You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@struts.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2022/10/19 10:24:00 UTC

[jira] [Work logged] (WW-3529) NamedVariablePatternMatcher does not properly escape characters

     [ https://issues.apache.org/jira/browse/WW-3529?focusedWorklogId=818414&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-818414 ]

ASF GitHub Bot logged work on WW-3529:
--------------------------------------

                Author: ASF GitHub Bot
            Created on: 19/Oct/22 10:23
            Start Date: 19/Oct/22 10:23
    Worklog Time Spent: 10m 
      Work Description: lukaszlenart opened a new pull request, #620:
URL: https://github.com/apache/struts/pull/620

   Fixes [WW-3529](https://issues.apache.org/jira/browse/WW-3529)




Issue Time Tracking
-------------------

            Worklog Id:     (was: 818414)
    Remaining Estimate: 0h
            Time Spent: 10m

> NamedVariablePatternMatcher does not properly escape characters
> ---------------------------------------------------------------
>
>                 Key: WW-3529
>                 URL: https://issues.apache.org/jira/browse/WW-3529
>             Project: Struts 2
>          Issue Type: Bug
>          Components: Other
>    Affects Versions: 2.2.1
>            Reporter: Richard Vermillion
>            Priority: Major
>             Fix For: 6.1.0
>
>         Attachments: NamedVariablePatternMatcher.patch
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> The {{com.opensymphony.xwork2.util.NamedVariablePatternMatcher}} class has a bug in the {{compilePattern(String)}} method. The purpose of the method is to compile patterns such as {{"action/\{foo}"}} to a regular expression Pattern and extract the variable names that match each group in the regex. In the example given and the 2.2.1 code base, the pattern will be compiled as {{{}"action/([^/]+)"{}}}. However, if the pattern includes characters that have special meaning to Java's regular expression engine, they are currently not being escaped.
> For example, the pattern {{"action.\{format}"}} is being compiled to {{"action.([^/]{+})"{+}}} which correctly matches {{"action.html"}} but also {{"actionK.html"}} or any other character because the {{'.'}} is not escaped. The bug really bites when a pattern like {{"\{name}.\{format}"}} is used. This will be compiled to {{"([^/]).([^/]+)"}} which will match {{"cars.html"}} but not the way you expect. Because of greediness, it will set {{name = "cars.ht"}} and {{{}format = "l"{}}}.
> I will submit a patch to fix this behavior on the next screen.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)