[prev in list] [next in list] [prev in thread] [next in thread]
List: struts-dev
Subject: [jira] [Updated] (WW-3655) Freemarker result loads request uri as
From: "Johno Crawford (JIRA)" <jira () apache ! org>
Date: 2011-06-30 18:33:28
Message-ID: 1798379185.6258.1309458808790.JavaMail.tomcat () hel ! zones ! apache ! org
[Download RAW message or body]
[ https://issues.apache.org/jira/browse/WW-3655?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel \
]
Johno Crawford updated WW-3655:
-------------------------------
Description:
If the template location is either null or an empty string "" FreemarkerResult will \
take the request uri org.apache.struts2.views.freemarker.FreemarkerResult#doExecute \
and load it as a template.
Example url, http://localhost:8080/com/acme/actions/Action.class/ would load \
/com/acme/actions/Action.class/ as a template and dump the bytecode in the response.
The "feature" / culprit below seems a little exotic, however someone may be relying \
on it.. (same actions handling stuff in different directories?)
{code}
if (!locationArg.startsWith("/")) {
String base = ResourceUtil.getResourceBase(req);
locationArg = base + "/" + locationArg;
}
{code}
To mitigate the problem and maintain previous functionality we could throw an \
exception if the template location is empty, I have created a pull request with my \
proposed fix https://github.com/apache/struts2/pull/1
was:
If the template location is either null or an empty string "" FreemarkerResult will \
take the request uri org.apache.struts2.views.freemarker.FreemarkerResult#doExecute \
and load it as a template.
Example url, http://localhost:8080/com/acme/actions/Action.class/ would load \
/com/acme/actions/Action.class/ as a template and dump the bytecode in the response.
The "feature" / culprit below seems a little exotic, however someone may be relying \
on it.. (same actions handling stuff in different directories?)
if (!locationArg.startsWith("/")) {
String base = ResourceUtil.getResourceBase(req);
locationArg = base + "/" + locationArg;
}
To mitigate the problem and maintain previous functionality we could throw an \
exception if the template location is empty, I have created a pull request with my \
proposed fix https://github.com/apache/struts2/pull/1
> Freemarker result loads request uri as template
> -----------------------------------------------
>
> Key: WW-3655
> URL: https://issues.apache.org/jira/browse/WW-3655
> Project: Struts 2
> Issue Type: Bug
> Affects Versions: 2.2.3
> Reporter: Johno Crawford
> Assignee: Maurizio Cucchiara
>
> If the template location is either null or an empty string "" FreemarkerResult will \
> take the request uri org.apache.struts2.views.freemarker.FreemarkerResult#doExecute \
> and load it as a template. Example url, \
> http://localhost:8080/com/acme/actions/Action.class/ would load \
> /com/acme/actions/Action.class/ as a template and dump the bytecode in the \
> response. The "feature" / culprit below seems a little exotic, however someone may \
> be relying on it.. (same actions handling stuff in different directories?) {code}
> if (!locationArg.startsWith("/")) {
> String base = ResourceUtil.getResourceBase(req);
> locationArg = base + "/" + locationArg;
> }
> {code}
> To mitigate the problem and maintain previous functionality we could throw an \
> exception if the template location is empty, I have created a pull request with my \
> proposed fix https://github.com/apache/struts2/pull/1
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic