[
https://issues.apache.org/jira/browse/WW-5408?focusedWorklogId=914084&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-914084
]
ASF GitHub Bot logged work on WW-5408:
--------------------------------------
Author: ASF GitHub Bot
Created on: 11/Apr/24 04:59
Start Date: 11/Apr/24 04:59
Worklog Time Spent: 10m
Work Description: jefferyxhy commented on code in PR #912:
URL: https://github.com/apache/struts/pull/912#discussion_r1560435674
##########
core/src/main/java/com/opensymphony/xwork2/config/impl/DefaultConfiguration.java:
##########
@@ -583,11 +590,10 @@ public ActionConfig getActionConfig(String namespace,
String name) {
}
// fail over to empty namespace
- if (config == null && StringUtils.isNotBlank(namespace)) {
+ if (config == null && StringUtils.isNotBlank(namespace) &&
("/".equals(namespace) || fallbackToEmptyNamespace)) {
Review Comment:
Done. Thanks
##########
core/src/main/java/com/opensymphony/xwork2/config/impl/DefaultConfiguration.java:
##########
@@ -459,9 +460,12 @@ protected synchronized RuntimeConfiguration
buildRuntimeConfiguration() throws C
boolean appendNamedParameters = Boolean.parseBoolean(
container.getInstance(String.class,
StrutsConstants.STRUTS_MATCHER_APPEND_NAMED_PARAMETERS)
);
+ boolean fallbackToEmptyNamespace = Boolean.parseBoolean(
+ Optional.ofNullable(container.getInstance(String.class,
StrutsConstants.STRUTS_ACTION_CONFIG_FALLBACK_TO_EMPTY_NAMESPACE)).orElse("true")
Review Comment:
Updated. Thanks
Issue Time Tracking
-------------------
Worklog Id: (was: 914084)
Time Spent: 1.5h (was: 1h 20m)
> Add option to NOT fallback to empty namespace when unresolved
> -------------------------------------------------------------
>
> Key: WW-5408
> URL: https://issues.apache.org/jira/browse/WW-5408
> Project: Struts 2
> Issue Type: Improvement
> Components: Core
> Reporter: Kusal Kithul-Godage
> Priority: Minor
> Fix For: 6.5.0
>
> Time Spent: 1.5h
> Remaining Estimate: 0h
>
> Currently, when a namespace cannot be resolved from a request URL, it falls
> back to the empty namespace.
> This effectively allows all Actions which are defined for the empty namespace
> to be accessed from an infinite number of endpoints.
> For example, you may have an Action defined in the empty namespace, intended
> for access at:
> {{www.domain.com/login.action}}
> However, due to the current fallback behaviour, this Action can actually be
> accessed at any non-resolving namespace, eg.:
> {{www.domain.com/what/about/this/login.action}}
> This behaviour is not usually beneficial and could lead to bugs if a
> developer only expects their Action to be accessible at a very specific URL.
> Many developers may not be aware of these Action resolving quirks of Struts.
> As far as I can tell, there is not currently an option to prevent this
> behaviour, so I propose we add one.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
