Looking into this again, I am getting loads of these warnings in my logs
WARN com.opensymphony.xwork2.interceptor.ParametersInterceptor
ParametersInterceptor:isAccepted - Parameter [action:myAction!save]
didn't match accepted pattern
[[\w+((\.\w+)|(\[\d+])|(\(\d+\))|(\['(\w|[\u4e00-\u9fa5])+'])|(\('(\w|[\u4e00-\u9fa5])+'\)))*]]!
See Accepted / Excluded patterns at
https://struts.apache.org/security/#accepted--excluded-patterns
If I look at the
com.opensymphony.xwork2.security.DefaultAcceptedPatternsChecker there
are two patterns
ACCEPTED_PATTERNS and
DMI_AWARE_ACCEPTED_PATTERNS
There seems to be a @inject error on the DefaultAcceptedPatternsChecker
method? The @Inject should be above the public?
public DefaultAcceptedPatternsChecker(
@Inject(value =
StrutsConstants.STRUTS_ENABLE_DYNAMIC_METHOD_INVOCATION, required =
false) String dmiValue
) {
if (BooleanUtils.toBoolean(dmiValue)) {
LOG.debug("DMI is enabled, adding DMI related accepted
patterns");
setAcceptedPatterns(DMI_AWARE_ACCEPTED_PATTERNS);
} else {
setAcceptedPatterns(ACCEPTED_PATTERNS);
}
}
If I fix this locally, setting the DMI_AWARE_ACCEPTED_PATTERNS now
works, but there now seems something wrong with the regex as I now get a
warning
Error setting expression 'action:myAction!cancel' with value ['Cancel', ]
ERROR com.opensymphony.xwork2.interceptor.ParametersInterceptor
ParametersInterceptor:notifyDeveloperParameterException - Developer
Notification (set struts.devMode to false to disable this message):
Unexpected Exception caught setting 'action:myAction!cancel' on 'class
my.com.MyAction: Error setting expression 'action:myAction!cancel' with
value ['Cancel', ]
How does one check the regex on DMI_AWARE_ACCEPTED_PATTERNS ?
Cheers Greg
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org
