You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@struts.apache.org by lu...@apache.org on 2021/01/03 09:37:54 UTC

[struts] branch WW-5056-allows-dash created (now 2316994)

This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a change to branch WW-5056-allows-dash
in repository https://gitbox.apache.org/repos/asf/struts.git.


      at 2316994  WW-5056 Accepts dashes in param names

This branch includes the following new commits:

     new 2316994  WW-5056 Accepts dashes in param names

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

[struts] 01/01: WW-5056 Accepts dashes in param names

Posted by lu...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a commit to branch WW-5056-allows-dash
in repository https://gitbox.apache.org/repos/asf/struts.git

commit 23169941e723ca1a86f9c270b347a76f8c186fc7
Author: Lukasz Lenart <lu...@apache.org>
AuthorDate: Sun Jan 3 10:37:45 2021 +0100

    WW-5056 Accepts dashes in param names
---
 .../security/DefaultAcceptedPatternsChecker.java   |  4 +-
 .../DefaultAcceptedPatternsCheckerTest.java        | 59 ++++++++++++++++++++++
 2 files changed, 61 insertions(+), 2 deletions(-)

diff --git a/core/src/main/java/com/opensymphony/xwork2/security/DefaultAcceptedPatternsChecker.java b/core/src/main/java/com/opensymphony/xwork2/security/DefaultAcceptedPatternsChecker.java
index 0489147..9b1704c 100644
--- a/core/src/main/java/com/opensymphony/xwork2/security/DefaultAcceptedPatternsChecker.java
+++ b/core/src/main/java/com/opensymphony/xwork2/security/DefaultAcceptedPatternsChecker.java
@@ -36,11 +36,11 @@ public class DefaultAcceptedPatternsChecker implements AcceptedPatternsChecker {
     private static final Logger LOG = LogManager.getLogger(DefaultAcceptedPatternsChecker.class);
 
     public static final String[] ACCEPTED_PATTERNS = {
-            "\\w+((\\.\\w+)|(\\[\\d+])|(\\(\\d+\\))|(\\['(\\w|[\\u4e00-\\u9fa5])+'])|(\\('(\\w|[\\u4e00-\\u9fa5])+'\\)))*"
+            "\\w+((\\.\\w+)|(\\[\\d+])|(\\(\\d+\\))|(\\['(\\w-?|[\\u4e00-\\u9fa5]-?)+'])|(\\('(\\w-?|[\\u4e00-\\u9fa5]-?)+'\\)))*"
     };
 
     public static final String[] DMI_AWARE_ACCEPTED_PATTERNS = {
-            "\\w+([:]?\\w+)?((\\.\\w+)|(\\[\\d+])|(\\(\\d+\\))|(\\['(\\w|[\\u4e00-\\u9fa5])+'])|(\\('(\\w|[\\u4e00-\\u9fa5])+'\\)))*([!]?\\w+)?"
+            "\\w+([:]?\\w+)?((\\.\\w+)|(\\[\\d+])|(\\(\\d+\\))|(\\['(\\w-?|[\\u4e00-\\u9fa5]-?)+'])|(\\('(\\w-?|[\\u4e00-\\u9fa5]-?)+'\\)))*([!]?\\w+)?"
     };
 
     private Set<Pattern> acceptedPatterns;
diff --git a/core/src/test/java/com/opensymphony/xwork2/security/DefaultAcceptedPatternsCheckerTest.java b/core/src/test/java/com/opensymphony/xwork2/security/DefaultAcceptedPatternsCheckerTest.java
index 1dc8d8a..b778fd2 100644
--- a/core/src/test/java/com/opensymphony/xwork2/security/DefaultAcceptedPatternsCheckerTest.java
+++ b/core/src/test/java/com/opensymphony/xwork2/security/DefaultAcceptedPatternsCheckerTest.java
@@ -57,6 +57,7 @@ public class DefaultAcceptedPatternsCheckerTest extends XWorkTestCase {
             add("%{#parameters.test}");
             add("%{#Parameters['test']}");
             add("%{#Parameters.test}");
+            add("%{#Parameters['test-1']}");
         }
     };
 
@@ -97,6 +98,35 @@ public class DefaultAcceptedPatternsCheckerTest extends XWorkTestCase {
         assertTrue("Param with underscore wasn't accepted!", actual.isAccepted());
     }
 
+    public void testDashInParamName() {
+        // given
+        AcceptedPatternsChecker checker = new DefaultAcceptedPatternsChecker();
+
+        // when
+        AcceptedPatternsChecker.IsAccepted actual = checker.isAccepted("mapParam['param-1']");
+
+        // then
+        assertTrue("Param with dasf wasn't accepted!", actual.isAccepted());
+
+        // when
+        actual = checker.isAccepted("mapParam['-param-1']");
+
+        // then
+        assertFalse("Param with dash was accepted!", actual.isAccepted());
+
+        // when
+        actual = checker.isAccepted("-param");
+
+        // then
+        assertFalse("Param with dash was accepted!", actual.isAccepted());
+
+        // when
+        actual = checker.isAccepted("param1-param2");
+
+        // then
+        assertFalse("Param with dash was accepted!", actual.isAccepted());
+    }
+
     public void testUnderscoreInParamNameWithDmiEnabled() {
         // given
         AcceptedPatternsChecker checker = new DefaultAcceptedPatternsChecker(Boolean.TRUE.toString());
@@ -174,4 +204,33 @@ public class DefaultAcceptedPatternsCheckerTest extends XWorkTestCase {
 
         assertTrue("dmi isn't accepted", accepted.isAccepted());
     }
+
+    public void testDmiIsEnabledAndDash() {
+        // given
+        DefaultAcceptedPatternsChecker checker = new DefaultAcceptedPatternsChecker(Boolean.TRUE.toString());
+
+        // when
+        AcceptedPatternsChecker.IsAccepted accepted = checker.isAccepted("map['param-1']");
+
+        // then
+        assertTrue("Dash isn't accepted", accepted.isAccepted());
+
+        // when
+        accepted = checker.isAccepted("map['-param-1']");
+
+        // then
+        assertFalse("Dash was accepted", accepted.isAccepted());
+
+        // when
+        accepted = checker.isAccepted("-param");
+
+        // then
+        assertFalse("Dash was accepted", accepted.isAccepted());
+
+        // when
+        accepted = checker.isAccepted("param1-param2");
+
+        // then
+        assertFalse("Dash was accepted", accepted.isAccepted());
+    }
 }
\ No newline at end of file