2014-11-13 10:57 GMT+01:00 Volker Krebs <volker.kr...@abas.de>: > For exclude pattern I would use addExcludedPatterns and for accept patterns > I would use setAcceptedPatterns. > IMO, just by setting (adding) an exclude pattern it shouldn't be possible to > overwrite security relevant excludes.
This is a good idea except this changes the previous behaviour - that's why I have reverted everything to not surprise users. We can think about that when I start working on 2.5 > But I don't know exactly what the purpose of > DefaultAcceptedPatternsChecker.ACCEPTED_PATTERNS is. So I'm skating a bit on > thin ice here. Yeah... the same here :-) I assume this is good and works for you? Regards -- Ćukasz + 48 606 323 122 http://www.lenart.org.pl/ --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
