[
https://issues.apache.org/jira/browse/WW-5029?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16827657#comment-16827657
]
ASF GitHub Bot commented on WW-5029:
------------------------------------
JCgH4164838Gh792C124B5 commented on pull request #354: Minor consistency update
correction for WW-5029 fix to the 2.5.x branch
URL: https://github.com/apache/struts/pull/354
Minor consistency update correction for WW-5029 fix to the 2.5.x branch:
- Correct missing verification in
buildAllowedMethods()/loadGlobalAllowedMethods() that the nodes are
of type Node.TEXT_NODE (as buildResults() does).
- Made two class fields final, as suggested by IDE.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
> The content allowed-methods tag of the XML configuration is sometimes
> truncated
> -------------------------------------------------------------------------------
>
> Key: WW-5029
> URL: https://issues.apache.org/jira/browse/WW-5029
> Project: Struts 2
> Issue Type: Bug
> Components: XML Configuration
> Affects Versions: 2.5.18
> Reporter: Maxime Clement
> Priority: Major
> Fix For: 2.5.21, 2.6
>
>
> Under WebSphere 8.5, the SAX parser sometimes create multiple text elements
> to represent the value of the "allowed-methods" tag found in the struts.xml
> configuration file. This happens when the text is read in chunks as stated
> here:
> [https://docs.oracle.com/javase/8/docs/api/org/xml/sax/ContentHandler.html#characters-char:A-int-int-].
> This case is not handled in class XmlConfigurationProvider, which only reads
> the first child of the org.w3c.dom.Node returned by the parser (see
> [https://github.com/apache/struts/blob/struts-2-5-x/core/src/main/java/com/opensymphony/xwork2/config/providers/XmlConfigurationProvider.java#L879]).
>
> This means that with this configuration:
> {code:java}
> <allowed-methods>method1,method2</allowed-methods>
> {code}
> The node instance almost always contains a single child [ "method1,method2"
> ], but randomly the node instance can contain two children: [ "method1,me",
> "thod2" ]. As only the first child is considered, the retrieved text is
> truncated and the configuration doesn't work.
>
> It happens randomly and cannot be reproduced easily, but we can see in the
> XmlConfigurationProvider class that this case has been taken into account for
> the "result" tag:
> {code:java}
> <result>something</result>
> {code}
> See:
> [https://github.com/apache/struts/blob/struts-2-5-x/core/src/main/java/com/opensymphony/xwork2/config/providers/XmlConfigurationProvider.java#L767]
> where all node children of type Node.TEXT_NODE are concatenated to retrieve
> the text value, so even if the SAX parser returns multiple chunks, the word
> is correctly reconstructed.
>
> As a workaround I created a custom configuration provider that overrides
> StrutsXmlConfigurationProvider and redefines the method "buildAllowedMethods"
> in order to parse all children of the node object, as done in method
> "buildResults". Note that the same problem applies for
> "global-allowed-methods" as the XmlConfigurationProvider also considers the
> first child only.
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
