struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Johno Crawford (JIRA)" <>
Subject [jira] [Commented] (WW-4094) struts.allowed.action.names inconsistency
Date Thu, 06 Jun 2013 06:16:20 GMT


Johno Crawford commented on WW-4094:

I was more worried about bots spamming the logs, I will let you know how it goes.
> struts.allowed.action.names inconsistency
> -----------------------------------------
>                 Key: WW-4094
>                 URL:
>             Project: Struts 2
>          Issue Type: Bug
>    Affects Versions:
>            Reporter: Andreas Sachs
>            Assignee: Lukasz Lenart
>            Priority: Minor
>             Fix For: 2.3.15
> I think there is a inconsistency in DefaultActionMapper.cleanupActionName
> According to struts.allowed.action.names
defines a regex the action name must match.
> The default regex is: {noformat}[a-z]*[A-Z]*[0-9]*[.\-_!/]*{noformat}
> I have an action with the name "core_blz"
> This action name does not match the regex (underscore is not at the end)(maybe the default
value should be changed).
> {noformat}DefaultActionMapper reports Action [#0] do not match allowed action names pattern
[#1], cleaning it up!{noformat}
> But the cleaned action name is still core_blz.
> If this function is only to remove suspicious characters, then the warning should not
be displayed.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

View raw message