Return-Path: X-Original-To: apmail-struts-issues-archive@minotaur.apache.org Delivered-To: apmail-struts-issues-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id AB0871023C for ; Thu, 6 Jun 2013 07:16:21 +0000 (UTC) Received: (qmail 50860 invoked by uid 500); 6 Jun 2013 07:16:21 -0000 Delivered-To: apmail-struts-issues-archive@struts.apache.org Received: (qmail 50838 invoked by uid 500); 6 Jun 2013 07:16:20 -0000 Mailing-List: contact issues-help@struts.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@struts.apache.org Delivered-To: mailing list issues@struts.apache.org Received: (qmail 50825 invoked by uid 99); 6 Jun 2013 07:16:20 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 06 Jun 2013 07:16:20 +0000 Date: Thu, 6 Jun 2013 07:16:19 +0000 (UTC) From: "Tom Briers (JIRA)" To: issues@struts.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Updated] (WW-4098) DefaultActionMapper is cleaning up correct action names MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/WW-4098?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Tom Briers updated WW-4098: --------------------------- Description: With the new security release I'm seeing warning in my logs for 'correct' action names: 08:57:39,711 WARN [DefaultActionMapper] Action [getCamelCase] do not match allowed action names pattern [[a-z]*[A-Z]*[0-9]*[.\-_!/]*], cleaning it up! It seems to be linked to actions in camelCase. I believe those are correct. The current pattern to check is the following: [a-z]*[A-Z]*[0-9]*[.\\-_!/]* I think it should be something like follows: [a-zA-Z0-9.\\-_!/]* I did a quick test with the following results: {code} public static void main(String[] args) { String currentPattern = "[a-z]*[A-Z]*[0-9]*[.\\-_!/]*"; String newPattern = "[a-zA-Z0-9.\\-_!/]*"; System.out.println("test".matches(currentPattern)); //true System.out.println("testCamel".matches(currentPattern)); //false System.out.println("test".matches(newPattern)); //true System.out.println("testCamel".matches(newPattern)); //true } {code} Please beware that I am not a regex specialist so review it carefully. was: With the new security release I'm seeing warning in my logs for 'correct' action names: 08:57:39,711 WARN [DefaultActionMapper] Action [getCamelCase] do not match allowed action names pattern [[a-z]*[A-Z]*[0-9]*[.\-_!/]*], cleaning it up! It seems to be linked to actions in camelCase. I believe those are correct. The current pattern to check is the following: [a-z]*[A-Z]*[0-9]*[.\\-_!/]* I think it should be something like follows: [a-zA-Z0-9.\\-_!/]* I did a quick test with the following results: {code} public static void main(String[] args) { String currentPattern = "[a-z]*[A-Z]*[0-9]*[.\\-_!/]*"; String newPattern = "[a-zA-Z0-9.\\-_!/]*"; System.out.println("test".matches(currentPattern)); //true System.out.println("testCamel".matches(currentPattern)); //false System.out.println("test".matches(newPattern)); //true System.out.println("testCamel".matches(newPattern)); //true } {code} Please beware that I am not a regex specialist some review it carefully. > DefaultActionMapper is cleaning up correct action names > ------------------------------------------------------- > > Key: WW-4098 > URL: https://issues.apache.org/jira/browse/WW-4098 > Project: Struts 2 > Issue Type: Bug > Components: Core Actions > Affects Versions: 2.3.14.3 > Reporter: Tom Briers > > With the new security release I'm seeing warning in my logs for 'correct' action names: > 08:57:39,711 WARN [DefaultActionMapper] Action [getCamelCase] do not match allowed action names pattern [[a-z]*[A-Z]*[0-9]*[.\-_!/]*], cleaning it up! > It seems to be linked to actions in camelCase. I believe those are correct. > The current pattern to check is the following: [a-z]*[A-Z]*[0-9]*[.\\-_!/]* > I think it should be something like follows: [a-zA-Z0-9.\\-_!/]* > I did a quick test with the following results: > {code} > public static void main(String[] args) > { > String currentPattern = "[a-z]*[A-Z]*[0-9]*[.\\-_!/]*"; > String newPattern = "[a-zA-Z0-9.\\-_!/]*"; > System.out.println("test".matches(currentPattern)); //true > System.out.println("testCamel".matches(currentPattern)); //false > System.out.println("test".matches(newPattern)); //true > System.out.println("testCamel".matches(newPattern)); //true > } > {code} > Please beware that I am not a regex specialist so review it carefully. > -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira