You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@struts.apache.org by lu...@apache.org on 2016/10/11 08:14:38 UTC
[1/2] struts git commit: WW-4697 If DMI is enabled,
exclude action|method params
Repository: struts
Updated Branches:
refs/heads/master dbf2bcb5c -> 5975b7aac
WW-4697 If DMI is enabled, exclude action|method params
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/58016388
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/58016388
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/58016388
Branch: refs/heads/master
Commit: 580163880c11af3b0f41538c93af5930ba41ab14
Parents: dbf2bcb
Author: Lukasz Lenart <lu...@apache.org>
Authored: Tue Oct 11 08:28:28 2016 +0200
Committer: Lukasz Lenart <lu...@apache.org>
Committed: Tue Oct 11 08:28:28 2016 +0200
----------------------------------------------------------------------
.../xwork2/security/DefaultExcludedPatternsChecker.java | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/struts/blob/58016388/core/src/main/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsChecker.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsChecker.java b/core/src/main/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsChecker.java
index 84840f5..e8f7282 100644
--- a/core/src/main/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsChecker.java
+++ b/core/src/main/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsChecker.java
@@ -3,8 +3,10 @@ package com.opensymphony.xwork2.security;
import com.opensymphony.xwork2.XWorkConstants;
import com.opensymphony.xwork2.inject.Inject;
import com.opensymphony.xwork2.util.TextParseUtil;
+import org.apache.commons.lang3.BooleanUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
+import org.apache.struts2.StrutsConstants;
import java.util.Arrays;
import java.util.HashSet;
@@ -17,8 +19,7 @@ public class DefaultExcludedPatternsChecker implements ExcludedPatternsChecker {
public static final String[] EXCLUDED_PATTERNS = {
"(^|\\%\\{)((#?)(top(\\.|\\['|\\[\")|\\[\\d\\]\\.)?)(dojo|struts|session|request|response|application|servlet(Request|Response|Context)|parameters|context|_memberAccess)(\\.|\\[).*",
- ".*(^|\\.|\\[|\\'|\"|get)class(\\(\\.|\\[|\\'|\").*",
- "^(action|method):.*"
+ ".*(^|\\.|\\[|\\'|\"|get)class(\\(\\.|\\[|\\'|\").*"
};
private Set<Pattern> excludedPatterns;
@@ -45,6 +46,13 @@ public class DefaultExcludedPatternsChecker implements ExcludedPatternsChecker {
}
}
+ @Inject(value = StrutsConstants.STRUTS_ENABLE_DYNAMIC_METHOD_INVOCATION, required = false)
+ public void setDynamicMethodInvocation(String dmiValue) {
+ if (BooleanUtils.toBoolean(dmiValue)) {
+ setAdditionalExcludePatterns("^(action|method):.*");
+ }
+ }
+
public void setExcludedPatterns(String commaDelimitedPatterns) {
setExcludedPatterns(TextParseUtil.commaDelimitedStringToSet(commaDelimitedPatterns));
}
[2/2] struts git commit: WW-4697 If DMI is sisabled,
exclude action|method params
Posted by lu...@apache.org.
WW-4697 If DMI is sisabled, exclude action|method params
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/5975b7aa
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/5975b7aa
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/5975b7aa
Branch: refs/heads/master
Commit: 5975b7aac7c9fd933aec80d3d3450190f9c2e8fd
Parents: 5801638
Author: Lukasz Lenart <lu...@apache.org>
Authored: Tue Oct 11 10:14:25 2016 +0200
Committer: Lukasz Lenart <lu...@apache.org>
Committed: Tue Oct 11 10:14:25 2016 +0200
----------------------------------------------------------------------
.../com/opensymphony/xwork2/config/impl/MockConfiguration.java | 2 ++
.../xwork2/config/providers/XWorkConfigurationProvider.java | 2 ++
.../xwork2/security/DefaultExcludedPatternsChecker.java | 5 +++--
3 files changed, 7 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/struts/blob/5975b7aa/core/src/main/java/com/opensymphony/xwork2/config/impl/MockConfiguration.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/com/opensymphony/xwork2/config/impl/MockConfiguration.java b/core/src/main/java/com/opensymphony/xwork2/config/impl/MockConfiguration.java
index 3148f05..120d3f9 100644
--- a/core/src/main/java/com/opensymphony/xwork2/config/impl/MockConfiguration.java
+++ b/core/src/main/java/com/opensymphony/xwork2/config/impl/MockConfiguration.java
@@ -24,6 +24,7 @@ import com.opensymphony.xwork2.inject.Container;
import com.opensymphony.xwork2.inject.ContainerBuilder;
import com.opensymphony.xwork2.inject.Scope;
import com.opensymphony.xwork2.util.location.LocatableProperties;
+import org.apache.struts2.StrutsConstants;
import java.util.*;
@@ -51,6 +52,7 @@ public class MockConfiguration implements Configuration {
builder.constant(XWorkConstants.DEV_MODE, "false");
builder.constant(XWorkConstants.RELOAD_XML_CONFIGURATION, "true");
builder.constant(XWorkConstants.ENABLE_OGNL_EXPRESSION_CACHE, "true");
+ builder.constant(StrutsConstants.STRUTS_ENABLE_DYNAMIC_METHOD_INVOCATION, "false");
container = builder.create(true);
}
http://git-wip-us.apache.org/repos/asf/struts/blob/5975b7aa/core/src/main/java/com/opensymphony/xwork2/config/providers/XWorkConfigurationProvider.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/com/opensymphony/xwork2/config/providers/XWorkConfigurationProvider.java b/core/src/main/java/com/opensymphony/xwork2/config/providers/XWorkConfigurationProvider.java
index 89e8f97..0141e62 100644
--- a/core/src/main/java/com/opensymphony/xwork2/config/providers/XWorkConfigurationProvider.java
+++ b/core/src/main/java/com/opensymphony/xwork2/config/providers/XWorkConfigurationProvider.java
@@ -87,6 +87,7 @@ import com.opensymphony.xwork2.validator.ValidatorFactory;
import com.opensymphony.xwork2.validator.ValidatorFileParser;
import ognl.MethodAccessor;
import ognl.PropertyAccessor;
+import org.apache.struts2.StrutsConstants;
import java.util.ArrayList;
import java.util.Collection;
@@ -181,6 +182,7 @@ public class XWorkConfigurationProvider implements ConfigurationProvider {
.factory(AcceptedPatternsChecker.class, DefaultAcceptedPatternsChecker.class, Scope.PROTOTYPE)
;
+ props.setProperty(StrutsConstants.STRUTS_ENABLE_DYNAMIC_METHOD_INVOCATION, Boolean.FALSE.toString());
props.setProperty(XWorkConstants.DEV_MODE, Boolean.FALSE.toString());
props.setProperty(XWorkConstants.LOG_MISSING_PROPERTIES, Boolean.FALSE.toString());
props.setProperty(XWorkConstants.ENABLE_OGNL_EXPRESSION_CACHE, Boolean.TRUE.toString());
http://git-wip-us.apache.org/repos/asf/struts/blob/5975b7aa/core/src/main/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsChecker.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsChecker.java b/core/src/main/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsChecker.java
index e8f7282..687d17f 100644
--- a/core/src/main/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsChecker.java
+++ b/core/src/main/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsChecker.java
@@ -46,9 +46,10 @@ public class DefaultExcludedPatternsChecker implements ExcludedPatternsChecker {
}
}
- @Inject(value = StrutsConstants.STRUTS_ENABLE_DYNAMIC_METHOD_INVOCATION, required = false)
+ @Inject(StrutsConstants.STRUTS_ENABLE_DYNAMIC_METHOD_INVOCATION)
public void setDynamicMethodInvocation(String dmiValue) {
- if (BooleanUtils.toBoolean(dmiValue)) {
+ if (!BooleanUtils.toBoolean(dmiValue)) {
+ LOG.debug("DMI is disabled, adding DMI related excluded patterns");
setAdditionalExcludePatterns("^(action|method):.*");
}
}