[
https://issues.apache.org/jira/browse/WW-5065?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17078600#comment-17078600
]
Alex Kaiser commented on WW-5065:
---------------------------------
Submitted a PR for this but I did notice two things.
1. This is only an issue if you use:
<constant name="struts.patternMatcher" value="namedVariable"/>or
<constant name="struts.patternMatcher" value="regex"/>
2. There is a possibility that this "bug" is being used as a "feature". If you
have the following definition in your struts.xml file:
<package name="test" namespace="/test">
<action name="\{bufferSize}/\{paramTwo} class="org.MyActionClass"
method="execute">
<result name="success" type="stream">
<param name="inputName">random</param>
</result>
</action>
</package>
Then this would allow you to set the bufferSize on the StreamResult object
being returned by just changing the URL request. So a request to
"/test/64/dos" would call setBufferSize(64) on the StreamResult. Not sure if
this is intended or desired behavior, but my PR will break that.{{}}
> AbstractMatcher adds values to the map passed into replaceParameters
> --------------------------------------------------------------------
>
> Key: WW-5065
> URL: https://issues.apache.org/jira/browse/WW-5065
> Project: Struts 2
> Issue Type: Bug
> Affects Versions: 2.5.22
> Reporter: Alex Kaiser
> Priority: Minor
> Fix For: 2.5.23, 2.6
>
>
> There is a bug with the AbstractMatcher#replaceParameters method in
> struts/core/src/main/java/com/opensymphony/xwork2/config/impl/AbstractMatcher.java
> (currently lines 153-170). As the function currently works it will return a
> map that has more keys than the "orig" map that is passed into it. For
> example, assume that I have the following config defined in my struts.xml
> file:
> {code:java}
> <package name="test" namespace="/test">
> <action name="{paramOne}/{paramTwo} class="org.MyActionClass"
> method="execute">
> <result name="success" type="stream">
> <param name="inputName">random</param>
> </result>
> </action>
> </package>{code}
> If you send a request to "/test/uno/dos", this will trigger code in
> ActionConfigMatcher (lines 95-103) that will construct the ResultConfig
> objects to be used later on. At one point you are going to be making a call
> to AbstractMatcher#replaceParameters with something that looks like the
> following:
> orig:
> "inputName" -> "random"
> vars:
> "0" -> "uno/dos"
> "paramOne" -> "uno"
> "1" -> "uno"
> "paramTwo" -> "dos"
> "2" -> "dos"
> The result of this will be a map that looks like:
> "inputName" -> "random"
> "paramOne" -> "uno"
> "paramTwo" -> "dos"
> The bug is that "paramOne" and "paramTwo" should not be in the return map.
> For the most part this but won't cause any problems but it will cause some
> performance problems in certain situations when trying to set these
> parameters on the results objects that aren't expecting them.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
