Return-Path: <commits-return-15949-archive-asf-public=cust-asf.ponee.io@struts.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id B104D200B9F
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Tue, 11 Oct 2016 10:14:40 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id AFD1E160AF3; Tue, 11 Oct 2016 08:14:40 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 018C8160AD2
	for <archive-asf-public@cust-asf.ponee.io>; Tue, 11 Oct 2016 10:14:39 +0200 (CEST)
Received: (qmail 59954 invoked by uid 500); 11 Oct 2016 08:14:39 -0000
Mailing-List: contact commits-help@struts.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@struts.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@struts.apache.org>
List-Post: <mailto:commits@struts.apache.org>
List-Id: <commits.struts.apache.org>
Reply-To: dev@struts.apache.org
Delivered-To: mailing list commits@struts.apache.org
Received: (qmail 59944 invoked by uid 99); 11 Oct 2016 08:14:39 -0000
Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 11 Oct 2016 08:14:39 +0000
Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33)
	id E7D69DFE65; Tue, 11 Oct 2016 08:14:38 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: lukaszlenart@apache.org
To: commits@struts.apache.org
Date: Tue, 11 Oct 2016 08:14:38 -0000
Message-Id: <4feb0eff9639433cafc3763049e8d3c1@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: [1/2] struts git commit: WW-4697 If DMI is enabled,
 exclude action|method params
archived-at: Tue, 11 Oct 2016 08:14:40 -0000

Repository: struts
Updated Branches:
  refs/heads/master dbf2bcb5c -> 5975b7aac


WW-4697 If DMI is enabled, exclude action|method params


Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/58016388
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/58016388
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/58016388

Branch: refs/heads/master
Commit: 580163880c11af3b0f41538c93af5930ba41ab14
Parents: dbf2bcb
Author: Lukasz Lenart <lukaszlenart@apache.org>
Authored: Tue Oct 11 08:28:28 2016 +0200
Committer: Lukasz Lenart <lukaszlenart@apache.org>
Committed: Tue Oct 11 08:28:28 2016 +0200

----------------------------------------------------------------------
 .../xwork2/security/DefaultExcludedPatternsChecker.java | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/struts/blob/58016388/core/src/main/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsChecker.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsChecker.java b/core/src/main/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsChecker.java
index 84840f5..e8f7282 100644
--- a/core/src/main/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsChecker.java
+++ b/core/src/main/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsChecker.java
@@ -3,8 +3,10 @@ package com.opensymphony.xwork2.security;
 import com.opensymphony.xwork2.XWorkConstants;
 import com.opensymphony.xwork2.inject.Inject;
 import com.opensymphony.xwork2.util.TextParseUtil;
+import org.apache.commons.lang3.BooleanUtils;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
+import org.apache.struts2.StrutsConstants;
 
 import java.util.Arrays;
 import java.util.HashSet;
@@ -17,8 +19,7 @@ public class DefaultExcludedPatternsChecker implements ExcludedPatternsChecker {
 
     public static final String[] EXCLUDED_PATTERNS = {
         "(^|\\%\\{)((#?)(top(\\.|\\['|\\[\")|\\[\\d\\]\\.)?)(dojo|struts|session|request|response|application|servlet(Request|Response|Context)|parameters|context|_memberAccess)(\\.|\\[).*",
-        ".*(^|\\.|\\[|\\'|\"|get)class(\\(\\.|\\[|\\'|\").*",
-        "^(action|method):.*"
+        ".*(^|\\.|\\[|\\'|\"|get)class(\\(\\.|\\[|\\'|\").*"
     };
 
     private Set<Pattern> excludedPatterns;
@@ -45,6 +46,13 @@ public class DefaultExcludedPatternsChecker implements ExcludedPatternsChecker {
         }
     }
 
+    @Inject(value = StrutsConstants.STRUTS_ENABLE_DYNAMIC_METHOD_INVOCATION, required = false)
+    public void setDynamicMethodInvocation(String dmiValue) {
+        if (BooleanUtils.toBoolean(dmiValue)) {
+            setAdditionalExcludePatterns("^(action|method):.*");
+        }
+    }
+
     public void setExcludedPatterns(String commaDelimitedPatterns) {
         setExcludedPatterns(TextParseUtil.commaDelimitedStringToSet(commaDelimitedPatterns));
     }