[ https://issues.apache.org/jira/browse/WW-5115?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17331505#comment-17331505 ]
Yasser Zamani commented on WW-5115: ----------------------------------- Sorry don't get it. As far as I see when DMI is enabled then it should accept {{action:myAction!save}} as per [DefaultAcceptedPatternsChecker.java#L57|https://github.com/apache/struts/blob/8a26c0d753c3a94d9e5e774c5109f59a5e3d79d6/core/src/main/java/com/opensymphony/xwork2/security/DefaultAcceptedPatternsChecker.java#L57] and consequently shouldn't log anything, or am I missing something? Or do you mean that the pattern is wrong that don't accept {{*action:myAction!save}}? If so then it's an another issue I think. > Reduce logging for DMI excluded parameters > ------------------------------------------- > > Key: WW-5115 > URL: https://issues.apache.org/jira/browse/WW-5115 > Project: Struts 2 > Issue Type: Improvement > Components: Core > Affects Versions: 2.5.25 > Reporter: Greg Huber > Priority: Minor > Fix For: 2.5.27, 2.6 > > Time Spent: 1h 20m > Remaining Estimate: 0h > > There are unnecessary log warning when DMI is enabled, from the > ParametersInterceptor. > WARN com.opensymphony.xwork2.interceptor.ParametersInterceptor > ParametersInterceptor:isAccepted - Parameter [action:myAction!save] didn't > match accepted pattern > [[\w+((\.\w+)|(\[\d+])|(\(\d+\))|(\['(\w|[\u4e00-\u9fa5])+'])|(\('(\w|[\u4e00-\u9fa5])+'\)))*]]! > See Accepted / Excluded patterns at > https://struts.apache.org/security/#accepted--excluded-patterns > eg the property 'action:myAction!save' should not be considered as a > bean/property parameter, as its used as part of DMI to submit the form. > Any property which matches the DMI method invocation "^(action|method):.*" > needs to be silently ignored and not logged in devMode=true. > DMI_AWARE_ACCEPTED_PATTERNS can also be dropped from > DefaultAcceptedPatternsChecker as the DMI action|method would never be a form > property. > public static final String[] DMI_AWARE_ACCEPTED_PATTERNS = { > > "\\w+([:]?\\w+)?((\\.\\w+)|(\\[\\d+])|(\\(\\d+\\))|(\\['(\\w|[\\u4e00-\\u9fa5])+'])|(\\('(\\w|[\\u4e00-\\u9fa5])+'\\)))*([!]?\\w+)?" > }; -- This message was sent by Atlassian Jira (v8.3.4#803005)