Skip to content

Commit eda3a79

Browse files
committed
1 parent fdd9eb8 commit eda3a79

File tree

2 files changed

+31
-22
lines changed

2 files changed

+31
-22
lines changed

Diff for: README.md

+12-5
Original file line numberDiff line numberDiff line change
@@ -1,14 +1,21 @@
1-
STRUTS
2-
======
1+
# STRUTS
32

43
![build status](https://circleci.com/gh/kawasima/struts1-forever.png?style=shield&circle-token=8f99c0e6c923ca570acda8c3640446fdacad2a47)
54

65
This struts1's fork is for maintenance to fix the vulnerabilities.
76

8-
$Id: README,v 1.18 2003/12/10 01:04:10 husted Exp $
7+
## Requirements
98

10-
Introduction (Original)
11-
------------------------
9+
Original Struts requires Java 1.4 or higher. But struts1-forever requires Java 1.5 or higher.
10+
Because Commons-Beanutils 1.9.2 is used for preventing a dangerous population.
11+
12+
## Fixed vulnerabilities
13+
14+
- CVE-2014-0114
15+
- CVE-2016-1181
16+
- CVE-2016-1182
17+
18+
## Introduction (Original)
1219

1320
This subproject contains the source code for the "Struts" application support
1421
package, consisting of the following major components:

Diff for: src/share/org/apache/struts/action/ActionServlet.java

+19-17
Original file line numberDiff line numberDiff line change
@@ -1,14 +1,14 @@
11
/*
2-
* $Id$
2+
* $Id$
33
*
44
* Copyright 2000-2005 The Apache Software Foundation.
5-
*
5+
*
66
* Licensed under the Apache License, Version 2.0 (the "License");
77
* you may not use this file except in compliance with the License.
88
* You may obtain a copy of the License at
9-
*
9+
*
1010
* http://www.apache.org/licenses/LICENSE-2.0
11-
*
11+
*
1212
* Unless required by applicable law or agreed to in writing, software
1313
* distributed under the License is distributed on an "AS IS" BASIS,
1414
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -24,10 +24,7 @@
2424
import java.math.BigInteger;
2525
import java.net.MalformedURLException;
2626
import java.net.URL;
27-
import java.util.ArrayList;
28-
import java.util.Enumeration;
29-
import java.util.Iterator;
30-
import java.util.MissingResourceException;
27+
import java.util.*;
3128

3229
import javax.servlet.ServletContext;
3330
import javax.servlet.ServletException;
@@ -327,7 +324,7 @@ public void init() throws ServletException {
327324
initInternal();
328325
initOther();
329326
initServlet();
330-
327+
331328
getServletContext().setAttribute(Globals.ACTION_SERVLET_KEY, this);
332329
initModuleConfigFactory();
333330
// Initialize modules as needed
@@ -336,7 +333,7 @@ public void init() throws ServletException {
336333
initModuleDataSources(moduleConfig);
337334
initModulePlugIns(moduleConfig);
338335
moduleConfig.freeze();
339-
336+
340337
Enumeration names = getServletConfig().getInitParameterNames();
341338
while (names.hasMoreElements()) {
342339
String name = (String) names.nextElement();
@@ -351,23 +348,23 @@ public void init() throws ServletException {
351348
initModulePlugIns(moduleConfig);
352349
moduleConfig.freeze();
353350
}
354-
351+
355352
this.initModulePrefixes(this.getServletContext());
356-
353+
357354
this.destroyConfigDigester();
358355
} catch (UnavailableException ex) {
359356
throw ex;
360357
} catch (Throwable t) {
361358

362359
// The follow error message is not retrieved from internal message
363-
// resources as they may not have been able to have been
360+
// resources as they may not have been able to have been
364361
// initialized
365362
log.error("Unable to initialize Struts ActionServlet due to an "
366363
+ "unexpected exception or error thrown, so marking the "
367364
+ "servlet as unavailable. Most likely, this is due to an "
368365
+ "incorrect or missing library dependency.", t);
369366
throw new UnavailableException(t.getMessage());
370-
}
367+
}
371368
}
372369

373370
/**
@@ -726,13 +723,13 @@ protected void parseModuleConfigFile(Digester digester, String path)
726723
if (url == null) {
727724
url = getClass().getResource(path);
728725
}
729-
726+
730727
if (url == null) {
731728
String msg = internal.getMessage("configMissing", path);
732729
log.error(msg);
733730
throw new UnavailableException(msg);
734731
}
735-
732+
736733
InputSource is = new InputSource(url.toExternalForm());
737734
input = url.openStream();
738735
is.setByteStream(input);
@@ -1060,8 +1057,13 @@ protected void initInternal() throws ServletException {
10601057
* @exception ServletException if we cannot initialize these resources
10611058
*/
10621059
protected void initOther() throws ServletException {
1060+
HashSet suppressProperties = new HashSet();
1061+
suppressProperties.add("class");
1062+
suppressProperties.add("multipartRequestHandler");
1063+
suppressProperties.add("resultValueMap");
1064+
10631065
PropertyUtils.addBeanIntrospector(
1064-
SuppressPropertiesBeanIntrospector.SUPPRESS_CLASS);
1066+
new SuppressPropertiesBeanIntrospector(suppressProperties));
10651067
PropertyUtils.clearDescriptors();
10661068

10671069
String value = null;

0 commit comments

Comments
 (0)