struts-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lukaszlen...@apache.org
Subject [struts] 01/01: WW-5056 Accepts dashes in param names
Date Sun, 03 Jan 2021 09:37:55 GMT
This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a commit to branch WW-5056-allows-dash
in repository https://gitbox.apache.org/repos/asf/struts.git

commit 23169941e723ca1a86f9c270b347a76f8c186fc7
Author: Lukasz Lenart <lukaszlenart@apache.org>
AuthorDate: Sun Jan 3 10:37:45 2021 +0100

    WW-5056 Accepts dashes in param names
---
 .../security/DefaultAcceptedPatternsChecker.java   |  4 +-
 .../DefaultAcceptedPatternsCheckerTest.java        | 59 ++++++++++++++++++++++
 2 files changed, 61 insertions(+), 2 deletions(-)

diff --git a/core/src/main/java/com/opensymphony/xwork2/security/DefaultAcceptedPatternsChecker.java
b/core/src/main/java/com/opensymphony/xwork2/security/DefaultAcceptedPatternsChecker.java
index 0489147..9b1704c 100644
--- a/core/src/main/java/com/opensymphony/xwork2/security/DefaultAcceptedPatternsChecker.java
+++ b/core/src/main/java/com/opensymphony/xwork2/security/DefaultAcceptedPatternsChecker.java
@@ -36,11 +36,11 @@ public class DefaultAcceptedPatternsChecker implements AcceptedPatternsChecker
{
     private static final Logger LOG = LogManager.getLogger(DefaultAcceptedPatternsChecker.class);
 
     public static final String[] ACCEPTED_PATTERNS = {
-            "\\w+((\\.\\w+)|(\\[\\d+])|(\\(\\d+\\))|(\\['(\\w|[\\u4e00-\\u9fa5])+'])|(\\('(\\w|[\\u4e00-\\u9fa5])+'\\)))*"
+            "\\w+((\\.\\w+)|(\\[\\d+])|(\\(\\d+\\))|(\\['(\\w-?|[\\u4e00-\\u9fa5]-?)+'])|(\\('(\\w-?|[\\u4e00-\\u9fa5]-?)+'\\)))*"
     };
 
     public static final String[] DMI_AWARE_ACCEPTED_PATTERNS = {
-            "\\w+([:]?\\w+)?((\\.\\w+)|(\\[\\d+])|(\\(\\d+\\))|(\\['(\\w|[\\u4e00-\\u9fa5])+'])|(\\('(\\w|[\\u4e00-\\u9fa5])+'\\)))*([!]?\\w+)?"
+            "\\w+([:]?\\w+)?((\\.\\w+)|(\\[\\d+])|(\\(\\d+\\))|(\\['(\\w-?|[\\u4e00-\\u9fa5]-?)+'])|(\\('(\\w-?|[\\u4e00-\\u9fa5]-?)+'\\)))*([!]?\\w+)?"
     };
 
     private Set<Pattern> acceptedPatterns;
diff --git a/core/src/test/java/com/opensymphony/xwork2/security/DefaultAcceptedPatternsCheckerTest.java
b/core/src/test/java/com/opensymphony/xwork2/security/DefaultAcceptedPatternsCheckerTest.java
index 1dc8d8a..b778fd2 100644
--- a/core/src/test/java/com/opensymphony/xwork2/security/DefaultAcceptedPatternsCheckerTest.java
+++ b/core/src/test/java/com/opensymphony/xwork2/security/DefaultAcceptedPatternsCheckerTest.java
@@ -57,6 +57,7 @@ public class DefaultAcceptedPatternsCheckerTest extends XWorkTestCase {
             add("%{#parameters.test}");
             add("%{#Parameters['test']}");
             add("%{#Parameters.test}");
+            add("%{#Parameters['test-1']}");
         }
     };
 
@@ -97,6 +98,35 @@ public class DefaultAcceptedPatternsCheckerTest extends XWorkTestCase {
         assertTrue("Param with underscore wasn't accepted!", actual.isAccepted());
     }
 
+    public void testDashInParamName() {
+        // given
+        AcceptedPatternsChecker checker = new DefaultAcceptedPatternsChecker();
+
+        // when
+        AcceptedPatternsChecker.IsAccepted actual = checker.isAccepted("mapParam['param-1']");
+
+        // then
+        assertTrue("Param with dasf wasn't accepted!", actual.isAccepted());
+
+        // when
+        actual = checker.isAccepted("mapParam['-param-1']");
+
+        // then
+        assertFalse("Param with dash was accepted!", actual.isAccepted());
+
+        // when
+        actual = checker.isAccepted("-param");
+
+        // then
+        assertFalse("Param with dash was accepted!", actual.isAccepted());
+
+        // when
+        actual = checker.isAccepted("param1-param2");
+
+        // then
+        assertFalse("Param with dash was accepted!", actual.isAccepted());
+    }
+
     public void testUnderscoreInParamNameWithDmiEnabled() {
         // given
         AcceptedPatternsChecker checker = new DefaultAcceptedPatternsChecker(Boolean.TRUE.toString());
@@ -174,4 +204,33 @@ public class DefaultAcceptedPatternsCheckerTest extends XWorkTestCase
{
 
         assertTrue("dmi isn't accepted", accepted.isAccepted());
     }
+
+    public void testDmiIsEnabledAndDash() {
+        // given
+        DefaultAcceptedPatternsChecker checker = new DefaultAcceptedPatternsChecker(Boolean.TRUE.toString());
+
+        // when
+        AcceptedPatternsChecker.IsAccepted accepted = checker.isAccepted("map['param-1']");
+
+        // then
+        assertTrue("Dash isn't accepted", accepted.isAccepted());
+
+        // when
+        accepted = checker.isAccepted("map['-param-1']");
+
+        // then
+        assertFalse("Dash was accepted", accepted.isAccepted());
+
+        // when
+        accepted = checker.isAccepted("-param");
+
+        // then
+        assertFalse("Dash was accepted", accepted.isAccepted());
+
+        // when
+        accepted = checker.isAccepted("param1-param2");
+
+        // then
+        assertFalse("Dash was accepted", accepted.isAccepted());
+    }
 }
\ No newline at end of file


Mime
View raw message