Cleaning parameter values is perfect for an interceptor, and it's pretty
easy to do.

For example, we had interceptors that removed trailing spaces, HTML-safed
input, etc.

A filter would work as well, but I tend to use S2-specific artifacts when
the entire system is S2.

Dave



On Mon, Jul 28, 2014 at 1:02 PM, rgm <str...@rgm.nu> wrote:

> I've got a problem where my PostgreSQL database won't store a String that
> contains a null charcter, and I'm trying to figure out the best place to
> sanitize the parameter.  Your advice is appreciated.
>
> If it were a one-off issue, I'd handle it in the validate() method of the
> action, but in this case, I feel comfortable declaring that no String
> parameters in my app should ever contain nulls (or control characters) in
> their value.
>
> Do you have recommendations about the best place to reject paramters
> containing nulls app-wide?  A normal Java Filter, or perhaps a Struts
> Interceptor (subclass ParametersInterceptor to create
> ParameterValueInterceptor)?  Or maybe I should sub-class String (ew) and
> then make my own StrutsTypeConverter?  (that last one feels dirty and would
> require many changes).
>
> This problem came up while attempting to log a message to the database
> about a login failure for a user that was provided like this:
>
> https://myserver.com/myapp/login?user=%00
>
> I'd rather just pretend that the String excluded that 0x00 character, and
> was "null".
>



-- 
e: davelnew...@gmail.com
m: 908-380-8699
s: davelnewton_skype
t: @dave_newton <https://twitter.com/dave_newton>
b: Bucky Bits <http://buckybits.blogspot.com/>
g: davelnewton <https://github.com/davelnewton>
so: Dave Newton <http://stackoverflow.com/users/438992/dave-newton>

Reply via email to