-
Type:
Bug
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 2.5.5
-
Fix Version/s: 2.5.8
-
Component/s: Core Interceptors
-
Labels:None
Line 302 of org.apache.struts2.interceptor.ScopeInterceptor performs a not-null check to see if a session reset parameter exists by calling com.opensymphony.xwork2.ActionContext.getParameters().get(...).
The return type of getParameters() is org.apache.struts2.dispatcher.HttpParameters, and HttpParamters.get() never returns null on a missing parameter, causing the not-null check to always evaluate to true.
This breaks the interceptor by short circuiting the scoped variable injection.