Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 54335200B88 for ; Thu, 18 Aug 2016 04:56:24 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 531EE160AB5; Thu, 18 Aug 2016 02:56:24 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id A0D0D160ABB for ; Thu, 18 Aug 2016 04:56:23 +0200 (CEST) Received: (qmail 25781 invoked by uid 500); 18 Aug 2016 02:56:22 -0000 Mailing-List: contact issues-help@struts.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@struts.apache.org Delivered-To: mailing list issues@struts.apache.org Received: (qmail 25479 invoked by uid 99); 18 Aug 2016 02:56:22 -0000 Received: from arcas.apache.org (HELO arcas) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 18 Aug 2016 02:56:22 +0000 Received: from arcas.apache.org (localhost [127.0.0.1]) by arcas (Postfix) with ESMTP id 4C1CD2C02AE for ; Thu, 18 Aug 2016 02:56:22 +0000 (UTC) Date: Thu, 18 Aug 2016 02:56:22 +0000 (UTC) From: "Zoran Avtarovski (JIRA)" To: issues@struts.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (WW-4677) I18N Interceptor Automatically validates locales MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Thu, 18 Aug 2016 02:56:24 -0000 [ https://issues.apache.org/jira/browse/WW-4677?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15425837#comment-15425837 ] Zoran Avtarovski commented on WW-4677: -------------------------------------- Thanks Lukasz, I see the issue nut in reality, it's only an issue if you display the locale. Which can be accommodated by setting the default behaviour to validate. We could add some simple validation to ensure no special characters are included in the request. All I did was run a simple regex to remove potentially dangerous characters : {code:java} String result = localeParameter.replaceAll("[%{}+.^:,]",""); {code} I'll leave it up to you guys. Just let me know if you'd like me to submit a patch. I looked at it a little further and I think using a struts constant is the least intrusive way. Z. > I18N Interceptor Automatically validates locales > ------------------------------------------------ > > Key: WW-4677 > URL: https://issues.apache.org/jira/browse/WW-4677 > Project: Struts 2 > Issue Type: Improvement > Components: Core Interceptors > Affects Versions: 2.5 > Environment: 2.5.1 running on Java 8, RHEL Linux 6/7 > Reporter: Zoran Avtarovski > Fix For: 2.5.3 > > > There is an annoying issue with the I18N Interceptor, which now validates locales against the list of default available locales in this bit of code: > {code:java} > if (locale != null && Arrays.asList(Locale.getAvailableLocales()).contains(locale)) { > locale = Locale.getDefault(); > } > {code} > The problem is I have a web app for refugees and not all the languages are in the available locales array. This must be relatively new as it worked in the old version 2.x ish. > Ideally it would be great if we could add a parameter (or constant) to bi-pass the validation. > For example a tag in the struts.xml file: > {code:xml} > > > false > > > {code} > and then access it in the interceptor to override default behaviour. -- This message was sent by Atlassian JIRA (v6.3.4#6332)