[ https://issues.apache.org/jira/browse/WW-4540?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14724851#comment-14724851 ]
ASF GitHub Bot commented on WW-4540: ------------------------------------ GitHub user lukaszlenart opened a pull request: https://github.com/apache/struts/pull/47 WW-4540: Strict DMI This PR enables `Strict DMI` be default (or rather it's always enabled). Thus will limit possible methods which can be called and executed as an action methods. Right now you can configure `global-allowed-methods` and `allowed-methods` via `struts.xml` only but I'm going to add support for annotations as well. To use the new functionality you must update DTD definition to `2.5` You can merge this pull request into a Git repository by running: $ git pull https://github.com/lukaszlenart/struts strict-dmi Alternatively you can review and apply these changes as the patch at: https://github.com/apache/struts/pull/47.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #47 ---- commit 065b5b79ae068ab7891a4232a0769290fd21bb17 Author: Lukasz Lenart <lukaszlen...@apache.org> Date: 2015-08-31T12:31:59Z Drops wildcard as a valid action method commit ce884e92a15ef601b0e119963d3c521fa68d8bb1 Author: Lukasz Lenart <lukaszlen...@apache.org> Date: 2015-08-31T12:33:31Z Defines global-allowed-methods commit fd22e3a16c88ef0528c1e26e0d6bdfdf1c02c755 Author: Lukasz Lenart <lukaszlen...@apache.org> Date: 2015-08-31T12:35:16Z Uses global-allowed-methods config para commit 55b8070048cbec0a6e08b1781f81b1bfdb3354f2 Author: Lukasz Lenart <lukaszlen...@apache.org> Date: 2015-08-31T12:41:57Z Drops strict DMI commit fb0c4a58507c7fb1af135bb376af5b475f43d7ee Author: Lukasz Lenart <lukaszlen...@apache.org> Date: 2015-08-31T12:42:44Z Drops outdated attribute commit 4565993463f660e9be90b9fe9c3597ce54b58917 Author: Lukasz Lenart <lukaszlen...@apache.org> Date: 2015-08-31T12:43:21Z Extends Unknown Handler to allowed check if method is allowed commit c3f4457b8b8ad6bd0e89646d825f2ef5f9f91118 Author: Lukasz Lenart <lukaszlen...@apache.org> Date: 2015-08-31T12:43:31Z Fixes tests commit c1928ad06bdfbe245b1ed7d5bfeb07ed9bface37 Author: Lukasz Lenart <lukaszlen...@apache.org> Date: 2015-08-31T16:36:04Z Fixes tests commit 3b31c428856766389ad6df4ba1edc3d60ecf5e24 Author: Lukasz Lenart <lukaszlen...@apache.org> Date: 2015-08-31T16:36:29Z Adds support for wildcards commit 185530464b838b3aac9681b5ff5b16401ccef56d Author: Lukasz Lenart <lukaszlen...@apache.org> Date: 2015-08-31T16:36:41Z Simplifies implementation commit 47a01eab10d940fdc134cb666d3d2db0280d8ca8 Author: Lukasz Lenart <lukaszlen...@apache.org> Date: 2015-08-31T18:28:45Z Fixes typo commit 63bb6e30e75facf5382608857494cf971f0378dd Author: Lukasz Lenart <lukaszlen...@apache.org> Date: 2015-08-31T19:06:06Z Adds missing comma commit 4c7a7dd6c02457cf006318ed4621b7c432cc478c Author: Lukasz Lenart <lukaszlen...@apache.org> Date: 2015-08-31T19:46:16Z Adds null-safety commit 77691563b9b8d2ad01c078a66d1ed207bf3611b3 Author: Lukasz Lenart <lukaszlen...@apache.org> Date: 2015-08-31T19:46:47Z Implements required method commit dd406fbb04e755c0545c318c3ea099674fb78363 Author: Lukasz Lenart <lukaszlen...@apache.org> Date: 2015-08-31T19:46:55Z Fixes test ---- > Enable Strict DMI be default > ---------------------------- > > Key: WW-4540 > URL: https://issues.apache.org/jira/browse/WW-4540 > Project: Struts 2 > Issue Type: Improvement > Components: Core Actions > Reporter: Lukasz Lenart > Assignee: Lukasz Lenart > Fix For: 2.5 > > > Struts 2 already support {{Strict DMI}} but it's disabled by default. > {{Strict DMI}} should be always enable to allow access only specific methods. -- This message was sent by Atlassian JIRA (v6.3.4#6332)