Uploaded image for project: 'Struts 2'
  1. Struts 2
  2. WW-4098

DefaultActionMapper is cleaning up correct action names

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Duplicate
    • 2.3.14.3
    • 2.3.15
    • Core Actions
    • None
    • Important

    Description

      With the new security release I'm seeing warnings in my logs for 'correct' action names:

      08:57:39,711 WARN [DefaultActionMapper] Action [getCamelCase] do not match allowed action names pattern [[a-z][A-Z][0-9][.\-_!/]], cleaning it up!

      It seems to be linked to actions in camelCase. I believe those are correct.

      The current pattern to check is the following: [a-z][A-Z][0-9][.\\-_!/]
      I think it should be something like follows: [a-zA-Z0-9.\\-_!/]*

      I did a quick test with the following results:

      	public static void main(String[] args)
	{
		String currentPattern = "[a-z]*[A-Z]*[0-9]*[.\\-_!/]*";
		String newPattern = "[a-zA-Z0-9.\\-_!/]*";

		System.out.println("test".matches(currentPattern)); //true
		System.out.println("testCamel".matches(currentPattern)); //false

		System.out.println("test".matches(newPattern));  //true
		System.out.println("testCamel".matches(newPattern)); //true
}

      Please beware that I am not a regex specialist so review it carefully.

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. WW-4094 struts.allowed.action.names inconsistency

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Activity

            People

              lukaszlenart Lukasz Lenart
              tbriers Tom Briers
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: