Seems the regex is passing, but fails on :

Error setting expression 'action:myAction!save' with value ['Create', ] - Class: ognl.Ognl
File: Ognl.java
Method: parseExpression
Line: 179 - ognl/Ognl.java:179:-1

##

ognl.ExpressionSyntaxException: Malformed OGNL expression: action:myAction!save [ognl.ParseException: Encountered " ":" ": "" at line 1, column 7.
Was expecting one of:
    <EOF>
    "," ...
    "=" ...
    "?" ...
    "||" ...
    "or" ...
    "&&" ...
    "and" ...
    "|" ...
    "bor" ...
    "^" ...
    "xor" ...
    "&" ...
    "band" ...
    "==" ...
    "eq" ...
    "!=" ...
    "neq" ...
    "<" ...
    "lt" ...
    ">" ...
    "gt" ...
    "<=" ...
    "lte" ...
    ">=" ...
    "gte" ...
    "in" ...
    "not" ...
    "<<" ...
    "shl" ...
    ">>" ...
    "shr" ...
    ">>>" ...
    "ushr" ...
    "+" ...
    "-" ...
    "*" ...
    "/" ...
    "%" ...
    "instanceof" ...
    "." ...
    "(" ...
    "[" ...
    <DYNAMIC_SUBSCRIPT> ...
    "(" ...
    ]

####

Looking into this again, I am getting loads of these warnings in my logs

WARN  com.opensymphony.xwork2.interceptor.ParametersInterceptor ParametersInterceptor:isAccepted - Parameter [action:myAction!save] didn't match accepted pattern [[\w+((\.\w+)|(\[\d+])|(\(\d+\))|(\['(\w|[\u4e00-\u9fa5])+'])|(\('(\w|[\u4e00-\u9fa5])+'\)))*]]! See Accepted / Excluded patterns at https://struts.apache.org/security/#accepted--excluded-patterns


If I look at the com.opensymphony.xwork2.security.DefaultAcceptedPatternsChecker there are two patterns

ACCEPTED_PATTERNS and

DMI_AWARE_ACCEPTED_PATTERNS


There seems to be a @inject error on the DefaultAcceptedPatternsChecker method?  The @Inject should be above the public?

public DefaultAcceptedPatternsChecker(
            @Inject(value = StrutsConstants.STRUTS_ENABLE_DYNAMIC_METHOD_INVOCATION, required = false) String dmiValue
    ) {
        if (BooleanUtils.toBoolean(dmiValue)) {
            LOG.debug("DMI is enabled, adding DMI related accepted patterns");
            setAcceptedPatterns(DMI_AWARE_ACCEPTED_PATTERNS);
        } else {
            setAcceptedPatterns(ACCEPTED_PATTERNS);
        }
    }

If I fix this locally, setting the DMI_AWARE_ACCEPTED_PATTERNS now works, but there now seems something wrong with the regex as I now get a warning

Error setting expression 'action:myAction!cancel' with value ['Cancel', ]

ERROR com.opensymphony.xwork2.interceptor.ParametersInterceptor ParametersInterceptor:notifyDeveloperParameterException - Developer Notification (set struts.devMode to false to disable this message): Unexpected Exception caught setting 'action:myAction!cancel' on 'class my.com.MyAction: Error setting expression 'action:myAction!cancel' with value ['Cancel', ]

How does one check the regex on DMI_AWARE_ACCEPTED_PATTERNS ?

Cheers Greg

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Reply via email to