Uploaded image for project: 'Struts 2'
  1. Struts 2
  2. WW-4094

struts.allowed.action.names inconsistency

VotersWatch issueWatchersLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 2.3.14.3
    • 2.3.15
    • None
    • None

    Description

      I think there is a inconsistency in DefaultActionMapper.cleanupActionName

      According to http://struts.apache.org/development/2.x/docs/s2-015.html struts.allowed.action.names defines a regex the action name must match.

      The default regex is: 

      [a-z]*[A-Z]*[0-9]*[.\-_!/]*

      I have an action with the name "core_blz"

      This action name does not match the regex (underscore is not at the end)(maybe the default value should be changed).

      DefaultActionMapper reports Action [#0] do not match allowed action names pattern [#1], cleaning it up!

      But the cleaned action name is still core_blz.

      If this function is only to remove suspicious characters, then the warning should not be displayed.

      Attachments

        Issue Links

        is duplicated by

        Bug - A problem which impairs or prevents the functions of the product. WW-4098 DefaultActionMapper is cleaning up correct action names

        • Major - Major loss of function.
        • Closed

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            lukaszlenart Lukasz Lenart
            andilist Andreas Sachs
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment