[jira] [Commented] (WW-4437) Bug in CookieInterceptor
[ https://issues.apache.org/jira/browse/WW-4437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14952980#comment-14952980 ] Hudson commented on WW-4437: SUCCESS: Integrated in Struts-JDK7-master #371 (See [https://builds.apache.org/job/Struts-JDK7-master/371/]) WW-4437 Fixes problem with accepted params (lukaszlenart: rev 40822d67f5b6b667bb2760986cb78efc9e2e3ac4) * core/src/test/java/org/apache/struts2/interceptor/CookieInterceptorTest.java * core/src/main/java/org/apache/struts2/interceptor/CookieInterceptor.java > Bug in CookieInterceptor > > > Key: WW-4437 > URL: https://issues.apache.org/jira/browse/WW-4437 > Project: Struts 2 > Issue Type: Bug > Components: Core Interceptors >Affects Versions: 2.3.20 >Reporter: Chris Pratt >Assignee: Lukasz Lenart > Fix For: 2.3.24 > > > Sorry, I don't have an environment set up to create a patch, but I found an > error in the {{CookieInterceptor.isAccepted()}} method. It currently looks > like: > {code:java} > /** > * Checks if name of Cookie match {@link #acceptedPattern} > * > * @param name of Cookie > * @return true|false > */ > protected boolean isAccepted(String name) { > boolean matches = acceptedPattern.matcher(name).matches(); > if (matches) { > if (LOG.isTraceEnabled()) { > LOG.trace("Cookie [#0] matches acceptedPattern [#1]", name, > ACCEPTED_PATTERN); > } > } else { > if (LOG.isTraceEnabled()) { > LOG.trace("Cookie [#0] doesn't match acceptedPattern [#1]", name, > ACCEPTED_PATTERN); > } > } > return matches; > } > {code} > But it would be more useful if it actually reported the RegEx being used > instead of the default. And, it would be more performant if the comparisons > were reversed. So something more like: > {code:java} > /** > * Checks if name of Cookie match {@link #acceptedPattern} > * > * @param name of Cookie > * @return true|false > */ > protected boolean isAccepted (String name) { > boolean matches = acceptedPattern.matcher(name).matches(); > if(LOG.isTraceEnabled()) { > if(matches) { > LOG.trace("Cookie [#0] matches acceptedPattern > [#1]",name,acceptedPattern.pattern()); > } else { > LOG.trace("Cookie [#0] doesn't match acceptedPattern > [#1]",name,acceptedPattern.pattern()); > } > } > return matches; > } > {code} > In addition, it looks like the default and the override are handled > differently. The current code compiles the default case-insensitive, but not > the override pattern. Shouldn't that be consistent? > {code:java} > private Pattern acceptedPattern = > Pattern.compile(ACCEPTED_PATTERN,Pattern.CASE_INSENSITIVE); > public void setAcceptCookieNames (String pattern) { > acceptedPattern = Pattern.compile(pattern); > } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (WW-4437) Bug in CookieInterceptor
[ https://issues.apache.org/jira/browse/WW-4437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14543649#comment-14543649 ] Lukasz Lenart commented on WW-4437: --- yes - you should use one version for all struts components, we do not cross test them > Bug in CookieInterceptor > > > Key: WW-4437 > URL: https://issues.apache.org/jira/browse/WW-4437 > Project: Struts 2 > Issue Type: Bug > Components: Core Interceptors >Affects Versions: 2.3.20 >Reporter: Chris Pratt >Assignee: Lukasz Lenart > Fix For: 2.3.24 > > > Sorry, I don't have an environment set up to create a patch, but I found an > error in the {{CookieInterceptor.isAccepted()}} method. It currently looks > like: > {code:java} > /** > * Checks if name of Cookie match {@link #acceptedPattern} > * > * @param name of Cookie > * @return true|false > */ > protected boolean isAccepted(String name) { > boolean matches = acceptedPattern.matcher(name).matches(); > if (matches) { > if (LOG.isTraceEnabled()) { > LOG.trace("Cookie [#0] matches acceptedPattern [#1]", name, > ACCEPTED_PATTERN); > } > } else { > if (LOG.isTraceEnabled()) { > LOG.trace("Cookie [#0] doesn't match acceptedPattern [#1]", name, > ACCEPTED_PATTERN); > } > } > return matches; > } > {code} > But it would be more useful if it actually reported the RegEx being used > instead of the default. And, it would be more performant if the comparisons > were reversed. So something more like: > {code:java} > /** > * Checks if name of Cookie match {@link #acceptedPattern} > * > * @param name of Cookie > * @return true|false > */ > protected boolean isAccepted (String name) { > boolean matches = acceptedPattern.matcher(name).matches(); > if(LOG.isTraceEnabled()) { > if(matches) { > LOG.trace("Cookie [#0] matches acceptedPattern > [#1]",name,acceptedPattern.pattern()); > } else { > LOG.trace("Cookie [#0] doesn't match acceptedPattern > [#1]",name,acceptedPattern.pattern()); > } > } > return matches; > } > {code} > In addition, it looks like the default and the override are handled > differently. The current code compiles the default case-insensitive, but not > the override pattern. Shouldn't that be consistent? > {code:java} > private Pattern acceptedPattern = > Pattern.compile(ACCEPTED_PATTERN,Pattern.CASE_INSENSITIVE); > public void setAcceptCookieNames (String pattern) { > acceptedPattern = Pattern.compile(pattern); > } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (WW-4437) Bug in CookieInterceptor
[ https://issues.apache.org/jira/browse/WW-4437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14543636#comment-14543636 ] Josef Vermach commented on WW-4437: --- Ok. Can I have one more question: Should we upgrade as well {noformat} org.apache.struts struts2-tiles-plugin 2.3.16.3{noformat} to 2.3.24? > Bug in CookieInterceptor > > > Key: WW-4437 > URL: https://issues.apache.org/jira/browse/WW-4437 > Project: Struts 2 > Issue Type: Bug > Components: Core Interceptors >Affects Versions: 2.3.20 >Reporter: Chris Pratt >Assignee: Lukasz Lenart > Fix For: 2.3.24 > > > Sorry, I don't have an environment set up to create a patch, but I found an > error in the {{CookieInterceptor.isAccepted()}} method. It currently looks > like: > {code:java} > /** > * Checks if name of Cookie match {@link #acceptedPattern} > * > * @param name of Cookie > * @return true|false > */ > protected boolean isAccepted(String name) { > boolean matches = acceptedPattern.matcher(name).matches(); > if (matches) { > if (LOG.isTraceEnabled()) { > LOG.trace("Cookie [#0] matches acceptedPattern [#1]", name, > ACCEPTED_PATTERN); > } > } else { > if (LOG.isTraceEnabled()) { > LOG.trace("Cookie [#0] doesn't match acceptedPattern [#1]", name, > ACCEPTED_PATTERN); > } > } > return matches; > } > {code} > But it would be more useful if it actually reported the RegEx being used > instead of the default. And, it would be more performant if the comparisons > were reversed. So something more like: > {code:java} > /** > * Checks if name of Cookie match {@link #acceptedPattern} > * > * @param name of Cookie > * @return true|false > */ > protected boolean isAccepted (String name) { > boolean matches = acceptedPattern.matcher(name).matches(); > if(LOG.isTraceEnabled()) { > if(matches) { > LOG.trace("Cookie [#0] matches acceptedPattern > [#1]",name,acceptedPattern.pattern()); > } else { > LOG.trace("Cookie [#0] doesn't match acceptedPattern > [#1]",name,acceptedPattern.pattern()); > } > } > return matches; > } > {code} > In addition, it looks like the default and the override are handled > differently. The current code compiles the default case-insensitive, but not > the override pattern. Shouldn't that be consistent? > {code:java} > private Pattern acceptedPattern = > Pattern.compile(ACCEPTED_PATTERN,Pattern.CASE_INSENSITIVE); > public void setAcceptCookieNames (String pattern) { > acceptedPattern = Pattern.compile(pattern); > } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (WW-4437) Bug in CookieInterceptor
[ https://issues.apache.org/jira/browse/WW-4437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14543332#comment-14543332 ] Lukasz Lenart commented on WW-4437: --- Maybe be not be it was the only possibility to mitigate possible vulnerability > Bug in CookieInterceptor > > > Key: WW-4437 > URL: https://issues.apache.org/jira/browse/WW-4437 > Project: Struts 2 > Issue Type: Bug > Components: Core Interceptors >Affects Versions: 2.3.20 >Reporter: Chris Pratt >Assignee: Lukasz Lenart > Fix For: 2.3.24 > > > Sorry, I don't have an environment set up to create a patch, but I found an > error in the {{CookieInterceptor.isAccepted()}} method. It currently looks > like: > {code:java} > /** > * Checks if name of Cookie match {@link #acceptedPattern} > * > * @param name of Cookie > * @return true|false > */ > protected boolean isAccepted(String name) { > boolean matches = acceptedPattern.matcher(name).matches(); > if (matches) { > if (LOG.isTraceEnabled()) { > LOG.trace("Cookie [#0] matches acceptedPattern [#1]", name, > ACCEPTED_PATTERN); > } > } else { > if (LOG.isTraceEnabled()) { > LOG.trace("Cookie [#0] doesn't match acceptedPattern [#1]", name, > ACCEPTED_PATTERN); > } > } > return matches; > } > {code} > But it would be more useful if it actually reported the RegEx being used > instead of the default. And, it would be more performant if the comparisons > were reversed. So something more like: > {code:java} > /** > * Checks if name of Cookie match {@link #acceptedPattern} > * > * @param name of Cookie > * @return true|false > */ > protected boolean isAccepted (String name) { > boolean matches = acceptedPattern.matcher(name).matches(); > if(LOG.isTraceEnabled()) { > if(matches) { > LOG.trace("Cookie [#0] matches acceptedPattern > [#1]",name,acceptedPattern.pattern()); > } else { > LOG.trace("Cookie [#0] doesn't match acceptedPattern > [#1]",name,acceptedPattern.pattern()); > } > } > return matches; > } > {code} > In addition, it looks like the default and the override are handled > differently. The current code compiles the default case-insensitive, but not > the override pattern. Shouldn't that be consistent? > {code:java} > private Pattern acceptedPattern = > Pattern.compile(ACCEPTED_PATTERN,Pattern.CASE_INSENSITIVE); > public void setAcceptCookieNames (String pattern) { > acceptedPattern = Pattern.compile(pattern); > } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (WW-4437) Bug in CookieInterceptor
[ https://issues.apache.org/jira/browse/WW-4437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14543315#comment-14543315 ] Josef Vermach commented on WW-4437: --- Hi, Thanks it helped. We are now able to run our application. But the problem with rejected cookie still persists. I think it is because that accepted_pattern, which we define in struts, is in struts 2.3.24 used as well for value (in struts 2.3.16.3 it was not). We will try to change our pattern. Thanks for helping. > Bug in CookieInterceptor > > > Key: WW-4437 > URL: https://issues.apache.org/jira/browse/WW-4437 > Project: Struts 2 > Issue Type: Bug > Components: Core Interceptors >Affects Versions: 2.3.20 >Reporter: Chris Pratt >Assignee: Lukasz Lenart > Fix For: 2.3.24 > > > Sorry, I don't have an environment set up to create a patch, but I found an > error in the {{CookieInterceptor.isAccepted()}} method. It currently looks > like: > {code:java} > /** > * Checks if name of Cookie match {@link #acceptedPattern} > * > * @param name of Cookie > * @return true|false > */ > protected boolean isAccepted(String name) { > boolean matches = acceptedPattern.matcher(name).matches(); > if (matches) { > if (LOG.isTraceEnabled()) { > LOG.trace("Cookie [#0] matches acceptedPattern [#1]", name, > ACCEPTED_PATTERN); > } > } else { > if (LOG.isTraceEnabled()) { > LOG.trace("Cookie [#0] doesn't match acceptedPattern [#1]", name, > ACCEPTED_PATTERN); > } > } > return matches; > } > {code} > But it would be more useful if it actually reported the RegEx being used > instead of the default. And, it would be more performant if the comparisons > were reversed. So something more like: > {code:java} > /** > * Checks if name of Cookie match {@link #acceptedPattern} > * > * @param name of Cookie > * @return true|false > */ > protected boolean isAccepted (String name) { > boolean matches = acceptedPattern.matcher(name).matches(); > if(LOG.isTraceEnabled()) { > if(matches) { > LOG.trace("Cookie [#0] matches acceptedPattern > [#1]",name,acceptedPattern.pattern()); > } else { > LOG.trace("Cookie [#0] doesn't match acceptedPattern > [#1]",name,acceptedPattern.pattern()); > } > } > return matches; > } > {code} > In addition, it looks like the default and the override are handled > differently. The current code compiles the default case-insensitive, but not > the override pattern. Shouldn't that be consistent? > {code:java} > private Pattern acceptedPattern = > Pattern.compile(ACCEPTED_PATTERN,Pattern.CASE_INSENSITIVE); > public void setAcceptCookieNames (String pattern) { > acceptedPattern = Pattern.compile(pattern); > } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (WW-4437) Bug in CookieInterceptor
[ https://issues.apache.org/jira/browse/WW-4437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14541461#comment-14541461 ] Lukasz Lenart commented on WW-4437: --- I meant FM 2.3.22 :) > Bug in CookieInterceptor > > > Key: WW-4437 > URL: https://issues.apache.org/jira/browse/WW-4437 > Project: Struts 2 > Issue Type: Bug > Components: Core Interceptors >Affects Versions: 2.3.20 >Reporter: Chris Pratt >Assignee: Lukasz Lenart > Fix For: 2.3.24 > > > Sorry, I don't have an environment set up to create a patch, but I found an > error in the {{CookieInterceptor.isAccepted()}} method. It currently looks > like: > {code:java} > /** > * Checks if name of Cookie match {@link #acceptedPattern} > * > * @param name of Cookie > * @return true|false > */ > protected boolean isAccepted(String name) { > boolean matches = acceptedPattern.matcher(name).matches(); > if (matches) { > if (LOG.isTraceEnabled()) { > LOG.trace("Cookie [#0] matches acceptedPattern [#1]", name, > ACCEPTED_PATTERN); > } > } else { > if (LOG.isTraceEnabled()) { > LOG.trace("Cookie [#0] doesn't match acceptedPattern [#1]", name, > ACCEPTED_PATTERN); > } > } > return matches; > } > {code} > But it would be more useful if it actually reported the RegEx being used > instead of the default. And, it would be more performant if the comparisons > were reversed. So something more like: > {code:java} > /** > * Checks if name of Cookie match {@link #acceptedPattern} > * > * @param name of Cookie > * @return true|false > */ > protected boolean isAccepted (String name) { > boolean matches = acceptedPattern.matcher(name).matches(); > if(LOG.isTraceEnabled()) { > if(matches) { > LOG.trace("Cookie [#0] matches acceptedPattern > [#1]",name,acceptedPattern.pattern()); > } else { > LOG.trace("Cookie [#0] doesn't match acceptedPattern > [#1]",name,acceptedPattern.pattern()); > } > } > return matches; > } > {code} > In addition, it looks like the default and the override are handled > differently. The current code compiles the default case-insensitive, but not > the override pattern. Shouldn't that be consistent? > {code:java} > private Pattern acceptedPattern = > Pattern.compile(ACCEPTED_PATTERN,Pattern.CASE_INSENSITIVE); > public void setAcceptCookieNames (String pattern) { > acceptedPattern = Pattern.compile(pattern); > } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (WW-4437) Bug in CookieInterceptor
[ https://issues.apache.org/jira/browse/WW-4437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14541322#comment-14541322 ] Lukasz Lenart commented on WW-4437: --- You should throw it away, FM was upgrade to the latest available version 2.3.24, see WW-4484 and it's set to be backward compatible http://struts.apache.org/docs/freemarker.html#FreeMarker-IncompatibleImprovements > Bug in CookieInterceptor > > > Key: WW-4437 > URL: https://issues.apache.org/jira/browse/WW-4437 > Project: Struts 2 > Issue Type: Bug > Components: Core Interceptors >Affects Versions: 2.3.20 >Reporter: Chris Pratt >Assignee: Lukasz Lenart > Fix For: 2.3.24 > > > Sorry, I don't have an environment set up to create a patch, but I found an > error in the {{CookieInterceptor.isAccepted()}} method. It currently looks > like: > {code:java} > /** > * Checks if name of Cookie match {@link #acceptedPattern} > * > * @param name of Cookie > * @return true|false > */ > protected boolean isAccepted(String name) { > boolean matches = acceptedPattern.matcher(name).matches(); > if (matches) { > if (LOG.isTraceEnabled()) { > LOG.trace("Cookie [#0] matches acceptedPattern [#1]", name, > ACCEPTED_PATTERN); > } > } else { > if (LOG.isTraceEnabled()) { > LOG.trace("Cookie [#0] doesn't match acceptedPattern [#1]", name, > ACCEPTED_PATTERN); > } > } > return matches; > } > {code} > But it would be more useful if it actually reported the RegEx being used > instead of the default. And, it would be more performant if the comparisons > were reversed. So something more like: > {code:java} > /** > * Checks if name of Cookie match {@link #acceptedPattern} > * > * @param name of Cookie > * @return true|false > */ > protected boolean isAccepted (String name) { > boolean matches = acceptedPattern.matcher(name).matches(); > if(LOG.isTraceEnabled()) { > if(matches) { > LOG.trace("Cookie [#0] matches acceptedPattern > [#1]",name,acceptedPattern.pattern()); > } else { > LOG.trace("Cookie [#0] doesn't match acceptedPattern > [#1]",name,acceptedPattern.pattern()); > } > } > return matches; > } > {code} > In addition, it looks like the default and the override are handled > differently. The current code compiles the default case-insensitive, but not > the override pattern. Shouldn't that be consistent? > {code:java} > private Pattern acceptedPattern = > Pattern.compile(ACCEPTED_PATTERN,Pattern.CASE_INSENSITIVE); > public void setAcceptCookieNames (String pattern) { > acceptedPattern = Pattern.compile(pattern); > } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (WW-4437) Bug in CookieInterceptor
[ https://issues.apache.org/jira/browse/WW-4437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14540622#comment-14540622 ] Josef Vermach commented on WW-4437: --- yes, we use it as dependency. we used 2.3.19, but neither if I try 2.3.20 it does not work. > Bug in CookieInterceptor > > > Key: WW-4437 > URL: https://issues.apache.org/jira/browse/WW-4437 > Project: Struts 2 > Issue Type: Bug > Components: Core Interceptors >Affects Versions: 2.3.20 >Reporter: Chris Pratt >Assignee: Lukasz Lenart > Fix For: 2.3.24 > > > Sorry, I don't have an environment set up to create a patch, but I found an > error in the {{CookieInterceptor.isAccepted()}} method. It currently looks > like: > {code:java} > /** > * Checks if name of Cookie match {@link #acceptedPattern} > * > * @param name of Cookie > * @return true|false > */ > protected boolean isAccepted(String name) { > boolean matches = acceptedPattern.matcher(name).matches(); > if (matches) { > if (LOG.isTraceEnabled()) { > LOG.trace("Cookie [#0] matches acceptedPattern [#1]", name, > ACCEPTED_PATTERN); > } > } else { > if (LOG.isTraceEnabled()) { > LOG.trace("Cookie [#0] doesn't match acceptedPattern [#1]", name, > ACCEPTED_PATTERN); > } > } > return matches; > } > {code} > But it would be more useful if it actually reported the RegEx being used > instead of the default. And, it would be more performant if the comparisons > were reversed. So something more like: > {code:java} > /** > * Checks if name of Cookie match {@link #acceptedPattern} > * > * @param name of Cookie > * @return true|false > */ > protected boolean isAccepted (String name) { > boolean matches = acceptedPattern.matcher(name).matches(); > if(LOG.isTraceEnabled()) { > if(matches) { > LOG.trace("Cookie [#0] matches acceptedPattern > [#1]",name,acceptedPattern.pattern()); > } else { > LOG.trace("Cookie [#0] doesn't match acceptedPattern > [#1]",name,acceptedPattern.pattern()); > } > } > return matches; > } > {code} > In addition, it looks like the default and the override are handled > differently. The current code compiles the default case-insensitive, but not > the override pattern. Shouldn't that be consistent? > {code:java} > private Pattern acceptedPattern = > Pattern.compile(ACCEPTED_PATTERN,Pattern.CASE_INSENSITIVE); > public void setAcceptCookieNames (String pattern) { > acceptedPattern = Pattern.compile(pattern); > } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (WW-4437) Bug in CookieInterceptor
[ https://issues.apache.org/jira/browse/WW-4437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14540544#comment-14540544 ] Lukasz Lenart commented on WW-4437: --- Do you use different version of FreeMarker? as dependency in pom? > Bug in CookieInterceptor > > > Key: WW-4437 > URL: https://issues.apache.org/jira/browse/WW-4437 > Project: Struts 2 > Issue Type: Bug > Components: Core Interceptors >Affects Versions: 2.3.20 >Reporter: Chris Pratt >Assignee: Lukasz Lenart > Fix For: 2.3.24 > > > Sorry, I don't have an environment set up to create a patch, but I found an > error in the {{CookieInterceptor.isAccepted()}} method. It currently looks > like: > {code:java} > /** > * Checks if name of Cookie match {@link #acceptedPattern} > * > * @param name of Cookie > * @return true|false > */ > protected boolean isAccepted(String name) { > boolean matches = acceptedPattern.matcher(name).matches(); > if (matches) { > if (LOG.isTraceEnabled()) { > LOG.trace("Cookie [#0] matches acceptedPattern [#1]", name, > ACCEPTED_PATTERN); > } > } else { > if (LOG.isTraceEnabled()) { > LOG.trace("Cookie [#0] doesn't match acceptedPattern [#1]", name, > ACCEPTED_PATTERN); > } > } > return matches; > } > {code} > But it would be more useful if it actually reported the RegEx being used > instead of the default. And, it would be more performant if the comparisons > were reversed. So something more like: > {code:java} > /** > * Checks if name of Cookie match {@link #acceptedPattern} > * > * @param name of Cookie > * @return true|false > */ > protected boolean isAccepted (String name) { > boolean matches = acceptedPattern.matcher(name).matches(); > if(LOG.isTraceEnabled()) { > if(matches) { > LOG.trace("Cookie [#0] matches acceptedPattern > [#1]",name,acceptedPattern.pattern()); > } else { > LOG.trace("Cookie [#0] doesn't match acceptedPattern > [#1]",name,acceptedPattern.pattern()); > } > } > return matches; > } > {code} > In addition, it looks like the default and the override are handled > differently. The current code compiles the default case-insensitive, but not > the override pattern. Shouldn't that be consistent? > {code:java} > private Pattern acceptedPattern = > Pattern.compile(ACCEPTED_PATTERN,Pattern.CASE_INSENSITIVE); > public void setAcceptCookieNames (String pattern) { > acceptedPattern = Pattern.compile(pattern); > } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (WW-4437) Bug in CookieInterceptor
[ https://issues.apache.org/jira/browse/WW-4437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14540047#comment-14540047 ] Josef Vermach commented on WW-4437: --- Ok, thanks! We tried to do ugrade but we are not able to start application. Caused by: {noformat} Exception starting filter struts2 java.lang.NoSuchFieldError: VERSION_2_3_0 at org.apache.struts2.views.freemarker.FreemarkerManager.createConfiguration(FreemarkerManager.java:331) at org.apache.struts2.views.freemarker.FreemarkerManager.init(FreemarkerManager.java:282) at org.apache.struts2.views.freemarker.FreemarkerManager.getConfiguration(FreemarkerManager.java:269) at org.apache.struts2.dispatcher.DefaultDispatcherErrorHandler.init(DefaultDispatcherErrorHandler.java:47) at org.apache.struts2.dispatcher.Dispatcher.init(Dispatcher.java:488) ... {noformat} > Bug in CookieInterceptor > > > Key: WW-4437 > URL: https://issues.apache.org/jira/browse/WW-4437 > Project: Struts 2 > Issue Type: Bug > Components: Core Interceptors >Affects Versions: 2.3.20 >Reporter: Chris Pratt >Assignee: Lukasz Lenart > Fix For: 2.3.24 > > > Sorry, I don't have an environment set up to create a patch, but I found an > error in the {{CookieInterceptor.isAccepted()}} method. It currently looks > like: > {code:java} > /** > * Checks if name of Cookie match {@link #acceptedPattern} > * > * @param name of Cookie > * @return true|false > */ > protected boolean isAccepted(String name) { > boolean matches = acceptedPattern.matcher(name).matches(); > if (matches) { > if (LOG.isTraceEnabled()) { > LOG.trace("Cookie [#0] matches acceptedPattern [#1]", name, > ACCEPTED_PATTERN); > } > } else { > if (LOG.isTraceEnabled()) { > LOG.trace("Cookie [#0] doesn't match acceptedPattern [#1]", name, > ACCEPTED_PATTERN); > } > } > return matches; > } > {code} > But it would be more useful if it actually reported the RegEx being used > instead of the default. And, it would be more performant if the comparisons > were reversed. So something more like: > {code:java} > /** > * Checks if name of Cookie match {@link #acceptedPattern} > * > * @param name of Cookie > * @return true|false > */ > protected boolean isAccepted (String name) { > boolean matches = acceptedPattern.matcher(name).matches(); > if(LOG.isTraceEnabled()) { > if(matches) { > LOG.trace("Cookie [#0] matches acceptedPattern > [#1]",name,acceptedPattern.pattern()); > } else { > LOG.trace("Cookie [#0] doesn't match acceptedPattern > [#1]",name,acceptedPattern.pattern()); > } > } > return matches; > } > {code} > In addition, it looks like the default and the override are handled > differently. The current code compiles the default case-insensitive, but not > the override pattern. Shouldn't that be consistent? > {code:java} > private Pattern acceptedPattern = > Pattern.compile(ACCEPTED_PATTERN,Pattern.CASE_INSENSITIVE); > public void setAcceptCookieNames (String pattern) { > acceptedPattern = Pattern.compile(pattern); > } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (WW-4437) Bug in CookieInterceptor
[ https://issues.apache.org/jira/browse/WW-4437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14539542#comment-14539542 ] Lukasz Lenart commented on WW-4437: --- It's already in the Central http://search.maven.org/#search|ga|1|struts2-core - site will be updated tomorrow > Bug in CookieInterceptor > > > Key: WW-4437 > URL: https://issues.apache.org/jira/browse/WW-4437 > Project: Struts 2 > Issue Type: Bug > Components: Core Interceptors >Affects Versions: 2.3.20 >Reporter: Chris Pratt >Assignee: Lukasz Lenart > Fix For: 2.3.24 > > > Sorry, I don't have an environment set up to create a patch, but I found an > error in the {{CookieInterceptor.isAccepted()}} method. It currently looks > like: > {code:java} > /** > * Checks if name of Cookie match {@link #acceptedPattern} > * > * @param name of Cookie > * @return true|false > */ > protected boolean isAccepted(String name) { > boolean matches = acceptedPattern.matcher(name).matches(); > if (matches) { > if (LOG.isTraceEnabled()) { > LOG.trace("Cookie [#0] matches acceptedPattern [#1]", name, > ACCEPTED_PATTERN); > } > } else { > if (LOG.isTraceEnabled()) { > LOG.trace("Cookie [#0] doesn't match acceptedPattern [#1]", name, > ACCEPTED_PATTERN); > } > } > return matches; > } > {code} > But it would be more useful if it actually reported the RegEx being used > instead of the default. And, it would be more performant if the comparisons > were reversed. So something more like: > {code:java} > /** > * Checks if name of Cookie match {@link #acceptedPattern} > * > * @param name of Cookie > * @return true|false > */ > protected boolean isAccepted (String name) { > boolean matches = acceptedPattern.matcher(name).matches(); > if(LOG.isTraceEnabled()) { > if(matches) { > LOG.trace("Cookie [#0] matches acceptedPattern > [#1]",name,acceptedPattern.pattern()); > } else { > LOG.trace("Cookie [#0] doesn't match acceptedPattern > [#1]",name,acceptedPattern.pattern()); > } > } > return matches; > } > {code} > In addition, it looks like the default and the override are handled > differently. The current code compiles the default case-insensitive, but not > the override pattern. Shouldn't that be consistent? > {code:java} > private Pattern acceptedPattern = > Pattern.compile(ACCEPTED_PATTERN,Pattern.CASE_INSENSITIVE); > public void setAcceptCookieNames (String pattern) { > acceptedPattern = Pattern.compile(pattern); > } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (WW-4437) Bug in CookieInterceptor
[ https://issues.apache.org/jira/browse/WW-4437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14539524#comment-14539524 ] Josef Vermach commented on WW-4437: --- Thanks, I would like to, but where can we download Struts 2.3.24 from? It is not available yet on http://mvnrepository.com/artifact/org.apache.struts neither on https://struts.apache.org/ ... > Bug in CookieInterceptor > > > Key: WW-4437 > URL: https://issues.apache.org/jira/browse/WW-4437 > Project: Struts 2 > Issue Type: Bug > Components: Core Interceptors >Affects Versions: 2.3.20 >Reporter: Chris Pratt >Assignee: Lukasz Lenart > Fix For: 2.3.24 > > > Sorry, I don't have an environment set up to create a patch, but I found an > error in the {{CookieInterceptor.isAccepted()}} method. It currently looks > like: > {code:java} > /** > * Checks if name of Cookie match {@link #acceptedPattern} > * > * @param name of Cookie > * @return true|false > */ > protected boolean isAccepted(String name) { > boolean matches = acceptedPattern.matcher(name).matches(); > if (matches) { > if (LOG.isTraceEnabled()) { > LOG.trace("Cookie [#0] matches acceptedPattern [#1]", name, > ACCEPTED_PATTERN); > } > } else { > if (LOG.isTraceEnabled()) { > LOG.trace("Cookie [#0] doesn't match acceptedPattern [#1]", name, > ACCEPTED_PATTERN); > } > } > return matches; > } > {code} > But it would be more useful if it actually reported the RegEx being used > instead of the default. And, it would be more performant if the comparisons > were reversed. So something more like: > {code:java} > /** > * Checks if name of Cookie match {@link #acceptedPattern} > * > * @param name of Cookie > * @return true|false > */ > protected boolean isAccepted (String name) { > boolean matches = acceptedPattern.matcher(name).matches(); > if(LOG.isTraceEnabled()) { > if(matches) { > LOG.trace("Cookie [#0] matches acceptedPattern > [#1]",name,acceptedPattern.pattern()); > } else { > LOG.trace("Cookie [#0] doesn't match acceptedPattern > [#1]",name,acceptedPattern.pattern()); > } > } > return matches; > } > {code} > In addition, it looks like the default and the override are handled > differently. The current code compiles the default case-insensitive, but not > the override pattern. Shouldn't that be consistent? > {code:java} > private Pattern acceptedPattern = > Pattern.compile(ACCEPTED_PATTERN,Pattern.CASE_INSENSITIVE); > public void setAcceptCookieNames (String pattern) { > acceptedPattern = Pattern.compile(pattern); > } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (WW-4437) Bug in CookieInterceptor
[ https://issues.apache.org/jira/browse/WW-4437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14539494#comment-14539494 ] Lukasz Lenart commented on WW-4437: --- You can try 2.3.24 which is officially out (announcement is underway) > Bug in CookieInterceptor > > > Key: WW-4437 > URL: https://issues.apache.org/jira/browse/WW-4437 > Project: Struts 2 > Issue Type: Bug > Components: Core Interceptors >Affects Versions: 2.3.20 >Reporter: Chris Pratt >Assignee: Lukasz Lenart > Fix For: 2.3.24 > > > Sorry, I don't have an environment set up to create a patch, but I found an > error in the {{CookieInterceptor.isAccepted()}} method. It currently looks > like: > {code:java} > /** > * Checks if name of Cookie match {@link #acceptedPattern} > * > * @param name of Cookie > * @return true|false > */ > protected boolean isAccepted(String name) { > boolean matches = acceptedPattern.matcher(name).matches(); > if (matches) { > if (LOG.isTraceEnabled()) { > LOG.trace("Cookie [#0] matches acceptedPattern [#1]", name, > ACCEPTED_PATTERN); > } > } else { > if (LOG.isTraceEnabled()) { > LOG.trace("Cookie [#0] doesn't match acceptedPattern [#1]", name, > ACCEPTED_PATTERN); > } > } > return matches; > } > {code} > But it would be more useful if it actually reported the RegEx being used > instead of the default. And, it would be more performant if the comparisons > were reversed. So something more like: > {code:java} > /** > * Checks if name of Cookie match {@link #acceptedPattern} > * > * @param name of Cookie > * @return true|false > */ > protected boolean isAccepted (String name) { > boolean matches = acceptedPattern.matcher(name).matches(); > if(LOG.isTraceEnabled()) { > if(matches) { > LOG.trace("Cookie [#0] matches acceptedPattern > [#1]",name,acceptedPattern.pattern()); > } else { > LOG.trace("Cookie [#0] doesn't match acceptedPattern > [#1]",name,acceptedPattern.pattern()); > } > } > return matches; > } > {code} > In addition, it looks like the default and the override are handled > differently. The current code compiles the default case-insensitive, but not > the override pattern. Shouldn't that be consistent? > {code:java} > private Pattern acceptedPattern = > Pattern.compile(ACCEPTED_PATTERN,Pattern.CASE_INSENSITIVE); > public void setAcceptCookieNames (String pattern) { > acceptedPattern = Pattern.compile(pattern); > } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (WW-4437) Bug in CookieInterceptor
[ https://issues.apache.org/jira/browse/WW-4437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14539492#comment-14539492 ] Josef Vermach commented on WW-4437: --- After upgrade to Struts 2.3.20 we have a lot of messages like {noformat}2015-04-30 04:12:07 CEST TP-Processor48 WARN CookieInterceptor[PTO CAB6B12D31FCA5328740F548E0798B83.online2]: Cookie name [minibasketContent] with value [%7B%22uuid%22%3A%22911b3a4f-4bc6-4e5b-9d37-1f207786dd47%22%2C%22count%22%3A1%2C%22total%22%3A%2224.95%22%7D] was rejected!{noformat} I found that problem is that value is not accepted. It worked correctly with Struts 2.3.16.3. Can we somehow solve it? > Bug in CookieInterceptor > > > Key: WW-4437 > URL: https://issues.apache.org/jira/browse/WW-4437 > Project: Struts 2 > Issue Type: Bug > Components: Core Interceptors >Affects Versions: 2.3.20 >Reporter: Chris Pratt >Assignee: Lukasz Lenart > Fix For: 2.3.24 > > > Sorry, I don't have an environment set up to create a patch, but I found an > error in the {{CookieInterceptor.isAccepted()}} method. It currently looks > like: > {code:java} > /** > * Checks if name of Cookie match {@link #acceptedPattern} > * > * @param name of Cookie > * @return true|false > */ > protected boolean isAccepted(String name) { > boolean matches = acceptedPattern.matcher(name).matches(); > if (matches) { > if (LOG.isTraceEnabled()) { > LOG.trace("Cookie [#0] matches acceptedPattern [#1]", name, > ACCEPTED_PATTERN); > } > } else { > if (LOG.isTraceEnabled()) { > LOG.trace("Cookie [#0] doesn't match acceptedPattern [#1]", name, > ACCEPTED_PATTERN); > } > } > return matches; > } > {code} > But it would be more useful if it actually reported the RegEx being used > instead of the default. And, it would be more performant if the comparisons > were reversed. So something more like: > {code:java} > /** > * Checks if name of Cookie match {@link #acceptedPattern} > * > * @param name of Cookie > * @return true|false > */ > protected boolean isAccepted (String name) { > boolean matches = acceptedPattern.matcher(name).matches(); > if(LOG.isTraceEnabled()) { > if(matches) { > LOG.trace("Cookie [#0] matches acceptedPattern > [#1]",name,acceptedPattern.pattern()); > } else { > LOG.trace("Cookie [#0] doesn't match acceptedPattern > [#1]",name,acceptedPattern.pattern()); > } > } > return matches; > } > {code} > In addition, it looks like the default and the override are handled > differently. The current code compiles the default case-insensitive, but not > the override pattern. Shouldn't that be consistent? > {code:java} > private Pattern acceptedPattern = > Pattern.compile(ACCEPTED_PATTERN,Pattern.CASE_INSENSITIVE); > public void setAcceptCookieNames (String pattern) { > acceptedPattern = Pattern.compile(pattern); > } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (WW-4437) Bug in CookieInterceptor
[ https://issues.apache.org/jira/browse/WW-4437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14262325#comment-14262325 ] Hudson commented on WW-4437: FAILURE: Integrated in Struts-JDK6-master #901 (See [https://builds.apache.org/job/Struts-JDK6-master/901/]) WW-4437 Fixes problem with accepted params (lukaszlenart: rev 40822d67f5b6b667bb2760986cb78efc9e2e3ac4) * core/src/test/java/org/apache/struts2/interceptor/CookieInterceptorTest.java * core/src/main/java/org/apache/struts2/interceptor/CookieInterceptor.java > Bug in CookieInterceptor > > > Key: WW-4437 > URL: https://issues.apache.org/jira/browse/WW-4437 > Project: Struts 2 > Issue Type: Bug > Components: Core Interceptors >Affects Versions: 2.3.20 >Reporter: Chris Pratt >Assignee: Lukasz Lenart > Fix For: 2.3.21 > > > Sorry, I don't have an environment set up to create a patch, but I found an > error in the {{CookieInterceptor.isAccepted()}} method. It currently looks > like: > {code:java} > /** > * Checks if name of Cookie match {@link #acceptedPattern} > * > * @param name of Cookie > * @return true|false > */ > protected boolean isAccepted(String name) { > boolean matches = acceptedPattern.matcher(name).matches(); > if (matches) { > if (LOG.isTraceEnabled()) { > LOG.trace("Cookie [#0] matches acceptedPattern [#1]", name, > ACCEPTED_PATTERN); > } > } else { > if (LOG.isTraceEnabled()) { > LOG.trace("Cookie [#0] doesn't match acceptedPattern [#1]", name, > ACCEPTED_PATTERN); > } > } > return matches; > } > {code} > But it would be more useful if it actually reported the RegEx being used > instead of the default. And, it would be more performant if the comparisons > were reversed. So something more like: > {code:java} > /** > * Checks if name of Cookie match {@link #acceptedPattern} > * > * @param name of Cookie > * @return true|false > */ > protected boolean isAccepted (String name) { > boolean matches = acceptedPattern.matcher(name).matches(); > if(LOG.isTraceEnabled()) { > if(matches) { > LOG.trace("Cookie [#0] matches acceptedPattern > [#1]",name,acceptedPattern.pattern()); > } else { > LOG.trace("Cookie [#0] doesn't match acceptedPattern > [#1]",name,acceptedPattern.pattern()); > } > } > return matches; > } > {code} > In addition, it looks like the default and the override are handled > differently. The current code compiles the default case-insensitive, but not > the override pattern. Shouldn't that be consistent? > {code:java} > private Pattern acceptedPattern = > Pattern.compile(ACCEPTED_PATTERN,Pattern.CASE_INSENSITIVE); > public void setAcceptCookieNames (String pattern) { > acceptedPattern = Pattern.compile(pattern); > } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (WW-4437) Bug in CookieInterceptor
[ https://issues.apache.org/jira/browse/WW-4437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14260013#comment-14260013 ] Hudson commented on WW-4437: SUCCESS: Integrated in Struts-JDK7-pull-request #21 (See [https://builds.apache.org/job/Struts-JDK7-pull-request/21/]) WW-4437 Fixes problem with accepted params (lukaszlenart: rev 40822d67f5b6b667bb2760986cb78efc9e2e3ac4) * core/src/main/java/org/apache/struts2/interceptor/CookieInterceptor.java * core/src/test/java/org/apache/struts2/interceptor/CookieInterceptorTest.java > Bug in CookieInterceptor > > > Key: WW-4437 > URL: https://issues.apache.org/jira/browse/WW-4437 > Project: Struts 2 > Issue Type: Bug > Components: Core Interceptors >Affects Versions: 2.3.20 >Reporter: Chris Pratt >Assignee: Lukasz Lenart > Fix For: 2.3.21 > > > Sorry, I don't have an environment set up to create a patch, but I found an > error in the {{CookieInterceptor.isAccepted()}} method. It currently looks > like: > {code:java} > /** > * Checks if name of Cookie match {@link #acceptedPattern} > * > * @param name of Cookie > * @return true|false > */ > protected boolean isAccepted(String name) { > boolean matches = acceptedPattern.matcher(name).matches(); > if (matches) { > if (LOG.isTraceEnabled()) { > LOG.trace("Cookie [#0] matches acceptedPattern [#1]", name, > ACCEPTED_PATTERN); > } > } else { > if (LOG.isTraceEnabled()) { > LOG.trace("Cookie [#0] doesn't match acceptedPattern [#1]", name, > ACCEPTED_PATTERN); > } > } > return matches; > } > {code} > But it would be more useful if it actually reported the RegEx being used > instead of the default. And, it would be more performant if the comparisons > were reversed. So something more like: > {code:java} > /** > * Checks if name of Cookie match {@link #acceptedPattern} > * > * @param name of Cookie > * @return true|false > */ > protected boolean isAccepted (String name) { > boolean matches = acceptedPattern.matcher(name).matches(); > if(LOG.isTraceEnabled()) { > if(matches) { > LOG.trace("Cookie [#0] matches acceptedPattern > [#1]",name,acceptedPattern.pattern()); > } else { > LOG.trace("Cookie [#0] doesn't match acceptedPattern > [#1]",name,acceptedPattern.pattern()); > } > } > return matches; > } > {code} > In addition, it looks like the default and the override are handled > differently. The current code compiles the default case-insensitive, but not > the override pattern. Shouldn't that be consistent? > {code:java} > private Pattern acceptedPattern = > Pattern.compile(ACCEPTED_PATTERN,Pattern.CASE_INSENSITIVE); > public void setAcceptCookieNames (String pattern) { > acceptedPattern = Pattern.compile(pattern); > } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (WW-4437) Bug in CookieInterceptor
[ https://issues.apache.org/jira/browse/WW-4437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14256955#comment-14256955 ] Hudson commented on WW-4437: SUCCESS: Integrated in Struts-JDK6-develop #113 (See [https://builds.apache.org/job/Struts-JDK6-develop/113/]) WW-4437 Fixes problem with accepted params (lukaszlenart: rev 40822d67f5b6b667bb2760986cb78efc9e2e3ac4) * core/src/test/java/org/apache/struts2/interceptor/CookieInterceptorTest.java * core/src/main/java/org/apache/struts2/interceptor/CookieInterceptor.java > Bug in CookieInterceptor > > > Key: WW-4437 > URL: https://issues.apache.org/jira/browse/WW-4437 > Project: Struts 2 > Issue Type: Bug > Components: Core Interceptors >Affects Versions: 2.3.20 >Reporter: Chris Pratt >Assignee: Lukasz Lenart > Fix For: 2.3.21 > > > Sorry, I don't have an environment set up to create a patch, but I found an > error in the {{CookieInterceptor.isAccepted()}} method. It currently looks > like: > {code:java} > /** > * Checks if name of Cookie match {@link #acceptedPattern} > * > * @param name of Cookie > * @return true|false > */ > protected boolean isAccepted(String name) { > boolean matches = acceptedPattern.matcher(name).matches(); > if (matches) { > if (LOG.isTraceEnabled()) { > LOG.trace("Cookie [#0] matches acceptedPattern [#1]", name, > ACCEPTED_PATTERN); > } > } else { > if (LOG.isTraceEnabled()) { > LOG.trace("Cookie [#0] doesn't match acceptedPattern [#1]", name, > ACCEPTED_PATTERN); > } > } > return matches; > } > {code} > But it would be more useful if it actually reported the RegEx being used > instead of the default. And, it would be more performant if the comparisons > were reversed. So something more like: > {code:java} > /** > * Checks if name of Cookie match {@link #acceptedPattern} > * > * @param name of Cookie > * @return true|false > */ > protected boolean isAccepted (String name) { > boolean matches = acceptedPattern.matcher(name).matches(); > if(LOG.isTraceEnabled()) { > if(matches) { > LOG.trace("Cookie [#0] matches acceptedPattern > [#1]",name,acceptedPattern.pattern()); > } else { > LOG.trace("Cookie [#0] doesn't match acceptedPattern > [#1]",name,acceptedPattern.pattern()); > } > } > return matches; > } > {code} > In addition, it looks like the default and the override are handled > differently. The current code compiles the default case-insensitive, but not > the override pattern. Shouldn't that be consistent? > {code:java} > private Pattern acceptedPattern = > Pattern.compile(ACCEPTED_PATTERN,Pattern.CASE_INSENSITIVE); > public void setAcceptCookieNames (String pattern) { > acceptedPattern = Pattern.compile(pattern); > } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (WW-4437) Bug in CookieInterceptor
[ https://issues.apache.org/jira/browse/WW-4437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14256934#comment-14256934 ] ASF subversion and git services commented on WW-4437: - Commit 40822d67f5b6b667bb2760986cb78efc9e2e3ac4 in struts's branch refs/heads/develop from [~lukaszlenart] [ https://git-wip-us.apache.org/repos/asf?p=struts.git;h=40822d6 ] WW-4437 Fixes problem with accepted params > Bug in CookieInterceptor > > > Key: WW-4437 > URL: https://issues.apache.org/jira/browse/WW-4437 > Project: Struts 2 > Issue Type: Bug > Components: Core Interceptors >Affects Versions: 2.3.20 >Reporter: Chris Pratt >Assignee: Lukasz Lenart > Fix For: 2.3.21 > > > Sorry, I don't have an environment set up to create a patch, but I found an > error in the {{CookieInterceptor.isAccepted()}} method. It currently looks > like: > {code:java} > /** > * Checks if name of Cookie match {@link #acceptedPattern} > * > * @param name of Cookie > * @return true|false > */ > protected boolean isAccepted(String name) { > boolean matches = acceptedPattern.matcher(name).matches(); > if (matches) { > if (LOG.isTraceEnabled()) { > LOG.trace("Cookie [#0] matches acceptedPattern [#1]", name, > ACCEPTED_PATTERN); > } > } else { > if (LOG.isTraceEnabled()) { > LOG.trace("Cookie [#0] doesn't match acceptedPattern [#1]", name, > ACCEPTED_PATTERN); > } > } > return matches; > } > {code} > But it would be more useful if it actually reported the RegEx being used > instead of the default. And, it would be more performant if the comparisons > were reversed. So something more like: > {code:java} > /** > * Checks if name of Cookie match {@link #acceptedPattern} > * > * @param name of Cookie > * @return true|false > */ > protected boolean isAccepted (String name) { > boolean matches = acceptedPattern.matcher(name).matches(); > if(LOG.isTraceEnabled()) { > if(matches) { > LOG.trace("Cookie [#0] matches acceptedPattern > [#1]",name,acceptedPattern.pattern()); > } else { > LOG.trace("Cookie [#0] doesn't match acceptedPattern > [#1]",name,acceptedPattern.pattern()); > } > } > return matches; > } > {code} > In addition, it looks like the default and the override are handled > differently. The current code compiles the default case-insensitive, but not > the override pattern. Shouldn't that be consistent? > {code:java} > private Pattern acceptedPattern = > Pattern.compile(ACCEPTED_PATTERN,Pattern.CASE_INSENSITIVE); > public void setAcceptCookieNames (String pattern) { > acceptedPattern = Pattern.compile(pattern); > } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)