Hello,
Today I had an issue with one of our web sites using struts and found it traces
back to the default accepted patterns in DefaultAcceptedPatternsChecker.
May I ask why the key values for “map like” parameters (i.e. map[‘key’]) are
limited in such a strict way ? In our case I had a minus sign in the key. Is
there any security consideration behind this ?
Thank you!
public static final String[] ACCEPTED_PATTERNS = {
"\\w+((\\.\\w+)|(\\[\\d+\\])|(\\(\\d+\\))|(\\['(\\w|[\\u4e00-\\u9fa5])+'\\])|(\\('(\\w|[\\u4e00-\\u9fa5])+'\\)))*"
};
—
Ing. Andrea Vettori
Responsabile Sistemi Informativi
