Uploaded image for project: 'Struts 2'
  1. Struts 2
  2. WW-5056

Standard Accepted Patterns in DefaultAcceptedPatternsChecker

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.6
    • Component/s: Core Interceptors
    • Labels:
      None

      Description

      Currently the regex used to match allowed parameters is

       

      
         public static final String[] ACCEPTED_PATTERNS = {
                 "\\w+((\\.\\w+)|(\\[\\d+\\])|(\\(\\d+\\))|(\\['(\\w|[\\u4e00-\\u9fa5])+'\\])|(\\('(\\w|[\\u4e00-\\u9fa5])+'\\)))*"
         };
      
       

       

      For parameters that are mapped to a map, this restricts the keys to letters, numbers and underscore.

      It would be nice to allow all characters that are allowed in POST data and URLs, for example a parameter like map['key-subkey'] is currently not allowed, but it should cause no harm.

       

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              avettori Andrea Vettori

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 50m
                50m

                  Issue deployment