kusalk commented on code in PR #1243:
URL: https://github.com/apache/struts/pull/1243#discussion_r1983331694
##########
core/src/main/java/org/apache/struts2/interceptor/parameter/ParametersInterceptor.java:
##########
@@ -358,9 +357,8 @@ protected boolean isParameterAnnotatedAndAllowlist(String
name, Object action) {
long paramDepth = name.codePoints().mapToObj(c -> (char)
c).filter(NESTING_CHARS::contains).count();
if (action instanceof ModelDriven<?> &&
!ActionContext.getContext().getValueStack().peek().equals(action)) {
- LOG.debug("Model driven Action detected, exempting from
@StrutsParameter annotation requirement and OGNL allowlisting model type");
- // (Exempted by annotation on
org.apache.struts2.ModelDriven#getModel)
- return hasValidAnnotatedMember("model", action, paramDepth + 1);
+ LOG.debug("Model driven Action detected, exempting from
@StrutsParameter annotation requirement");
+ return true;
Review Comment:
Just return `true` - I previously had this go through the normal flow but
it's unnecessary now that allowlisting is already handled by
`ModelDrivenInterceptor`
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
