[WW-3655] Freemarker result loads request uri as template - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: 2.2.3
Fix Version/s: 7.0.0
Component/s: None
Labels:
None

Flags:

Patch, Important

Description

If the template location is either null or an empty string "" FreemarkerResult will take the request uri org.apache.struts2.views.freemarker.FreemarkerResult#doExecute and load it as a template.

Example url, http://localhost:8080/com/acme/actions/Action.class/ would load /com/acme/actions/Action.class/ as a template and dump the bytecode in the response.

The "feature" / culprit below seems a little exotic, however someone may be relying on it.. (same actions handling stuff in different directories?)

if (!locationArg.startsWith("/")) {
            String base = ResourceUtil.getResourceBase(req);
            locationArg = base + "/" + locationArg;
}

To mitigate the problem and maintain previous functionality we could throw an exception if the template location is empty, I have created a pull request with my proposed fix https://github.com/apache/struts2/pull/1

Attachments

Activity

People

Assignee:: Maurizio Cucchiara

Reporter:: Johno Crawford

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 27/Jun/11 11:07

Updated:: 22/Oct/22 13:35