[jira] [Commented] (WW-4437) Bug in CookieInterceptor
[
https://issues.apache.org/jira/browse/WW-4437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14952980#comment-14952980
]
Hudson commented on WW-4437:
SUCCESS: Integrated in Struts-JDK7-master #371 (See
[https://builds.apache.org/job/Struts-JDK7-master/371/])
WW-4437 Fixes problem with accepted params (lukaszlenart: rev
40822d67f5b6b667bb2760986cb78efc9e2e3ac4)
* core/src/test/java/org/apache/struts2/interceptor/CookieInterceptorTest.java
* core/src/main/java/org/apache/struts2/interceptor/CookieInterceptor.java
> Bug in CookieInterceptor
>
>
> Key: WW-4437
> URL: https://issues.apache.org/jira/browse/WW-4437
> Project: Struts 2
> Issue Type: Bug
> Components: Core Interceptors
>Affects Versions: 2.3.20
>Reporter: Chris Pratt
>Assignee: Lukasz Lenart
> Fix For: 2.3.24
>
>
> Sorry, I don't have an environment set up to create a patch, but I found an
> error in the {{CookieInterceptor.isAccepted()}} method. It currently looks
> like:
> {code:java}
> /**
> * Checks if name of Cookie match {@link #acceptedPattern}
> *
> * @param name of Cookie
> * @return true|false
> */
> protected boolean isAccepted(String name) {
> boolean matches = acceptedPattern.matcher(name).matches();
> if (matches) {
> if (LOG.isTraceEnabled()) {
> LOG.trace("Cookie [#0] matches acceptedPattern [#1]", name,
> ACCEPTED_PATTERN);
> }
> } else {
> if (LOG.isTraceEnabled()) {
> LOG.trace("Cookie [#0] doesn't match acceptedPattern [#1]", name,
> ACCEPTED_PATTERN);
> }
> }
> return matches;
> }
> {code}
> But it would be more useful if it actually reported the RegEx being used
> instead of the default. And, it would be more performant if the comparisons
> were reversed. So something more like:
> {code:java}
> /**
> * Checks if name of Cookie match {@link #acceptedPattern}
> *
> * @param name of Cookie
> * @return true|false
> */
> protected boolean isAccepted (String name) {
> boolean matches = acceptedPattern.matcher(name).matches();
> if(LOG.isTraceEnabled()) {
> if(matches) {
> LOG.trace("Cookie [#0] matches acceptedPattern
> [#1]",name,acceptedPattern.pattern());
> } else {
> LOG.trace("Cookie [#0] doesn't match acceptedPattern
> [#1]",name,acceptedPattern.pattern());
> }
> }
> return matches;
> }
> {code}
> In addition, it looks like the default and the override are handled
> differently. The current code compiles the default case-insensitive, but not
> the override pattern. Shouldn't that be consistent?
> {code:java}
> private Pattern acceptedPattern =
> Pattern.compile(ACCEPTED_PATTERN,Pattern.CASE_INSENSITIVE);
> public void setAcceptCookieNames (String pattern) {
> acceptedPattern = Pattern.compile(pattern);
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (WW-4437) Bug in CookieInterceptor
[
https://issues.apache.org/jira/browse/WW-4437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14543649#comment-14543649
]
Lukasz Lenart commented on WW-4437:
---
yes - you should use one version for all struts components, we do not cross
test them
> Bug in CookieInterceptor
>
>
> Key: WW-4437
> URL: https://issues.apache.org/jira/browse/WW-4437
> Project: Struts 2
> Issue Type: Bug
> Components: Core Interceptors
>Affects Versions: 2.3.20
>Reporter: Chris Pratt
>Assignee: Lukasz Lenart
> Fix For: 2.3.24
>
>
> Sorry, I don't have an environment set up to create a patch, but I found an
> error in the {{CookieInterceptor.isAccepted()}} method. It currently looks
> like:
> {code:java}
> /**
> * Checks if name of Cookie match {@link #acceptedPattern}
> *
> * @param name of Cookie
> * @return true|false
> */
> protected boolean isAccepted(String name) {
> boolean matches = acceptedPattern.matcher(name).matches();
> if (matches) {
> if (LOG.isTraceEnabled()) {
> LOG.trace("Cookie [#0] matches acceptedPattern [#1]", name,
> ACCEPTED_PATTERN);
> }
> } else {
> if (LOG.isTraceEnabled()) {
> LOG.trace("Cookie [#0] doesn't match acceptedPattern [#1]", name,
> ACCEPTED_PATTERN);
> }
> }
> return matches;
> }
> {code}
> But it would be more useful if it actually reported the RegEx being used
> instead of the default. And, it would be more performant if the comparisons
> were reversed. So something more like:
> {code:java}
> /**
> * Checks if name of Cookie match {@link #acceptedPattern}
> *
> * @param name of Cookie
> * @return true|false
> */
> protected boolean isAccepted (String name) {
> boolean matches = acceptedPattern.matcher(name).matches();
> if(LOG.isTraceEnabled()) {
> if(matches) {
> LOG.trace("Cookie [#0] matches acceptedPattern
> [#1]",name,acceptedPattern.pattern());
> } else {
> LOG.trace("Cookie [#0] doesn't match acceptedPattern
> [#1]",name,acceptedPattern.pattern());
> }
> }
> return matches;
> }
> {code}
> In addition, it looks like the default and the override are handled
> differently. The current code compiles the default case-insensitive, but not
> the override pattern. Shouldn't that be consistent?
> {code:java}
> private Pattern acceptedPattern =
> Pattern.compile(ACCEPTED_PATTERN,Pattern.CASE_INSENSITIVE);
> public void setAcceptCookieNames (String pattern) {
> acceptedPattern = Pattern.compile(pattern);
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (WW-4437) Bug in CookieInterceptor
[
https://issues.apache.org/jira/browse/WW-4437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14543636#comment-14543636
]
Josef Vermach commented on WW-4437:
---
Ok.
Can I have one more question: Should we upgrade as well {noformat}
org.apache.struts
struts2-tiles-plugin
2.3.16.3{noformat} to 2.3.24?
> Bug in CookieInterceptor
>
>
> Key: WW-4437
> URL: https://issues.apache.org/jira/browse/WW-4437
> Project: Struts 2
> Issue Type: Bug
> Components: Core Interceptors
>Affects Versions: 2.3.20
>Reporter: Chris Pratt
>Assignee: Lukasz Lenart
> Fix For: 2.3.24
>
>
> Sorry, I don't have an environment set up to create a patch, but I found an
> error in the {{CookieInterceptor.isAccepted()}} method. It currently looks
> like:
> {code:java}
> /**
> * Checks if name of Cookie match {@link #acceptedPattern}
> *
> * @param name of Cookie
> * @return true|false
> */
> protected boolean isAccepted(String name) {
> boolean matches = acceptedPattern.matcher(name).matches();
> if (matches) {
> if (LOG.isTraceEnabled()) {
> LOG.trace("Cookie [#0] matches acceptedPattern [#1]", name,
> ACCEPTED_PATTERN);
> }
> } else {
> if (LOG.isTraceEnabled()) {
> LOG.trace("Cookie [#0] doesn't match acceptedPattern [#1]", name,
> ACCEPTED_PATTERN);
> }
> }
> return matches;
> }
> {code}
> But it would be more useful if it actually reported the RegEx being used
> instead of the default. And, it would be more performant if the comparisons
> were reversed. So something more like:
> {code:java}
> /**
> * Checks if name of Cookie match {@link #acceptedPattern}
> *
> * @param name of Cookie
> * @return true|false
> */
> protected boolean isAccepted (String name) {
> boolean matches = acceptedPattern.matcher(name).matches();
> if(LOG.isTraceEnabled()) {
> if(matches) {
> LOG.trace("Cookie [#0] matches acceptedPattern
> [#1]",name,acceptedPattern.pattern());
> } else {
> LOG.trace("Cookie [#0] doesn't match acceptedPattern
> [#1]",name,acceptedPattern.pattern());
> }
> }
> return matches;
> }
> {code}
> In addition, it looks like the default and the override are handled
> differently. The current code compiles the default case-insensitive, but not
> the override pattern. Shouldn't that be consistent?
> {code:java}
> private Pattern acceptedPattern =
> Pattern.compile(ACCEPTED_PATTERN,Pattern.CASE_INSENSITIVE);
> public void setAcceptCookieNames (String pattern) {
> acceptedPattern = Pattern.compile(pattern);
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (WW-4437) Bug in CookieInterceptor
[
https://issues.apache.org/jira/browse/WW-4437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14543332#comment-14543332
]
Lukasz Lenart commented on WW-4437:
---
Maybe be not be it was the only possibility to mitigate possible vulnerability
> Bug in CookieInterceptor
>
>
> Key: WW-4437
> URL: https://issues.apache.org/jira/browse/WW-4437
> Project: Struts 2
> Issue Type: Bug
> Components: Core Interceptors
>Affects Versions: 2.3.20
>Reporter: Chris Pratt
>Assignee: Lukasz Lenart
> Fix For: 2.3.24
>
>
> Sorry, I don't have an environment set up to create a patch, but I found an
> error in the {{CookieInterceptor.isAccepted()}} method. It currently looks
> like:
> {code:java}
> /**
> * Checks if name of Cookie match {@link #acceptedPattern}
> *
> * @param name of Cookie
> * @return true|false
> */
> protected boolean isAccepted(String name) {
> boolean matches = acceptedPattern.matcher(name).matches();
> if (matches) {
> if (LOG.isTraceEnabled()) {
> LOG.trace("Cookie [#0] matches acceptedPattern [#1]", name,
> ACCEPTED_PATTERN);
> }
> } else {
> if (LOG.isTraceEnabled()) {
> LOG.trace("Cookie [#0] doesn't match acceptedPattern [#1]", name,
> ACCEPTED_PATTERN);
> }
> }
> return matches;
> }
> {code}
> But it would be more useful if it actually reported the RegEx being used
> instead of the default. And, it would be more performant if the comparisons
> were reversed. So something more like:
> {code:java}
> /**
> * Checks if name of Cookie match {@link #acceptedPattern}
> *
> * @param name of Cookie
> * @return true|false
> */
> protected boolean isAccepted (String name) {
> boolean matches = acceptedPattern.matcher(name).matches();
> if(LOG.isTraceEnabled()) {
> if(matches) {
> LOG.trace("Cookie [#0] matches acceptedPattern
> [#1]",name,acceptedPattern.pattern());
> } else {
> LOG.trace("Cookie [#0] doesn't match acceptedPattern
> [#1]",name,acceptedPattern.pattern());
> }
> }
> return matches;
> }
> {code}
> In addition, it looks like the default and the override are handled
> differently. The current code compiles the default case-insensitive, but not
> the override pattern. Shouldn't that be consistent?
> {code:java}
> private Pattern acceptedPattern =
> Pattern.compile(ACCEPTED_PATTERN,Pattern.CASE_INSENSITIVE);
> public void setAcceptCookieNames (String pattern) {
> acceptedPattern = Pattern.compile(pattern);
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (WW-4437) Bug in CookieInterceptor
[
https://issues.apache.org/jira/browse/WW-4437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14543315#comment-14543315
]
Josef Vermach commented on WW-4437:
---
Hi,
Thanks it helped. We are now able to run our application.
But the problem with rejected cookie still persists. I think it is because that
accepted_pattern, which we define in struts, is in struts 2.3.24 used as well
for value (in struts 2.3.16.3 it was not). We will try to change our pattern.
Thanks for helping.
> Bug in CookieInterceptor
>
>
> Key: WW-4437
> URL: https://issues.apache.org/jira/browse/WW-4437
> Project: Struts 2
> Issue Type: Bug
> Components: Core Interceptors
>Affects Versions: 2.3.20
>Reporter: Chris Pratt
>Assignee: Lukasz Lenart
> Fix For: 2.3.24
>
>
> Sorry, I don't have an environment set up to create a patch, but I found an
> error in the {{CookieInterceptor.isAccepted()}} method. It currently looks
> like:
> {code:java}
> /**
> * Checks if name of Cookie match {@link #acceptedPattern}
> *
> * @param name of Cookie
> * @return true|false
> */
> protected boolean isAccepted(String name) {
> boolean matches = acceptedPattern.matcher(name).matches();
> if (matches) {
> if (LOG.isTraceEnabled()) {
> LOG.trace("Cookie [#0] matches acceptedPattern [#1]", name,
> ACCEPTED_PATTERN);
> }
> } else {
> if (LOG.isTraceEnabled()) {
> LOG.trace("Cookie [#0] doesn't match acceptedPattern [#1]", name,
> ACCEPTED_PATTERN);
> }
> }
> return matches;
> }
> {code}
> But it would be more useful if it actually reported the RegEx being used
> instead of the default. And, it would be more performant if the comparisons
> were reversed. So something more like:
> {code:java}
> /**
> * Checks if name of Cookie match {@link #acceptedPattern}
> *
> * @param name of Cookie
> * @return true|false
> */
> protected boolean isAccepted (String name) {
> boolean matches = acceptedPattern.matcher(name).matches();
> if(LOG.isTraceEnabled()) {
> if(matches) {
> LOG.trace("Cookie [#0] matches acceptedPattern
> [#1]",name,acceptedPattern.pattern());
> } else {
> LOG.trace("Cookie [#0] doesn't match acceptedPattern
> [#1]",name,acceptedPattern.pattern());
> }
> }
> return matches;
> }
> {code}
> In addition, it looks like the default and the override are handled
> differently. The current code compiles the default case-insensitive, but not
> the override pattern. Shouldn't that be consistent?
> {code:java}
> private Pattern acceptedPattern =
> Pattern.compile(ACCEPTED_PATTERN,Pattern.CASE_INSENSITIVE);
> public void setAcceptCookieNames (String pattern) {
> acceptedPattern = Pattern.compile(pattern);
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (WW-4437) Bug in CookieInterceptor
[
https://issues.apache.org/jira/browse/WW-4437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14541461#comment-14541461
]
Lukasz Lenart commented on WW-4437:
---
I meant FM 2.3.22 :)
> Bug in CookieInterceptor
>
>
> Key: WW-4437
> URL: https://issues.apache.org/jira/browse/WW-4437
> Project: Struts 2
> Issue Type: Bug
> Components: Core Interceptors
>Affects Versions: 2.3.20
>Reporter: Chris Pratt
>Assignee: Lukasz Lenart
> Fix For: 2.3.24
>
>
> Sorry, I don't have an environment set up to create a patch, but I found an
> error in the {{CookieInterceptor.isAccepted()}} method. It currently looks
> like:
> {code:java}
> /**
> * Checks if name of Cookie match {@link #acceptedPattern}
> *
> * @param name of Cookie
> * @return true|false
> */
> protected boolean isAccepted(String name) {
> boolean matches = acceptedPattern.matcher(name).matches();
> if (matches) {
> if (LOG.isTraceEnabled()) {
> LOG.trace("Cookie [#0] matches acceptedPattern [#1]", name,
> ACCEPTED_PATTERN);
> }
> } else {
> if (LOG.isTraceEnabled()) {
> LOG.trace("Cookie [#0] doesn't match acceptedPattern [#1]", name,
> ACCEPTED_PATTERN);
> }
> }
> return matches;
> }
> {code}
> But it would be more useful if it actually reported the RegEx being used
> instead of the default. And, it would be more performant if the comparisons
> were reversed. So something more like:
> {code:java}
> /**
> * Checks if name of Cookie match {@link #acceptedPattern}
> *
> * @param name of Cookie
> * @return true|false
> */
> protected boolean isAccepted (String name) {
> boolean matches = acceptedPattern.matcher(name).matches();
> if(LOG.isTraceEnabled()) {
> if(matches) {
> LOG.trace("Cookie [#0] matches acceptedPattern
> [#1]",name,acceptedPattern.pattern());
> } else {
> LOG.trace("Cookie [#0] doesn't match acceptedPattern
> [#1]",name,acceptedPattern.pattern());
> }
> }
> return matches;
> }
> {code}
> In addition, it looks like the default and the override are handled
> differently. The current code compiles the default case-insensitive, but not
> the override pattern. Shouldn't that be consistent?
> {code:java}
> private Pattern acceptedPattern =
> Pattern.compile(ACCEPTED_PATTERN,Pattern.CASE_INSENSITIVE);
> public void setAcceptCookieNames (String pattern) {
> acceptedPattern = Pattern.compile(pattern);
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (WW-4437) Bug in CookieInterceptor
[
https://issues.apache.org/jira/browse/WW-4437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14541322#comment-14541322
]
Lukasz Lenart commented on WW-4437:
---
You should throw it away, FM was upgrade to the latest available version
2.3.24, see WW-4484 and it's set to be backward compatible
http://struts.apache.org/docs/freemarker.html#FreeMarker-IncompatibleImprovements
> Bug in CookieInterceptor
>
>
> Key: WW-4437
> URL: https://issues.apache.org/jira/browse/WW-4437
> Project: Struts 2
> Issue Type: Bug
> Components: Core Interceptors
>Affects Versions: 2.3.20
>Reporter: Chris Pratt
>Assignee: Lukasz Lenart
> Fix For: 2.3.24
>
>
> Sorry, I don't have an environment set up to create a patch, but I found an
> error in the {{CookieInterceptor.isAccepted()}} method. It currently looks
> like:
> {code:java}
> /**
> * Checks if name of Cookie match {@link #acceptedPattern}
> *
> * @param name of Cookie
> * @return true|false
> */
> protected boolean isAccepted(String name) {
> boolean matches = acceptedPattern.matcher(name).matches();
> if (matches) {
> if (LOG.isTraceEnabled()) {
> LOG.trace("Cookie [#0] matches acceptedPattern [#1]", name,
> ACCEPTED_PATTERN);
> }
> } else {
> if (LOG.isTraceEnabled()) {
> LOG.trace("Cookie [#0] doesn't match acceptedPattern [#1]", name,
> ACCEPTED_PATTERN);
> }
> }
> return matches;
> }
> {code}
> But it would be more useful if it actually reported the RegEx being used
> instead of the default. And, it would be more performant if the comparisons
> were reversed. So something more like:
> {code:java}
> /**
> * Checks if name of Cookie match {@link #acceptedPattern}
> *
> * @param name of Cookie
> * @return true|false
> */
> protected boolean isAccepted (String name) {
> boolean matches = acceptedPattern.matcher(name).matches();
> if(LOG.isTraceEnabled()) {
> if(matches) {
> LOG.trace("Cookie [#0] matches acceptedPattern
> [#1]",name,acceptedPattern.pattern());
> } else {
> LOG.trace("Cookie [#0] doesn't match acceptedPattern
> [#1]",name,acceptedPattern.pattern());
> }
> }
> return matches;
> }
> {code}
> In addition, it looks like the default and the override are handled
> differently. The current code compiles the default case-insensitive, but not
> the override pattern. Shouldn't that be consistent?
> {code:java}
> private Pattern acceptedPattern =
> Pattern.compile(ACCEPTED_PATTERN,Pattern.CASE_INSENSITIVE);
> public void setAcceptCookieNames (String pattern) {
> acceptedPattern = Pattern.compile(pattern);
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (WW-4437) Bug in CookieInterceptor
[
https://issues.apache.org/jira/browse/WW-4437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14540622#comment-14540622
]
Josef Vermach commented on WW-4437:
---
yes, we use it as dependency.
we used 2.3.19, but neither if I try 2.3.20 it does not work.
> Bug in CookieInterceptor
>
>
> Key: WW-4437
> URL: https://issues.apache.org/jira/browse/WW-4437
> Project: Struts 2
> Issue Type: Bug
> Components: Core Interceptors
>Affects Versions: 2.3.20
>Reporter: Chris Pratt
>Assignee: Lukasz Lenart
> Fix For: 2.3.24
>
>
> Sorry, I don't have an environment set up to create a patch, but I found an
> error in the {{CookieInterceptor.isAccepted()}} method. It currently looks
> like:
> {code:java}
> /**
> * Checks if name of Cookie match {@link #acceptedPattern}
> *
> * @param name of Cookie
> * @return true|false
> */
> protected boolean isAccepted(String name) {
> boolean matches = acceptedPattern.matcher(name).matches();
> if (matches) {
> if (LOG.isTraceEnabled()) {
> LOG.trace("Cookie [#0] matches acceptedPattern [#1]", name,
> ACCEPTED_PATTERN);
> }
> } else {
> if (LOG.isTraceEnabled()) {
> LOG.trace("Cookie [#0] doesn't match acceptedPattern [#1]", name,
> ACCEPTED_PATTERN);
> }
> }
> return matches;
> }
> {code}
> But it would be more useful if it actually reported the RegEx being used
> instead of the default. And, it would be more performant if the comparisons
> were reversed. So something more like:
> {code:java}
> /**
> * Checks if name of Cookie match {@link #acceptedPattern}
> *
> * @param name of Cookie
> * @return true|false
> */
> protected boolean isAccepted (String name) {
> boolean matches = acceptedPattern.matcher(name).matches();
> if(LOG.isTraceEnabled()) {
> if(matches) {
> LOG.trace("Cookie [#0] matches acceptedPattern
> [#1]",name,acceptedPattern.pattern());
> } else {
> LOG.trace("Cookie [#0] doesn't match acceptedPattern
> [#1]",name,acceptedPattern.pattern());
> }
> }
> return matches;
> }
> {code}
> In addition, it looks like the default and the override are handled
> differently. The current code compiles the default case-insensitive, but not
> the override pattern. Shouldn't that be consistent?
> {code:java}
> private Pattern acceptedPattern =
> Pattern.compile(ACCEPTED_PATTERN,Pattern.CASE_INSENSITIVE);
> public void setAcceptCookieNames (String pattern) {
> acceptedPattern = Pattern.compile(pattern);
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (WW-4437) Bug in CookieInterceptor
[
https://issues.apache.org/jira/browse/WW-4437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14540544#comment-14540544
]
Lukasz Lenart commented on WW-4437:
---
Do you use different version of FreeMarker? as dependency in pom?
> Bug in CookieInterceptor
>
>
> Key: WW-4437
> URL: https://issues.apache.org/jira/browse/WW-4437
> Project: Struts 2
> Issue Type: Bug
> Components: Core Interceptors
>Affects Versions: 2.3.20
>Reporter: Chris Pratt
>Assignee: Lukasz Lenart
> Fix For: 2.3.24
>
>
> Sorry, I don't have an environment set up to create a patch, but I found an
> error in the {{CookieInterceptor.isAccepted()}} method. It currently looks
> like:
> {code:java}
> /**
> * Checks if name of Cookie match {@link #acceptedPattern}
> *
> * @param name of Cookie
> * @return true|false
> */
> protected boolean isAccepted(String name) {
> boolean matches = acceptedPattern.matcher(name).matches();
> if (matches) {
> if (LOG.isTraceEnabled()) {
> LOG.trace("Cookie [#0] matches acceptedPattern [#1]", name,
> ACCEPTED_PATTERN);
> }
> } else {
> if (LOG.isTraceEnabled()) {
> LOG.trace("Cookie [#0] doesn't match acceptedPattern [#1]", name,
> ACCEPTED_PATTERN);
> }
> }
> return matches;
> }
> {code}
> But it would be more useful if it actually reported the RegEx being used
> instead of the default. And, it would be more performant if the comparisons
> were reversed. So something more like:
> {code:java}
> /**
> * Checks if name of Cookie match {@link #acceptedPattern}
> *
> * @param name of Cookie
> * @return true|false
> */
> protected boolean isAccepted (String name) {
> boolean matches = acceptedPattern.matcher(name).matches();
> if(LOG.isTraceEnabled()) {
> if(matches) {
> LOG.trace("Cookie [#0] matches acceptedPattern
> [#1]",name,acceptedPattern.pattern());
> } else {
> LOG.trace("Cookie [#0] doesn't match acceptedPattern
> [#1]",name,acceptedPattern.pattern());
> }
> }
> return matches;
> }
> {code}
> In addition, it looks like the default and the override are handled
> differently. The current code compiles the default case-insensitive, but not
> the override pattern. Shouldn't that be consistent?
> {code:java}
> private Pattern acceptedPattern =
> Pattern.compile(ACCEPTED_PATTERN,Pattern.CASE_INSENSITIVE);
> public void setAcceptCookieNames (String pattern) {
> acceptedPattern = Pattern.compile(pattern);
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (WW-4437) Bug in CookieInterceptor
[
https://issues.apache.org/jira/browse/WW-4437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14540047#comment-14540047
]
Josef Vermach commented on WW-4437:
---
Ok, thanks!
We tried to do ugrade but we are not able to start application. Caused by:
{noformat}
Exception starting filter struts2
java.lang.NoSuchFieldError: VERSION_2_3_0
at
org.apache.struts2.views.freemarker.FreemarkerManager.createConfiguration(FreemarkerManager.java:331)
at
org.apache.struts2.views.freemarker.FreemarkerManager.init(FreemarkerManager.java:282)
at
org.apache.struts2.views.freemarker.FreemarkerManager.getConfiguration(FreemarkerManager.java:269)
at
org.apache.struts2.dispatcher.DefaultDispatcherErrorHandler.init(DefaultDispatcherErrorHandler.java:47)
at org.apache.struts2.dispatcher.Dispatcher.init(Dispatcher.java:488)
...
{noformat}
> Bug in CookieInterceptor
>
>
> Key: WW-4437
> URL: https://issues.apache.org/jira/browse/WW-4437
> Project: Struts 2
> Issue Type: Bug
> Components: Core Interceptors
>Affects Versions: 2.3.20
>Reporter: Chris Pratt
>Assignee: Lukasz Lenart
> Fix For: 2.3.24
>
>
> Sorry, I don't have an environment set up to create a patch, but I found an
> error in the {{CookieInterceptor.isAccepted()}} method. It currently looks
> like:
> {code:java}
> /**
> * Checks if name of Cookie match {@link #acceptedPattern}
> *
> * @param name of Cookie
> * @return true|false
> */
> protected boolean isAccepted(String name) {
> boolean matches = acceptedPattern.matcher(name).matches();
> if (matches) {
> if (LOG.isTraceEnabled()) {
> LOG.trace("Cookie [#0] matches acceptedPattern [#1]", name,
> ACCEPTED_PATTERN);
> }
> } else {
> if (LOG.isTraceEnabled()) {
> LOG.trace("Cookie [#0] doesn't match acceptedPattern [#1]", name,
> ACCEPTED_PATTERN);
> }
> }
> return matches;
> }
> {code}
> But it would be more useful if it actually reported the RegEx being used
> instead of the default. And, it would be more performant if the comparisons
> were reversed. So something more like:
> {code:java}
> /**
> * Checks if name of Cookie match {@link #acceptedPattern}
> *
> * @param name of Cookie
> * @return true|false
> */
> protected boolean isAccepted (String name) {
> boolean matches = acceptedPattern.matcher(name).matches();
> if(LOG.isTraceEnabled()) {
> if(matches) {
> LOG.trace("Cookie [#0] matches acceptedPattern
> [#1]",name,acceptedPattern.pattern());
> } else {
> LOG.trace("Cookie [#0] doesn't match acceptedPattern
> [#1]",name,acceptedPattern.pattern());
> }
> }
> return matches;
> }
> {code}
> In addition, it looks like the default and the override are handled
> differently. The current code compiles the default case-insensitive, but not
> the override pattern. Shouldn't that be consistent?
> {code:java}
> private Pattern acceptedPattern =
> Pattern.compile(ACCEPTED_PATTERN,Pattern.CASE_INSENSITIVE);
> public void setAcceptCookieNames (String pattern) {
> acceptedPattern = Pattern.compile(pattern);
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (WW-4437) Bug in CookieInterceptor
[
https://issues.apache.org/jira/browse/WW-4437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14539542#comment-14539542
]
Lukasz Lenart commented on WW-4437:
---
It's already in the Central http://search.maven.org/#search|ga|1|struts2-core -
site will be updated tomorrow
> Bug in CookieInterceptor
>
>
> Key: WW-4437
> URL: https://issues.apache.org/jira/browse/WW-4437
> Project: Struts 2
> Issue Type: Bug
> Components: Core Interceptors
>Affects Versions: 2.3.20
>Reporter: Chris Pratt
>Assignee: Lukasz Lenart
> Fix For: 2.3.24
>
>
> Sorry, I don't have an environment set up to create a patch, but I found an
> error in the {{CookieInterceptor.isAccepted()}} method. It currently looks
> like:
> {code:java}
> /**
> * Checks if name of Cookie match {@link #acceptedPattern}
> *
> * @param name of Cookie
> * @return true|false
> */
> protected boolean isAccepted(String name) {
> boolean matches = acceptedPattern.matcher(name).matches();
> if (matches) {
> if (LOG.isTraceEnabled()) {
> LOG.trace("Cookie [#0] matches acceptedPattern [#1]", name,
> ACCEPTED_PATTERN);
> }
> } else {
> if (LOG.isTraceEnabled()) {
> LOG.trace("Cookie [#0] doesn't match acceptedPattern [#1]", name,
> ACCEPTED_PATTERN);
> }
> }
> return matches;
> }
> {code}
> But it would be more useful if it actually reported the RegEx being used
> instead of the default. And, it would be more performant if the comparisons
> were reversed. So something more like:
> {code:java}
> /**
> * Checks if name of Cookie match {@link #acceptedPattern}
> *
> * @param name of Cookie
> * @return true|false
> */
> protected boolean isAccepted (String name) {
> boolean matches = acceptedPattern.matcher(name).matches();
> if(LOG.isTraceEnabled()) {
> if(matches) {
> LOG.trace("Cookie [#0] matches acceptedPattern
> [#1]",name,acceptedPattern.pattern());
> } else {
> LOG.trace("Cookie [#0] doesn't match acceptedPattern
> [#1]",name,acceptedPattern.pattern());
> }
> }
> return matches;
> }
> {code}
> In addition, it looks like the default and the override are handled
> differently. The current code compiles the default case-insensitive, but not
> the override pattern. Shouldn't that be consistent?
> {code:java}
> private Pattern acceptedPattern =
> Pattern.compile(ACCEPTED_PATTERN,Pattern.CASE_INSENSITIVE);
> public void setAcceptCookieNames (String pattern) {
> acceptedPattern = Pattern.compile(pattern);
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (WW-4437) Bug in CookieInterceptor
[
https://issues.apache.org/jira/browse/WW-4437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14539524#comment-14539524
]
Josef Vermach commented on WW-4437:
---
Thanks,
I would like to, but where can we download Struts 2.3.24 from? It is not
available yet on http://mvnrepository.com/artifact/org.apache.struts neither on
https://struts.apache.org/ ...
> Bug in CookieInterceptor
>
>
> Key: WW-4437
> URL: https://issues.apache.org/jira/browse/WW-4437
> Project: Struts 2
> Issue Type: Bug
> Components: Core Interceptors
>Affects Versions: 2.3.20
>Reporter: Chris Pratt
>Assignee: Lukasz Lenart
> Fix For: 2.3.24
>
>
> Sorry, I don't have an environment set up to create a patch, but I found an
> error in the {{CookieInterceptor.isAccepted()}} method. It currently looks
> like:
> {code:java}
> /**
> * Checks if name of Cookie match {@link #acceptedPattern}
> *
> * @param name of Cookie
> * @return true|false
> */
> protected boolean isAccepted(String name) {
> boolean matches = acceptedPattern.matcher(name).matches();
> if (matches) {
> if (LOG.isTraceEnabled()) {
> LOG.trace("Cookie [#0] matches acceptedPattern [#1]", name,
> ACCEPTED_PATTERN);
> }
> } else {
> if (LOG.isTraceEnabled()) {
> LOG.trace("Cookie [#0] doesn't match acceptedPattern [#1]", name,
> ACCEPTED_PATTERN);
> }
> }
> return matches;
> }
> {code}
> But it would be more useful if it actually reported the RegEx being used
> instead of the default. And, it would be more performant if the comparisons
> were reversed. So something more like:
> {code:java}
> /**
> * Checks if name of Cookie match {@link #acceptedPattern}
> *
> * @param name of Cookie
> * @return true|false
> */
> protected boolean isAccepted (String name) {
> boolean matches = acceptedPattern.matcher(name).matches();
> if(LOG.isTraceEnabled()) {
> if(matches) {
> LOG.trace("Cookie [#0] matches acceptedPattern
> [#1]",name,acceptedPattern.pattern());
> } else {
> LOG.trace("Cookie [#0] doesn't match acceptedPattern
> [#1]",name,acceptedPattern.pattern());
> }
> }
> return matches;
> }
> {code}
> In addition, it looks like the default and the override are handled
> differently. The current code compiles the default case-insensitive, but not
> the override pattern. Shouldn't that be consistent?
> {code:java}
> private Pattern acceptedPattern =
> Pattern.compile(ACCEPTED_PATTERN,Pattern.CASE_INSENSITIVE);
> public void setAcceptCookieNames (String pattern) {
> acceptedPattern = Pattern.compile(pattern);
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (WW-4437) Bug in CookieInterceptor
[
https://issues.apache.org/jira/browse/WW-4437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14539494#comment-14539494
]
Lukasz Lenart commented on WW-4437:
---
You can try 2.3.24 which is officially out (announcement is underway)
> Bug in CookieInterceptor
>
>
> Key: WW-4437
> URL: https://issues.apache.org/jira/browse/WW-4437
> Project: Struts 2
> Issue Type: Bug
> Components: Core Interceptors
>Affects Versions: 2.3.20
>Reporter: Chris Pratt
>Assignee: Lukasz Lenart
> Fix For: 2.3.24
>
>
> Sorry, I don't have an environment set up to create a patch, but I found an
> error in the {{CookieInterceptor.isAccepted()}} method. It currently looks
> like:
> {code:java}
> /**
> * Checks if name of Cookie match {@link #acceptedPattern}
> *
> * @param name of Cookie
> * @return true|false
> */
> protected boolean isAccepted(String name) {
> boolean matches = acceptedPattern.matcher(name).matches();
> if (matches) {
> if (LOG.isTraceEnabled()) {
> LOG.trace("Cookie [#0] matches acceptedPattern [#1]", name,
> ACCEPTED_PATTERN);
> }
> } else {
> if (LOG.isTraceEnabled()) {
> LOG.trace("Cookie [#0] doesn't match acceptedPattern [#1]", name,
> ACCEPTED_PATTERN);
> }
> }
> return matches;
> }
> {code}
> But it would be more useful if it actually reported the RegEx being used
> instead of the default. And, it would be more performant if the comparisons
> were reversed. So something more like:
> {code:java}
> /**
> * Checks if name of Cookie match {@link #acceptedPattern}
> *
> * @param name of Cookie
> * @return true|false
> */
> protected boolean isAccepted (String name) {
> boolean matches = acceptedPattern.matcher(name).matches();
> if(LOG.isTraceEnabled()) {
> if(matches) {
> LOG.trace("Cookie [#0] matches acceptedPattern
> [#1]",name,acceptedPattern.pattern());
> } else {
> LOG.trace("Cookie [#0] doesn't match acceptedPattern
> [#1]",name,acceptedPattern.pattern());
> }
> }
> return matches;
> }
> {code}
> In addition, it looks like the default and the override are handled
> differently. The current code compiles the default case-insensitive, but not
> the override pattern. Shouldn't that be consistent?
> {code:java}
> private Pattern acceptedPattern =
> Pattern.compile(ACCEPTED_PATTERN,Pattern.CASE_INSENSITIVE);
> public void setAcceptCookieNames (String pattern) {
> acceptedPattern = Pattern.compile(pattern);
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (WW-4437) Bug in CookieInterceptor
[
https://issues.apache.org/jira/browse/WW-4437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14539492#comment-14539492
]
Josef Vermach commented on WW-4437:
---
After upgrade to Struts 2.3.20 we have a lot of messages like
{noformat}2015-04-30 04:12:07 CEST TP-Processor48 WARN CookieInterceptor[PTO
CAB6B12D31FCA5328740F548E0798B83.online2]: Cookie name [minibasketContent] with
value
[%7B%22uuid%22%3A%22911b3a4f-4bc6-4e5b-9d37-1f207786dd47%22%2C%22count%22%3A1%2C%22total%22%3A%2224.95%22%7D]
was rejected!{noformat}
I found that problem is that value is not accepted.
It worked correctly with Struts 2.3.16.3. Can we somehow solve it?
> Bug in CookieInterceptor
>
>
> Key: WW-4437
> URL: https://issues.apache.org/jira/browse/WW-4437
> Project: Struts 2
> Issue Type: Bug
> Components: Core Interceptors
>Affects Versions: 2.3.20
>Reporter: Chris Pratt
>Assignee: Lukasz Lenart
> Fix For: 2.3.24
>
>
> Sorry, I don't have an environment set up to create a patch, but I found an
> error in the {{CookieInterceptor.isAccepted()}} method. It currently looks
> like:
> {code:java}
> /**
> * Checks if name of Cookie match {@link #acceptedPattern}
> *
> * @param name of Cookie
> * @return true|false
> */
> protected boolean isAccepted(String name) {
> boolean matches = acceptedPattern.matcher(name).matches();
> if (matches) {
> if (LOG.isTraceEnabled()) {
> LOG.trace("Cookie [#0] matches acceptedPattern [#1]", name,
> ACCEPTED_PATTERN);
> }
> } else {
> if (LOG.isTraceEnabled()) {
> LOG.trace("Cookie [#0] doesn't match acceptedPattern [#1]", name,
> ACCEPTED_PATTERN);
> }
> }
> return matches;
> }
> {code}
> But it would be more useful if it actually reported the RegEx being used
> instead of the default. And, it would be more performant if the comparisons
> were reversed. So something more like:
> {code:java}
> /**
> * Checks if name of Cookie match {@link #acceptedPattern}
> *
> * @param name of Cookie
> * @return true|false
> */
> protected boolean isAccepted (String name) {
> boolean matches = acceptedPattern.matcher(name).matches();
> if(LOG.isTraceEnabled()) {
> if(matches) {
> LOG.trace("Cookie [#0] matches acceptedPattern
> [#1]",name,acceptedPattern.pattern());
> } else {
> LOG.trace("Cookie [#0] doesn't match acceptedPattern
> [#1]",name,acceptedPattern.pattern());
> }
> }
> return matches;
> }
> {code}
> In addition, it looks like the default and the override are handled
> differently. The current code compiles the default case-insensitive, but not
> the override pattern. Shouldn't that be consistent?
> {code:java}
> private Pattern acceptedPattern =
> Pattern.compile(ACCEPTED_PATTERN,Pattern.CASE_INSENSITIVE);
> public void setAcceptCookieNames (String pattern) {
> acceptedPattern = Pattern.compile(pattern);
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (WW-4437) Bug in CookieInterceptor
[
https://issues.apache.org/jira/browse/WW-4437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14262325#comment-14262325
]
Hudson commented on WW-4437:
FAILURE: Integrated in Struts-JDK6-master #901 (See
[https://builds.apache.org/job/Struts-JDK6-master/901/])
WW-4437 Fixes problem with accepted params (lukaszlenart: rev
40822d67f5b6b667bb2760986cb78efc9e2e3ac4)
* core/src/test/java/org/apache/struts2/interceptor/CookieInterceptorTest.java
* core/src/main/java/org/apache/struts2/interceptor/CookieInterceptor.java
> Bug in CookieInterceptor
>
>
> Key: WW-4437
> URL: https://issues.apache.org/jira/browse/WW-4437
> Project: Struts 2
> Issue Type: Bug
> Components: Core Interceptors
>Affects Versions: 2.3.20
>Reporter: Chris Pratt
>Assignee: Lukasz Lenart
> Fix For: 2.3.21
>
>
> Sorry, I don't have an environment set up to create a patch, but I found an
> error in the {{CookieInterceptor.isAccepted()}} method. It currently looks
> like:
> {code:java}
> /**
> * Checks if name of Cookie match {@link #acceptedPattern}
> *
> * @param name of Cookie
> * @return true|false
> */
> protected boolean isAccepted(String name) {
> boolean matches = acceptedPattern.matcher(name).matches();
> if (matches) {
> if (LOG.isTraceEnabled()) {
> LOG.trace("Cookie [#0] matches acceptedPattern [#1]", name,
> ACCEPTED_PATTERN);
> }
> } else {
> if (LOG.isTraceEnabled()) {
> LOG.trace("Cookie [#0] doesn't match acceptedPattern [#1]", name,
> ACCEPTED_PATTERN);
> }
> }
> return matches;
> }
> {code}
> But it would be more useful if it actually reported the RegEx being used
> instead of the default. And, it would be more performant if the comparisons
> were reversed. So something more like:
> {code:java}
> /**
> * Checks if name of Cookie match {@link #acceptedPattern}
> *
> * @param name of Cookie
> * @return true|false
> */
> protected boolean isAccepted (String name) {
> boolean matches = acceptedPattern.matcher(name).matches();
> if(LOG.isTraceEnabled()) {
> if(matches) {
> LOG.trace("Cookie [#0] matches acceptedPattern
> [#1]",name,acceptedPattern.pattern());
> } else {
> LOG.trace("Cookie [#0] doesn't match acceptedPattern
> [#1]",name,acceptedPattern.pattern());
> }
> }
> return matches;
> }
> {code}
> In addition, it looks like the default and the override are handled
> differently. The current code compiles the default case-insensitive, but not
> the override pattern. Shouldn't that be consistent?
> {code:java}
> private Pattern acceptedPattern =
> Pattern.compile(ACCEPTED_PATTERN,Pattern.CASE_INSENSITIVE);
> public void setAcceptCookieNames (String pattern) {
> acceptedPattern = Pattern.compile(pattern);
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (WW-4437) Bug in CookieInterceptor
[
https://issues.apache.org/jira/browse/WW-4437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14260013#comment-14260013
]
Hudson commented on WW-4437:
SUCCESS: Integrated in Struts-JDK7-pull-request #21 (See
[https://builds.apache.org/job/Struts-JDK7-pull-request/21/])
WW-4437 Fixes problem with accepted params (lukaszlenart: rev
40822d67f5b6b667bb2760986cb78efc9e2e3ac4)
* core/src/main/java/org/apache/struts2/interceptor/CookieInterceptor.java
* core/src/test/java/org/apache/struts2/interceptor/CookieInterceptorTest.java
> Bug in CookieInterceptor
>
>
> Key: WW-4437
> URL: https://issues.apache.org/jira/browse/WW-4437
> Project: Struts 2
> Issue Type: Bug
> Components: Core Interceptors
>Affects Versions: 2.3.20
>Reporter: Chris Pratt
>Assignee: Lukasz Lenart
> Fix For: 2.3.21
>
>
> Sorry, I don't have an environment set up to create a patch, but I found an
> error in the {{CookieInterceptor.isAccepted()}} method. It currently looks
> like:
> {code:java}
> /**
> * Checks if name of Cookie match {@link #acceptedPattern}
> *
> * @param name of Cookie
> * @return true|false
> */
> protected boolean isAccepted(String name) {
> boolean matches = acceptedPattern.matcher(name).matches();
> if (matches) {
> if (LOG.isTraceEnabled()) {
> LOG.trace("Cookie [#0] matches acceptedPattern [#1]", name,
> ACCEPTED_PATTERN);
> }
> } else {
> if (LOG.isTraceEnabled()) {
> LOG.trace("Cookie [#0] doesn't match acceptedPattern [#1]", name,
> ACCEPTED_PATTERN);
> }
> }
> return matches;
> }
> {code}
> But it would be more useful if it actually reported the RegEx being used
> instead of the default. And, it would be more performant if the comparisons
> were reversed. So something more like:
> {code:java}
> /**
> * Checks if name of Cookie match {@link #acceptedPattern}
> *
> * @param name of Cookie
> * @return true|false
> */
> protected boolean isAccepted (String name) {
> boolean matches = acceptedPattern.matcher(name).matches();
> if(LOG.isTraceEnabled()) {
> if(matches) {
> LOG.trace("Cookie [#0] matches acceptedPattern
> [#1]",name,acceptedPattern.pattern());
> } else {
> LOG.trace("Cookie [#0] doesn't match acceptedPattern
> [#1]",name,acceptedPattern.pattern());
> }
> }
> return matches;
> }
> {code}
> In addition, it looks like the default and the override are handled
> differently. The current code compiles the default case-insensitive, but not
> the override pattern. Shouldn't that be consistent?
> {code:java}
> private Pattern acceptedPattern =
> Pattern.compile(ACCEPTED_PATTERN,Pattern.CASE_INSENSITIVE);
> public void setAcceptCookieNames (String pattern) {
> acceptedPattern = Pattern.compile(pattern);
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (WW-4437) Bug in CookieInterceptor
[
https://issues.apache.org/jira/browse/WW-4437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14256955#comment-14256955
]
Hudson commented on WW-4437:
SUCCESS: Integrated in Struts-JDK6-develop #113 (See
[https://builds.apache.org/job/Struts-JDK6-develop/113/])
WW-4437 Fixes problem with accepted params (lukaszlenart: rev
40822d67f5b6b667bb2760986cb78efc9e2e3ac4)
* core/src/test/java/org/apache/struts2/interceptor/CookieInterceptorTest.java
* core/src/main/java/org/apache/struts2/interceptor/CookieInterceptor.java
> Bug in CookieInterceptor
>
>
> Key: WW-4437
> URL: https://issues.apache.org/jira/browse/WW-4437
> Project: Struts 2
> Issue Type: Bug
> Components: Core Interceptors
>Affects Versions: 2.3.20
>Reporter: Chris Pratt
>Assignee: Lukasz Lenart
> Fix For: 2.3.21
>
>
> Sorry, I don't have an environment set up to create a patch, but I found an
> error in the {{CookieInterceptor.isAccepted()}} method. It currently looks
> like:
> {code:java}
> /**
> * Checks if name of Cookie match {@link #acceptedPattern}
> *
> * @param name of Cookie
> * @return true|false
> */
> protected boolean isAccepted(String name) {
> boolean matches = acceptedPattern.matcher(name).matches();
> if (matches) {
> if (LOG.isTraceEnabled()) {
> LOG.trace("Cookie [#0] matches acceptedPattern [#1]", name,
> ACCEPTED_PATTERN);
> }
> } else {
> if (LOG.isTraceEnabled()) {
> LOG.trace("Cookie [#0] doesn't match acceptedPattern [#1]", name,
> ACCEPTED_PATTERN);
> }
> }
> return matches;
> }
> {code}
> But it would be more useful if it actually reported the RegEx being used
> instead of the default. And, it would be more performant if the comparisons
> were reversed. So something more like:
> {code:java}
> /**
> * Checks if name of Cookie match {@link #acceptedPattern}
> *
> * @param name of Cookie
> * @return true|false
> */
> protected boolean isAccepted (String name) {
> boolean matches = acceptedPattern.matcher(name).matches();
> if(LOG.isTraceEnabled()) {
> if(matches) {
> LOG.trace("Cookie [#0] matches acceptedPattern
> [#1]",name,acceptedPattern.pattern());
> } else {
> LOG.trace("Cookie [#0] doesn't match acceptedPattern
> [#1]",name,acceptedPattern.pattern());
> }
> }
> return matches;
> }
> {code}
> In addition, it looks like the default and the override are handled
> differently. The current code compiles the default case-insensitive, but not
> the override pattern. Shouldn't that be consistent?
> {code:java}
> private Pattern acceptedPattern =
> Pattern.compile(ACCEPTED_PATTERN,Pattern.CASE_INSENSITIVE);
> public void setAcceptCookieNames (String pattern) {
> acceptedPattern = Pattern.compile(pattern);
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (WW-4437) Bug in CookieInterceptor
[
https://issues.apache.org/jira/browse/WW-4437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14256934#comment-14256934
]
ASF subversion and git services commented on WW-4437:
-
Commit 40822d67f5b6b667bb2760986cb78efc9e2e3ac4 in struts's branch
refs/heads/develop from [~lukaszlenart]
[ https://git-wip-us.apache.org/repos/asf?p=struts.git;h=40822d6 ]
WW-4437 Fixes problem with accepted params
> Bug in CookieInterceptor
>
>
> Key: WW-4437
> URL: https://issues.apache.org/jira/browse/WW-4437
> Project: Struts 2
> Issue Type: Bug
> Components: Core Interceptors
>Affects Versions: 2.3.20
>Reporter: Chris Pratt
>Assignee: Lukasz Lenart
> Fix For: 2.3.21
>
>
> Sorry, I don't have an environment set up to create a patch, but I found an
> error in the {{CookieInterceptor.isAccepted()}} method. It currently looks
> like:
> {code:java}
> /**
> * Checks if name of Cookie match {@link #acceptedPattern}
> *
> * @param name of Cookie
> * @return true|false
> */
> protected boolean isAccepted(String name) {
> boolean matches = acceptedPattern.matcher(name).matches();
> if (matches) {
> if (LOG.isTraceEnabled()) {
> LOG.trace("Cookie [#0] matches acceptedPattern [#1]", name,
> ACCEPTED_PATTERN);
> }
> } else {
> if (LOG.isTraceEnabled()) {
> LOG.trace("Cookie [#0] doesn't match acceptedPattern [#1]", name,
> ACCEPTED_PATTERN);
> }
> }
> return matches;
> }
> {code}
> But it would be more useful if it actually reported the RegEx being used
> instead of the default. And, it would be more performant if the comparisons
> were reversed. So something more like:
> {code:java}
> /**
> * Checks if name of Cookie match {@link #acceptedPattern}
> *
> * @param name of Cookie
> * @return true|false
> */
> protected boolean isAccepted (String name) {
> boolean matches = acceptedPattern.matcher(name).matches();
> if(LOG.isTraceEnabled()) {
> if(matches) {
> LOG.trace("Cookie [#0] matches acceptedPattern
> [#1]",name,acceptedPattern.pattern());
> } else {
> LOG.trace("Cookie [#0] doesn't match acceptedPattern
> [#1]",name,acceptedPattern.pattern());
> }
> }
> return matches;
> }
> {code}
> In addition, it looks like the default and the override are handled
> differently. The current code compiles the default case-insensitive, but not
> the override pattern. Shouldn't that be consistent?
> {code:java}
> private Pattern acceptedPattern =
> Pattern.compile(ACCEPTED_PATTERN,Pattern.CASE_INSENSITIVE);
> public void setAcceptCookieNames (String pattern) {
> acceptedPattern = Pattern.compile(pattern);
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
