struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lukasz Lenart (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (WW-4448) Parameters are not encoded by ServletRedirectAction before checking for valid URI
Date Wed, 14 Jan 2015 06:52:34 GMT

    [ https://issues.apache.org/jira/browse/WW-4448?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14276239#comment-14276239
] 

Lukasz Lenart edited comment on WW-4448 at 1/14/15 6:52 AM:
------------------------------------------------------------

I've found a workaround, at least, using a 'httpheader' result type, which does not append
parameters, instead of ServletRedirectAction.
{code:xml}
        <result name="success" type="httpheader">
            <param name="status">302</param>
            <param name="headers.Location">${redirectUrl}</param>
        </result>
{code}


was (Author: thrawnca):
I've found a workaround, at least, using a 'httpheader' result type, which does not append
parameters, instead of ServletRedirectAction.

        <result name="success" type="httpheader">
            <param name="status">302</param>
            <param name="headers.Location">${redirectUrl}</param>
        </result>


> Parameters are not encoded by ServletRedirectAction before checking for valid URI
> ---------------------------------------------------------------------------------
>
>                 Key: WW-4448
>                 URL: https://issues.apache.org/jira/browse/WW-4448
>             Project: Struts 2
>          Issue Type: Bug
>          Components: Core Actions
>    Affects Versions: 2.3.20
>            Reporter: Mitth'raw'nuruodo
>              Labels: encoding, redirect, url
>
> WW-4187 changed ServletRedirectResult to use java.net.URI to check whether a redirect
URL is actually a path. However, it does not encode parameters first, which will often result
in a URL being deemed invalid (eg if one of the parameters contains spaces) and thus being
treated as a path.
> Where I work, we actually don't want parameters to be appended to our absolute redirects
at all, but I can't see a way to disable this...DefaultResultFactory doesn't seem to be configurable.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message