Struts 2
  1. Struts 2
  2. WW-4250

Make ParametersInterceptor supports chinese in hash key by default

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.3.20
    • Component/s: Core Interceptors
    • Labels:
      None
    • Flags:
      Patch

      Description

      changes:

       \\w   ->  (\\w|[^x00-xff]) 

      between single quotes.
      now it can accepts paramName like paramMap['名字']

      1. 4250.patch
        0.9 kB
        zhouyanming

        Activity

        Hide
        Hudson added a comment -

        SUCCESS: Integrated in Struts-JDK6-features #65 (See https://builds.apache.org/job/Struts-JDK6-features/65/)
        WW-4250 extends ParametersInterceptor to support chinese in hash key (lukaszlenart: rev 8b845ec814a428121617a8bea387a34fed74dcf5)

        • xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java
          WW-4250 Uses proper character set for Chinese (lukaszlenart: rev 94e20fefcd624282ad6425da750fdd1e289f6436)
        • xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java
        • xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java
        Show
        Hudson added a comment - SUCCESS: Integrated in Struts-JDK6-features #65 (See https://builds.apache.org/job/Struts-JDK6-features/65/ ) WW-4250 extends ParametersInterceptor to support chinese in hash key (lukaszlenart: rev 8b845ec814a428121617a8bea387a34fed74dcf5) xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java WW-4250 Uses proper character set for Chinese (lukaszlenart: rev 94e20fefcd624282ad6425da750fdd1e289f6436) xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java
        Hide
        Hudson added a comment -

        SUCCESS: Integrated in Struts-JDK6-features #41 (See https://builds.apache.org/job/Struts-JDK6-features/41/)
        WW-4250 extends ParametersInterceptor to support chinese in hash key (lukaszlenart: rev 8b845ec814a428121617a8bea387a34fed74dcf5)

        • xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java
          WW-4250 Uses proper character set for Chinese (lukaszlenart: rev 94e20fefcd624282ad6425da750fdd1e289f6436)
        • xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java
        • xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java
        Show
        Hudson added a comment - SUCCESS: Integrated in Struts-JDK6-features #41 (See https://builds.apache.org/job/Struts-JDK6-features/41/ ) WW-4250 extends ParametersInterceptor to support chinese in hash key (lukaszlenart: rev 8b845ec814a428121617a8bea387a34fed74dcf5) xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java WW-4250 Uses proper character set for Chinese (lukaszlenart: rev 94e20fefcd624282ad6425da750fdd1e289f6436) xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java
        Hide
        Hudson added a comment -

        ABORTED: Integrated in Struts-JDK6-master #893 (See https://builds.apache.org/job/Struts-JDK6-master/893/)
        WW-4250 extends ParametersInterceptor to support chinese in hash key (lukaszlenart: rev 8b845ec814a428121617a8bea387a34fed74dcf5)

        • xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java
          WW-4250 Uses proper character set for Chinese (lukaszlenart: rev 94e20fefcd624282ad6425da750fdd1e289f6436)
        • xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java
        • xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java
        Show
        Hudson added a comment - ABORTED: Integrated in Struts-JDK6-master #893 (See https://builds.apache.org/job/Struts-JDK6-master/893/ ) WW-4250 extends ParametersInterceptor to support chinese in hash key (lukaszlenart: rev 8b845ec814a428121617a8bea387a34fed74dcf5) xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java WW-4250 Uses proper character set for Chinese (lukaszlenart: rev 94e20fefcd624282ad6425da750fdd1e289f6436) xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java
        Hide
        Hudson added a comment -

        SUCCESS: Integrated in Struts-JDK6-develop #30 (See https://builds.apache.org/job/Struts-JDK6-develop/30/)
        WW-4250 extends ParametersInterceptor to support chinese in hash key (lukaszlenart: rev 8b845ec814a428121617a8bea387a34fed74dcf5)

        • xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java
          WW-4250 Uses proper character set for Chinese (lukaszlenart: rev 94e20fefcd624282ad6425da750fdd1e289f6436)
        • xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java
        • xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java
        Show
        Hudson added a comment - SUCCESS: Integrated in Struts-JDK6-develop #30 (See https://builds.apache.org/job/Struts-JDK6-develop/30/ ) WW-4250 extends ParametersInterceptor to support chinese in hash key (lukaszlenart: rev 8b845ec814a428121617a8bea387a34fed74dcf5) xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java WW-4250 Uses proper character set for Chinese (lukaszlenart: rev 94e20fefcd624282ad6425da750fdd1e289f6436) xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java
        Hide
        Lukasz Lenart added a comment -

        Ok, looks good

        Show
        Lukasz Lenart added a comment - Ok, looks good
        Hide
        ASF subversion and git services added a comment -

        Commit 94e20fefcd624282ad6425da750fdd1e289f6436 in struts's branch refs/heads/develop from Lukasz Lenart
        [ https://git-wip-us.apache.org/repos/asf?p=struts.git;h=94e20fe ]

        WW-4250 Uses proper character set for Chinese

        Show
        ASF subversion and git services added a comment - Commit 94e20fefcd624282ad6425da750fdd1e289f6436 in struts's branch refs/heads/develop from Lukasz Lenart [ https://git-wip-us.apache.org/repos/asf?p=struts.git;h=94e20fe ] WW-4250 Uses proper character set for Chinese
        Hide
        ASF subversion and git services added a comment -

        Commit 8b845ec814a428121617a8bea387a34fed74dcf5 in struts's branch refs/heads/develop from Lukasz Lenart
        [ https://git-wip-us.apache.org/repos/asf?p=struts.git;h=8b845ec ]

        WW-4250 extends ParametersInterceptor to support chinese in hash key

        Show
        ASF subversion and git services added a comment - Commit 8b845ec814a428121617a8bea387a34fed74dcf5 in struts's branch refs/heads/develop from Lukasz Lenart [ https://git-wip-us.apache.org/repos/asf?p=struts.git;h=8b845ec ] WW-4250 extends ParametersInterceptor to support chinese in hash key
        Hide
        zhouyanming added a comment -

        sorry,please revert this patch,the correct version is [\u4e00-\u9fa5],I think it should be customized in struts.xml not in ParametersInterceptor.java

        Show
        zhouyanming added a comment - sorry,please revert this patch,the correct version is [\u4e00-\u9fa5] ,I think it should be customized in struts.xml not in ParametersInterceptor.java
        Hide
        Lukasz Lenart added a comment - - edited

        Yes, but after applying your patch, spaces are allowed - this can be potential security vulnerability.

        Show
        Lukasz Lenart added a comment - - edited Yes, but after applying your patch, spaces are allowed - this can be potential security vulnerability.
        Hide
        zhouyanming added a comment -

        the old version did'nt have
        s.

        Show
        zhouyanming added a comment - the old version did'nt have s.
        Hide
        Lukasz Lenart added a comment - - edited

        That's the case, you don't have to add \\\\s to support them, your change already did that - and that scares me :\

        Show
        Lukasz Lenart added a comment - - edited That's the case, you don't have to add \\\\s to support them, your change already did that - and that scares me :\
        Hide
        zhouyanming added a comment -

        I think spaces should be supported too.

        (\\w|\\s|[^x00-xff]) 
        
        Show
        zhouyanming added a comment - I think spaces should be supported too. (\\w|\\s|[^x00-xff])
        Hide
        Lukasz Lenart added a comment -
        Show
        Lukasz Lenart added a comment - I thought the same but -> http://markmail.org/message/y7d6hgftyf2jauz5
        Hide
        zhouyanming added a comment -

        it's quoted by single quotes,and can not contains single quote,I think it's safe.

        Show
        zhouyanming added a comment - it's quoted by single quotes,and can not contains single quote,I think it's safe.
        Hide
        Lukasz Lenart added a comment - - edited

        This can potentially break security.

        Show
        Lukasz Lenart added a comment - - edited This can potentially break security.
        Hide
        Lukasz Lenart added a comment -

        Patch applied, thanks!

        Show
        Lukasz Lenart added a comment - Patch applied, thanks!
        Hide
        zhouyanming added a comment -

        and support other language like korean Japanese

        Show
        zhouyanming added a comment - and support other language like korean Japanese

          People

          • Assignee:
            Lukasz Lenart
            Reporter:
            zhouyanming
          • Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development