Am 13.11.2014 um 11:22 schrieb Lukasz Lenart:
2014-11-13 10:57 GMT+01:00 Volker Krebs <volker.kr...@abas.de>:
For exclude pattern I would use addExcludedPatterns and for accept patterns
I would use setAcceptedPatterns.
IMO, just by setting (adding) an exclude pattern it shouldn't be possible to
overwrite security relevant excludes.
This is a good idea except this changes the previous behaviour -
that's why I have reverted everything to not surprise users. We can
think about that when I start working on 2.5
But I don't know exactly what the purpose of
DefaultAcceptedPatternsChecker.ACCEPTED_PATTERNS is. So I'm skating a bit on
thin ice here.
Yeah... the same here :-)
I assume this is good and works for you?
Yes, thats good.
I have extended my example a bit and will prepare a PR.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org
