Uploaded image for project: 'Struts 2'
  1. Struts 2
  2. WW-4448

Parameters are not encoded by ServletRedirectAction before checking for valid URI

    XMLWordPrintableJSON

Details

    Description

      WW-4187 changed ServletRedirectResult to use java.net.URI to check whether a redirect URL is actually a path. However, it does not encode parameters first, which will often result in a URL being deemed invalid (eg if one of the parameters contains spaces) and thus being treated as a path.

      Where I work, we actually don't want parameters to be appended to our absolute redirects at all, but I can't see a way to disable this...DefaultResultFactory doesn't seem to be configurable.

      Attachments

        Issue Links

          is broken by

          Bug - A problem which impairs or prevents the functions of the product. WW-4187 ServletRedirectResult only works with a limited set of hardcoded URL protocols

          • Major - Major loss of function.
          • Closed

          Activity

            People

              lukaszlenart Lukasz Lenart
              thrawnca Mitth'raw'nuruodo
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: