struts-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lukaszlen...@apache.org
Subject svn commit: r1534123 - in /struts/struts2/trunk/xwork-core/src: main/java/com/opensymphony/xwork2/interceptor/ main/java/com/opensymphony/xwork2/ognl/ test/java/com/opensymphony/xwork2/interceptor/
Date Mon, 21 Oct 2013 12:19:52 GMT
Author: lukaszlenart
Date: Mon Oct 21 12:19:52 2013
New Revision: 1534123

URL: http://svn.apache.org/r1534123
Log:
WW-4109 WW-4154 Reverts to previous behaviour where both ParametersInterceptor and ParameterNameAware
must accept parameter

Modified:
    struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParameterNameAware.java
    struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java
    struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
    struts/struts2/trunk/xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java

Modified: struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParameterNameAware.java
URL: http://svn.apache.org/viewvc/struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParameterNameAware.java?rev=1534123&r1=1534122&r2=1534123&view=diff
==============================================================================
--- struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParameterNameAware.java
(original)
+++ struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParameterNameAware.java
Mon Oct 21 12:19:52 2013
@@ -17,19 +17,10 @@ package com.opensymphony.xwork2.intercep
 
 /**
  * <!-- START SNIPPET: javadoc -->
- *
  * This interface is implemented by actions that want to declare acceptable parameters. Works
in conjunction with {@link
  * ParametersInterceptor}. For example, actions may want to create a whitelist of parameters
they will accept or a
  * blacklist of paramters they will reject to prevent clients from setting other unexpected
(and possibly dangerous)
  * parameters.
- * 
- * Using {@link ParameterNameAware} could be dangerous as {@link ParameterNameAware#acceptableParameterName(String)}
takes precedence
- * over {@link ParametersInterceptor} which means if ParametersInterceptor excluded given
parameter name you can accept it with
- * {@link ParameterNameAware#acceptableParameterName(String)}.
- *
- * The best idea is to define very tight restrictions with ParametersInterceptor and relax
them per action with
- * {@link ParameterNameAware#acceptableParameterName(String)}
- *
  * <!-- END SNIPPET: javadoc -->
  *
  * @author Bob Lee (crazybob@google.com)

Modified: struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java
URL: http://svn.apache.org/viewvc/struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java?rev=1534123&r1=1534122&r2=1534123&view=diff
==============================================================================
--- struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java
(original)
+++ struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java
Mon Oct 21 12:19:52 2013
@@ -344,7 +344,7 @@ public class ParametersInterceptor exten
      */
     protected boolean isAcceptableParameter(String name, Object action) {
         ParameterNameAware parameterNameAware = (action instanceof ParameterNameAware) ?
(ParameterNameAware) action : null;
-        return acceptableName(name) || (parameterNameAware != null && parameterNameAware.acceptableParameterName(name));
+        return acceptableName(name) && (parameterNameAware == null || parameterNameAware.acceptableParameterName(name));
     }
 
     /**

Modified: struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
URL: http://svn.apache.org/viewvc/struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java?rev=1534123&r1=1534122&r2=1534123&view=diff
==============================================================================
--- struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
(original)
+++ struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
Mon Oct 21 12:19:52 2013
@@ -80,7 +80,7 @@ public class SecurityMemberAccess extend
             return true;
         }
 
-        if ((isAccepted(name) && !isExcluded(name)) || (propertiesJudge != null &&
propertiesJudge.acceptProperty(name))) {
+        if ((!isExcluded(name)) && isAccepted(name) && (propertiesJudge ==
null || propertiesJudge.acceptProperty(name))) {
             return true;
         }
         return false;

Modified: struts/struts2/trunk/xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java
URL: http://svn.apache.org/viewvc/struts/struts2/trunk/xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java?rev=1534123&r1=1534122&r2=1534123&view=diff
==============================================================================
--- struts/struts2/trunk/xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java
(original)
+++ struts/struts2/trunk/xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java
Mon Oct 21 12:19:52 2013
@@ -65,7 +65,6 @@ public class ParametersInterceptorTest e
             {
                 put("fooKey", "fooValue");
                 put("barKey", "barValue");
-                put("test%test", "test%test");
             }
         };
         Object a = new ParameterNameAware() {



Mime
View raw message