You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@struts.apache.org by lu...@apache.org on 2013/10/21 12:49:52 UTC

svn commit: r1534089 - in /struts/struts2/trunk: core/src/main/resources/struts-default.xml xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java

Author: lukaszlenart
Date: Mon Oct 21 10:49:52 2013
New Revision: 1534089

URL: http://svn.apache.org/r1534089
Log:
WW-4023 Adds action: and method: prefixes to excludeParams list and changes order to first check for excludeParams and then for acceptedParams in ParametersInterceptor

Modified:
    struts/struts2/trunk/core/src/main/resources/struts-default.xml
    struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java

Modified: struts/struts2/trunk/core/src/main/resources/struts-default.xml
URL: http://svn.apache.org/viewvc/struts/struts2/trunk/core/src/main/resources/struts-default.xml?rev=1534089&r1=1534088&r2=1534089&view=diff
==============================================================================
--- struts/struts2/trunk/core/src/main/resources/struts-default.xml (original)
+++ struts/struts2/trunk/core/src/main/resources/struts-default.xml Mon Oct 21 10:49:52 2013
@@ -251,7 +251,7 @@
                 <interceptor-ref name="checkbox"/>
                 <interceptor-ref name="multiselect"/>
                 <interceptor-ref name="params">
-                    <param name="excludeParams">dojo\..*,^struts\..*,^session\..*,^request\..*,^application\..*,^servlet(Request|Response)\..*,parameters\...*</param>
+                    <param name="excludeParams">^dojo\..*,^struts\..*,^session\..*,^request\..*,^application\..*,^servlet(Request|Response)\..*,^parameters\..*,^action:.*,^method:.*</param>
                 </interceptor-ref>
                 <interceptor-ref name="servletConfig"/>
                 <interceptor-ref name="prepare"/>
@@ -261,7 +261,7 @@
                 <interceptor-ref name="staticParams"/>
                 <interceptor-ref name="actionMappingParams"/>
                 <interceptor-ref name="params">
-                    <param name="excludeParams">dojo\..*,^struts\..*,^session\..*,^request\..*,^application\..*,^servlet(Request|Response)\..*,parameters\...*</param>
+                    <param name="excludeParams">^dojo\..*,^struts\..*,^session\..*,^request\..*,^application\..*,^servlet(Request|Response)\..*,^parameters\..*,^action:.*,^method:.*</param>
                 </interceptor-ref>
                 <interceptor-ref name="conversionError"/>
                 <interceptor-ref name="validation">
@@ -298,7 +298,7 @@
                 <interceptor-ref name="staticParams"/>
                 <interceptor-ref name="actionMappingParams"/>
                 <interceptor-ref name="params">
-                    <param name="excludeParams">dojo\..*,^struts\..*,^session\..*,^request\..*,^application\..*,^servlet(Request|Response)\..*,parameters\...*</param>
+                    <param name="excludeParams">^dojo\..*,^struts\..*,^session\..*,^request\..*,^application\..*,^servlet(Request|Response)\..*,^parameters\..*,^action:.*,^method:.*</param>
                 </interceptor-ref>
                 <interceptor-ref name="conversionError"/>
                 <interceptor-ref name="validation">

Modified: struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java
URL: http://svn.apache.org/viewvc/struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java?rev=1534089&r1=1534088&r2=1534089&view=diff
==============================================================================
--- struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java (original)
+++ struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java Mon Oct 21 10:49:52 2013
@@ -144,8 +144,7 @@ public class ParametersInterceptor exten
     private boolean devMode = false;
 
     // Allowed names of parameters
-    private String acceptedParamNames = ACCEPTED_PARAM_NAMES;
-    private Pattern acceptedPattern = Pattern.compile(acceptedParamNames);
+    private Pattern acceptedPattern = Pattern.compile(ACCEPTED_PARAM_NAMES);
 
     private ValueStackFactory valueStackFactory;
 
@@ -389,7 +388,7 @@ public class ParametersInterceptor exten
     }
 
     protected boolean acceptableName(String name) {
-        boolean accepted = isWithinLengthLimit(name) && isAccepted(name) && !isExcluded(name);
+        boolean accepted = isWithinLengthLimit(name) && !isExcluded(name) && isAccepted(name);
         if (devMode && accepted) { // notify only when in devMode
             LOG.debug("Parameter [#0] was accepted and will be appended to action!", name);
         }