struts git commit: Adds missing import
Repository: struts Updated Branches: refs/heads/master 885261803 -> 7256557c3 Adds missing import Project: http://git-wip-us.apache.org/repos/asf/struts/repo Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/7256557c Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/7256557c Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/7256557c Branch: refs/heads/master Commit: 7256557c323e3b35ef0afb0e827f8b13763ac4af Parents: 8852618 Author: Lukasz LenartAuthored: Sat Mar 19 17:20:06 2016 +0100 Committer: Lukasz Lenart Committed: Sat Mar 19 17:20:06 2016 +0100 -- .../struts2/interceptor/MessageStorePreResultListenerTest.java | 1 + 1 file changed, 1 insertion(+) -- http://git-wip-us.apache.org/repos/asf/struts/blob/7256557c/core/src/test/java/org/apache/struts2/interceptor/MessageStorePreResultListenerTest.java -- diff --git a/core/src/test/java/org/apache/struts2/interceptor/MessageStorePreResultListenerTest.java b/core/src/test/java/org/apache/struts2/interceptor/MessageStorePreResultListenerTest.java index e9f589d..cd54da5 100644 --- a/core/src/test/java/org/apache/struts2/interceptor/MessageStorePreResultListenerTest.java +++ b/core/src/test/java/org/apache/struts2/interceptor/MessageStorePreResultListenerTest.java @@ -9,6 +9,7 @@ import com.opensymphony.xwork2.config.entities.ResultConfig; import com.opensymphony.xwork2.mock.MockActionProxy; import org.apache.struts2.ServletActionContext; import org.apache.struts2.StrutsInternalTestCase; +import org.apache.struts2.result.ServletRedirectResult; import org.easymock.EasyMock; import javax.servlet.http.HttpServletRequest;
svn commit: r982993 - in /websites/production/struts/content/docs: s2-028.html s2-029.html s2-030.html security.html version-notes-2325.html version-notes-2326.html
Author: lukaszlenart Date: Thu Mar 17 08:32:29 2016 New Revision: 982993 Log: Updates production Added: websites/production/struts/content/docs/version-notes-2326.html Removed: websites/production/struts/content/docs/version-notes-2325.html Modified: websites/production/struts/content/docs/s2-028.html websites/production/struts/content/docs/s2-029.html websites/production/struts/content/docs/s2-030.html websites/production/struts/content/docs/security.html Modified: websites/production/struts/content/docs/s2-028.html == --- websites/production/struts/content/docs/s2-028.html (original) +++ websites/production/struts/content/docs/s2-028.html Thu Mar 17 08:32:29 2016 @@ -125,7 +125,7 @@ under the License. -SummaryUse of a JRE with broken URLDecoder implementation may lead to XSS vulnerability in Struts 2 based web applications.Who should read thisAll Struts 2 developers and usersImpact of vulnerabilityAffects of a cross-site scripting vulnerability.Maximum security ratingImportantRecommendationUpgrade runtime JRE to a recent major version, preferably 1.8. Alternatively upgrade to http://struts.apache.org/download.cgi#struts2325;>Struts 2.3.25Affected SoftwareStruts 2.0.0 - Struts Struts 2.3.24.1ReporterWhiteHat Security (http://whitehatsec.com; rel="nofollow">whitehatsec.com)CVE Identifier-ProblemWhen using a single byte page encoding such as ISO-8895-1, an attacker might submit a non-spec URL-encoded p arameter value including multi-byte characters.Struts 2 used the standard JRE URLDecoder to decode parameter values.Especially JRE 1.5's URLDecoder implementation seems to be broken to the point that this non-spec encoding isn't rejected / filtered. In later JREs the issue was fixed, best known solution is found in JRE 1.8.SolutionUpgrade runtime JRE/JDK, preferably to the most recent 1.8 version.Alternativelyupgrade to Struts 2.3.25, which includes and uses a safe URLDecoder implementation from Apache TomcatBackward compatibilityNo issues expected when upgrading to Struts 2.3.25WorkaroundUse UTF-8 for page and parameter encoding.Further Reference +Summary
Use of a JRE with broken URLDecoder implementation may lead to XSS vulnerability in Struts 2 based web applications.
Who should read this
All Struts 2 developers and users
Impact of vulnerability
Affects of a cross-site scripting vulnerability.
Maximum security rating
Important
Recommendation
Upgrade runtime JRE to a recent major version, preferably 1.8. Alternatively upgrade to Struts 2.3.26
Affected Software
Struts 2.0.0 - Struts Struts 2.3.24.1
Reporter
WhiteHat Security (http://whitehatsec.com" rel="nofollow">whitehatsec.com)
CVE Identifier
-
Problem
When using a single byte page encoding such as ISO-8895-1, an attacker might submit a non-spec URL-encoded parameter value including multi-byte characters.
Struts 2 used the standard JRE URLDecoder to decode parameter values. Especially JRE 1.5's URLDecoder implementation seems to be broken to the point that this non-spec encoding isn't rejected / filtered. In later JREs the issue was fixed, best known solution is found in JRE 1.8.
Solution
Upgrade runtime JRE/JDK, preferably to the most recent 1.8 version.
Alternatively upgrade to Struts 2.3.26, which includes and uses a safe URLDecoder implementation from Apache Tomcat
Backward compatibility
No
[struts] Git Push Summary
Repository: struts Updated Tags: refs/tags/STRUTS_2_3_28 [created] f14d1e5db
struts git commit: [maven-release-plugin] prepare for next development iteration
Repository: struts Updated Branches: refs/heads/support-2-3 8a59ed02c -> 519c76711 [maven-release-plugin] prepare for next development iteration Project: http://git-wip-us.apache.org/repos/asf/struts/repo Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/519c7671 Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/519c7671 Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/519c7671 Branch: refs/heads/support-2-3 Commit: 519c7671141c13264e5ca590e9c413772fdff663 Parents: 8a59ed0 Author: Lukasz LenartAuthored: Fri Mar 18 08:54:43 2016 +0100 Committer: Lukasz Lenart Committed: Fri Mar 18 08:54:43 2016 +0100 -- apps/blank/pom.xml | 2 +- apps/jboss-blank/pom.xml| 2 +- apps/mailreader/pom.xml | 2 +- apps/pom.xml| 2 +- apps/portlet/pom.xml| 2 +- apps/rest-showcase/pom.xml | 4 ++-- apps/showcase/pom.xml | 2 +- archetypes/pom.xml | 2 +- archetypes/struts2-archetype-angularjs/pom.xml | 2 +- archetypes/struts2-archetype-blank/pom.xml | 2 +- archetypes/struts2-archetype-convention/pom.xml | 2 +- archetypes/struts2-archetype-dbportlet/pom.xml | 2 +- archetypes/struts2-archetype-plugin/pom.xml | 2 +- archetypes/struts2-archetype-portlet/pom.xml| 2 +- archetypes/struts2-archetype-starter/pom.xml| 2 +- assembly/pom.xml| 2 +- bom/pom.xml | 6 +++--- bundles/admin/pom.xml | 2 +- bundles/demo/pom.xml| 2 +- bundles/pom.xml | 2 +- core/pom.xml| 2 +- plugins/cdi/pom.xml | 2 +- plugins/codebehind/pom.xml | 2 +- plugins/config-browser/pom.xml | 2 +- plugins/convention/pom.xml | 2 +- plugins/dojo/pom.xml| 2 +- plugins/dwr/pom.xml | 2 +- plugins/embeddedjsp/pom.xml | 2 +- plugins/gxp/pom.xml | 2 +- plugins/jasperreports/pom.xml | 2 +- plugins/java8-support/pom.xml | 2 +- plugins/javatemplates/pom.xml | 2 +- plugins/jfreechart/pom.xml | 2 +- plugins/jsf/pom.xml | 2 +- plugins/json/pom.xml| 2 +- plugins/junit/pom.xml | 2 +- plugins/osgi/pom.xml| 2 +- plugins/oval/pom.xml| 2 +- plugins/pell-multipart/pom.xml | 2 +- plugins/plexus/pom.xml | 2 +- plugins/pom.xml | 2 +- plugins/portlet-tiles/pom.xml | 2 +- plugins/portlet/pom.xml | 2 +- plugins/rest/pom.xml| 2 +- plugins/sitegraph/pom.xml | 2 +- plugins/sitemesh/pom.xml| 2 +- plugins/spring/pom.xml | 2 +- plugins/struts1/pom.xml | 2 +- plugins/testng/pom.xml | 2 +- plugins/tiles/pom.xml | 2 +- plugins/tiles3/pom.xml | 2 +- pom.xml | 4 ++-- xwork-core/pom.xml | 2 +- 53 files changed, 57 insertions(+), 57 deletions(-) -- http://git-wip-us.apache.org/repos/asf/struts/blob/519c7671/apps/blank/pom.xml -- diff --git a/apps/blank/pom.xml b/apps/blank/pom.xml index ac7a974..071de78 100644 --- a/apps/blank/pom.xml +++ b/apps/blank/pom.xml @@ -26,7 +26,7 @@ org.apache.struts struts2-apps -2.3.27 +2.3.28-SNAPSHOT struts2-blank http://git-wip-us.apache.org/repos/asf/struts/blob/519c7671/apps/jboss-blank/pom.xml -- diff --git a/apps/jboss-blank/pom.xml b/apps/jboss-blank/pom.xml index 10018aa..d26f89c 100644 --- a/apps/jboss-blank/pom.xml +++ b/apps/jboss-blank/pom.xml @@ -26,7 +26,7 @@ org.apache.struts struts2-apps -2.3.27 +2.3.28-SNAPSHOT struts2-jboss-blank http://git-wip-us.apache.org/repos/asf/struts/blob/519c7671/apps/mailreader/pom.xml -- diff --git a/apps/mailreader/pom.xml b/apps/mailreader/pom.xml index f03d9af..a987238
struts git commit: Fixes typo in docs
Repository: struts Updated Branches: refs/heads/master d358f1f76 -> ffcc22ad5 Fixes typo in docs Project: http://git-wip-us.apache.org/repos/asf/struts/repo Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/ffcc22ad Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/ffcc22ad Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/ffcc22ad Branch: refs/heads/master Commit: ffcc22ad5f74b0dd194ab41ee740423e189c128e Parents: d358f1f Author: Lukasz LenartAuthored: Thu Mar 17 20:03:50 2016 +0100 Committer: Lukasz Lenart Committed: Thu Mar 17 20:04:25 2016 +0100 -- core/src/main/java/org/apache/struts2/components/UIBean.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/struts/blob/ffcc22ad/core/src/main/java/org/apache/struts2/components/UIBean.java -- diff --git a/core/src/main/java/org/apache/struts2/components/UIBean.java b/core/src/main/java/org/apache/struts2/components/UIBean.java index 5648831..38673c9 100644 --- a/core/src/main/java/org/apache/struts2/components/UIBean.java +++ b/core/src/main/java/org/apache/struts2/components/UIBean.java @@ -179,7 +179,7 @@ import java.util.Map; * Form Element's field name mapping * * - * required + * requiredLabel * xhtml * Boolean * add * to label (true to add false otherwise)
struts git commit: [maven-release-plugin] prepare for next development iteration
Repository: struts Updated Branches: refs/heads/support-2-3 0ac8932aa -> 6fee2eb1a [maven-release-plugin] prepare for next development iteration Project: http://git-wip-us.apache.org/repos/asf/struts/repo Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/6fee2eb1 Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/6fee2eb1 Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/6fee2eb1 Branch: refs/heads/support-2-3 Commit: 6fee2eb1a4372ba16e81ef0c9ce6e5fa41383a07 Parents: 0ac8932 Author: Lukasz LenartAuthored: Fri Mar 18 20:50:53 2016 +0100 Committer: Lukasz Lenart Committed: Fri Mar 18 20:50:53 2016 +0100 -- apps/blank/pom.xml | 2 +- apps/jboss-blank/pom.xml| 2 +- apps/mailreader/pom.xml | 2 +- apps/pom.xml| 2 +- apps/portlet/pom.xml| 2 +- apps/rest-showcase/pom.xml | 4 ++-- apps/showcase/pom.xml | 2 +- archetypes/pom.xml | 2 +- archetypes/struts2-archetype-angularjs/pom.xml | 2 +- archetypes/struts2-archetype-blank/pom.xml | 2 +- archetypes/struts2-archetype-convention/pom.xml | 2 +- archetypes/struts2-archetype-dbportlet/pom.xml | 2 +- archetypes/struts2-archetype-plugin/pom.xml | 2 +- archetypes/struts2-archetype-portlet/pom.xml| 2 +- archetypes/struts2-archetype-starter/pom.xml| 2 +- assembly/pom.xml| 2 +- bom/pom.xml | 6 +++--- bundles/admin/pom.xml | 2 +- bundles/demo/pom.xml| 2 +- bundles/pom.xml | 2 +- core/pom.xml| 2 +- plugins/cdi/pom.xml | 2 +- plugins/codebehind/pom.xml | 2 +- plugins/config-browser/pom.xml | 2 +- plugins/convention/pom.xml | 2 +- plugins/dojo/pom.xml| 2 +- plugins/dwr/pom.xml | 2 +- plugins/embeddedjsp/pom.xml | 2 +- plugins/gxp/pom.xml | 2 +- plugins/jasperreports/pom.xml | 2 +- plugins/java8-support/pom.xml | 2 +- plugins/javatemplates/pom.xml | 2 +- plugins/jfreechart/pom.xml | 2 +- plugins/jsf/pom.xml | 2 +- plugins/json/pom.xml| 2 +- plugins/junit/pom.xml | 2 +- plugins/osgi/pom.xml| 2 +- plugins/oval/pom.xml| 2 +- plugins/pell-multipart/pom.xml | 2 +- plugins/plexus/pom.xml | 2 +- plugins/pom.xml | 2 +- plugins/portlet-tiles/pom.xml | 2 +- plugins/portlet/pom.xml | 2 +- plugins/rest/pom.xml| 2 +- plugins/sitegraph/pom.xml | 2 +- plugins/sitemesh/pom.xml| 2 +- plugins/spring/pom.xml | 2 +- plugins/struts1/pom.xml | 2 +- plugins/testng/pom.xml | 2 +- plugins/tiles/pom.xml | 2 +- plugins/tiles3/pom.xml | 2 +- pom.xml | 4 ++-- xwork-core/pom.xml | 2 +- 53 files changed, 57 insertions(+), 57 deletions(-) -- http://git-wip-us.apache.org/repos/asf/struts/blob/6fee2eb1/apps/blank/pom.xml -- diff --git a/apps/blank/pom.xml b/apps/blank/pom.xml index 326dc33..fc6d5bb 100644 --- a/apps/blank/pom.xml +++ b/apps/blank/pom.xml @@ -26,7 +26,7 @@ org.apache.struts struts2-apps -2.3.28 +2.3.29-SNAPSHOT struts2-blank http://git-wip-us.apache.org/repos/asf/struts/blob/6fee2eb1/apps/jboss-blank/pom.xml -- diff --git a/apps/jboss-blank/pom.xml b/apps/jboss-blank/pom.xml index a49e05e..755ee49 100644 --- a/apps/jboss-blank/pom.xml +++ b/apps/jboss-blank/pom.xml @@ -26,7 +26,7 @@ org.apache.struts struts2-apps -2.3.28 +2.3.29-SNAPSHOT struts2-jboss-blank http://git-wip-us.apache.org/repos/asf/struts/blob/6fee2eb1/apps/mailreader/pom.xml -- diff --git a/apps/mailreader/pom.xml b/apps/mailreader/pom.xml index cc4044c..779cde7
svn commit: r12789 - /dev/struts/2.3.28/
Author: lukaszlenart Date: Fri Mar 18 20:45:53 2016 New Revision: 12789 Log: Updates test release 2.3.28 Added: dev/struts/2.3.28/ dev/struts/2.3.28/struts-2.3.28-all.zip (with props) dev/struts/2.3.28/struts-2.3.28-all.zip.asc (with props) dev/struts/2.3.28/struts-2.3.28-all.zip.md5 dev/struts/2.3.28/struts-2.3.28-all.zip.sha1 dev/struts/2.3.28/struts-2.3.28-apps.zip (with props) dev/struts/2.3.28/struts-2.3.28-apps.zip.asc (with props) dev/struts/2.3.28/struts-2.3.28-apps.zip.md5 dev/struts/2.3.28/struts-2.3.28-apps.zip.sha1 dev/struts/2.3.28/struts-2.3.28-docs.zip (with props) dev/struts/2.3.28/struts-2.3.28-docs.zip.asc (with props) dev/struts/2.3.28/struts-2.3.28-docs.zip.md5 dev/struts/2.3.28/struts-2.3.28-docs.zip.sha1 dev/struts/2.3.28/struts-2.3.28-lib.zip (with props) dev/struts/2.3.28/struts-2.3.28-lib.zip.asc (with props) dev/struts/2.3.28/struts-2.3.28-lib.zip.md5 dev/struts/2.3.28/struts-2.3.28-lib.zip.sha1 dev/struts/2.3.28/struts-2.3.28-min-lib.zip (with props) dev/struts/2.3.28/struts-2.3.28-min-lib.zip.asc (with props) dev/struts/2.3.28/struts-2.3.28-min-lib.zip.md5 dev/struts/2.3.28/struts-2.3.28-min-lib.zip.sha1 dev/struts/2.3.28/struts-2.3.28-src.zip (with props) dev/struts/2.3.28/struts-2.3.28-src.zip.asc (with props) dev/struts/2.3.28/struts-2.3.28-src.zip.md5 dev/struts/2.3.28/struts-2.3.28-src.zip.sha1 Added: dev/struts/2.3.28/struts-2.3.28-all.zip == Binary file - no diff available. Propchange: dev/struts/2.3.28/struts-2.3.28-all.zip -- svn:mime-type = application/zip Added: dev/struts/2.3.28/struts-2.3.28-all.zip.asc == Binary file - no diff available. Propchange: dev/struts/2.3.28/struts-2.3.28-all.zip.asc -- svn:mime-type = application/pgp-signature Added: dev/struts/2.3.28/struts-2.3.28-all.zip.md5 == --- dev/struts/2.3.28/struts-2.3.28-all.zip.md5 (added) +++ dev/struts/2.3.28/struts-2.3.28-all.zip.md5 Fri Mar 18 20:45:53 2016 @@ -0,0 +1 @@ +b83e10246a75dd0a4b0648da574eb2c6 \ No newline at end of file Added: dev/struts/2.3.28/struts-2.3.28-all.zip.sha1 == --- dev/struts/2.3.28/struts-2.3.28-all.zip.sha1 (added) +++ dev/struts/2.3.28/struts-2.3.28-all.zip.sha1 Fri Mar 18 20:45:53 2016 @@ -0,0 +1 @@ +7f07719abea4e82ab234cde0dcf7e35fecde048f \ No newline at end of file Added: dev/struts/2.3.28/struts-2.3.28-apps.zip == Binary file - no diff available. Propchange: dev/struts/2.3.28/struts-2.3.28-apps.zip -- svn:mime-type = application/zip Added: dev/struts/2.3.28/struts-2.3.28-apps.zip.asc == Binary file - no diff available. Propchange: dev/struts/2.3.28/struts-2.3.28-apps.zip.asc -- svn:mime-type = application/pgp-signature Added: dev/struts/2.3.28/struts-2.3.28-apps.zip.md5 == --- dev/struts/2.3.28/struts-2.3.28-apps.zip.md5 (added) +++ dev/struts/2.3.28/struts-2.3.28-apps.zip.md5 Fri Mar 18 20:45:53 2016 @@ -0,0 +1 @@ +c460697b3b5bc5733454ed407ff1dba8 \ No newline at end of file Added: dev/struts/2.3.28/struts-2.3.28-apps.zip.sha1 == --- dev/struts/2.3.28/struts-2.3.28-apps.zip.sha1 (added) +++ dev/struts/2.3.28/struts-2.3.28-apps.zip.sha1 Fri Mar 18 20:45:53 2016 @@ -0,0 +1 @@ +0e5ab4dc4545c98fd8bcee427a1dfc98c95cf70c \ No newline at end of file Added: dev/struts/2.3.28/struts-2.3.28-docs.zip == Binary file - no diff available. Propchange: dev/struts/2.3.28/struts-2.3.28-docs.zip -- svn:mime-type = application/zip Added: dev/struts/2.3.28/struts-2.3.28-docs.zip.asc == Binary file - no diff available. Propchange: dev/struts/2.3.28/struts-2.3.28-docs.zip.asc -- svn:mime-type = application/pgp-signature Added: dev/struts/2.3.28/struts-2.3.28-docs.zip.md5
struts git commit: WW-4605 Reverts to previous flow when result is created just before executing it
Repository: struts Updated Branches: refs/heads/support-2-3 519c76711 -> 6b497ef8f WW-4605 Reverts to previous flow when result is created just before executing it Project: http://git-wip-us.apache.org/repos/asf/struts/repo Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/6b497ef8 Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/6b497ef8 Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/6b497ef8 Branch: refs/heads/support-2-3 Commit: 6b497ef8f7091224b4e87a825fdbc50b02a21c3d Parents: 519c767 Author: Lukasz LenartAuthored: Fri Mar 18 20:41:06 2016 +0100 Committer: Lukasz Lenart Committed: Fri Mar 18 20:41:06 2016 +0100 -- .../MessageStorePreResultListener.java | 8 ++- .../MessageStorePreResultListenerTest.java | 22 .../apache/struts2/views/jsp/ActionTagTest.java | 3 +-- .../xwork2/DefaultActionInvocation.java | 4 ++-- 4 files changed, 28 insertions(+), 9 deletions(-) -- http://git-wip-us.apache.org/repos/asf/struts/blob/6b497ef8/core/src/main/java/org/apache/struts2/interceptor/MessageStorePreResultListener.java -- diff --git a/core/src/main/java/org/apache/struts2/interceptor/MessageStorePreResultListener.java b/core/src/main/java/org/apache/struts2/interceptor/MessageStorePreResultListener.java index d78313c..5415a73 100644 --- a/core/src/main/java/org/apache/struts2/interceptor/MessageStorePreResultListener.java +++ b/core/src/main/java/org/apache/struts2/interceptor/MessageStorePreResultListener.java @@ -21,10 +21,12 @@ package org.apache.struts2.interceptor; import com.opensymphony.xwork2.ActionInvocation; import com.opensymphony.xwork2.ValidationAware; +import com.opensymphony.xwork2.config.entities.ResultConfig; import com.opensymphony.xwork2.interceptor.PreResultListener; import com.opensymphony.xwork2.util.logging.Logger; import com.opensymphony.xwork2.util.logging.LoggerFactory; import org.apache.struts2.ServletActionContext; +import org.apache.struts2.dispatcher.ServletActionRedirectResult; import org.apache.struts2.dispatcher.ServletRedirectResult; import java.util.Map; @@ -68,7 +70,11 @@ class MessageStorePreResultListener implements PreResultListener { boolean isRedirect = false; try { -isRedirect = invocation.getResult() instanceof ServletRedirectResult; +ResultConfig resultConfig = invocation.getProxy().getConfig().getResults().get(resultCode); +if (resultConfig != null) { +isRedirect = ServletRedirectResult.class.getName().equals(resultConfig.getClassName()) +|| ServletActionRedirectResult.class.getName().equals(resultConfig.getClassName()); +} } catch (Exception e) { LOG.warn("Cannot read result!", e); } http://git-wip-us.apache.org/repos/asf/struts/blob/6b497ef8/core/src/test/java/org/apache/struts2/interceptor/MessageStorePreResultListenerTest.java -- diff --git a/core/src/test/java/org/apache/struts2/interceptor/MessageStorePreResultListenerTest.java b/core/src/test/java/org/apache/struts2/interceptor/MessageStorePreResultListenerTest.java index 599ab09..0b4340b 100644 --- a/core/src/test/java/org/apache/struts2/interceptor/MessageStorePreResultListenerTest.java +++ b/core/src/test/java/org/apache/struts2/interceptor/MessageStorePreResultListenerTest.java @@ -4,9 +4,13 @@ import com.opensymphony.xwork2.Action; import com.opensymphony.xwork2.ActionContext; import com.opensymphony.xwork2.ActionInvocation; import com.opensymphony.xwork2.ActionSupport; +import com.opensymphony.xwork2.config.entities.ActionConfig; +import com.opensymphony.xwork2.config.entities.ResultConfig; +import com.opensymphony.xwork2.mock.MockActionProxy; import org.apache.struts2.ServletActionContext; import org.apache.struts2.StrutsInternalTestCase; import org.apache.struts2.dispatcher.ServletActionRedirectResult; +import org.apache.struts2.dispatcher.ServletRedirectResult; import org.easymock.EasyMock; import javax.servlet.http.HttpServletRequest; @@ -138,8 +142,13 @@ public class MessageStorePreResultListenerTest extends StrutsInternalTestCase { EasyMock.expectLastCall().andReturn(action); EasyMock.expectLastCall().anyTimes(); -mockActionInvocation.getResult(); -EasyMock.expectLastCall().andReturn(new ServletActionRedirectResult()); +mockActionInvocation.getProxy(); +MockActionProxy actionProxy = new MockActionProxy(); +ResultConfig resultConfig = new ResultConfig.Builder(Action.SUCCESS, ServletRedirectResult.class.getName()).build(); +ActionConfig actionConfig =
struts git commit: Adds proper logic to exclude MemberAccess
Repository: struts Updated Branches: refs/heads/support-2-3 94c446265 -> f48c30eaa Adds proper logic to exclude MemberAccess Project: http://git-wip-us.apache.org/repos/asf/struts/repo Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/f48c30ea Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/f48c30ea Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/f48c30ea Branch: refs/heads/support-2-3 Commit: f48c30eaa7364b6658bd9519bfd12b1c7eeba69d Parents: 94c4462 Author: Lukasz LenartAuthored: Fri Mar 18 08:45:13 2016 +0100 Committer: Lukasz Lenart Committed: Fri Mar 18 08:45:13 2016 +0100 -- core/src/main/resources/struts-default.xml | 3 +- .../apache/struts2/views/jsp/URLTagTest.java| 3 +- .../xwork2/ognl/SecurityMemberAccessTest.java | 37 3 files changed, 40 insertions(+), 3 deletions(-) -- http://git-wip-us.apache.org/repos/asf/struts/blob/f48c30ea/core/src/main/resources/struts-default.xml -- diff --git a/core/src/main/resources/struts-default.xml b/core/src/main/resources/struts-default.xml index 6fafc5b..441ae54 100644 --- a/core/src/main/resources/struts-default.xml +++ b/core/src/main/resources/struts-default.xml @@ -46,10 +46,11 @@ java.lang.Class, java.lang.ClassLoader, java.lang.Shutdown, +java.lang.ProcessBuilder, ognl.OgnlContext, -ognl.MemberAccess, ognl.ClassResolver, ognl.TypeConverter, +com.opensymphony.xwork2.ognl.SecurityMemberAccess, com.opensymphony.xwork2.ActionContext" /> http://git-wip-us.apache.org/repos/asf/struts/blob/f48c30ea/core/src/test/java/org/apache/struts2/views/jsp/URLTagTest.java -- diff --git a/core/src/test/java/org/apache/struts2/views/jsp/URLTagTest.java b/core/src/test/java/org/apache/struts2/views/jsp/URLTagTest.java index 50bf576..6c141aa 100644 --- a/core/src/test/java/org/apache/struts2/views/jsp/URLTagTest.java +++ b/core/src/test/java/org/apache/struts2/views/jsp/URLTagTest.java @@ -657,8 +657,7 @@ public class URLTagTest extends AbstractUITagTest { tag.doEndTag(); Object allowMethodAccess = stack.findValue("\u0023_memberAccess['allowStaticMethodAccess']"); - assertNotNull(allowMethodAccess); - assertEquals(Boolean.FALSE, allowMethodAccess); + assertNull(allowMethodAccess); assertNull(session.get("foo")); http://git-wip-us.apache.org/repos/asf/struts/blob/f48c30ea/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java -- diff --git a/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java b/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java index 6bc6354..b719432 100644 --- a/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java +++ b/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java @@ -339,6 +339,7 @@ public class SecurityMemberAccessTest extends TestCase { // when boolean accessible = sma.isAccessible(context, target, member, propertyName); + // then assertTrue(accessible); @@ -388,6 +389,42 @@ public class SecurityMemberAccessTest extends TestCase { assertTrue(accessible); } +public void testAccessMemberAccessIsAccessible() throws Exception { +// given +SecurityMemberAccess sma = new SecurityMemberAccess(false); +Set excluded = new HashSet (); +excluded.add(ognl.MemberAccess.class); +sma.setExcludedClasses(excluded); + +String propertyName = "excludedClasses"; +String setter = "setExcludedClasses"; +Member member = SecurityMemberAccess.class.getMethod(setter, Set.class); + +// when +boolean accessible = sma.isAccessible(context, target, member, propertyName); + +// then +assertTrue(accessible); +} + +public void testAccessMemberAccessIsBlocked() throws Exception { +// given +SecurityMemberAccess sma = new SecurityMemberAccess(false); +Set excluded = new HashSet (); +excluded.add(SecurityMemberAccess.class); +sma.setExcludedClasses(excluded); + +String propertyName = "excludedClasses"; +String setter = "setExcludedClasses"; +Member member = SecurityMemberAccess.class.getMethod(setter, Set.class); + +// when +
struts git commit: WW-4605 Reverts to previous flow when result is created just before executing it
Repository: struts Updated Branches: refs/heads/master 774e3a630 -> 885261803 WW-4605 Reverts to previous flow when result is created just before executing it Project: http://git-wip-us.apache.org/repos/asf/struts/repo Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/88526180 Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/88526180 Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/88526180 Branch: refs/heads/master Commit: 88526180375f958ea57eceedb3017f4b7637ef68 Parents: 774e3a6 Author: Lukasz LenartAuthored: Fri Mar 18 20:41:06 2016 +0100 Committer: Lukasz Lenart Committed: Sat Mar 19 06:58:28 2016 +0100 -- .../xwork2/DefaultActionInvocation.java | 4 ++-- .../MessageStorePreResultListener.java | 8 ++- .../MessageStorePreResultListenerTest.java | 22 +++- .../apache/struts2/views/jsp/ActionTagTest.java | 3 +-- 4 files changed, 27 insertions(+), 10 deletions(-) -- http://git-wip-us.apache.org/repos/asf/struts/blob/88526180/core/src/main/java/com/opensymphony/xwork2/DefaultActionInvocation.java -- diff --git a/core/src/main/java/com/opensymphony/xwork2/DefaultActionInvocation.java b/core/src/main/java/com/opensymphony/xwork2/DefaultActionInvocation.java index a8dcf56..167159c 100644 --- a/core/src/main/java/com/opensymphony/xwork2/DefaultActionInvocation.java +++ b/core/src/main/java/com/opensymphony/xwork2/DefaultActionInvocation.java @@ -248,8 +248,6 @@ public class DefaultActionInvocation implements ActionInvocation { // this is needed because the result will be executed, then control will return to the Interceptor, which will // return above and flow through again if (!executed) { -result = createResult(); - if (preResultListeners != null) { LOG.trace("Executing PreResultListeners for result [{}]", result); @@ -359,6 +357,8 @@ public class DefaultActionInvocation implements ActionInvocation { * @throws ConfigurationException If not result can be found with the returned code */ private void executeResult() throws Exception { +result = createResult(); + String timerKey = "executeResult: " + getResultCode(); try { UtilTimerStack.push(timerKey); http://git-wip-us.apache.org/repos/asf/struts/blob/88526180/core/src/main/java/org/apache/struts2/interceptor/MessageStorePreResultListener.java -- diff --git a/core/src/main/java/org/apache/struts2/interceptor/MessageStorePreResultListener.java b/core/src/main/java/org/apache/struts2/interceptor/MessageStorePreResultListener.java index 0f45b1a..60fcffe 100644 --- a/core/src/main/java/org/apache/struts2/interceptor/MessageStorePreResultListener.java +++ b/core/src/main/java/org/apache/struts2/interceptor/MessageStorePreResultListener.java @@ -20,11 +20,13 @@ package org.apache.struts2.interceptor; import com.opensymphony.xwork2.ActionInvocation; +import com.opensymphony.xwork2.config.entities.ResultConfig; import com.opensymphony.xwork2.interceptor.PreResultListener; import com.opensymphony.xwork2.interceptor.ValidationAware; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import org.apache.struts2.ServletActionContext; +import org.apache.struts2.result.ServletActionRedirectResult; import org.apache.struts2.result.ServletRedirectResult; import java.util.Map; @@ -69,7 +71,11 @@ class MessageStorePreResultListener implements PreResultListener { boolean isRedirect = false; try { -isRedirect = invocation.getResult() instanceof ServletRedirectResult; +ResultConfig resultConfig = invocation.getProxy().getConfig().getResults().get(resultCode); +if (resultConfig != null) { +isRedirect = ServletRedirectResult.class.getName().equals(resultConfig.getClassName()) +|| ServletActionRedirectResult.class.getName().equals(resultConfig.getClassName()); +} } catch (Exception e) { LOG.warn("Cannot read result!", e); } http://git-wip-us.apache.org/repos/asf/struts/blob/88526180/core/src/test/java/org/apache/struts2/interceptor/MessageStorePreResultListenerTest.java -- diff --git a/core/src/test/java/org/apache/struts2/interceptor/MessageStorePreResultListenerTest.java b/core/src/test/java/org/apache/struts2/interceptor/MessageStorePreResultListenerTest.java index 4e46b3a..e9f589d 100644 ---