[jira] [Commented] (WW-4448) Parameters are not encoded by ServletRedirectAction before checking for valid URI

["Hudson (JIRA)" <ji...@apache.org>]

    [ https://issues.apache.org/jira/browse/WW-4448?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14368725#comment-14368725 ] 

Hudson commented on WW-4448:
----------------------------

SUCCESS: Integrated in Struts-JDK6-master #904 (See [https://builds.apache.org/job/Struts-JDK6-master/904/])
WW-4448 Strips params and replaces spaces (lukaszlenart: rev 0f44e11cd1f3cff51ed4a2a10dec593d8822ade2)
* core/src/test/java/org/apache/struts2/dispatcher/ServletRedirectResultTest.java
* core/src/main/java/org/apache/struts2/dispatcher/ServletRedirectResult.java
WW-4448 Replaces spaces with encoded value (lukaszlenart: rev acef492390863e73f97714f082b214046b46c9c2)
* core/src/main/java/org/apache/struts2/dispatcher/ServletRedirectResult.java


> Parameters are not encoded by ServletRedirectAction before checking for valid URI
> ---------------------------------------------------------------------------------
>
>                 Key: WW-4448
>                 URL: https://issues.apache.org/jira/browse/WW-4448
>             Project: Struts 2
>          Issue Type: Bug
>          Components: Core Actions
>    Affects Versions: 2.3.20
>            Reporter: Mitth'raw'nuruodo
>            Assignee: Lukasz Lenart
>              Labels: encoding, redirect, url
>             Fix For: 2.3.22
>
>
> WW-4187 changed ServletRedirectResult to use java.net.URI to check whether a redirect URL is actually a path. However, it does not encode parameters first, which will often result in a URL being deemed invalid (eg if one of the parameters contains spaces) and thus being treated as a path.
> Where I work, we actually don't want parameters to be appended to our absolute redirects at all, but I can't see a way to disable this...DefaultResultFactory doesn't seem to be configurable.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)