[
https://issues.apache.org/jira/browse/WW-3529?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Lukasz Lenart updated WW-3529:
------------------------------
Description:
The {{com.opensymphony.xwork2.util.NamedVariablePatternMatcher}} class has a
bug in the {{compilePattern(String)}} method. The purpose of the method is to
compile patterns such as {{"action/\{foo}"}} to a regular expression Pattern
and extract the variable names that match each group in the regex. In the
example given and the 2.2.1 code base, the pattern will be compiled as
{{{}"action/([^/]+)"{}}}. However, if the pattern includes characters that have
special meaning to Java's regular expression engine, they are currently not
being escaped.
For example, the pattern {{"action.\{format}"}} is being compiled to
{{"action.([^/]{+})"{+}}} which correctly matches {{"action.html"}} but also
{{"actionK.html"}} or any other character because the {{'.'}} is not escaped.
The bug really bites when a pattern like {{"\{name}.\{format}"}} is used. This
will be compiled to {{"([^/]).([^/]+)"}} which will match {{"cars.html"}} but
not the way you expect. Because of greediness, it will set {{name = "cars.ht"}}
and {{{}format = "l"{}}}.
I will submit a patch to fix this behavior on the next screen.
was:
The com.opensymphony.xwork2.util.NamedVariablePatternMatcher class has a bug in
the {{compilePattern(String)}} method. The purpose of the method is to compile
patterns such as {{"action/\{foo}"}} to a regular expression Pattern and
extract the variable names that match each group in the regex. In the example
given and the 2.2.1 code base, the pattern will be compiled as
{{"action/([^/]+)"}}. However, if the pattern includes characters that have
special meaning to Java's regular expression engine, they are currently not
being escaped.
For example, the pattern {{"action.\{format}"}} is being compiled to
{{"action.([^/]+)"}} which correctly matches {{"action.html"}} but also
{{"actionK.html"}} or any other character because the {{'.'}} is not escaped.
The bug really bites when a pattern like {{"\{name}.\{format}"}} is used. This
will be compiled to {{"([^/]+).([^/]+)"}} which will match {{"cars.html"}} but
not the way you expect. Because of greediness, it will set {{name =
"cars.ht"}} and {{format = "l"}}.
I will submit a patch to fix this behavior on the next screen.
> NamedVariablePatternMatcher does not properly escape characters
> ---------------------------------------------------------------
>
> Key: WW-3529
> URL: https://issues.apache.org/jira/browse/WW-3529
> Project: Struts 2
> Issue Type: Bug
> Components: Other
> Affects Versions: 2.2.1
> Reporter: Richard Vermillion
> Priority: Major
> Fix For: 6.1.0
>
> Attachments: NamedVariablePatternMatcher.patch
>
>
> The {{com.opensymphony.xwork2.util.NamedVariablePatternMatcher}} class has a
> bug in the {{compilePattern(String)}} method. The purpose of the method is to
> compile patterns such as {{"action/\{foo}"}} to a regular expression Pattern
> and extract the variable names that match each group in the regex. In the
> example given and the 2.2.1 code base, the pattern will be compiled as
> {{{}"action/([^/]+)"{}}}. However, if the pattern includes characters that
> have special meaning to Java's regular expression engine, they are currently
> not being escaped.
> For example, the pattern {{"action.\{format}"}} is being compiled to
> {{"action.([^/]{+})"{+}}} which correctly matches {{"action.html"}} but also
> {{"actionK.html"}} or any other character because the {{'.'}} is not escaped.
> The bug really bites when a pattern like {{"\{name}.\{format}"}} is used.
> This will be compiled to {{"([^/]).([^/]+)"}} which will match
> {{"cars.html"}} but not the way you expect. Because of greediness, it will
> set {{name = "cars.ht"}} and {{{}format = "l"{}}}.
> I will submit a patch to fix this behavior on the next screen.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
