svn commit: r1534123 - in /struts/struts2/trunk/xwork-core/src: main/java/com/opensymphony/xwork2/interceptor/ main/java/com/opensymphony/xwork2/ognl/ test/java/com/opensymphony/xwork2/interceptor/

[lukaszlenart]

Author: lukaszlenart
Date: Mon Oct 21 12:19:52 2013
New Revision: 1534123

URL: http://svn.apache.org/r1534123
Log:
WW-4109 WW-4154 Reverts to previous behaviour where both ParametersInterceptor 
and ParameterNameAware must accept parameter

Modified:
    
struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParameterNameAware.java
    
struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java
    
struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
    
struts/struts2/trunk/xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java

Modified: 
struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParameterNameAware.java
URL: 
http://svn.apache.org/viewvc/struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParameterNameAware.java?rev=1534123&r1=1534122&r2=1534123&view=diff
==============================================================================
--- 
struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParameterNameAware.java
 (original)
+++ 
struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParameterNameAware.java
 Mon Oct 21 12:19:52 2013
@@ -17,19 +17,10 @@ package com.opensymphony.xwork2.intercep
 
 /**
  * <!-- START SNIPPET: javadoc -->
- *
  * This interface is implemented by actions that want to declare acceptable 
parameters. Works in conjunction with {@link
  * ParametersInterceptor}. For example, actions may want to create a whitelist 
of parameters they will accept or a
  * blacklist of paramters they will reject to prevent clients from setting 
other unexpected (and possibly dangerous)
  * parameters.
- * 
- * Using {@link ParameterNameAware} could be dangerous as {@link 
ParameterNameAware#acceptableParameterName(String)} takes precedence
- * over {@link ParametersInterceptor} which means if ParametersInterceptor 
excluded given parameter name you can accept it with
- * {@link ParameterNameAware#acceptableParameterName(String)}.
- *
- * The best idea is to define very tight restrictions with 
ParametersInterceptor and relax them per action with
- * {@link ParameterNameAware#acceptableParameterName(String)}
- *
  * <!-- END SNIPPET: javadoc -->
  *
  * @author Bob Lee (crazy...@google.com)

Modified: 
struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java
URL: 
http://svn.apache.org/viewvc/struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java?rev=1534123&r1=1534122&r2=1534123&view=diff
==============================================================================
--- 
struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java
 (original)
+++ 
struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java
 Mon Oct 21 12:19:52 2013
@@ -344,7 +344,7 @@ public class ParametersInterceptor exten
      */
     protected boolean isAcceptableParameter(String name, Object action) {
         ParameterNameAware parameterNameAware = (action instanceof 
ParameterNameAware) ? (ParameterNameAware) action : null;
-        return acceptableName(name) || (parameterNameAware != null && 
parameterNameAware.acceptableParameterName(name));
+        return acceptableName(name) && (parameterNameAware == null || 
parameterNameAware.acceptableParameterName(name));
     }
 
     /**

Modified: 
struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
URL: 
http://svn.apache.org/viewvc/struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java?rev=1534123&r1=1534122&r2=1534123&view=diff
==============================================================================
--- 
struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
 (original)
+++ 
struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
 Mon Oct 21 12:19:52 2013
@@ -80,7 +80,7 @@ public class SecurityMemberAccess extend
             return true;
         }
 
-        if ((isAccepted(name) && !isExcluded(name)) || (propertiesJudge != 
null && propertiesJudge.acceptProperty(name))) {
+        if ((!isExcluded(name)) && isAccepted(name) && (propertiesJudge == 
null || propertiesJudge.acceptProperty(name))) {
             return true;
         }
         return false;

Modified: 
struts/struts2/trunk/xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java
URL: 
http://svn.apache.org/viewvc/struts/struts2/trunk/xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java?rev=1534123&r1=1534122&r2=1534123&view=diff
==============================================================================
--- 
struts/struts2/trunk/xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java
 (original)
+++ 
struts/struts2/trunk/xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java
 Mon Oct 21 12:19:52 2013
@@ -65,7 +65,6 @@ public class ParametersInterceptorTest e
             {
                 put("fooKey", "fooValue");
                 put("barKey", "barValue");
-                put("test%test", "test%test");
             }
         };
         Object a = new ParameterNameAware() {