2018-04-09 16:59 GMT+02:00 DevaGerald <devasakayam...@gmail.com>: > Thanks a lot Lukasz. > > I have resolved it by adding > <global-allowed-methods>regex:[a-zA-Z]*</global-allowed-methods> in my > struts.xml > > Do I have any alternative for this?
No but I didn't want to suggest this as this basically opens a potential security hole in your app. In this case any public method can be called especially when using DMI. I wonder if we can introduce another pattern here like "allow methods for this class hierarchy": <allowed-methods>class:BaseAction</allowed-methods> - wdyt? Regards -- Ćukasz + 48 606 323 122 http://www.lenart.org.pl/ --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
