You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@struts.apache.org by "Johno Crawford (JIRA)" <ji...@apache.org> on 2011/06/27 14:02:47 UTC
[jira] [Updated] (WW-3655) Freemarker result loads request uri as
template
[ https://issues.apache.org/jira/browse/WW-3655?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Johno Crawford updated WW-3655:
-------------------------------
Description:
If the template location is either null or an empty string "" FreemarkerResult will take the request uri org.apache.struts2.views.freemarker.FreemarkerResult#doExecute and load it as a template.
example url, http://localhost:8080/com/acme/actions/Action.class/ would load /com/acme/actions/Action.class/ as a template and dump the bytecode in the response.
the check / culprit below seems a little exotic, however someone may be relying on it eg. same actions handling stuff in different directories?
if (!locationArg.startsWith("/")) {
String base = ResourceUtil.getResourceBase(req);
locationArg = base + "/" + locationArg;
}
I have created a pull request with my proposed fix https://github.com/apache/struts2/pull/1
was:
If the template location is either null or an empty string "" FreemarkerResult will take the request uri org.apache.struts2.views.freemarker.FreemarkerResult#doExecute and load it as a template.
example url, http://localhost:8080/com/acme/actions/Action.class/
the check below seems a little exotic, however someone may be relying on it eg. same actions handling stuff in different directories?
if (!locationArg.startsWith("/")) {
String base = ResourceUtil.getResourceBase(req);
locationArg = base + "/" + locationArg;
}
I have created a pull request with my proposed fix https://github.com/apache/struts2/pull/1
> Freemarker result loads request uri as template
> -----------------------------------------------
>
> Key: WW-3655
> URL: https://issues.apache.org/jira/browse/WW-3655
> Project: Struts 2
> Issue Type: Bug
> Affects Versions: 2.2.3
> Reporter: Johno Crawford
>
> If the template location is either null or an empty string "" FreemarkerResult will take the request uri org.apache.struts2.views.freemarker.FreemarkerResult#doExecute and load it as a template.
> example url, http://localhost:8080/com/acme/actions/Action.class/ would load /com/acme/actions/Action.class/ as a template and dump the bytecode in the response.
> the check / culprit below seems a little exotic, however someone may be relying on it eg. same actions handling stuff in different directories?
> if (!locationArg.startsWith("/")) {
> String base = ResourceUtil.getResourceBase(req);
> locationArg = base + "/" + locationArg;
> }
> I have created a pull request with my proposed fix https://github.com/apache/struts2/pull/1
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira