You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@struts.apache.org by "Tom Briers (JIRA)" <ji...@apache.org> on 2013/06/06 09:14:20 UTC
[jira] [Updated] (WW-4098) DefaultActionMapper is cleaning up
correct action names
[ https://issues.apache.org/jira/browse/WW-4098?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Tom Briers updated WW-4098:
---------------------------
Description:
With the new security release I'm seeing warning in my logs for 'correct' action names:
08:57:39,711 WARN [DefaultActionMapper] Action [getCamelCase] do not match allowed action names pattern [[a-z]*[A-Z]*[0-9]*[.\-_!/]*], cleaning it up!
It seems to be linked to actions in camelCase. I believe those are correct.
The current pattern to check is the following: [a-z]*[A-Z]*[0-9]*[.\\-_!/]*
I think it should be something like follows: [a-zA-Z0-9.\\-_!/]*
I did a quick test with the following results:
{code}
public static void main(String[] args)
{
String currentPattern = "[a-z]*[A-Z]*[0-9]*[.\\-_!/]*";
String newPattern = "[a-zA-Z0-9.\\-_!/]*";
System.out.println("test".matches(currentPattern)); //true
System.out.println("testCamel".matches(currentPattern)); //false
System.out.println("test".matches(newPattern)); //true
System.out.println("testCamel".matches(newPattern)); //true
}
{code}
Please beware that I am not a regex specialist some review it carefully.
was:
With the new security release I'm seeing warning in my logs for 'correct' action names:
08:57:39,711 WARN [DefaultActionMapper] Action [getCamelCase] do not match allowed action names pattern [[a-z]*[A-Z]*[0-9]*[.\-_!/]*], cleaning it up!
It seems to be linked to actions in camelCase. I believe those are correct.
The current pattern to check is the following: [a-z]*[A-Z]*[0-9]*[.\\-_!/]*
I think it should be something like follows: [a-zA-Z0-9.\\-_!/]*
I did a quick test with the following results:
public static void main(String[] args)
{
String currentPattern = "[a-z]*[A-Z]*[0-9]*[.\\-_!/]*";
String newPattern = "[a-zA-Z0-9.\\-_!/]*";
System.out.println("test".matches(currentPattern)); //true
System.out.println("testCamel".matches(currentPattern)); //false
System.out.println("test".matches(newPattern)); //true
System.out.println("testCamel".matches(newPattern)); //true
Please beware that I am not a regex specialist some review it carefully.
}
> DefaultActionMapper is cleaning up correct action names
> -------------------------------------------------------
>
> Key: WW-4098
> URL: https://issues.apache.org/jira/browse/WW-4098
> Project: Struts 2
> Issue Type: Bug
> Components: Core Actions
> Affects Versions: 2.3.14.3
> Reporter: Tom Briers
>
> With the new security release I'm seeing warning in my logs for 'correct' action names:
> 08:57:39,711 WARN [DefaultActionMapper] Action [getCamelCase] do not match allowed action names pattern [[a-z]*[A-Z]*[0-9]*[.\-_!/]*], cleaning it up!
> It seems to be linked to actions in camelCase. I believe those are correct.
> The current pattern to check is the following: [a-z]*[A-Z]*[0-9]*[.\\-_!/]*
> I think it should be something like follows: [a-zA-Z0-9.\\-_!/]*
> I did a quick test with the following results:
> {code}
> public static void main(String[] args)
> {
> String currentPattern = "[a-z]*[A-Z]*[0-9]*[.\\-_!/]*";
> String newPattern = "[a-zA-Z0-9.\\-_!/]*";
> System.out.println("test".matches(currentPattern)); //true
> System.out.println("testCamel".matches(currentPattern)); //false
> System.out.println("test".matches(newPattern)); //true
> System.out.println("testCamel".matches(newPattern)); //true
> }
> {code}
> Please beware that I am not a regex specialist some review it carefully.
>
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira