[
https://issues.apache.org/jira/browse/WW-5056?focusedWorklogId=533963&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-533963
]
ASF GitHub Bot logged work on WW-5056:
--------------------------------------
Author: ASF GitHub Bot
Created on: 10/Jan/21 10:53
Start Date: 10/Jan/21 10:53
Worklog Time Spent: 10m
Work Description: lukaszlenart merged pull request #466:
URL: https://github.com/apache/struts/pull/466
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 533963)
Time Spent: 50m (was: 40m)
> Standard Accepted Patterns in DefaultAcceptedPatternsChecker
> ------------------------------------------------------------
>
> Key: WW-5056
> URL: https://issues.apache.org/jira/browse/WW-5056
> Project: Struts 2
> Issue Type: Improvement
> Components: Core Interceptors
> Reporter: Andrea Vettori
> Priority: Minor
> Fix For: 2.6
>
> Time Spent: 50m
> Remaining Estimate: 0h
>
> Currently the regex used to match allowed parameters is
> {code}
> public static final String[] ACCEPTED_PATTERNS = {
>
> "\\w+((\\.\\w+)|(\\[\\d+\\])|(\\(\\d+\\))|(\\['(\\w|[\\u4e00-\\u9fa5])+'\\])|(\\('(\\w|[\\u4e00-\\u9fa5])+'\\)))*"
> };
> {code}
> For parameters that are mapped to a map, this restricts the keys to letters,
> numbers and underscore.
> It would be nice to allow all characters that are allowed in POST data and
> URLs, for example a parameter like map['key-subkey'] is currently not
> allowed, but it should cause no harm.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
