[ https://issues.apache.org/jira/browse/WW-5115?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17285709#comment-17285709 ]
Greg Huber commented on WW-5115: -------------------------------- That would sprinkle alot more unnecessary code over ParametersInterceptor. Possibly there is only one ignored pattern ie "^(action|method):.*". I remember you mentioning the struts.token.name can be changed to dashes? Ideally we don't want ignored patterns. > Reduce logging for DMI excluded parameters > ------------------------------------------- > > Key: WW-5115 > URL: https://issues.apache.org/jira/browse/WW-5115 > Project: Struts 2 > Issue Type: Improvement > Components: Core > Affects Versions: 2.5.25 > Reporter: Greg Huber > Assignee: Greg Huber > Priority: Minor > Fix For: 2.5.27, 2.6 > > Time Spent: 0.5h > Remaining Estimate: 0h > > There are unnecessary log warning when DMI is enabled, from the > ParametersInterceptor. > WARN com.opensymphony.xwork2.interceptor.ParametersInterceptor > ParametersInterceptor:isAccepted - Parameter [action:myAction!save] didn't > match accepted pattern > [[\w+((\.\w+)|(\[\d+])|(\(\d+\))|(\['(\w|[\u4e00-\u9fa5])+'])|(\('(\w|[\u4e00-\u9fa5])+'\)))*]]! > See Accepted / Excluded patterns at > https://struts.apache.org/security/#accepted--excluded-patterns > eg the property 'action:myAction!save' should not be considered as a > bean/property parameter, as its used as part of DMI to submit the form. > Any property which matches the DMI method invocation "^(action|method):.*" > needs to be silently ignored and not logged in devMode=true. > DMI_AWARE_ACCEPTED_PATTERNS can also be dropped from > DefaultAcceptedPatternsChecker as the DMI action|method would never be a form > property. > public static final String[] DMI_AWARE_ACCEPTED_PATTERNS = { > > "\\w+([:]?\\w+)?((\\.\\w+)|(\\[\\d+])|(\\(\\d+\\))|(\\['(\\w|[\\u4e00-\\u9fa5])+'])|(\\('(\\w|[\\u4e00-\\u9fa5])+'\\)))*([!]?\\w+)?" > }; -- This message was sent by Atlassian Jira (v8.3.4#803005)