[
https://issues.apache.org/jira/browse/WW-5276?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Lukasz Lenart updated WW-5276:
------------------------------
Fix Version/s: 6.2.0
> Cleanup method of request is not called
> ---------------------------------------
>
> Key: WW-5276
> URL: https://issues.apache.org/jira/browse/WW-5276
> Project: Struts 2
> Issue Type: Bug
> Affects Versions: 6.1.1
> Reporter: Mirek Hankus
> Priority: Major
> Fix For: 6.2.0
>
>
> After upgrading to 6.1.1 we have noticed that cleanup method of custom
> MultiPartRequest is not called by struts.
>
>
> It may be related to
> [https://github.com/apache/struts/commit/69102e907551a87335231656320c8484072bdecb]
>
> as before variable "request" was overwritten with wrapped request and cleanup
> was called in finally section
>
> After this commit new variable is created called "wrappedRequest", but
> cleanup is called only on original request, and new wrappedRequest is not
> cleaned up at all.
>
> Below is respective code fragment
> {code:java}
> HttpServletRequest wrappedRequest = prepare.wrapRequest(request);
> ActionMapping mapping =
> prepare.findActionMapping(wrappedRequest, response, true);
> if (mapping == null) {
> LOG.trace("Cannot find mapping for {}, passing to
> other filters", uri);
> chain.doFilter(request, response);
> } else {
> LOG.trace("Found mapping {} for {}", mapping, uri);
> execute.executeAction(wrappedRequest, response,
> mapping);
> }
> }
> }
> } finally {
> prepare.cleanupRequest(request);
> }{code}
>
> This bug causes a lot of resource problems, and can result in denial of
> service condition for application (or making application not compliant - as
> sensitive information is not properly discarded).
>
>
>
>
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
