>> Do we call this a bug?
>
>Probably, but I don't if it's an S2 or OGNL issue.
>
>Dave
com.opensymphony.xwork2.interceptor.ParametersInterceptor
private String acceptedParamNames = "[a-zA-Z0-9\\.\\]\\[\\(\\)_'\\s]+";
private Pattern acceptedPattern = Pattern.compile(acceptedParamNames);
...
protected boolean acceptableName(String name) {
if (isAccepted(name) && !isExcluded(name)) {
return true;
}
return false;
}
protected boolean isAccepted(String paramName) {
if (!this.acceptParams.isEmpty()) {
for (Pattern pattern : acceptParams) {
Matcher matcher = pattern.matcher(paramName);
if (matcher.matches()) {
return true;
}
}
return false;
} else
return acceptedPattern.matcher(paramName).matches();
}
Using the sample app. the debugger lands on "return false" in
acceptableName and never makes it to isExcluded, so isAccepted appears to
be where it gets stopped (returns false). That must be on account of what
is considered "acceptedParamNames".
