niedz., 26 sty 2020 o 12:08 Ing. Andrea Vettori
<[email protected]> napisał(a):
>
> Thanks for you answer. I’ll try to look into the struts sources but I’m not
> sure to have understand your answer.
> What I’m trying to understand is why when we use an input like
>
> <input type="text" name=“map[‘key']” …..>
>
> and we use an action with a
>
> Map<String,String> map
>
> property, the key must match (\\w|[\\u4e00-\\u9fa5])+
>
> I tried to add this to my struts project
>
> struts.additional.acceptedPatterns=\\w+\\['(\\w|-)+'\\]
>
> and now keys with the minus symbol are working as expected and haven’t
> noticed any other issues.
>
> I also tried the following code and it works as expected (i.e. it prints
> {key-1=b, key=a}).
> I have NOT looked into struts source (I’ll try) so excuse me if the example
> is not relevant.
>
>
> public void doWork() throws Exception {
>
> Bean bean = new Bean();
> Ognl.getValue("map['key']='a'", bean);
> Ognl.getValue("map['key-1']='b'", bean);
>
> System.out.println(bean.getMap());
>
> }
>
> class Bean {
> private Map<String,String> map;
>
> public Bean() {
> map = new HashMap<>();
> }
>
> public Map<String,String> getMap() {
> return map;
> }
>
> public void setMap(Map<String,String> map) {
> this.map = map;
> }
> }
Maybe I will try to clarify this. "struts.additional.acceptedPatterns"
was the very first idea before we introduced some other mechanisms in
our Struts <-> OGNL integration bridge. One of those mechanisms is to
avoid nested/eval/chained expressions [1], which basically blocks
evaluating an expression-in-expression e.g.
"${myValue[$otherValue-1]}" as such expression can be dangerous as
they are run inside OGNL playground, out of Struts control.
So maybe relaxing the patterns is a good idea but as till now nobody
reported any problems with them, we decided to left them as is.
[1]
https://github.com/apache/struts/blob/master/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java#L445-L456
Regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
