struts git commit: Disallows dot in action name

Mon, 23 May 2016 07:02:59 -0700 

Repository: struts
Updated Branches:
  refs/heads/support-2-3 9f2cae2f1 -> 54e8bf1f7


Disallows dot in action name


Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/54e8bf1f
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/54e8bf1f
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/54e8bf1f

Branch: refs/heads/support-2-3
Commit: 54e8bf1f7537ce0391884fbd06525219f069f120
Parents: 9f2cae2
Author: Lukasz Lenart <lukaszlen...@apache.org>
Authored: Mon May 23 16:02:25 2016 +0200
Committer: Lukasz Lenart <lukaszlen...@apache.org>
Committed: Mon May 23 16:02:25 2016 +0200

----------------------------------------------------------------------
 .../struts2/dispatcher/mapper/DefaultActionMapper.java  |  2 +-
 .../dispatcher/mapper/DefaultActionMapperTest.java      | 12 ++++++------
 2 files changed, 7 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/struts/blob/54e8bf1f/core/src/main/java/org/apache/struts2/dispatcher/mapper/DefaultActionMapper.java
----------------------------------------------------------------------
diff --git 
a/core/src/main/java/org/apache/struts2/dispatcher/mapper/DefaultActionMapper.java
 
b/core/src/main/java/org/apache/struts2/dispatcher/mapper/DefaultActionMapper.java
index d696d13..cacc82c 100644
--- 
a/core/src/main/java/org/apache/struts2/dispatcher/mapper/DefaultActionMapper.java
+++ 
b/core/src/main/java/org/apache/struts2/dispatcher/mapper/DefaultActionMapper.java
@@ -120,7 +120,7 @@ public class DefaultActionMapper implements ActionMapper {
     protected boolean allowSlashesInActionNames = false;
     protected boolean alwaysSelectFullNamespace = false;
     protected PrefixTrie prefixTrie = null;
-    protected Pattern allowedActionNames = 
Pattern.compile("[a-zA-Z0-9._!/\\-]*");
+    protected Pattern allowedActionNames = 
Pattern.compile("^[a-zA-Z0-9_!/\\-]+((.htm[l]?)|(.action))?$");
     private boolean allowActionPrefix = false;
     private boolean allowActionCrossNamespaceAccess = false;
 

http://git-wip-us.apache.org/repos/asf/struts/blob/54e8bf1f/core/src/test/java/org/apache/struts2/dispatcher/mapper/DefaultActionMapperTest.java
----------------------------------------------------------------------
diff --git 
a/core/src/test/java/org/apache/struts2/dispatcher/mapper/DefaultActionMapperTest.java
 
b/core/src/test/java/org/apache/struts2/dispatcher/mapper/DefaultActionMapperTest.java
index 270b80d..0f1baef 100644
--- 
a/core/src/test/java/org/apache/struts2/dispatcher/mapper/DefaultActionMapperTest.java
+++ 
b/core/src/test/java/org/apache/struts2/dispatcher/mapper/DefaultActionMapperTest.java
@@ -163,8 +163,8 @@ public class DefaultActionMapperTest extends 
StrutsInternalTestCase {
 
     public void testGetMappingWithNamespaceSlash() throws Exception {
 
-        req.setupGetRequestURI("/my.hh/abc.action");
-        req.setupGetServletPath("/my.hh/abc.action");
+        req.setupGetRequestURI("/my-hh/abc.action");
+        req.setupGetServletPath("/my-hh/abc.action");
         req.setupGetAttribute(null);
         req.addExpectedGetAttributeName("javax.servlet.include.servlet_path");
 
@@ -181,7 +181,7 @@ public class DefaultActionMapperTest extends 
StrutsInternalTestCase {
         mapping = mapper.getMapping(req, configManager);
 
         assertEquals("", mapping.getNamespace());
-        assertEquals("my.hh/abc", mapping.getName());
+        assertEquals("my-hh/abc", mapping.getName());
     }
 
     public void testGetMappingWithUnknownNamespace() throws Exception {
@@ -855,7 +855,7 @@ public class DefaultActionMapperTest extends 
StrutsInternalTestCase {
             expected = t;
         }
         assertTrue(expected instanceof StrutsException);
-        assertEquals("Action [${action}] does not match allowed action names 
pattern [[a-zA-Z0-9._!/\\-]*]!", expected.getMessage());
+        assertEquals("Action [${action}] does not match allowed action names 
pattern [" + mapper.allowedActionNames.pattern() + "]!", expected.getMessage());
 
         actionName = "${${%{action}}}";
         try {
@@ -865,7 +865,7 @@ public class DefaultActionMapperTest extends 
StrutsInternalTestCase {
             expected = t;
         }
         assertTrue(expected instanceof StrutsException);
-        assertEquals("Action [${${%{action}}}] does not match allowed action 
names pattern [[a-zA-Z0-9._!/\\-]*]!", expected.getMessage());
+        assertEquals("Action [${${%{action}}}] does not match allowed action 
names pattern [" + mapper.allowedActionNames.pattern() + "]!", 
expected.getMessage());
 
         actionName = "${#foo='action',#foo}";
         try {
@@ -875,7 +875,7 @@ public class DefaultActionMapperTest extends 
StrutsInternalTestCase {
             expected = t;
         }
         assertTrue(expected instanceof StrutsException);
-        assertEquals("Action [${#foo='action',#foo}] does not match allowed 
action names pattern [[a-zA-Z0-9._!/\\-]*]!", expected.getMessage());
+        assertEquals("Action [${#foo='action',#foo}] does not match allowed 
action names pattern [" + mapper.allowedActionNames.pattern() + "]!", 
expected.getMessage());
 
         actionName = "test-action";
         assertEquals("test-action", mapper.cleanupActionName(actionName));

Reply via email to