Andrea Vettori created WW-5056:
----------------------------------
Summary: Standard Accepted Patterns in
DefaultAcceptedPatternsChecker
Key: WW-5056
URL: https://issues.apache.org/jira/browse/WW-5056
Project: Struts 2
Issue Type: Improvement
Components: Core Interceptors
Reporter: Andrea Vettori
Currently the regex used to match allowed parameters is
public static final String[] ACCEPTED_PATTERNS = {
"\\w+((\\.\\w+)|(\\[\\d+\\])|(\\(\\d+\\))|(\\['(\\w|[\\u4e00-\\u9fa5])+'\\])|(\\('(\\w|[\\u4e00-\\u9fa5])+'\\)))*"
};
For parameters that are mapped to a map, this restricts the keys to letters,
numbers and underscore.
It would be nice to allow all characters that are allowed in POST data and
URLs, for example a parameter like map['key-subkey'] is currently not allowed,
but it should cause no harm.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
