Repository: struts Updated Branches: refs/heads/support-2-3 9c7b83366 -> 5efc59501
WW-4560 Reverts checking if value is excluded and uses Internal Security Mechanism Project: http://git-wip-us.apache.org/repos/asf/struts/repo Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/5efc5950 Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/5efc5950 Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/5efc5950 Branch: refs/heads/support-2-3 Commit: 5efc5950117651b2505f6b2a8f6ccc825d4af86f Parents: 9c7b833 Author: Lukasz Lenart <lukaszlen...@apache.org> Authored: Thu Feb 25 18:16:32 2016 +0100 Committer: Lukasz Lenart <lukaszlen...@apache.org> Committed: Thu Feb 25 18:16:32 2016 +0100 ---------------------------------------------------------------------- .../interceptor/ParametersInterceptor.java | 29 +------------------- 1 file changed, 1 insertion(+), 28 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/struts/blob/5efc5950/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java ---------------------------------------------------------------------- diff --git a/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java b/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java index 8317feb..6a825f8 100644 --- a/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java +++ b/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java @@ -267,7 +267,7 @@ public class ParametersInterceptor extends MethodFilterInterceptor { for (Map.Entry<String, Object> entry : params.entrySet()) { String name = entry.getKey(); Object value = entry.getValue(); - if (isAcceptableParameter(name, action) && isAcceptableValue(value)) { + if (isAcceptableParameter(name, action)) { acceptableParameters.put(name, entry.getValue()); } } @@ -343,33 +343,6 @@ public class ParametersInterceptor extends MethodFilterInterceptor { } /** - * Checks if given value doesn't match global excluded patterns to avoid passing malicious code - * - * @param value incoming parameter's value - * @return true if value is safe - * - * FIXME: can be removed when parameters won't be represented as simple Strings - */ - protected boolean isAcceptableValue(Object value) { - if (value == null) { - return true; - } - Object[] values; - if (value.getClass().isArray()) { - values = (Object[]) value; - } else { - values = new Object[] { value }; - } - boolean result = true; - for (Object obj : values) { - if (isExcluded(String.valueOf(obj))) { - result = false; - } - } - return result; - } - - /** * Gets an instance of the comparator to use for the ordered sorting. Override this * method to customize the ordering of the parameters as they are set to the * action.
