Can there be two levels on the SMI?
If DMI is on and SMI is in relaxed-strict mode (false) we can leave the
{1} and prefix{0}suffix in so it works.
although it would be better to have some kind of regex ie
regex:([A-Z-a-z]*) for safety plus a max length!
Then if SMI is in strict mode (true) remove {1} and prefix{0}suffix so it
will then fall back on the global/allowed-methods.
Just a thought.
Cheers Greg
On 5 February 2016 at 09:23, Lukasz Lenart <lukaszlen...@apache.org> wrote:
> 2016-02-05 10:20 GMT+01:00 Greg Huber <gregh3...@gmail.com>:
> > my lastest comment..
> >
> > The entry that we don't want is {1} style
> >
> > PatternAllowedMethod{allowedMethodPattern=(.*), original='\{1\}'\}
> >
> > which is don't check anything, effectively disabling SMI.
> >
> > run{1}This style could be left in, as they are pretty restrictive, or is
> > there a regex for the pattern that could be added to the globals,
> > acknowledging there is a potential risk in your DMI?
>
> Yes, that true, but this approach is very strict and can affect many
> users/projects. I would like to hear other's opinion
>
>
> Regards
> --
> Ćukasz
> + 48 606 323 122 http://www.lenart.org.pl/
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
> For additional commands, e-mail: dev-h...@struts.apache.org
>
>
