niedz., 26 sty 2020 o 12:08 Ing. Andrea Vettori <a.vett...@b2bires.com> napisał(a): > > Thanks for you answer. I’ll try to look into the struts sources but I’m not > sure to have understand your answer. > What I’m trying to understand is why when we use an input like > > <input type="text" name=“map[‘key']” …..> > > and we use an action with a > > Map<String,String> map > > property, the key must match (\\w|[\\u4e00-\\u9fa5])+ > > I tried to add this to my struts project > > struts.additional.acceptedPatterns=\\w+\\['(\\w|-)+'\\] > > and now keys with the minus symbol are working as expected and haven’t > noticed any other issues. > > I also tried the following code and it works as expected (i.e. it prints > {key-1=b, key=a}). > I have NOT looked into struts source (I’ll try) so excuse me if the example > is not relevant. > > > public void doWork() throws Exception { > > Bean bean = new Bean(); > Ognl.getValue("map['key']='a'", bean); > Ognl.getValue("map['key-1']='b'", bean); > > System.out.println(bean.getMap()); > > } > > class Bean { > private Map<String,String> map; > > public Bean() { > map = new HashMap<>(); > } > > public Map<String,String> getMap() { > return map; > } > > public void setMap(Map<String,String> map) { > this.map = map; > } > }
Maybe I will try to clarify this. "struts.additional.acceptedPatterns" was the very first idea before we introduced some other mechanisms in our Struts <-> OGNL integration bridge. One of those mechanisms is to avoid nested/eval/chained expressions [1], which basically blocks evaluating an expression-in-expression e.g. "${myValue[$otherValue-1]}" as such expression can be dangerous as they are run inside OGNL playground, out of Struts control. So maybe relaxing the patterns is a good idea but as till now nobody reported any problems with them, we decided to left them as is. [1] https://github.com/apache/struts/blob/master/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java#L445-L456 Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org