[ https://issues.apache.org/jira/browse/WW-3529?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Lukasz Lenart updated WW-3529: ------------------------------ Description: The com.opensymphony.xwork2.util.NamedVariablePatternMatcher class has a bug in the {{compilePattern(String)}} method. The purpose of the method is to compile patterns such as {{"action/{foo}"}} to a regular expression Pattern and extract the variable names that match each group in the regex. In the example given and the 2.2.1 code base, the pattern will be compiled as {{"action/([^/]+)"}}. However, if the pattern includes characters that have special meaning to Java's regular expression engine, they are currently not being escaped. For example, the pattern "action.{format}" is being compiled to {{"action.([^/]+)"}} which correctly matches {{"action.html"}} but also {{"actionK.html"}} or any other character because the {{'.'}} is not escaped. The bug really bites when a pattern like {{"{name}.{format}"}} is used. This will be compiled to {{"([^/]+).([^/]+)"}} which will match {{"cars.html"}} but not the way you expect. Because of greediness, it will set {{name = "cars.ht"}} and {{format = "l"}}. I will submit a patch to fix this behavior on the next screen. was: The com.opensymphony.xwork2.util.NamedVariablePatternMatcher class has a bug in the compilePattern(String) method. The purpose of the method is to compile patterns such as "action/{foo}" to a regular expression Pattern and extract the variable names that match each group in the regex. In the example given and the 2.2.1 code base, the pattern will be compiled as "action/([^/]+)". However, if the pattern includes characters that have special meaning to Java's regular expression engine, they are currently not being escaped. For example, the pattern "action.{format}" is being compiled to "action.([^/]+)" which correctly matches "action.html" but also "actionK.html" or any other character because the '.' is not escaped. The bug really bites when a pattern like "{name}.{format}" is used. This will be compiled to "([^/]+).([^/]+)" which will match "cars.html" but not the way you expect. Because of greediness, it will set name = "cars.ht" and format = "l". I will submit a patch to fix this behavior on the next screen. > NamedVariablePatternMatcher does not properly escape characters > --------------------------------------------------------------- > > Key: WW-3529 > URL: https://issues.apache.org/jira/browse/WW-3529 > Project: Struts 2 > Issue Type: Bug > Components: Other > Affects Versions: 2.2.1 > Reporter: Richard Vermillion > Priority: Major > Fix For: 6.1.0 > > Attachments: NamedVariablePatternMatcher.patch > > > The com.opensymphony.xwork2.util.NamedVariablePatternMatcher class has a bug > in the {{compilePattern(String)}} method. The purpose of the method is to > compile patterns such as {{"action/{foo}"}} to a regular expression Pattern > and extract the variable names that match each group in the regex. In the > example given and the 2.2.1 code base, the pattern will be compiled as > {{"action/([^/]+)"}}. However, if the pattern includes characters that have > special meaning to Java's regular expression engine, they are currently not > being escaped. > For example, the pattern "action.{format}" is being compiled to > {{"action.([^/]+)"}} which correctly matches {{"action.html"}} but also > {{"actionK.html"}} or any other character because the {{'.'}} is not escaped. > The bug really bites when a pattern like {{"{name}.{format}"}} is used. > This will be compiled to {{"([^/]+).([^/]+)"}} which will match > {{"cars.html"}} but not the way you expect. Because of greediness, it will > set {{name = "cars.ht"}} and {{format = "l"}}. > I will submit a patch to fix this behavior on the next screen. -- This message was sent by Atlassian Jira (v8.20.10#820010)