You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@archiva.apache.org by br...@apache.org on 2013/01/07 07:06:59 UTC
svn commit: r1429676 - in /archiva/branches/archiva-1.3.x:
archiva-modules/archiva-web/archiva-webapp/src/main/resources/struts.xml
pom.xml
Author: brett
Date: Mon Jan 7 06:06:59 2013
New Revision: 1429676
URL: http://svn.apache.org/viewvc?rev=1429676&view=rev
Log:
[MRM-1738] defaultStack requires a stronger blacklist of parameter names in
the param interceptor
Modified:
archiva/branches/archiva-1.3.x/archiva-modules/archiva-web/archiva-webapp/src/main/resources/struts.xml
archiva/branches/archiva-1.3.x/pom.xml
Modified: archiva/branches/archiva-1.3.x/archiva-modules/archiva-web/archiva-webapp/src/main/resources/struts.xml
URL: http://svn.apache.org/viewvc/archiva/branches/archiva-1.3.x/archiva-modules/archiva-web/archiva-webapp/src/main/resources/struts.xml?rev=1429676&r1=1429675&r2=1429676&view=diff
==============================================================================
--- archiva/branches/archiva-1.3.x/archiva-modules/archiva-web/archiva-webapp/src/main/resources/struts.xml (original)
+++ archiva/branches/archiva-1.3.x/archiva-modules/archiva-web/archiva-webapp/src/main/resources/struts.xml Mon Jan 7 06:06:59 2013
@@ -25,7 +25,48 @@
<!-- Include plexus-security xwork configurations. -->
<include file="struts-security.xml"/>
- <package name="base" extends="struts-default">
+ <package name="default-stacks" extends="struts-default">
+ <interceptors>
+ <interceptor-stack name="defaultStack">
+ <interceptor-ref name="exception"/>
+ <interceptor-ref name="alias"/>
+ <interceptor-ref name="servletConfig"/>
+ <interceptor-ref name="prepare"/>
+ <interceptor-ref name="i18n"/>
+ <interceptor-ref name="chain"/>
+ <interceptor-ref name="debugging"/>
+ <interceptor-ref name="profiling"/>
+ <interceptor-ref name="scopedModelDriven"/>
+ <interceptor-ref name="modelDriven"/>
+ <interceptor-ref name="fileUpload"/>
+ <interceptor-ref name="checkbox"/>
+ <interceptor-ref name="staticParams"/>
+ <interceptor-ref name="params">
+ <param name="excludeParams">dojo\..*,^struts\..*,.*\\.*,.*\(.*,.*\).*,.*@.*</param>
+ </interceptor-ref>
+ <interceptor-ref name="conversionError"/>
+ <interceptor-ref name="validation">
+ <param name="excludeMethods">input,back,cancel,browse</param>
+ </interceptor-ref>
+ <interceptor-ref name="workflow">
+ <param name="excludeMethods">input,back,cancel,browse</param>
+ </interceptor-ref>
+ </interceptor-stack>
+
+ <interceptor-stack name="basicStack">
+ <interceptor-ref name="exception"/>
+ <interceptor-ref name="servletConfig"/>
+ <interceptor-ref name="prepare"/>
+ <interceptor-ref name="checkbox"/>
+ <interceptor-ref name="params">
+ <param name="excludeParams">dojo\..*,^struts\..*,.*\\.*,.*\(.*,.*\).*,.*@.*</param>
+ </interceptor-ref>
+ <interceptor-ref name="conversionError"/>
+ </interceptor-stack>
+ </interceptors>
+ </package>
+
+ <package name="base" extends="default-stacks">
<interceptors>
<interceptor name="configuration" class="configurationInterceptor"/>
<interceptor name="redbackForceAdminUser" class="redbackForceAdminUserInterceptor"/>
@@ -236,7 +277,7 @@
</package>
- <package name="components" namespace="/components" extends="struts-default">
+ <package name="components" namespace="/components" extends="default-stacks">
<default-interceptor-ref name="basicStack"/>
<action name="companyInfo" class="organisationInfo">
<result>/WEB-INF/jsp/components/companyLogo.jsp</result>
Modified: archiva/branches/archiva-1.3.x/pom.xml
URL: http://svn.apache.org/viewvc/archiva/branches/archiva-1.3.x/pom.xml?rev=1429676&r1=1429675&r2=1429676&view=diff
==============================================================================
--- archiva/branches/archiva-1.3.x/pom.xml (original)
+++ archiva/branches/archiva-1.3.x/pom.xml Mon Jan 7 06:06:59 2013
@@ -1102,7 +1102,7 @@
<properties>
<maven.version>2.0.8</maven.version>
<wagon.version>1.0-beta-5</wagon.version>
- <redback.version>1.2.8</redback.version>
+ <redback.version>1.2.9</redback.version>
<jetty.version>6.1.19</jetty.version>
<slf4j.version>1.5.8</slf4j.version>
<binder.version>0.9</binder.version>