------------------------------------------------------------------------------
>
> Key: WW-5029
> URL: https://issues.apache.org/jira/browse/WW-5029
> Project: Struts 2
> Issue Type: Bug
> Components: XML Configuration
> Affects Versions: 2.5.18
> Reporter: Maxime Clement
> Priority: Major
> Fix For: 2.5.21, 2.6
>
>
> Under WebSphere 8.5, the SAX parser sometimes create multiple text elements
> to represent the value of the "allowed-methods" tag found in the struts.xml
> configuration file. This happens when the text is read in chunks as stated
> here:
> [https://docs.oracle.com/javase/8/docs/api/org/xml/sax/ContentHandler.html#characters-char:A-int-int-].
> This case is not handled in class XmlConfigurationProvider, which only reads
> the first child of the org.w3c.dom.Node returned by the parser (see
> [https://github.com/apache/struts/blob/struts-2-5-x/core/src/main/java/com/opensymphony/xwork2/config/providers/XmlConfigurationProvider.java#L879]).
>
> This means that with this configuration:
> {code:java}
> <allowed-methods>method1,method2</allowed-methods>
> {code}
> The node instance almost always contains a single child [ "method1,method2"
> ], but randomly the node instance can contain two children: [ "method1,me",
> "thod2" ]. As only the first child is considered, the retrieved text is
> truncated and the configuration doesn't work.
>
> It happens randomly and cannot be reproduced easily, but we can see in the
> XmlConfigurationProvider class that this case has been taken into account for
> the "result" tag:
> {code:java}
> <result>something</result>
> {code}
> See:
> [https://github.com/apache/struts/blob/struts-2-5-x/core/src/main/java/com/opensymphony/xwork2/config/providers/XmlConfigurationProvider.java#L767]
> where all node children of type Node.TEXT_NODE are concatenated to retrieve
> the text value, so even if the SAX parser returns multiple chunks, the word
> is correctly reconstructed.
>
> As a workaround I created a custom configuration provider that overrides
> StrutsXmlConfigurationProvider and redefines the method "buildAllowedMethods"
> in order to parse all children of the node object, as done in method
> "buildResults". Note that the same problem applies for
> "global-allowed-methods" as the XmlConfigurationProvider also considers the
> first child only.
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
