2014-11-07 16:27 GMT+01:00 Volker Krebs <volker.kr...@abas.de>: > Ok, it has to do with the acceptParamNames in ParametersInterceptor > I'll have the following config for my action: > <interceptor-ref name="params"> > <param name="acceptParamNames">orderTimeID</param> > </interceptor-ref> > > In my action I have a property named "orderinfo". > In 2.3.16.3 the ParametersInterceptor only set "orderTimeID". > Calls to "orderinfo" were blocked. This is what I was expecting, a pure > white list approach, block everything which is not "orderTimeID". > > In 2.3.18 the ParametersInterceptor tried to set orderinfo. Only when > explicitly excluding it, everything worked as before. > <interceptor-ref name="params"> > <param name="acceptParamNames">orderTimeID</param> > <param name="excludeParams">ordertime\..*</param> > </interceptor-ref>
Does it mean you have workaround but excluding params mechanism is broken? As I understand you had to directly exclude orderinfo param? Regards -- Ćukasz + 48 606 323 122 http://www.lenart.org.pl/ --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
