[ https://issues.apache.org/jira/browse/WW-5065?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17078600#comment-17078600 ]
Alex Kaiser commented on WW-5065: --------------------------------- Submitted a PR for this but I did notice two things. 1. This is only an issue if you use: <constant name="struts.patternMatcher" value="namedVariable"/>or <constant name="struts.patternMatcher" value="regex"/> 2. There is a possibility that this "bug" is being used as a "feature". If you have the following definition in your struts.xml file: <package name="test" namespace="/test"> <action name="\{bufferSize}/\{paramTwo} class="org.MyActionClass" method="execute"> <result name="success" type="stream"> <param name="inputName">random</param> </result> </action> </package> Then this would allow you to set the bufferSize on the StreamResult object being returned by just changing the URL request. So a request to "/test/64/dos" would call setBufferSize(64) on the StreamResult. Not sure if this is intended or desired behavior, but my PR will break that.{{}} > AbstractMatcher adds values to the map passed into replaceParameters > -------------------------------------------------------------------- > > Key: WW-5065 > URL: https://issues.apache.org/jira/browse/WW-5065 > Project: Struts 2 > Issue Type: Bug > Affects Versions: 2.5.22 > Reporter: Alex Kaiser > Priority: Minor > Fix For: 2.5.23, 2.6 > > > There is a bug with the AbstractMatcher#replaceParameters method in > struts/core/src/main/java/com/opensymphony/xwork2/config/impl/AbstractMatcher.java > (currently lines 153-170). As the function currently works it will return a > map that has more keys than the "orig" map that is passed into it. For > example, assume that I have the following config defined in my struts.xml > file: > {code:java} > <package name="test" namespace="/test"> > <action name="{paramOne}/{paramTwo} class="org.MyActionClass" > method="execute"> > <result name="success" type="stream"> > <param name="inputName">random</param> > </result> > </action> > </package>{code} > If you send a request to "/test/uno/dos", this will trigger code in > ActionConfigMatcher (lines 95-103) that will construct the ResultConfig > objects to be used later on. At one point you are going to be making a call > to AbstractMatcher#replaceParameters with something that looks like the > following: > orig: > "inputName" -> "random" > vars: > "0" -> "uno/dos" > "paramOne" -> "uno" > "1" -> "uno" > "paramTwo" -> "dos" > "2" -> "dos" > The result of this will be a map that looks like: > "inputName" -> "random" > "paramOne" -> "uno" > "paramTwo" -> "dos" > The bug is that "paramOne" and "paramTwo" should not be in the return map. > For the most part this but won't cause any problems but it will cause some > performance problems in certain situations when trying to set these > parameters on the results objects that aren't expecting them. -- This message was sent by Atlassian Jira (v8.3.4#803005)