struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lukasz Lenart (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (WW-4802) Strange Behavior Parsing Action Requests
Date Mon, 10 Jul 2017 07:27:00 GMT

     [ https://issues.apache.org/jira/browse/WW-4802?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Lukasz Lenart resolved WW-4802.
-------------------------------
    Resolution: Not A Problem

> Strange Behavior Parsing Action Requests
> ----------------------------------------
>
>                 Key: WW-4802
>                 URL: https://issues.apache.org/jira/browse/WW-4802
>             Project: Struts 2
>          Issue Type: Bug
>    Affects Versions: 2.3.32
>            Reporter: Chad Cravens
>            Priority: Minor
>             Fix For: 2.3.33
>
>
> There seems to be something very odd about Struts method for parsing Action requests.
I am currently supporting a large Struts-based system, and have noticed the following behavior
in our application.
> When a GET request is made to an action method we get the following expected responses:
> http://www.example.com/app/defined-action.action  ->  200 OK
> http://www.example.com/app/not-defined.action  ->  404 NOT FOUND
> However, whenever we introduce a space character (%20) anwhere in the action name, Struts
will return a 200 OK no matter whether the action exists or not. For example, we are seeing
the following behavior:
> http://www.example.com/app/defined-action%20.action  ->  200 OK
> http://www.example.com/app/not-defined%20.action  ->  200 OK
> http://www.example.com/app/%20.action  ->  200 OK
> http://www.example.com/app/defined-actio.action  ->  404 NOT FOUND
> It seems that if the request ends in .action and has a %20 anywhere in the name, Struts
will always return 200 OK. I would assume that it should return 404.
> We are actually running version 2.3.32 (https://struts.apache.org/docs/version-notes-2332.html)
but this was not available in the version selection dropdown, so I selected 2.3.31



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message