Author: lukaszlenart
Date: Mon Oct 21 12:19:52 2013
New Revision: 1534123
URL: http://svn.apache.org/r1534123
Log:
WW-4109 WW-4154 Reverts to previous behaviour where both ParametersInterceptor
and ParameterNameAware must accept parameter
Modified:
struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParameterNameAware.java
struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java
struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
struts/struts2/trunk/xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java
Modified:
struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParameterNameAware.java
URL:
http://svn.apache.org/viewvc/struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParameterNameAware.java?rev=1534123&r1=1534122&r2=1534123&view=diff
==============================================================================
---
struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParameterNameAware.java
(original)
+++
struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParameterNameAware.java
Mon Oct 21 12:19:52 2013
@@ -17,19 +17,10 @@ package com.opensymphony.xwork2.intercep
/**
* <!-- START SNIPPET: javadoc -->
- *
* This interface is implemented by actions that want to declare acceptable
parameters. Works in conjunction with {@link
* ParametersInterceptor}. For example, actions may want to create a whitelist
of parameters they will accept or a
* blacklist of paramters they will reject to prevent clients from setting
other unexpected (and possibly dangerous)
* parameters.
- *
- * Using {@link ParameterNameAware} could be dangerous as {@link
ParameterNameAware#acceptableParameterName(String)} takes precedence
- * over {@link ParametersInterceptor} which means if ParametersInterceptor
excluded given parameter name you can accept it with
- * {@link ParameterNameAware#acceptableParameterName(String)}.
- *
- * The best idea is to define very tight restrictions with
ParametersInterceptor and relax them per action with
- * {@link ParameterNameAware#acceptableParameterName(String)}
- *
* <!-- END SNIPPET: javadoc -->
*
* @author Bob Lee (crazy...@google.com)
Modified:
struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java
URL:
http://svn.apache.org/viewvc/struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java?rev=1534123&r1=1534122&r2=1534123&view=diff
==============================================================================
---
struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java
(original)
+++
struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java
Mon Oct 21 12:19:52 2013
@@ -344,7 +344,7 @@ public class ParametersInterceptor exten
*/
protected boolean isAcceptableParameter(String name, Object action) {
ParameterNameAware parameterNameAware = (action instanceof
ParameterNameAware) ? (ParameterNameAware) action : null;
- return acceptableName(name) || (parameterNameAware != null &&
parameterNameAware.acceptableParameterName(name));
+ return acceptableName(name) && (parameterNameAware == null ||
parameterNameAware.acceptableParameterName(name));
}
/**
Modified:
struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
URL:
http://svn.apache.org/viewvc/struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java?rev=1534123&r1=1534122&r2=1534123&view=diff
==============================================================================
---
struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
(original)
+++
struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
Mon Oct 21 12:19:52 2013
@@ -80,7 +80,7 @@ public class SecurityMemberAccess extend
return true;
}
- if ((isAccepted(name) && !isExcluded(name)) || (propertiesJudge !=
null && propertiesJudge.acceptProperty(name))) {
+ if ((!isExcluded(name)) && isAccepted(name) && (propertiesJudge ==
null || propertiesJudge.acceptProperty(name))) {
return true;
}
return false;
Modified:
struts/struts2/trunk/xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java
URL:
http://svn.apache.org/viewvc/struts/struts2/trunk/xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java?rev=1534123&r1=1534122&r2=1534123&view=diff
==============================================================================
---
struts/struts2/trunk/xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java
(original)
+++
struts/struts2/trunk/xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java
Mon Oct 21 12:19:52 2013
@@ -65,7 +65,6 @@ public class ParametersInterceptorTest e
{
put("fooKey", "fooValue");
put("barKey", "barValue");
- put("test%test", "test%test");
}
};
Object a = new ParameterNameAware() {
