You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@struts.apache.org by "Chad Cravens (JIRA)" <ji...@apache.org> on 2017/06/13 14:38:00 UTC
[jira] [Created] (WW-4802) Strange Behavior Parsing Action Requests
Chad Cravens created WW-4802:
--------------------------------
Summary: Strange Behavior Parsing Action Requests
Key: WW-4802
URL: https://issues.apache.org/jira/browse/WW-4802
Project: Struts 2
Issue Type: Bug
Affects Versions: 2.3.31
Reporter: Chad Cravens
Priority: Minor
There seems to be something very odd about Struts method for parsing Action requests. I am currently supporting a large Struts-based system, and have noticed the following behavior in our application.
When a GET request is made to an action method we get the following expected responses:
http://www.example.com/app/defined-action.action -> 200 OK
http://www.example.com/app/not-defined.action -> 404 NOT FOUND
However, whenever we introduce a space character (%20) anwhere in the action name, Struts will return a 200 OK no matter whether the action exists or not. For example, we are seeing the following behavior:
http://www.example.com/app/defined-action%20.action -> 200 OK
http://www.example.com/app/not-defined%20.action -> 200 OK
http://www.example.com/app/%20.action -> 200 OK
http://www.example.com/app/defined-actio.action -> 404 NOT FOUND
It seems that if the request ends in .action and has a %20 anywhere in the name, Struts will always return 200 OK. I would assume that it should return 404.
We are actually running version 2.3.32 (https://struts.apache.org/docs/version-notes-2332.html) but this was not available in the version selection dropdown, so I selected 2.3.31
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)