fix(core): WW-5602 fix StreamResult contentCharSet handling

lukaszlenart · claude · lukaszlenart · commit 04c108a41909 · 2026-01-04T17:49:52.000+01:00
Evaluates contentCharSet expression before emptiness check to prevent malformed content-type headers when expression evaluates to null. - Parse contentCharSet expression first, then check if result is empty - Use StringUtils.isNotEmpty() for proper null/empty validation - Use setCharacterEncoding() instead of appending to content-type string - Add test for null-evaluating charset expressions 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
diff --git a/CLAUDE.md b/CLAUDE.md
@@ -148,6 +148,7 @@ Each plugin is a separate Maven module with:
 ### Important Notes
 - **Version**: Currently 6.7.5-SNAPSHOT (release branch: `release/struts-6-7-x`)
 - **Java Compatibility**: Compiled for Java 8, tested through Java 21
+- **Servlet API**: Uses javax.servlet (Java EE), NOT Jakarta EE (jakarta.servlet)
 - **Security**: Always validate inputs and follow OWASP guidelines
 - **Performance**: Leverage built-in caching (OGNL expressions, templates)
 - **Deprecation**: Some legacy XWork components marked for removal
diff --git a/core/src/main/java/org/apache/struts2/result/StreamResult.java b/core/src/main/java/org/apache/struts2/result/StreamResult.java
@@ -21,6 +21,7 @@
 import com.opensymphony.xwork2.ActionInvocation;
 import com.opensymphony.xwork2.inject.Inject;
 import com.opensymphony.xwork2.security.NotExcludedAcceptedPatternsChecker;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 
@@ -223,19 +224,20 @@ protected void doExecute(String finalLocation, ActionInvocation invocation) thro
 
             if (inputStream == null) {
                 String msg = ("Can not find a java.io.InputStream with the name [" + parsedInputName + "] in the invocation stack. " +
-                    "Check the <param name=\"inputName\"> tag specified for this action is correct, not excluded and accepted.");
+                        "Check the <param name=\"inputName\"> tag specified for this action is correct, not excluded and accepted.");
                 LOG.error(msg);
                 throw new IllegalArgumentException(msg);
             }
 
 
             HttpServletResponse oResponse = invocation.getInvocationContext().getServletResponse();
 
-            LOG.debug("Set the content type: {};charset{}", contentType, contentCharSet);
-            if (contentCharSet != null && !contentCharSet.equals("")) {
-                oResponse.setContentType(conditionalParse(contentType, invocation) + ";charset=" + conditionalParse(contentCharSet, invocation));
-            } else {
-                oResponse.setContentType(conditionalParse(contentType, invocation));
+            LOG.debug("Set the content type: {};charset={}", contentType, contentCharSet);
+            String parsedContentType = conditionalParse(contentType, invocation);
+            String parsedContentCharSet = conditionalParse(contentCharSet, invocation);
+            oResponse.setContentType(parsedContentType);
+            if (StringUtils.isNotEmpty(parsedContentCharSet)) {
+                oResponse.setCharacterEncoding(parsedContentCharSet);
             }
 
             LOG.debug("Set the content length: {}", contentLength);
@@ -267,7 +269,7 @@ protected void doExecute(String finalLocation, ActionInvocation invocation) thro
             oOutput = oResponse.getOutputStream();
 
             LOG.debug("Streaming result [{}] type=[{}] length=[{}] content-disposition=[{}] charset=[{}]",
-                inputName, contentType, contentLength, contentDisposition, contentCharSet);
+                    inputName, contentType, contentLength, contentDisposition, contentCharSet);
 
             LOG.debug("Streaming to output buffer +++ START +++");
             byte[] oBuff = new byte[bufferSize];
diff --git a/core/src/test/java/org/apache/struts2/result/StreamResultTest.java b/core/src/test/java/org/apache/struts2/result/StreamResultTest.java
@@ -120,6 +120,16 @@ public void testStreamResultWithCharSet2() throws Exception {
         assertEquals("inline", response.getHeader("Content-disposition"));
     }
 
+    public void testStreamResultWithNullCharSetExpression() throws Exception {
+        result.setParse(true);
+        result.setInputName("streamForImage");
+        result.setContentCharSet("${nullCharSetMethod}");
+
+        result.doExecute("helloworld", mai);
+
+        assertEquals("text/plain", response.getContentType());
+    }
+
     public void testAllowCacheDefault() throws Exception {
         result.setInputName("streamForImage");
 
@@ -310,6 +320,10 @@ public String getStreamForImageAsExpression() {
         public String getContentCharSetMethod() {
             return "UTF-8";
         }
+
+        public String getNullCharSetMethod() {
+            return null;
+        }
     }
 
 }

Original file line number	Diff line number	Diff line change
`@@ -120,6 +120,16 @@ public void testStreamResultWithCharSet2() throws Exception {`
`120`	`120`	`assertEquals("inline", response.getHeader("Content-disposition"));`
`121`	`121`	`}`
`122`	`122`
	`123`	`+ public void testStreamResultWithNullCharSetExpression() throws Exception {`
	`124`	`+ result.setParse(true);`
	`125`	`+ result.setInputName("streamForImage");`
	`126`	`+ result.setContentCharSet("${nullCharSetMethod}");`
	`127`	`+`
	`128`	`+ result.doExecute("helloworld", mai);`
	`129`	`+`
	`130`	`+ assertEquals("text/plain", response.getContentType());`
	`131`	`+ }`
	`132`	`+`
`123`	`133`	`public void testAllowCacheDefault() throws Exception {`
`124`	`134`	`result.setInputName("streamForImage");`
`125`	`135`
`@@ -310,6 +320,10 @@ public String getStreamForImageAsExpression() {`
`310`	`320`	`public String getContentCharSetMethod() {`
`311`	`321`	`return "UTF-8";`
`312`	`322`	`}`
	`323`	`+`
	`324`	`+ public String getNullCharSetMethod() {`
	`325`	`+ return null;`
	`326`	`+ }`
`313`	`327`	`}`
`314`	`328`
`315`	`329`	`}`