Details
Bug
Description
When trying to implicitly invoke the index closure on a controller using the url scheme /${controllerName} the actionName is null in the request. This causes a problem when creating filters as the supplied actionName variable will also be null. Right now it is safe for filter configurations of (controller: '', action: '') because it will filter any action. However, if one were to configure the filter regex as (controller: '*', action: 'index') it will only work if the url is /${controller}/index and not /${controller} even though the call to the index action is implied. It seems like it could cause some security concerns if used incorrectly. Less importantly, it makes it very difficult to determine the action requested as one cannot always assume that the defaultAction is index.
Issue Links
| This issue is duplicated by: | ||||
| GRAILS-2279 | Filters, before interceptor actionName not set. |
|
|
|
Activity
- All
- Comments
- Work Log
- History
- Activity
- Git Commits
This is still a bug in 1.2. If you don't specify an action in a URL, actionName is null. The rather nasty side effect is that Filters, even those using "*" won't work. I found this because our homepage Filters are not being triggered e.g for URLs like http://www.company.com/