Daniel Wu created WW-5238:
-----------------------------
Summary: Strict Method Invocation (SMI) too strict?
Key: WW-5238
URL: https://issues.apache.org/jira/browse/WW-5238
Project: Struts 2
Issue Type: Bug
Components: Core
Affects Versions: 6.0.3
Reporter: Daniel Wu
Got the following error (Error No. 2) when trying to create one record. The
prompt method is not supposed to be invoked for aSbmt1. Before that, the aSbmt1
was not accepted (Error No. 1). I tried several ways to try to overwrite the
regular expression without success. Was something strange introduced into the
Struts 2 version 6.0.3? Is Strict Method Invocation (SMI) in a dead loop? I am
surprised at that there is no issue reported for the Struts 2 version 6.0.3 yet.
1. com.opensymphony.xwork2.interceptor.ParametersInterceptor -
*{color:#FF0000}Parameter [action:aSbmt1] didn't match accepted pattern{color}*
[[\w+((\.\w+)|(\[\d+])|(\(\d+\))|(\['(\w-?|[\u4e00-\u9fa5]-?)+'])|(\('(\w-?|[\u4e00-\u9fa5]-?)+'\)))*]]!
See Accepted / Excluded patterns at
https://struts.apache.org/security/#accepted--excluded-patterns
*{color:#FF0000}2. com.opensymphony.xwork2.config.ConfigurationException:
Method prompt for action aSbmt1 is not allowed!{color}*
at
com.opensymphony.xwork2.DefaultActionProxy.prepare(DefaultActionProxy.java:191)
~[struts2-core-6.0.3.jar:6.0.3]
at
org.apache.struts2.factory.StrutsActionProxy.prepare(StrutsActionProxy.java:57)
~[struts2-core-6.0.3.jar:6.0.3]
at
org.apache.struts2.factory.StrutsActionProxyFactory.createActionProxy(StrutsActionProxyFactory.java:32)
~[struts2-core-6.0.3.jar:6.0.3]
at
com.opensymphony.xwork2.DefaultActionProxyFactory.createActionProxy(DefaultActionProxyFactory.java:60)
~[struts2-core-6.0.3.jar:6.0.3]
at
org.apache.struts2.dispatcher.Dispatcher.createActionProxy(Dispatcher.java:673)
~[struts2-core-6.0.3.jar:6.0.3]
at
org.apache.struts2.dispatcher.Dispatcher.prepareActionProxy(Dispatcher.java:658)
~[struts2-core-6.0.3.jar:6.0.3]
at
org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.java:621)
~[struts2-core-6.0.3.jar:6.0.3]
at
org.apache.struts2.dispatcher.ExecuteOperations.executeAction(ExecuteOperations.java:79)
~[struts2-core-6.0.3.jar:6.0.3]
at
org.apache.struts2.dispatcher.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:140)
~[struts2-core-6.0.3.jar:6.0.3]
at
weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
~[com.oracle.weblogic.servlet.jar:12.2.1.4]
at
ca.gc.ccra.rccr.web.filter.SessionChecker.doFilter(SessionChecker.java:125)
~[rccr.ccr.jar:6.0.6]
at
weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
~[com.oracle.weblogic.servlet.jar:12.2.1.4]
at
ca.gc.ccra.rccr.web.filter.BookmarkChecker.doFilter(BookmarkChecker.java:137)
~[rccr.ccr.jar:6.0.6]
at
weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
~[com.oracle.weblogic.servlet.jar:12.2.1.4]
at
ca.gc.ccra.rccr.web.filter.CacheControlSetter.doFilter(CacheControlSetter.java:34)
~[rccr.ccr.jar:6.0.6]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
