[
https://issues.apache.org/jira/browse/WW-4540?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14724851#comment-14724851
]
ASF GitHub Bot commented on WW-4540:
------------------------------------
GitHub user lukaszlenart opened a pull request:
https://github.com/apache/struts/pull/47
WW-4540: Strict DMI
This PR enables `Strict DMI` be default (or rather it's always enabled).
Thus will limit possible methods which can be called and executed as an action
methods.
Right now you can configure `global-allowed-methods` and `allowed-methods`
via `struts.xml` only but I'm going to add support for annotations as well.
To use the new functionality you must update DTD definition to `2.5`
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/lukaszlenart/struts strict-dmi
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/struts/pull/47.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #47
----
commit 065b5b79ae068ab7891a4232a0769290fd21bb17
Author: Lukasz Lenart <[email protected]>
Date: 2015-08-31T12:31:59Z
Drops wildcard as a valid action method
commit ce884e92a15ef601b0e119963d3c521fa68d8bb1
Author: Lukasz Lenart <[email protected]>
Date: 2015-08-31T12:33:31Z
Defines global-allowed-methods
commit fd22e3a16c88ef0528c1e26e0d6bdfdf1c02c755
Author: Lukasz Lenart <[email protected]>
Date: 2015-08-31T12:35:16Z
Uses global-allowed-methods config para
commit 55b8070048cbec0a6e08b1781f81b1bfdb3354f2
Author: Lukasz Lenart <[email protected]>
Date: 2015-08-31T12:41:57Z
Drops strict DMI
commit fb0c4a58507c7fb1af135bb376af5b475f43d7ee
Author: Lukasz Lenart <[email protected]>
Date: 2015-08-31T12:42:44Z
Drops outdated attribute
commit 4565993463f660e9be90b9fe9c3597ce54b58917
Author: Lukasz Lenart <[email protected]>
Date: 2015-08-31T12:43:21Z
Extends Unknown Handler to allowed check if method is allowed
commit c3f4457b8b8ad6bd0e89646d825f2ef5f9f91118
Author: Lukasz Lenart <[email protected]>
Date: 2015-08-31T12:43:31Z
Fixes tests
commit c1928ad06bdfbe245b1ed7d5bfeb07ed9bface37
Author: Lukasz Lenart <[email protected]>
Date: 2015-08-31T16:36:04Z
Fixes tests
commit 3b31c428856766389ad6df4ba1edc3d60ecf5e24
Author: Lukasz Lenart <[email protected]>
Date: 2015-08-31T16:36:29Z
Adds support for wildcards
commit 185530464b838b3aac9681b5ff5b16401ccef56d
Author: Lukasz Lenart <[email protected]>
Date: 2015-08-31T16:36:41Z
Simplifies implementation
commit 47a01eab10d940fdc134cb666d3d2db0280d8ca8
Author: Lukasz Lenart <[email protected]>
Date: 2015-08-31T18:28:45Z
Fixes typo
commit 63bb6e30e75facf5382608857494cf971f0378dd
Author: Lukasz Lenart <[email protected]>
Date: 2015-08-31T19:06:06Z
Adds missing comma
commit 4c7a7dd6c02457cf006318ed4621b7c432cc478c
Author: Lukasz Lenart <[email protected]>
Date: 2015-08-31T19:46:16Z
Adds null-safety
commit 77691563b9b8d2ad01c078a66d1ed207bf3611b3
Author: Lukasz Lenart <[email protected]>
Date: 2015-08-31T19:46:47Z
Implements required method
commit dd406fbb04e755c0545c318c3ea099674fb78363
Author: Lukasz Lenart <[email protected]>
Date: 2015-08-31T19:46:55Z
Fixes test
----
> Enable Strict DMI be default
> ----------------------------
>
> Key: WW-4540
> URL: https://issues.apache.org/jira/browse/WW-4540
> Project: Struts 2
> Issue Type: Improvement
> Components: Core Actions
> Reporter: Lukasz Lenart
> Assignee: Lukasz Lenart
> Fix For: 2.5
>
>
> Struts 2 already support {{Strict DMI}} but it's disabled by default.
> {{Strict DMI}} should be always enable to allow access only specific methods.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
