Mailing-List: contact commits-help@struts.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@struts.apache.org
Received-SPF: pass (asf.osuosl.org: local policy)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r437855 - in /struts/struts2/trunk/core/src/main:
 java/org/apache/struts2/StrutsConstants.java
 java/org/apache/struts2/dispatcher/mapper/DefaultActionMapper.java
 resources/org/apache/struts2/default.properties
Date: Mon, 28 Aug 2006 21:46:54 -0000
To: commits@struts.apache.org
From: plightbo@apache.org
Message-Id: <20060828214655.90DB21A981A@eris.apache.org>

Author: plightbo
Date: Mon Aug 28 14:46:53 2006
New Revision: 437855

URL: http://svn.apache.org/viewvc?rev=437855&view=rev
Log:
allow the switch to be a toggle, defaulted to false

Modified:
    struts/struts2/trunk/core/src/main/java/org/apache/struts2/StrutsConstants.java
    struts/struts2/trunk/core/src/main/java/org/apache/struts2/dispatcher/mapper/DefaultActionMapper.java
    struts/struts2/trunk/core/src/main/resources/org/apache/struts2/default.properties

Modified: struts/struts2/trunk/core/src/main/java/org/apache/struts2/StrutsConstants.java
URL: http://svn.apache.org/viewvc/struts/struts2/trunk/core/src/main/java/org/apache/struts2/StrutsConstants.java?rev=437855&r1=437854&r2=437855&view=diff
==============================================================================
--- struts/struts2/trunk/core/src/main/java/org/apache/struts2/StrutsConstants.java (original)
+++ struts/struts2/trunk/core/src/main/java/org/apache/struts2/StrutsConstants.java Mon Aug 28 14:46:53 2006
@@ -121,4 +121,7 @@
     
     /** If static content served by the Struts filter should set browser caching header properties or not */
     public static final String STRUTS_SERVE_STATIC_BROWSER_CACHE = "struts.serve.static.browserCache";
+
+    /** Allows one to disable dynamic method invocation from the URL */
+    public static final String STRUTS_DISABLE_DYNAMIC_METHOD_INVOCATIOn = "struts.core.disableDynamicMethodInvocation";
 }

Modified: struts/struts2/trunk/core/src/main/java/org/apache/struts2/dispatcher/mapper/DefaultActionMapper.java
URL: http://svn.apache.org/viewvc/struts/struts2/trunk/core/src/main/java/org/apache/struts2/dispatcher/mapper/DefaultActionMapper.java?rev=437855&r1=437854&r2=437855&view=diff
==============================================================================
--- struts/struts2/trunk/core/src/main/java/org/apache/struts2/dispatcher/mapper/DefaultActionMapper.java (original)
+++ struts/struts2/trunk/core/src/main/java/org/apache/struts2/dispatcher/mapper/DefaultActionMapper.java Mon Aug 28 14:46:53 2006
@@ -19,6 +19,7 @@
 
 import org.apache.struts2.RequestUtils;
 import org.apache.struts2.StrutsConstants;
+import org.apache.struts2.config.Settings;
 import org.apache.struts2.dispatcher.ServletRedirectResult;
 import org.apache.struts2.util.PrefixTrie;
 
@@ -148,6 +149,8 @@
     static final String REDIRECT_PREFIX = "redirect:";
     static final String REDIRECT_ACTION_PREFIX = "redirect-action:";
 
+    private static boolean disableDyanmicMethodCalls = "true".equals(Settings.get(StrutsConstants.STRUTS_SERVE_STATIC_BROWSER_CACHE));
+
     private PrefixTrie prefixTrie = null;
     public DefaultActionMapper() {
         prefixTrie = new PrefixTrie() {
@@ -205,18 +208,22 @@
 
         parseNameAndNamespace(uri, mapping, config);
 
-        handleSpecialParameters(request, mapping);
+        if (!disableDyanmicMethodCalls) {
+            handleSpecialParameters(request, mapping);
+        }
 
         if (mapping.getName() == null) {
             return null;
         }
 
-        // handle "name!method" convention.
-        String name = mapping.getName();
-        int exclamation = name.lastIndexOf("!");
-        if (exclamation != -1) {
-            mapping.setName(name.substring(0, exclamation));
-            mapping.setMethod(name.substring(exclamation + 1));
+        if (!disableDyanmicMethodCalls) {
+            // handle "name!method" convention.
+            String name = mapping.getName();
+            int exclamation = name.lastIndexOf("!");
+            if (exclamation != -1) {
+                mapping.setName(name.substring(0, exclamation));
+                mapping.setMethod(name.substring(exclamation + 1));
+            }
         }
 
         return mapping;

Modified: struts/struts2/trunk/core/src/main/resources/org/apache/struts2/default.properties
URL: http://svn.apache.org/viewvc/struts/struts2/trunk/core/src/main/resources/org/apache/struts2/default.properties?rev=437855&r1=437854&r2=437855&view=diff
==============================================================================
--- struts/struts2/trunk/core/src/main/resources/org/apache/struts2/default.properties (original)
+++ struts/struts2/trunk/core/src/main/resources/org/apache/struts2/default.properties Mon Aug 28 14:46:53 2006
@@ -71,6 +71,11 @@
 ###            headers)
 struts.serve.static.browserCache=true
 
+### Set this to true if you wish to disable all forms of dynamic method invocation
+### via the URL request. This includes URLs like foo!bar.action, as well as params
+### like method:bar. See the DefaultActionMapper for more info.
+struts.core.disableDynamicMethodInvocation = false
+
 ### use alternative syntax that requires %{} in most places
 ### to evaluate expressions for String attributes for tags
 struts.tag.altSyntax=true