brianandle commented on code in PR #557:
URL: https://github.com/apache/struts/pull/557#discussion_r889007488
##########
core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java:
##########
@@ -177,8 +186,13 @@ protected void setParameters(final Object action,
ValueStack stack, HttpParamete
for (Map.Entry<String, Parameter> entry : params.entrySet()) {
String parameterName = entry.getKey();
-
- if (isAcceptableParameter(parameterName, action)) {
+ boolean isAcceptableParameter;
+ if(hasParamValuesToExclude() || hasParamValuesToAccept()) {
Review Comment:
Done
##########
core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java:
##########
@@ -335,7 +392,85 @@ protected boolean isExcluded(String paramName) {
}
return false;
}
+
+
+ public void setAcceptedValuePatterns(String commaDelimitedPatterns) {
+ Set<String> patterns =
TextParseUtil.commaDelimitedStringToSet(commaDelimitedPatterns);
+ if (acceptedValuePatterns == null) {
+ // Limit unwanted log entries (for 1st call, acceptedPatterns null)
+ LOG.debug("Sets accepted value patterns to [{}], note this impacts
the safety of your application!", patterns);
+ } else {
+ LOG.warn("Replacing accepted patterns [{}] with [{}], be aware
that this affects all instances and safety of your application!",
+ acceptedValuePatterns, patterns);
+ }
+ acceptedValuePatterns = new HashSet<>(patterns.size());
+ try {
+ for (String pattern : patterns) {
+ acceptedValuePatterns.add(Pattern.compile(pattern,
Pattern.CASE_INSENSITIVE));
+ }
+ } finally {
+ acceptedValuePatterns =
Collections.unmodifiableSet(acceptedValuePatterns);
+ }
+ }
+
+ public void setExcludeValuePatterns(String commaDelimitedPatterns) {
+ Set<String> patterns =
TextParseUtil.commaDelimitedStringToSet(commaDelimitedPatterns);
+ if (excludedValuePatterns == null) {
+ // Limit unwanted log entries (for 1st call, acceptedPatterns null)
+ LOG.debug("Setting excluded value patterns to [{}]", patterns);
+ } else {
+ LOG.warn("Replacing accepted patterns [{}] with [{}], be aware
that this affects all instances and safety of your application!",
+ excludedValuePatterns, patterns);
+ }
+ excludedValuePatterns = new HashSet<>(patterns.size());
+ try {
+ for (String pattern : patterns) {
+ excludedValuePatterns.add(Pattern.compile(pattern,
Pattern.CASE_INSENSITIVE));
+ }
+ } finally {
+ excludedValuePatterns =
Collections.unmodifiableSet(excludedValuePatterns);
+ }
+ }
+
+ protected boolean isParamValueExcluded(String value) {
+ if(excludedValuePatterns != null) {
+ for (Pattern excludedPattern : excludedValuePatterns) {
+ if(value != null) {
+ if (excludedPattern.matcher(value).matches()) {
+ LOG.trace("[{}] matches excluded pattern [{}]",
value, excludedPattern);
Review Comment:
Done
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
