Hi Greg, To me it looks like an app config problem because I'm wondering why it tries to set a value to action name?! i.e. considers the action name an an http parameter?!
Regards. On 1/20/2021 12:22 PM, Greg Huber wrote: > Seems the regex is passing, but fails on : > > Error setting expression 'action:myAction!save' with value ['Create', ] > - Class: ognl.Ognl > File: Ognl.java > Method: parseExpression > Line: 179 - ognl/Ognl.java:179:-1 > > ## > > ognl.ExpressionSyntaxException: Malformed OGNL expression: > action:myAction!save [ognl.ParseException: Encountered " ":" ": "" at > line 1, column 7. > Was expecting one of: > <EOF> > "," ... > "=" ... > "?" ... > "||" ... > "or" ... > "&&" ... > "and" ... > "|" ... > "bor" ... > "^" ... > "xor" ... > "&" ... > "band" ... > "==" ... > "eq" ... > "!=" ... > "neq" ... > "<" ... > "lt" ... > ">" ... > "gt" ... > "<=" ... > "lte" ... > ">=" ... > "gte" ... > "in" ... > "not" ... > "<<" ... > "shl" ... > ">>" ... > "shr" ... > ">>>" ... > "ushr" ... > "+" ... > "-" ... > "*" ... > "/" ... > "%" ... > "instanceof" ... > "." ... > "(" ... > "[" ... > <DYNAMIC_SUBSCRIPT> ... > "(" ... > ] > > #### > > Looking into this again, I am getting loads of these warnings in my logs > > WARN com.opensymphony.xwork2.interceptor.ParametersInterceptor > ParametersInterceptor:isAccepted - Parameter [action:myAction!save] > didn't match accepted pattern > [[\w+((\.\w+)|(\[\d+])|(\(\d+\))|(\['(\w|[\u4e00-\u9fa5])+'])|(\('(\w|[\u4e00-\u9fa5])+'\)))*]]! > See Accepted / Excluded patterns at > https://struts.apache.org/security/#accepted--excluded-patterns > > > If I look at the > com.opensymphony.xwork2.security.DefaultAcceptedPatternsChecker there > are two patterns > > ACCEPTED_PATTERNS and > > DMI_AWARE_ACCEPTED_PATTERNS > > > There seems to be a @inject error on the DefaultAcceptedPatternsChecker > method? The @Inject should be above the public? > > public DefaultAcceptedPatternsChecker( > @Inject(value = > StrutsConstants.STRUTS_ENABLE_DYNAMIC_METHOD_INVOCATION, required = > false) String dmiValue > ) { > if (BooleanUtils.toBoolean(dmiValue)) { > LOG.debug("DMI is enabled, adding DMI related accepted > patterns"); > setAcceptedPatterns(DMI_AWARE_ACCEPTED_PATTERNS); > } else { > setAcceptedPatterns(ACCEPTED_PATTERNS); > } > } > > If I fix this locally, setting the DMI_AWARE_ACCEPTED_PATTERNS now > works, but there now seems something wrong with the regex as I now get a > warning > > Error setting expression 'action:myAction!cancel' with value ['Cancel', ] > > ERROR com.opensymphony.xwork2.interceptor.ParametersInterceptor > ParametersInterceptor:notifyDeveloperParameterException - Developer > Notification (set struts.devMode to false to disable this message): > Unexpected Exception caught setting 'action:myAction!cancel' on 'class > my.com.MyAction: Error setting expression 'action:myAction!cancel' with > value ['Cancel', ] > > How does one check the regex on DMI_AWARE_ACCEPTED_PATTERNS ? > > Cheers Greg > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org > For additional commands, e-mail: dev-h...@struts.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org