[
https://issues.apache.org/jira/browse/WW-3529?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Lukasz Lenart updated WW-3529:
------------------------------
Description:
The com.opensymphony.xwork2.util.NamedVariablePatternMatcher class has a bug in
the {{compilePattern(String)}} method. The purpose of the method is to compile
patterns such as {{"action/{foo}"}} to a regular expression Pattern and extract
the variable names that match each group in the regex. In the example given
and the 2.2.1 code base, the pattern will be compiled as {{"action/([^/]+)"}}.
However, if the pattern includes characters that have special meaning to Java's
regular expression engine, they are currently not being escaped.
For example, the pattern "action.{format}" is being compiled to
{{"action.([^/]+)"}} which correctly matches {{"action.html"}} but also
{{"actionK.html"}} or any other character because the {{'.'}} is not escaped.
The bug really bites when a pattern like {{"{name}.{format}"}} is used. This
will be compiled to {{"([^/]+).([^/]+)"}} which will match {{"cars.html"}} but
not the way you expect. Because of greediness, it will set {{name =
"cars.ht"}} and {{format = "l"}}.
I will submit a patch to fix this behavior on the next screen.
was:
The com.opensymphony.xwork2.util.NamedVariablePatternMatcher class has a bug in
the compilePattern(String) method. The purpose of the method is to compile
patterns such as "action/{foo}" to a regular expression Pattern and extract the
variable names that match each group in the regex. In the example given and
the 2.2.1 code base, the pattern will be compiled as "action/([^/]+)".
However, if the pattern includes characters that have special meaning to Java's
regular expression engine, they are currently not being escaped.
For example, the pattern "action.{format}" is being compiled to
"action.([^/]+)" which correctly matches "action.html" but also "actionK.html"
or any other character because the '.' is not escaped. The bug really bites
when a pattern like "{name}.{format}" is used. This will be compiled to
"([^/]+).([^/]+)" which will match "cars.html" but not the way you expect.
Because of greediness, it will set name = "cars.ht" and format = "l".
I will submit a patch to fix this behavior on the next screen.
> NamedVariablePatternMatcher does not properly escape characters
> ---------------------------------------------------------------
>
> Key: WW-3529
> URL: https://issues.apache.org/jira/browse/WW-3529
> Project: Struts 2
> Issue Type: Bug
> Components: Other
> Affects Versions: 2.2.1
> Reporter: Richard Vermillion
> Priority: Major
> Fix For: 6.1.0
>
> Attachments: NamedVariablePatternMatcher.patch
>
>
> The com.opensymphony.xwork2.util.NamedVariablePatternMatcher class has a bug
> in the {{compilePattern(String)}} method. The purpose of the method is to
> compile patterns such as {{"action/{foo}"}} to a regular expression Pattern
> and extract the variable names that match each group in the regex. In the
> example given and the 2.2.1 code base, the pattern will be compiled as
> {{"action/([^/]+)"}}. However, if the pattern includes characters that have
> special meaning to Java's regular expression engine, they are currently not
> being escaped.
> For example, the pattern "action.{format}" is being compiled to
> {{"action.([^/]+)"}} which correctly matches {{"action.html"}} but also
> {{"actionK.html"}} or any other character because the {{'.'}} is not escaped.
> The bug really bites when a pattern like {{"{name}.{format}"}} is used.
> This will be compiled to {{"([^/]+).([^/]+)"}} which will match
> {{"cars.html"}} but not the way you expect. Because of greediness, it will
> set {{name = "cars.ht"}} and {{format = "l"}}.
> I will submit a patch to fix this behavior on the next screen.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
