You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@struts.apache.org by lu...@apache.org on 2016/05/12 13:36:25 UTC
struts git commit: Throws away methods that doesn't match pattern
Repository: struts
Updated Branches:
refs/heads/master 8b688cc38 -> 27ca165dd
Throws away methods that doesn't match pattern
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/27ca165d
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/27ca165d
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/27ca165d
Branch: refs/heads/master
Commit: 27ca165ddbf81c84bafbd083b99a18d89cc49ca7
Parents: 8b688cc
Author: Lukasz Lenart <lu...@apache.org>
Authored: Thu May 12 15:36:12 2016 +0200
Committer: Lukasz Lenart <lu...@apache.org>
Committed: Thu May 12 15:36:12 2016 +0200
----------------------------------------------------------------------
.../dispatcher/mapper/DefaultActionMapper.java | 10 ++-----
.../mapper/DefaultActionMapperTest.java | 30 ++++++++++++++++++--
2 files changed, 29 insertions(+), 11 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/struts/blob/27ca165d/core/src/main/java/org/apache/struts2/dispatcher/mapper/DefaultActionMapper.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/struts2/dispatcher/mapper/DefaultActionMapper.java b/core/src/main/java/org/apache/struts2/dispatcher/mapper/DefaultActionMapper.java
index f30e0fd..d0e89be 100644
--- a/core/src/main/java/org/apache/struts2/dispatcher/mapper/DefaultActionMapper.java
+++ b/core/src/main/java/org/apache/struts2/dispatcher/mapper/DefaultActionMapper.java
@@ -34,6 +34,7 @@ import org.apache.logging.log4j.Logger;
import org.apache.struts2.RequestUtils;
import org.apache.struts2.ServletActionContext;
import org.apache.struts2.StrutsConstants;
+import org.apache.struts2.StrutsException;
import org.apache.struts2.util.PrefixTrie;
import javax.servlet.http.HttpServletRequest;
@@ -385,14 +386,7 @@ public class DefaultActionMapper implements ActionMapper {
if (allowedActionNames.matcher(rawActionName).matches()) {
return rawActionName;
} else {
- LOG.warn("Action [{}] does not match allowed action names pattern [{}], cleaning it up!",
- rawActionName, allowedActionNames);
- String cleanActionName = rawActionName;
- for (String chunk : allowedActionNames.split(rawActionName)) {
- cleanActionName = cleanActionName.replace(chunk, "");
- }
- LOG.debug("Cleaned action name [{}]", cleanActionName);
- return cleanActionName;
+ throw new StrutsException("Action [" + rawActionName + "] does not match allowed action names pattern [" + allowedActionNames + "]!");
}
}
http://git-wip-us.apache.org/repos/asf/struts/blob/27ca165d/core/src/test/java/org/apache/struts2/dispatcher/mapper/DefaultActionMapperTest.java
----------------------------------------------------------------------
diff --git a/core/src/test/java/org/apache/struts2/dispatcher/mapper/DefaultActionMapperTest.java b/core/src/test/java/org/apache/struts2/dispatcher/mapper/DefaultActionMapperTest.java
index 4314672..69bb7de 100644
--- a/core/src/test/java/org/apache/struts2/dispatcher/mapper/DefaultActionMapperTest.java
+++ b/core/src/test/java/org/apache/struts2/dispatcher/mapper/DefaultActionMapperTest.java
@@ -30,6 +30,7 @@ import com.opensymphony.xwork2.config.ConfigurationManager;
import com.opensymphony.xwork2.config.entities.PackageConfig;
import com.opensymphony.xwork2.config.impl.DefaultConfiguration;
import org.apache.struts2.ServletActionContext;
+import org.apache.struts2.StrutsException;
import org.apache.struts2.StrutsInternalTestCase;
import org.apache.struts2.result.StrutsResultSupport;
import org.apache.struts2.views.jsp.StrutsMockHttpServletRequest;
@@ -844,14 +845,37 @@ public class DefaultActionMapperTest extends StrutsInternalTestCase {
String actionName = "action";
assertEquals(actionName, mapper.cleanupActionName(actionName));
+ Throwable expected = null;
+
actionName = "${action}";
- assertEquals("action", mapper.cleanupActionName(actionName));
+ try {
+ mapper.cleanupActionName(actionName);
+ fail();
+ } catch (Throwable t) {
+ expected = t;
+ }
+ assertTrue(expected instanceof StrutsException);
+ assertEquals("Action [${action}] does not match allowed action names pattern [[a-zA-Z0-9._!/\\-]*]!", expected.getMessage());
actionName = "${${%{action}}}";
- assertEquals("action", mapper.cleanupActionName(actionName));
+ try {
+ mapper.cleanupActionName(actionName);
+ fail();
+ } catch (Throwable t) {
+ expected = t;
+ }
+ assertTrue(expected instanceof StrutsException);
+ assertEquals("Action [${${%{action}}}] does not match allowed action names pattern [[a-zA-Z0-9._!/\\-]*]!", expected.getMessage());
actionName = "${#foo='action',#foo}";
- assertEquals("fooactionfoo", mapper.cleanupActionName(actionName));
+ try {
+ mapper.cleanupActionName(actionName);
+ fail();
+ } catch (Throwable t) {
+ expected = t;
+ }
+ assertTrue(expected instanceof StrutsException);
+ assertEquals("Action [${#foo='action',#foo}] does not match allowed action names pattern [[a-zA-Z0-9._!/\\-]*]!", expected.getMessage());
actionName = "test-action";
assertEquals("test-action", mapper.cleanupActionName(actionName));