struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lukasz Lenart (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (WW-3866) Map with String key that contains a non-word character prevents value from being saved
Date Fri, 31 Aug 2012 09:48:07 GMT

     [ https://issues.apache.org/jira/browse/WW-3866?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Lukasz Lenart resolved WW-3866.
-------------------------------

    Resolution: Fixed

Changed a bit the interceptor, right now user can accept params implementing ParamNameAware
interface and this takes precedent over interceptor's acceptedParamNames.

User careful as this can break application security and allow for remote code execution.
                
> Map with String key that contains a non-word character prevents value from being saved
> --------------------------------------------------------------------------------------
>
>                 Key: WW-3866
>                 URL: https://issues.apache.org/jira/browse/WW-3866
>             Project: Struts 2
>          Issue Type: Bug
>    Affects Versions: 2.3.1.1, 2.3.1.2
>         Environment: struts2 version 2.2.1 (which uses OGNL 3.0)
> freemarker version 2.3.19
>            Reporter: Kyle Braak
>            Assignee: Lukasz Lenart
>             Fix For: 2.3.5
>
>
> I'm not entirely sure if my problem is Struts2 or OGNL related. So that you are aware,
I have already created this issue in OGNL: https://issues.apache.org/jira/browse/OGNL-221
> In any case, I would greatly appreciate you reading it through. My issue in its entirety
again is as follows:
> I have written a very simple Action, and freemaker template so that you can replicate
my problem. 
> My Action is as follows: 
> {code:title=TestAction.java|borderStyle=solid}
> public class TestAction extends BaseAction {
>   private Map<String, String> tmap = new TreeMap<String, String>();
>   @Override
>   public void prepare() throws Exception {
>     super.prepare();
>     tmap.put("Animalia", "");
>     tmap.put("Ani_malia", "");
>     tmap.put("Ani:malia", "");
>     tmap.put("Ani-malia", "");
>     tmap.put("Ani%malia", "");
>     tmap.put("Ani+malia", "");
>   }
>   @Override
>   public String execute() {
>     return SUCCESS;
>   }
>   public Map<String, String> getTmap() {
>     return tmap;
>   }
> }
> {code} 
> It prepares a TreeMap with some entries having only a String key, and an empty String
value. 
> The following freemarker template displays the keys, and allows the user to save a new
value for each one:
> {code:title=test.ftl|borderStyle=solid}
> <form action="test.do" method="post">
> <table>
>   <tr>
>     <td>Key</td>
>     <td>Value</td>
>   </tr>
>   <#list tmap?keys as k>
>   <tr>
>     <td>${k}</td>
>     <td><input type="text" name="tmap['${k}']" value="${tmap.get(k)!}"/></td>
>   </tr>
> </#list>
> </table>
> <div>
>   <@s.submit name="save"/>
> </div>
> </form>
> {code} 
> Unfortunately, after entering new values for each key and submitting the form, the only
keys that have values successfully saved are: 
> Animalia
> Ani_malia
> The following keys do NOT have values successfully saved:
> Ani:malia
> Ani-malia
> Ani%malia
> Ani+malia
> Indeed the presence of such non-word characters breaks the OGNL parsing of the Map's
String key. 
> To be sure no unwanted interception is occurring, I am using the most basic struts.xml
configuration: 
> {code:xml} 
> <?xml version="1.0" encoding="UTF-8"?>
> <!DOCTYPE struts PUBLIC "-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"
>   "http://struts.apache.org/dtds/struts-2.0.dtd">
> <struts>
>   <package name="ipt-default" extends="struts-default" namespace="/">
>     <result-types>
>       <result-type name="freemarker" class="org.apache.struts2.views.freemarker.FreemarkerResult"
default="true"/>
>     </result-types>
>     <action name="test" class="org.gbif.ipt.action.portal.TestAction">
>       <result>/WEB-INF/pages/portal/test.ftl</result>
>     </action>
>   </package>
> </struts>
> {code} 
> Thank you very much for your help. 
> With kind regards

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message