Description
The com.opensymphony.xwork2.util.NamedVariablePatternMatcher class has a bug in the compilePattern(String) method. The purpose of the method is to compile patterns such as "action/{foo}" to a regular expression Pattern and extract the variable names that match each group in the regex. In the example given and the 2.2.1 code base, the pattern will be compiled as "action/([^/]+)". However, if the pattern includes characters that have special meaning to Java's regular expression engine, they are currently not being escaped.
For example, the pattern "action.{format}" is being compiled to "action.([^/])" which correctly matches "action.html" but also "actionK.html" or any other character because the '.' is not escaped. The bug really bites when a pattern like "{name}.{format}" is used. This will be compiled to "([^/]).([^/]+)" which will match "cars.html" but not the way you expect. Because of greediness, it will set name = "cars.ht" and format = "l".
I will submit a patch to fix this behavior on the next screen.
Attachments
Attachments
Issue Links
- causes
-
WW-5311 NamedVariablePatternMatcher throws an IllegalArgumentException when named variable is not the last part of the sequence
-
- Closed
-
- links to
