You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Eric Lentz <Er...@sherwin.com> on 2011/07/07 14:50:33 UTC
"/" character an invalid key?
I'm using Struts 2.2.1.
I have a use case whereby form fields are generated dynamically and some
of them are select lists. Since it is a database driven list of fields,
the labels presented for the user are also used as keys for the map that
the form posts back to. Using alternate keys is not desirable.
That's brief background to attempt at justification for what I'm doing. To
provide a simple example, this is the equivalent to one of the select
lists that gets created:
<s:select list="#{'Interior':'Interior','Exterior':'Exterior'}"
name='foo["Interior/Exterior"]'
headerKey="-1"
headerValue="Select One" />
Interior/Exterior, as a key, seems to be an issue. Using that on a test
form and a test action that has the following:
if(foo == null) {
bar = "Foo is null";
}
else if(foo.containsKey("Interior/Exterior")) {
bar = foo.get("Interior/Exterior");
}
else {
bar = "Not Found";
}
bar always gets assigned "Foo is null".
Any ideas why the "/" character contained in a key would make it invalid?
I tested using that exact key in a map and Java is fine with it. Since foo
is null, it appears to not be passed at all. I tried various escaping
(e.g., "\/"), but it still comes back null when "/" is in the key.
The page, action and configuration I used to test this is here:
http://www.chopapp.com/#32ycxelq
Re: "/" character an invalid key?
Posted by Eric Lentz <Er...@sherwin.com>.
>> Do we call this a bug?
>
>Probably, but I don't if it's an S2 or OGNL issue.
>
>Dave
Per my previous post, it appears to be coming from the
com.opensymphony.xwork2 package. This is supported through Apache now? Do
we post this to S2's JIRA?
Re: "/" character an invalid key?
Posted by Łukasz Lenart <lu...@googlemail.com>.
W dniu 7 lipca 2011 16:37 użytkownik Eric Lentz
<Er...@sherwin.com> napisał:
> Do you mean acceptedParamNames? (
> http://struts.apache.org/2.2.1/struts2-core/apidocs/com/opensymphony/xwork2/interceptor/ParametersInterceptor.html
> )
Yes, just put modified version from source code.
Regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/
Warszawa JUG conference - Confitura http://confitura.pl/
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: "/" character an invalid key?
Posted by Eric Lentz <Er...@sherwin.com>.
>> Um, I don't know. What do you mean? I thought that's what I did when I
>> specified name='foo["Interior/Exterior"]'
>
><interceptor-ref name="params"/>
> <param name="paramNames">......</param>
></interceptor-ref>
>
>
>Regards
>--
>Łukasz
Do you mean acceptedParamNames? (
http://struts.apache.org/2.2.1/struts2-core/apidocs/com/opensymphony/xwork2/interceptor/ParametersInterceptor.html
)
That seems fragile for my use case because the dynamic fields can be
updated in the database and then not updated in the struts.xml and then
suddenly the app. breaks. I appreciate the suggestion though as a possible
work-around.
Too bad that acceptedPattern doesn't have a setter, although I don't know
if adding a "/" would break something else. Perhaps that's why it doesn't
have a setter.
Re: "/" character an invalid key?
Posted by Łukasz Lenart <lu...@googlemail.com>.
2011/7/7 Eric Lentz <Er...@sherwin.com>:
> Um, I don't know. What do you mean? I thought that's what I did when I
> specified name='foo["Interior/Exterior"]'
<interceptor-ref name="params"/>
<param name="paramNames">......</param>
</interceptor-ref>
Regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/
Warszawa JUG conference - Confitura http://confitura.pl/
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: "/" character an invalid key?
Posted by Eric Lentz <Er...@sherwin.com>.
> Oh, can't you just set the parameter then?
>
> Dave
Um, I don't know. What do you mean? I thought that's what I did when I
specified name='foo["Interior/Exterior"]'
Re: "/" character an invalid key?
Posted by Dave Newton <da...@gmail.com>.
Oh, can't you just set the parameter then?
Dave
On Thu, Jul 7, 2011 at 8:35 AM, Eric Lentz <Er...@sherwin.com> wrote:
>>> Do we call this a bug?
>>
>>Probably, but I don't if it's an S2 or OGNL issue.
>>
>>Dave
>
> com.opensymphony.xwork2.interceptor.ParametersInterceptor
>
> private String acceptedParamNames = "[a-zA-Z0-9\\.\\]\\[\\(\\)_'\\s]+";
> private Pattern acceptedPattern = Pattern.compile(acceptedParamNames);
> ...
>
> protected boolean acceptableName(String name) {
> if (isAccepted(name) && !isExcluded(name)) {
> return true;
> }
> return false;
> }
> protected boolean isAccepted(String paramName) {
> if (!this.acceptParams.isEmpty()) {
> for (Pattern pattern : acceptParams) {
> Matcher matcher = pattern.matcher(paramName);
> if (matcher.matches()) {
> return true;
> }
> }
> return false;
> } else
> return acceptedPattern.matcher(paramName).matches();
> }
>
> Using the sample app. the debugger lands on "return false" in
> acceptableName and never makes it to isExcluded, so isAccepted appears to
> be where it gets stopped (returns false). That must be on account of what
> is considered "acceptedParamNames".
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: "/" character an invalid key?
Posted by Łukasz Lenart <lu...@googlemail.com>.
Just define your own value of paramNames as a parameter for the
interceptor, but be aware that this can create a potential security
whole in your app.
Regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/
Warszawa JUG conference - Confitura http://confitura.pl/
2011/7/7 Eric Lentz <Er...@sherwin.com>:
>>> Do we call this a bug?
>>
>>Probably, but I don't if it's an S2 or OGNL issue.
>>
>>Dave
>
> com.opensymphony.xwork2.interceptor.ParametersInterceptor
>
> private String acceptedParamNames = "[a-zA-Z0-9\\.\\]\\[\\(\\)_'\\s]+";
> private Pattern acceptedPattern = Pattern.compile(acceptedParamNames);
> ...
>
> protected boolean acceptableName(String name) {
> if (isAccepted(name) && !isExcluded(name)) {
> return true;
> }
> return false;
> }
> protected boolean isAccepted(String paramName) {
> if (!this.acceptParams.isEmpty()) {
> for (Pattern pattern : acceptParams) {
> Matcher matcher = pattern.matcher(paramName);
> if (matcher.matches()) {
> return true;
> }
> }
> return false;
> } else
> return acceptedPattern.matcher(paramName).matches();
> }
>
> Using the sample app. the debugger lands on "return false" in
> acceptableName and never makes it to isExcluded, so isAccepted appears to
> be where it gets stopped (returns false). That must be on account of what
> is considered "acceptedParamNames".
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: "/" character an invalid key?
Posted by Eric Lentz <Er...@sherwin.com>.
>> Do we call this a bug?
>
>Probably, but I don't if it's an S2 or OGNL issue.
>
>Dave
com.opensymphony.xwork2.interceptor.ParametersInterceptor
private String acceptedParamNames = "[a-zA-Z0-9\\.\\]\\[\\(\\)_'\\s]+";
private Pattern acceptedPattern = Pattern.compile(acceptedParamNames);
...
protected boolean acceptableName(String name) {
if (isAccepted(name) && !isExcluded(name)) {
return true;
}
return false;
}
protected boolean isAccepted(String paramName) {
if (!this.acceptParams.isEmpty()) {
for (Pattern pattern : acceptParams) {
Matcher matcher = pattern.matcher(paramName);
if (matcher.matches()) {
return true;
}
}
return false;
} else
return acceptedPattern.matcher(paramName).matches();
}
Using the sample app. the debugger lands on "return false" in
acceptableName and never makes it to isExcluded, so isAccepted appears to
be where it gets stopped (returns false). That must be on account of what
is considered "acceptedParamNames".
Re: "/" character an invalid key?
Posted by Dave Newton <da...@gmail.com>.
On Thursday, July 7, 2011, Eric Lentz <Er...@sherwin.com> wrote:
> Do we call this a bug?
Probably, but I don't if it's an S2 or OGNL issue.
Dave
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: "/" character an invalid key?
Posted by Eric Lentz <Er...@sherwin.com>.
> My first guess would be that OGNL is trying to evaluate it, although
> since it's a string, not sure that makes any sense.
>
> I don't know how your DB is laid out or how what sounds like ad-hoc
> structures are being created, but is a text ID really the only thing
> you have available?
>
> Dave
Well, the keys end up being stored in the DB, in another table from the
source of the keys, as ad-hoc field names. You know at a glance the
context of a stored value. It also makes it easy for reporting.
I can use the DB surrogate key of the source of the dynamic field, but
then when I store the values I have a N+1 type query to get the field
names or I have to get all of the keys and then find them in a List or Map
object for each form field so that I have the label value to store in the
final table. That's a lot of extra work, which is why it isn't desirable.
Ultimately, I guess this will be what I have to do since this doesn't
work.
Do we call this a bug?
Re: "/" character an invalid key?
Posted by Dave Newton <da...@gmail.com>.
My first guess would be that OGNL is trying to evaluate it, although
since it's a string, not sure that makes any sense.
I don't know how your DB is laid out or how what sounds like ad-hoc
structures are being created, but is a text ID really the only thing
you have available?
Dave
On Thursday, July 7, 2011, Eric Lentz <Er...@sherwin.com> wrote:
> I'm using Struts 2.2.1.
>
> I have a use case whereby form fields are generated dynamically and some
> of them are select lists. Since it is a database driven list of fields,
> the labels presented for the user are also used as keys for the map that
> the form posts back to. Using alternate keys is not desirable.
>
> That's brief background to attempt at justification for what I'm doing. To
> provide a simple example, this is the equivalent to one of the select
> lists that gets created:
> <s:select list="#{'Interior':'Interior','Exterior':'Exterior'}"
> name='foo["Interior/Exterior"]'
> headerKey="-1"
> headerValue="Select One" />
>
> Interior/Exterior, as a key, seems to be an issue. Using that on a test
> form and a test action that has the following:
>
> if(foo == null) {
> bar = "Foo is null";
> }
> else if(foo.containsKey("Interior/Exterior")) {
> bar = foo.get("Interior/Exterior");
> }
> else {
> bar = "Not Found";
> }
>
> bar always gets assigned "Foo is null".
>
> Any ideas why the "/" character contained in a key would make it invalid?
> I tested using that exact key in a map and Java is fine with it. Since foo
> is null, it appears to not be passed at all. I tried various escaping
> (e.g., "\/"), but it still comes back null when "/" is in the key.
>
> The page, action and configuration I used to test this is here:
> http://www.chopapp.com/#32ycxelq
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org