[
https://issues.apache.org/jira/browse/WW-5056?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17262164#comment-17262164
]
ASF subversion and git services commented on WW-5056:
-----------------------------------------------------
Commit 210a530ebac8e84d2b91c3049b91637faad4d18a in struts's branch
refs/heads/master from Lukasz Lenart
[ https://gitbox.apache.org/repos/asf?p=struts.git;h=210a530 ]
Merge pull request #466 from apache/WW-5056-allows-dash
[WW-5056] Accepts dashes in param names
> Standard Accepted Patterns in DefaultAcceptedPatternsChecker
> ------------------------------------------------------------
>
> Key: WW-5056
> URL: https://issues.apache.org/jira/browse/WW-5056
> Project: Struts 2
> Issue Type: Improvement
> Components: Core Interceptors
> Reporter: Andrea Vettori
> Priority: Minor
> Fix For: 2.6
>
> Time Spent: 40m
> Remaining Estimate: 0h
>
> Currently the regex used to match allowed parameters is
> {code}
> public static final String[] ACCEPTED_PATTERNS = {
>
> "\\w+((\\.\\w+)|(\\[\\d+\\])|(\\(\\d+\\))|(\\['(\\w|[\\u4e00-\\u9fa5])+'\\])|(\\('(\\w|[\\u4e00-\\u9fa5])+'\\)))*"
> };
> {code}
> For parameters that are mapped to a map, this restricts the keys to letters,
> numbers and underscore.
> It would be nice to allow all characters that are allowed in POST data and
> URLs, for example a parameter like map['key-subkey'] is currently not
> allowed, but it should cause no harm.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
