Hi All,
In the "Validating Input" section of the "Bootstrap" tutorial, I've
noticed the action mapping syntax
<action name="Logon_*" method="{1}" class="tutorial.Logon">
...
</action>
which the tutorial suggests as a shorthand for configuring
<action name="Logon" class="tutorial.Logon">
...
</action>
<action name="Logon_input" method="input" class="tutorial.Logon">
...
</action>
I have two questions about this:
(1) Where is the documentation of this wildcard syntax? In the
Guides > Core Developers Guide > Configuration Files > struts.xml
section I've only found the struts.xml DTD and little more, no
docs on the regular expression syntax and how groups within regular
expressions (I presume) are numbered and where references (of the
"{1}" type) can be used etc. Specifically, I'm puzzled how the
action name "Logon", which has no underscore in it, is matched by the
regexp "Logon_*".
(2) Isn't encoding methods in action name suffixes like this a potential
security issue? The action name suffix can obviously be edited by users,
but configuration pertains to executable content, so the border between
data provided by users and executable content could be crossed without
proper checks here, as users can change the intended suffix "_input"
to something else.
Best regards, Jan
--
+- Jan T. Kim -------------------------------------------------------+
| email: j....@uea.ac.uk |
| WWW: http://www.cmp.uea.ac.uk/people/jtk |
*-----=< hierarchical systems are for files, not for humans >=-----*
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
