gregh3269 opened a new pull request #469:
URL: https://github.com/apache/struts/pull/469
There are unnecessary log warning when DMI is enabled, from the
ParametersInterceptor.
WARN com.opensymphony.xwork2.interceptor.ParametersInterceptor
ParametersInterceptor:isAccepted - Parameter [action:myAction!save] didn't
match accepted pattern
[[\w+((\.\w+)|(\[\d+])|((\d+))|(['(\w|[\u4e00-\u9fa5])'])|(('(\w|[\u4e00-\u9fa5])')))*]]!
See Accepted / Excluded patterns at
https://struts.apache.org/security/#accepted--excluded-patterns
eg the property 'action:myAction!save' should not be considered as a
bean/property parameter, as its used as part of DMI to submit the form.
Any property which matches the DMI method invocation "^(action|method):.*"
needs to be silently ignored and not logged in devMode=true.
DMI_AWARE_ACCEPTED_PATTERNS can also be dropped from
DefaultAcceptedPatternsChecker as the DMI action|method would never be a form
property.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org
