gregh3269 opened a new pull request #469:
URL: https://github.com/apache/struts/pull/469


   There are unnecessary log warning when DMI is enabled, from the 
ParametersInterceptor.
   
   WARN com.opensymphony.xwork2.interceptor.ParametersInterceptor 
ParametersInterceptor:isAccepted - Parameter [action:myAction!save] didn't 
match accepted pattern 
[[\w+((\.\w+)|(\[\d+])|((\d+))|(['(\w|[\u4e00-\u9fa5])'])|(('(\w|[\u4e00-\u9fa5])')))*]]!
 See Accepted / Excluded patterns at 
https://struts.apache.org/security/#accepted--excluded-patterns
   
   eg the property 'action:myAction!save' should not be considered as a 
bean/property parameter, as its used as part of DMI to submit the form.
   
   Any property which matches the DMI method invocation "^(action|method):.*" 
needs to be silently ignored and not logged in devMode=true.
   
   DMI_AWARE_ACCEPTED_PATTERNS can also be dropped from 
DefaultAcceptedPatternsChecker as the DMI action|method would never be a form 
property.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Reply via email to