You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@struts.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2021/01/03 09:38:00 UTC
[jira] [Commented] (WW-5056) Standard Accepted Patterns in
DefaultAcceptedPatternsChecker
[ https://issues.apache.org/jira/browse/WW-5056?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17257706#comment-17257706 ]
ASF subversion and git services commented on WW-5056:
-----------------------------------------------------
Commit 23169941e723ca1a86f9c270b347a76f8c186fc7 in struts's branch refs/heads/WW-5056-allows-dash from Lukasz Lenart
[ https://gitbox.apache.org/repos/asf?p=struts.git;h=2316994 ]
WW-5056 Accepts dashes in param names
> Standard Accepted Patterns in DefaultAcceptedPatternsChecker
> ------------------------------------------------------------
>
> Key: WW-5056
> URL: https://issues.apache.org/jira/browse/WW-5056
> Project: Struts 2
> Issue Type: Improvement
> Components: Core Interceptors
> Reporter: Andrea Vettori
> Priority: Minor
> Fix For: 2.6
>
>
> Currently the regex used to match allowed parameters is
> {code}
> public static final String[] ACCEPTED_PATTERNS = {
> "\\w+((\\.\\w+)|(\\[\\d+\\])|(\\(\\d+\\))|(\\['(\\w|[\\u4e00-\\u9fa5])+'\\])|(\\('(\\w|[\\u4e00-\\u9fa5])+'\\)))*"
> };
> {code}
> For parameters that are mapped to a map, this restricts the keys to letters, numbers and underscore.
> It would be nice to allow all characters that are allowed in POST data and URLs, for example a parameter like map['key-subkey'] is currently not allowed, but it should cause no harm.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)