[CONF] Confluence Changes in the last 24 hours
Confluence Changes in the last 24 hours Apache Cloudstack Pages Page: VPC support on Hyper-V edited by Rajesh Battala [04:41 PM] (View Changes) Page: Support OVA files containing multiple disks edited by Likitha Shetty [05:48 AM] (View Changes) Apache Hive Pages Page: LanguageManual Authorization edited by Lefty Leverenz [09:51 PM] (View Changes) Page: Configuration Properties edited by Lefty Leverenz [09:39 PM] (View Changes) Page: Hive 0.13.1 Release tracking edited by Szehon Ho [01:22 AM] (View Changes) Apache OpenOffice Community Pages Page: AOO 4.1 Release Notes Dutch edited by Dick Groskamp [10:53 AM] (View Changes) Apache Roller Pages Page: Developer Resources edited by Glen Mazza [04:41 PM] (View Changes) Apache Solr Reference Guide Pages Page: Using SolrJ edited by Shalin Shekhar Mangar [03:15 PM] (View Changes) Comments Page: Using SolrJ has 2 new comments [ Ahmet Arslan , Shalin Shekhar Mangar ] This message was sent by Atlassian Confluence 5.0.3, Team Collaboration Software
[03/23] git commit: Sets -SNAPSHOT version
Sets -SNAPSHOT version Project: http://git-wip-us.apache.org/repos/asf/struts/repo Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/a2d0ecdc Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/a2d0ecdc Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/a2d0ecdc Branch: refs/heads/master Commit: a2d0ecdcd3594c87265f483ecb3c202fec18937c Parents: 6cddee6 Author: Lukasz Lenart Authored: Tue Apr 22 11:54:59 2014 +0200 Committer: Lukasz Lenart Committed: Tue Apr 22 11:54:59 2014 +0200 -- apps/blank/pom.xml | 2 +- apps/jboss-blank/pom.xml| 2 +- apps/mailreader/pom.xml | 2 +- apps/pom.xml| 2 +- apps/portlet/pom.xml| 2 +- apps/rest-showcase/pom.xml | 4 ++-- apps/showcase/pom.xml | 2 +- archetypes/pom.xml | 2 +- archetypes/struts2-archetype-angularjs/pom.xml | 4 ++-- archetypes/struts2-archetype-blank/pom.xml | 4 ++-- archetypes/struts2-archetype-convention/pom.xml | 4 ++-- archetypes/struts2-archetype-dbportlet/pom.xml | 4 ++-- archetypes/struts2-archetype-plugin/pom.xml | 4 ++-- archetypes/struts2-archetype-portlet/pom.xml| 4 ++-- archetypes/struts2-archetype-starter/pom.xml| 4 ++-- assembly/pom.xml| 2 +- bundles/admin/pom.xml | 2 +- bundles/demo/pom.xml| 2 +- bundles/pom.xml | 2 +- core/pom.xml| 2 +- plugins/cdi/pom.xml | 2 +- plugins/codebehind/pom.xml | 2 +- plugins/config-browser/pom.xml | 2 +- plugins/convention/pom.xml | 2 +- plugins/dojo/pom.xml| 2 +- plugins/dwr/pom.xml | 2 +- plugins/embeddedjsp/pom.xml | 2 +- plugins/gxp/pom.xml | 2 +- plugins/jasperreports/pom.xml | 2 +- plugins/javatemplates/pom.xml | 2 +- plugins/jfreechart/pom.xml | 2 +- plugins/jsf/pom.xml | 2 +- plugins/json/pom.xml| 2 +- plugins/junit/pom.xml | 2 +- plugins/osgi/pom.xml| 2 +- plugins/oval/pom.xml| 2 +- plugins/pell-multipart/pom.xml | 2 +- plugins/plexus/pom.xml | 2 +- plugins/pom.xml | 2 +- plugins/portlet-tiles/pom.xml | 2 +- plugins/portlet/pom.xml | 2 +- plugins/rest/pom.xml| 4 ++-- plugins/sitegraph/pom.xml | 2 +- plugins/sitemesh/pom.xml| 2 +- plugins/spring/pom.xml | 2 +- plugins/struts1/pom.xml | 2 +- plugins/testng/pom.xml | 2 +- plugins/tiles/pom.xml | 2 +- plugins/tiles3/pom.xml | 2 +- pom.xml | 2 +- xwork-core/pom.xml | 2 +- 51 files changed, 60 insertions(+), 60 deletions(-) -- http://git-wip-us.apache.org/repos/asf/struts/blob/a2d0ecdc/apps/blank/pom.xml -- diff --git a/apps/blank/pom.xml b/apps/blank/pom.xml index 2b2cf63..dce8aa0 100644 --- a/apps/blank/pom.xml +++ b/apps/blank/pom.xml @@ -26,7 +26,7 @@ org.apache.struts struts2-apps -2.3.16.1 +2.3.16.2-SNAPSHOT struts2-blank http://git-wip-us.apache.org/repos/asf/struts/blob/a2d0ecdc/apps/jboss-blank/pom.xml -- diff --git a/apps/jboss-blank/pom.xml b/apps/jboss-blank/pom.xml index e16d5ff..9a6abee 100644 --- a/apps/jboss-blank/pom.xml +++ b/apps/jboss-blank/pom.xml @@ -26,7 +26,7 @@ org.apache.struts struts2-apps -2.3.16.1 +2.3.16.2-SNAPSHOT struts2-jboss-blank http://git-wip-us.apache.org/repos/asf/struts/blob/a2d0ecdc/apps/mailreader/pom.xml -- diff --git a/apps/mailreader/pom.xml b/apps/mailreader/pom.xml index 1992cde..de7cfb2 100644 --- a/apps/mailreader/pom.xml +++ b/apps/mailreader/pom.xml @@ -26,7 +26,7 @@ org.apache.struts struts2-apps - 2.3.16.1 + 2.3.16.2-SNAPSHOT struts2-mailreader http://git-wip-us.apache.org/repos/asf/struts/blob/a2d0ecdc/apps/pom.x
[05/23] git commit: Moves global exclude patterns into dedicated class
Moves global exclude patterns into dedicated class
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/2e2da292
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/2e2da292
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/2e2da292
Branch: refs/heads/master
Commit: 2e2da292166adbc78c4cb1e308b30ddb4fba6d3f
Parents: a2d0ecd
Author: Lukasz Lenart
Authored: Thu Apr 24 19:51:02 2014 +0200
Committer: Lukasz Lenart
Committed: Thu Apr 24 19:51:02 2014 +0200
--
core/src/main/resources/struts-default.xml | 8 +++
.../opensymphony/xwork2/ExcludedPatterns.java | 22
2 files changed, 26 insertions(+), 4 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/struts/blob/2e2da292/core/src/main/resources/struts-default.xml
--
diff --git a/core/src/main/resources/struts-default.xml
b/core/src/main/resources/struts-default.xml
index 2f5b259..398dd43 100644
--- a/core/src/main/resources/struts-default.xml
+++ b/core/src/main/resources/struts-default.xml
@@ -197,7 +197,7 @@
-^class\..*,^dojo\..*,^struts\..*,^session\..*,^request\..*,^application\..*,^servlet(Request|Response)\..*,^parameters\..*,^action:.*,^method:.*
+^action:.*,^method:.*
@@ -253,7 +253,7 @@
-^class\..*,^dojo\..*,^struts\..*,^session\..*,^request\..*,^application\..*,^servlet(Request|Response)\..*,^parameters\..*,^action:.*,^method:.*
+^action:.*,^method:.*
@@ -263,7 +263,7 @@
-^class\..*,^dojo\..*,^struts\..*,^session\..*,^request\..*,^application\..*,^servlet(Request|Response)\..*,^parameters\..*,^action:.*,^method:.*
+^action:.*,^method:.*
@@ -300,7 +300,7 @@
-^class\..*,^dojo\..*,^struts\..*,^session\..*,^request\..*,^application\..*,^servlet(Request|Response)\..*,^parameters\..*,^action:.*,^method:.*
+^action:.*,^method:.*
http://git-wip-us.apache.org/repos/asf/struts/blob/2e2da292/xwork-core/src/main/java/com/opensymphony/xwork2/ExcludedPatterns.java
--
diff --git
a/xwork-core/src/main/java/com/opensymphony/xwork2/ExcludedPatterns.java
b/xwork-core/src/main/java/com/opensymphony/xwork2/ExcludedPatterns.java
new file mode 100644
index 000..b618a52
--- /dev/null
+++ b/xwork-core/src/main/java/com/opensymphony/xwork2/ExcludedPatterns.java
@@ -0,0 +1,22 @@
+package com.opensymphony.xwork2;
+
+/**
+ * ExcludedPatterns contains hard-coded patterns that must be rejected by
{@link com.opensymphony.xwork2.interceptor.ParametersInterceptor}
+ * and partially in CookInterceptor
+ */
+public class ExcludedPatterns {
+
+public static final String CLASS_ACCESS_PATTERN =
"(.*\\.|^|.*|\\[('|\"))class(\\.|('|\")]|\\[).*";
+
+public static final String[] EXCLUDED_PATTERNS = {
+CLASS_ACCESS_PATTERN,
+"^dojo\\..*",
+"^struts\\..*",
+"^session\\..*",
+"^request\\..*",
+"^application\\..*",
+"^servlet(Request|Response)\\..*",
+"^parameters\\..*"
+};
+
+}
[06/23] git commit: Uses global exclude patterns to initialise excludeParams
Uses global exclude patterns to initialise excludeParams
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/63152417
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/63152417
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/63152417
Branch: refs/heads/master
Commit: 6315241719be167542962da436b38782ed730c62
Parents: 2e2da29
Author: Lukasz Lenart
Authored: Thu Apr 24 19:51:40 2014 +0200
Committer: Lukasz Lenart
Committed: Thu Apr 24 19:51:40 2014 +0200
--
.../struts2/interceptor/CookieInterceptor.java | 74 +++-
.../interceptor/ParametersInterceptor.java | 19 +++--
2 files changed, 86 insertions(+), 7 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/struts/blob/63152417/core/src/main/java/org/apache/struts2/interceptor/CookieInterceptor.java
--
diff --git
a/core/src/main/java/org/apache/struts2/interceptor/CookieInterceptor.java
b/core/src/main/java/org/apache/struts2/interceptor/CookieInterceptor.java
index 939956c..3e2e81d 100644
--- a/core/src/main/java/org/apache/struts2/interceptor/CookieInterceptor.java
+++ b/core/src/main/java/org/apache/struts2/interceptor/CookieInterceptor.java
@@ -24,6 +24,7 @@ package org.apache.struts2.interceptor;
import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;
+import com.opensymphony.xwork2.ExcludedPatterns;
import com.opensymphony.xwork2.util.TextParseUtil;
import com.opensymphony.xwork2.util.ValueStack;
import com.opensymphony.xwork2.util.logging.Logger;
@@ -173,7 +174,8 @@ public class CookieInterceptor extends AbstractInterceptor {
private Set cookiesValueSet = Collections.emptySet();
// Allowed names of cookies
-private Pattern acceptedPattern = Pattern.compile(ACCEPTED_PATTERN);
+private Pattern acceptedPattern = Pattern.compile(ACCEPTED_PATTERN,
Pattern.CASE_INSENSITIVE);
+private Pattern excludedPattern =
Pattern.compile(ExcludedPatterns.CLASS_ACCESS_PATTERN,
Pattern.CASE_INSENSITIVE);
/**
* Set the cookiesName which if matched will allow the cookie
@@ -223,7 +225,7 @@ public class CookieInterceptor extends AbstractInterceptor {
String name = cookie.getName();
String value = cookie.getValue();
-if (acceptedPattern.matcher(name).matches()) {
+if (isAcceptableName(name) && isAcceptableValue(value)) {
if (cookiesNameSet.contains("*")) {
if (LOG.isDebugEnabled()) {
LOG.debug("contains cookie name [*] in configured
cookies name set, cookie with name [" + name + "] with value [" + value + "]
will be injected");
@@ -233,7 +235,7 @@ public class CookieInterceptor extends AbstractInterceptor {
populateCookieValueIntoStack(name, value, cookiesMap,
stack);
}
} else {
-LOG.warn("Cookie name [" + name + "] does not match
accepted cookie names pattern [" + acceptedPattern + "]");
+LOG.warn("Cookie name [#0] with value [#1] was rejected!",
name, value);
}
}
}
@@ -245,6 +247,72 @@ public class CookieInterceptor extends AbstractInterceptor
{
}
/**
+ * Checks if value of Cookie doesn't contain vulnerable code
+ *
+ * @param value of Cookie
+ * @return true|false
+ */
+protected boolean isAcceptableValue(String value) {
+boolean matches = !excludedPattern.matcher(value).matches();
+if (!matches) {
+if (LOG.isTraceEnabled()) {
+LOG.trace("Cookie value [#0] matches excludedPattern [#1]",
value, ExcludedPatterns.CLASS_ACCESS_PATTERN);
+}
+}
+return matches;
+}
+
+/**
+ * Checks if name of Cookie doesn't contain vulnerable code
+ *
+ * @param name of Cookie
+ * @return true|false
+ */
+protected boolean isAcceptableName(String name) {
+return !isExcluded(name) && isAccepted(name);
+}
+
+/**
+ * Checks if name of Cookie match {@link #acceptedPattern}
+ *
+ * @param name of Cookie
+ * @return true|false
+ */
+protected boolean isAccepted(String name) {
+boolean matches = acceptedPattern.matcher(name).matches();
+if (matches) {
+if (LOG.isTraceEnabled()) {
+LOG.trace("Cookie [#0] matches acceptedPattern [#1]", name,
ACCEPTED_PATTERN);
+}
+} else {
+if (LOG.isTraceEnabled()) {
+LOG.trace("Cookie [#0] doesn't match acceptedPattern [#1]",
name, ACCEPTED_PATTERN);
+
[01/23] git commit: Merge branch 'release/2.3.17'
Repository: struts Updated Branches: refs/heads/develop 9519cd12e -> 3575bebf0 refs/heads/master 6d55d0152 -> 1be8ed61e Merge branch 'release/2.3.17' Project: http://git-wip-us.apache.org/repos/asf/struts/repo Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/6d55d015 Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/6d55d015 Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/6d55d015 Branch: refs/heads/develop Commit: 6d55d01522a34310ad4f2b2580d90cdd402886b9 Parents: a77f28d e1f97c8 Author: Lukasz Lenart Authored: Sun Apr 6 16:00:55 2014 +0200 Committer: Lukasz Lenart Committed: Sun Apr 6 16:00:55 2014 +0200 -- .gitignore | 3 + apps/blank/README.txt | 8 +- apps/blank/pom.xml | 4 +- apps/blank/src/main/webapp/WEB-INF/web.xml | 5 + apps/jboss-blank/README.txt | 8 +- apps/jboss-blank/pom.xml| 4 +- apps/jboss-blank/src/main/resources/example.xml | 6 +- .../webapp/WEB-INF/jsp/example/HelloWorld.jsp | 28 + .../main/webapp/WEB-INF/jsp/example/Login.jsp | 15 + .../main/webapp/WEB-INF/jsp/example/Menu.jsp| 3 + .../main/webapp/WEB-INF/jsp/example/Missing.jsp | 11 + .../webapp/WEB-INF/jsp/example/Register.jsp | 3 + .../main/webapp/WEB-INF/jsp/example/Welcome.jsp | 18 + .../jboss-blank/src/main/webapp/WEB-INF/web.xml | 17 + .../src/main/webapp/example/HelloWorld.jsp | 28 - .../src/main/webapp/example/Login.jsp | 15 - .../src/main/webapp/example/Menu.jsp| 3 - .../src/main/webapp/example/Missing.jsp | 11 - .../src/main/webapp/example/Register.jsp| 3 - .../src/main/webapp/example/Welcome.jsp | 18 - apps/mailreader/README.txt | 9 +- apps/mailreader/pom.xml | 4 +- .../src/main/java/mailreader-support.xml| 10 +- .../src/main/webapp/ChangePassword.jsp | 25 - apps/mailreader/src/main/webapp/Error.jsp | 40 - apps/mailreader/src/main/webapp/Footer.jsp | 6 - apps/mailreader/src/main/webapp/Login.jsp | 30 - apps/mailreader/src/main/webapp/MainMenu.jsp| 25 - .../mailreader/src/main/webapp/Registration.jsp | 115 --- .../mailreader/src/main/webapp/Subscription.jsp | 60 -- .../main/webapp/WEB-INF/jsp/ChangePassword.jsp | 25 + .../src/main/webapp/WEB-INF/jsp/Error.jsp | 40 + .../src/main/webapp/WEB-INF/jsp/Footer.jsp | 6 + .../src/main/webapp/WEB-INF/jsp/Login.jsp | 30 + .../src/main/webapp/WEB-INF/jsp/MainMenu.jsp| 25 + .../main/webapp/WEB-INF/jsp/Registration.jsp| 115 +++ .../main/webapp/WEB-INF/jsp/Subscription.jsp| 60 ++ .../src/main/webapp/WEB-INF/jsp/Welcome.jsp | 55 ++ apps/mailreader/src/main/webapp/WEB-INF/web.xml | 17 + apps/mailreader/src/main/webapp/Welcome.jsp | 55 -- apps/pom.xml| 3 +- apps/portlet/README.txt | 9 +- apps/portlet/pom.xml| 2 +- apps/rest-showcase/README.txt | 15 + apps/rest-showcase/pom.xml | 4 +- .../src/main/webapp/WEB-INF/web.xml | 17 + apps/showcase/README.txt| 8 +- apps/showcase/pom.xml | 2 +- .../main/resources/struts-actionchaining.xml| 2 +- .../showcase/src/main/resources/struts-ajax.xml | 69 +- .../showcase/src/main/resources/struts-chat.xml | 28 +- .../src/main/resources/struts-conversion.xml| 44 +- .../src/main/resources/struts-filedownload.xml | 4 + .../src/main/resources/struts-fileupload.xml| 14 +- .../src/main/resources/struts-freemarker.xml| 4 +- .../src/main/resources/struts-hangman.xml | 18 +- .../src/main/resources/struts-integration.xml | 6 +- .../src/main/resources/struts-interactive.xml | 7 +- apps/showcase/src/main/resources/struts-jsf.xml | 4 + .../src/main/resources/struts-model-driven.xml | 4 +- .../src/main/resources/struts-tags-non-ui.xml | 57 +- .../src/main/resources/struts-tags-ui.xml | 58 +- .../src/main/resources/struts-tiles.xml | 2 +- .../src/main/resources/struts-token.xml | 24 +- .../src/main/resources/struts-validation.xml| 37 +- .../showcase/src/main/resources/struts-wait.xml | 24 +- apps/showcase/src/main/resources/struts.xml | 25 +- .../actionchaining/actionChainingResult.jsp | 23 + .../src/main/webapp/WEB-INF/ajax/AjaxResult.jsp | 12 + .../src/main/webapp/WEB-INF/ajax/AjaxResult2.js | 2 + .../main/webapp/WEB-INF/ajax/AjaxResult3.jsp| 12 + .../webapp/WEB-INF/ajax/autocompleter/index.jsp | 186 + .../src/main/webapp/WEB-INF/ajax/bind/index.jsp | 61 ++ .../main/webapp/WEB-INF/ajax/commonInclude.jsp | 5 + .../src/main
[17/23] git commit: [maven-release-plugin] prepare release STRUTS_2_3_16_2
[maven-release-plugin] prepare release STRUTS_2_3_16_2 Project: http://git-wip-us.apache.org/repos/asf/struts/repo Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/7dd83dff Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/7dd83dff Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/7dd83dff Branch: refs/heads/master Commit: 7dd83dff485d324980f3d22c726cfd969ecf41f8 Parents: 7809666 Author: Lukasz Lenart Authored: Thu Apr 24 21:32:35 2014 +0200 Committer: Lukasz Lenart Committed: Thu Apr 24 21:32:35 2014 +0200 -- apps/blank/pom.xml | 2 +- apps/jboss-blank/pom.xml| 2 +- apps/mailreader/pom.xml | 2 +- apps/pom.xml| 2 +- apps/portlet/pom.xml| 2 +- apps/rest-showcase/pom.xml | 4 ++-- apps/showcase/pom.xml | 2 +- archetypes/pom.xml | 2 +- archetypes/struts2-archetype-angularjs/pom.xml | 4 ++-- archetypes/struts2-archetype-blank/pom.xml | 4 ++-- archetypes/struts2-archetype-convention/pom.xml | 4 ++-- archetypes/struts2-archetype-dbportlet/pom.xml | 4 ++-- archetypes/struts2-archetype-plugin/pom.xml | 4 ++-- archetypes/struts2-archetype-portlet/pom.xml| 4 ++-- archetypes/struts2-archetype-starter/pom.xml| 4 ++-- assembly/pom.xml| 2 +- bundles/admin/pom.xml | 2 +- bundles/demo/pom.xml| 2 +- bundles/pom.xml | 2 +- core/pom.xml| 2 +- plugins/cdi/pom.xml | 2 +- plugins/codebehind/pom.xml | 2 +- plugins/config-browser/pom.xml | 2 +- plugins/convention/pom.xml | 2 +- plugins/dojo/pom.xml| 2 +- plugins/dwr/pom.xml | 2 +- plugins/embeddedjsp/pom.xml | 2 +- plugins/gxp/pom.xml | 2 +- plugins/jasperreports/pom.xml | 2 +- plugins/javatemplates/pom.xml | 2 +- plugins/jfreechart/pom.xml | 2 +- plugins/jsf/pom.xml | 2 +- plugins/json/pom.xml| 2 +- plugins/junit/pom.xml | 2 +- plugins/osgi/pom.xml| 2 +- plugins/oval/pom.xml| 2 +- plugins/pell-multipart/pom.xml | 2 +- plugins/plexus/pom.xml | 2 +- plugins/pom.xml | 2 +- plugins/portlet-tiles/pom.xml | 2 +- plugins/portlet/pom.xml | 2 +- plugins/rest/pom.xml| 4 ++-- plugins/sitegraph/pom.xml | 2 +- plugins/sitemesh/pom.xml| 2 +- plugins/spring/pom.xml | 2 +- plugins/struts1/pom.xml | 2 +- plugins/testng/pom.xml | 2 +- plugins/tiles/pom.xml | 2 +- plugins/tiles3/pom.xml | 2 +- pom.xml | 5 +++-- xwork-core/pom.xml | 2 +- 51 files changed, 62 insertions(+), 61 deletions(-) -- http://git-wip-us.apache.org/repos/asf/struts/blob/7dd83dff/apps/blank/pom.xml -- diff --git a/apps/blank/pom.xml b/apps/blank/pom.xml index dce8aa0..6054fc4 100644 --- a/apps/blank/pom.xml +++ b/apps/blank/pom.xml @@ -26,7 +26,7 @@ org.apache.struts struts2-apps -2.3.16.2-SNAPSHOT +2.3.16.2 struts2-blank http://git-wip-us.apache.org/repos/asf/struts/blob/7dd83dff/apps/jboss-blank/pom.xml -- diff --git a/apps/jboss-blank/pom.xml b/apps/jboss-blank/pom.xml index 9a6abee..0aebae0 100644 --- a/apps/jboss-blank/pom.xml +++ b/apps/jboss-blank/pom.xml @@ -26,7 +26,7 @@ org.apache.struts struts2-apps -2.3.16.2-SNAPSHOT +2.3.16.2 struts2-jboss-blank http://git-wip-us.apache.org/repos/asf/struts/blob/7dd83dff/apps/mailreader/pom.xml -- diff --git a/apps/mailreader/pom.xml b/apps/mailreader/pom.xml index de7cfb2..f2fc344 100644 --- a/apps/mailreader/pom.xml +++ b/apps/mailreader/pom.xml @@ -26,7 +26,7 @@ org.apache.struts struts2-apps - 2.3.16.2-SNAPSHOT + 2.3.16.2 struts2-mailreader http://git-wip-us.apache.org/repos/
[23/23] git commit: Corrects version in poms
Corrects version in poms Project: http://git-wip-us.apache.org/repos/asf/struts/repo Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/3575bebf Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/3575bebf Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/3575bebf Branch: refs/heads/develop Commit: 3575bebf01caa7f8676383495c8276cd8d4e688e Parents: c22146b Author: Lukasz Lenart Authored: Mon Apr 28 08:52:37 2014 +0200 Committer: Lukasz Lenart Committed: Mon Apr 28 08:52:37 2014 +0200 -- apps/blank/pom.xml | 2 +- apps/jboss-blank/pom.xml| 2 +- apps/mailreader/pom.xml | 2 +- apps/pom.xml| 2 +- apps/portlet/pom.xml| 2 +- apps/rest-showcase/pom.xml | 4 ++-- apps/showcase/pom.xml | 2 +- archetypes/pom.xml | 2 +- archetypes/struts2-archetype-angularjs/pom.xml | 2 +- archetypes/struts2-archetype-blank/pom.xml | 2 +- archetypes/struts2-archetype-convention/pom.xml | 2 +- archetypes/struts2-archetype-dbportlet/pom.xml | 2 +- archetypes/struts2-archetype-plugin/pom.xml | 2 +- archetypes/struts2-archetype-portlet/pom.xml| 2 +- archetypes/struts2-archetype-starter/pom.xml| 2 +- assembly/pom.xml| 2 +- bundles/admin/pom.xml | 2 +- bundles/demo/pom.xml| 2 +- bundles/pom.xml | 2 +- core/pom.xml| 2 +- plugins/cdi/pom.xml | 2 +- plugins/codebehind/pom.xml | 2 +- plugins/config-browser/pom.xml | 2 +- plugins/convention/pom.xml | 2 +- plugins/dojo/pom.xml| 2 +- plugins/dwr/pom.xml | 2 +- plugins/embeddedjsp/pom.xml | 2 +- plugins/gxp/pom.xml | 2 +- plugins/jasperreports/pom.xml | 2 +- plugins/javatemplates/pom.xml | 2 +- plugins/jfreechart/pom.xml | 2 +- plugins/jsf/pom.xml | 2 +- plugins/json/pom.xml| 2 +- plugins/junit/pom.xml | 2 +- plugins/osgi/pom.xml| 2 +- plugins/oval/pom.xml| 2 +- plugins/pell-multipart/pom.xml | 2 +- plugins/plexus/pom.xml | 2 +- plugins/pom.xml | 2 +- plugins/portlet-tiles/pom.xml | 2 +- plugins/portlet/pom.xml | 2 +- plugins/rest/pom.xml| 4 ++-- plugins/sitegraph/pom.xml | 2 +- plugins/sitemesh/pom.xml| 2 +- plugins/spring/pom.xml | 2 +- plugins/struts1/pom.xml | 2 +- plugins/testng/pom.xml | 2 +- plugins/tiles/pom.xml | 2 +- plugins/tiles3/pom.xml | 2 +- pom.xml | 2 +- xwork-core/pom.xml | 2 +- 51 files changed, 53 insertions(+), 53 deletions(-) -- http://git-wip-us.apache.org/repos/asf/struts/blob/3575bebf/apps/blank/pom.xml -- diff --git a/apps/blank/pom.xml b/apps/blank/pom.xml index 190b21e..675de3f 100644 --- a/apps/blank/pom.xml +++ b/apps/blank/pom.xml @@ -26,7 +26,7 @@ org.apache.struts struts2-apps -2.3.16.2 +2.3.18-SNAPSHOT struts2-blank http://git-wip-us.apache.org/repos/asf/struts/blob/3575bebf/apps/jboss-blank/pom.xml -- diff --git a/apps/jboss-blank/pom.xml b/apps/jboss-blank/pom.xml index e321ab8..3335999 100644 --- a/apps/jboss-blank/pom.xml +++ b/apps/jboss-blank/pom.xml @@ -26,7 +26,7 @@ org.apache.struts struts2-apps -2.3.16.2 +2.3.18-SNAPSHOT struts2-jboss-blank http://git-wip-us.apache.org/repos/asf/struts/blob/3575bebf/apps/mailreader/pom.xml -- diff --git a/apps/mailreader/pom.xml b/apps/mailreader/pom.xml index 6e4e5d5..7275fdf 100644 --- a/apps/mailreader/pom.xml +++ b/apps/mailreader/pom.xml @@ -26,7 +26,7 @@ org.apache.struts struts2-apps - 2.3.16.2 + 2.3.18-SNAPSHOT struts2-mailreader http://git-wip-us.apache.org/repos/asf/struts/blob/3575bebf/apps/pom.xml --
[07/23] git commit: Uses global exclude patterns to initialise excludeParams
Uses global exclude patterns to initialise excludeParams
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/63152417
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/63152417
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/63152417
Branch: refs/heads/develop
Commit: 6315241719be167542962da436b38782ed730c62
Parents: 2e2da29
Author: Lukasz Lenart
Authored: Thu Apr 24 19:51:40 2014 +0200
Committer: Lukasz Lenart
Committed: Thu Apr 24 19:51:40 2014 +0200
--
.../struts2/interceptor/CookieInterceptor.java | 74 +++-
.../interceptor/ParametersInterceptor.java | 19 +++--
2 files changed, 86 insertions(+), 7 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/struts/blob/63152417/core/src/main/java/org/apache/struts2/interceptor/CookieInterceptor.java
--
diff --git
a/core/src/main/java/org/apache/struts2/interceptor/CookieInterceptor.java
b/core/src/main/java/org/apache/struts2/interceptor/CookieInterceptor.java
index 939956c..3e2e81d 100644
--- a/core/src/main/java/org/apache/struts2/interceptor/CookieInterceptor.java
+++ b/core/src/main/java/org/apache/struts2/interceptor/CookieInterceptor.java
@@ -24,6 +24,7 @@ package org.apache.struts2.interceptor;
import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;
+import com.opensymphony.xwork2.ExcludedPatterns;
import com.opensymphony.xwork2.util.TextParseUtil;
import com.opensymphony.xwork2.util.ValueStack;
import com.opensymphony.xwork2.util.logging.Logger;
@@ -173,7 +174,8 @@ public class CookieInterceptor extends AbstractInterceptor {
private Set cookiesValueSet = Collections.emptySet();
// Allowed names of cookies
-private Pattern acceptedPattern = Pattern.compile(ACCEPTED_PATTERN);
+private Pattern acceptedPattern = Pattern.compile(ACCEPTED_PATTERN,
Pattern.CASE_INSENSITIVE);
+private Pattern excludedPattern =
Pattern.compile(ExcludedPatterns.CLASS_ACCESS_PATTERN,
Pattern.CASE_INSENSITIVE);
/**
* Set the cookiesName which if matched will allow the cookie
@@ -223,7 +225,7 @@ public class CookieInterceptor extends AbstractInterceptor {
String name = cookie.getName();
String value = cookie.getValue();
-if (acceptedPattern.matcher(name).matches()) {
+if (isAcceptableName(name) && isAcceptableValue(value)) {
if (cookiesNameSet.contains("*")) {
if (LOG.isDebugEnabled()) {
LOG.debug("contains cookie name [*] in configured
cookies name set, cookie with name [" + name + "] with value [" + value + "]
will be injected");
@@ -233,7 +235,7 @@ public class CookieInterceptor extends AbstractInterceptor {
populateCookieValueIntoStack(name, value, cookiesMap,
stack);
}
} else {
-LOG.warn("Cookie name [" + name + "] does not match
accepted cookie names pattern [" + acceptedPattern + "]");
+LOG.warn("Cookie name [#0] with value [#1] was rejected!",
name, value);
}
}
}
@@ -245,6 +247,72 @@ public class CookieInterceptor extends AbstractInterceptor
{
}
/**
+ * Checks if value of Cookie doesn't contain vulnerable code
+ *
+ * @param value of Cookie
+ * @return true|false
+ */
+protected boolean isAcceptableValue(String value) {
+boolean matches = !excludedPattern.matcher(value).matches();
+if (!matches) {
+if (LOG.isTraceEnabled()) {
+LOG.trace("Cookie value [#0] matches excludedPattern [#1]",
value, ExcludedPatterns.CLASS_ACCESS_PATTERN);
+}
+}
+return matches;
+}
+
+/**
+ * Checks if name of Cookie doesn't contain vulnerable code
+ *
+ * @param name of Cookie
+ * @return true|false
+ */
+protected boolean isAcceptableName(String name) {
+return !isExcluded(name) && isAccepted(name);
+}
+
+/**
+ * Checks if name of Cookie match {@link #acceptedPattern}
+ *
+ * @param name of Cookie
+ * @return true|false
+ */
+protected boolean isAccepted(String name) {
+boolean matches = acceptedPattern.matcher(name).matches();
+if (matches) {
+if (LOG.isTraceEnabled()) {
+LOG.trace("Cookie [#0] matches acceptedPattern [#1]", name,
ACCEPTED_PATTERN);
+}
+} else {
+if (LOG.isTraceEnabled()) {
+LOG.trace("Cookie [#0] doesn't match acceptedPattern [#1]",
name, ACCEPTED_PATTERN);
[14/23] git commit: Updates maven-release-plugin to solve problem with tagging
Updates maven-release-plugin to solve problem with tagging Project: http://git-wip-us.apache.org/repos/asf/struts/repo Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/78096665 Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/78096665 Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/78096665 Branch: refs/heads/develop Commit: 78096665fea8f4265df172b1bc6f74facedfcd99 Parents: 1540ab3 Author: Lukasz Lenart Authored: Thu Apr 24 21:13:06 2014 +0200 Committer: Lukasz Lenart Committed: Thu Apr 24 21:13:06 2014 +0200 -- pom.xml | 9 +++-- 1 file changed, 7 insertions(+), 2 deletions(-) -- http://git-wip-us.apache.org/repos/asf/struts/blob/78096665/pom.xml -- diff --git a/pom.xml b/pom.xml index 0d7f275..9d2ef8b 100644 --- a/pom.xml +++ b/pom.xml @@ -12,7 +12,7 @@ 2.3.16.2-SNAPSHOT pom Struts 2 -http://struts.apache.org/2.x/ +http://struts.apache.org/ Apache Struts 2 2000 @@ -123,7 +123,7 @@ org.apache.maven.plugins maven-release-plugin -2.5 +2.52 org.apache.maven.plugins @@ -175,6 +175,11 @@ +org.apache.maven.plugins +maven-release-plugin +2.5 + + maven-jar-plugin
[16/23] git commit: [maven-release-plugin] prepare release STRUTS_2_3_16_2
[maven-release-plugin] prepare release STRUTS_2_3_16_2 Project: http://git-wip-us.apache.org/repos/asf/struts/repo Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/7dd83dff Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/7dd83dff Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/7dd83dff Branch: refs/heads/develop Commit: 7dd83dff485d324980f3d22c726cfd969ecf41f8 Parents: 7809666 Author: Lukasz Lenart Authored: Thu Apr 24 21:32:35 2014 +0200 Committer: Lukasz Lenart Committed: Thu Apr 24 21:32:35 2014 +0200 -- apps/blank/pom.xml | 2 +- apps/jboss-blank/pom.xml| 2 +- apps/mailreader/pom.xml | 2 +- apps/pom.xml| 2 +- apps/portlet/pom.xml| 2 +- apps/rest-showcase/pom.xml | 4 ++-- apps/showcase/pom.xml | 2 +- archetypes/pom.xml | 2 +- archetypes/struts2-archetype-angularjs/pom.xml | 4 ++-- archetypes/struts2-archetype-blank/pom.xml | 4 ++-- archetypes/struts2-archetype-convention/pom.xml | 4 ++-- archetypes/struts2-archetype-dbportlet/pom.xml | 4 ++-- archetypes/struts2-archetype-plugin/pom.xml | 4 ++-- archetypes/struts2-archetype-portlet/pom.xml| 4 ++-- archetypes/struts2-archetype-starter/pom.xml| 4 ++-- assembly/pom.xml| 2 +- bundles/admin/pom.xml | 2 +- bundles/demo/pom.xml| 2 +- bundles/pom.xml | 2 +- core/pom.xml| 2 +- plugins/cdi/pom.xml | 2 +- plugins/codebehind/pom.xml | 2 +- plugins/config-browser/pom.xml | 2 +- plugins/convention/pom.xml | 2 +- plugins/dojo/pom.xml| 2 +- plugins/dwr/pom.xml | 2 +- plugins/embeddedjsp/pom.xml | 2 +- plugins/gxp/pom.xml | 2 +- plugins/jasperreports/pom.xml | 2 +- plugins/javatemplates/pom.xml | 2 +- plugins/jfreechart/pom.xml | 2 +- plugins/jsf/pom.xml | 2 +- plugins/json/pom.xml| 2 +- plugins/junit/pom.xml | 2 +- plugins/osgi/pom.xml| 2 +- plugins/oval/pom.xml| 2 +- plugins/pell-multipart/pom.xml | 2 +- plugins/plexus/pom.xml | 2 +- plugins/pom.xml | 2 +- plugins/portlet-tiles/pom.xml | 2 +- plugins/portlet/pom.xml | 2 +- plugins/rest/pom.xml| 4 ++-- plugins/sitegraph/pom.xml | 2 +- plugins/sitemesh/pom.xml| 2 +- plugins/spring/pom.xml | 2 +- plugins/struts1/pom.xml | 2 +- plugins/testng/pom.xml | 2 +- plugins/tiles/pom.xml | 2 +- plugins/tiles3/pom.xml | 2 +- pom.xml | 5 +++-- xwork-core/pom.xml | 2 +- 51 files changed, 62 insertions(+), 61 deletions(-) -- http://git-wip-us.apache.org/repos/asf/struts/blob/7dd83dff/apps/blank/pom.xml -- diff --git a/apps/blank/pom.xml b/apps/blank/pom.xml index dce8aa0..6054fc4 100644 --- a/apps/blank/pom.xml +++ b/apps/blank/pom.xml @@ -26,7 +26,7 @@ org.apache.struts struts2-apps -2.3.16.2-SNAPSHOT +2.3.16.2 struts2-blank http://git-wip-us.apache.org/repos/asf/struts/blob/7dd83dff/apps/jboss-blank/pom.xml -- diff --git a/apps/jboss-blank/pom.xml b/apps/jboss-blank/pom.xml index 9a6abee..0aebae0 100644 --- a/apps/jboss-blank/pom.xml +++ b/apps/jboss-blank/pom.xml @@ -26,7 +26,7 @@ org.apache.struts struts2-apps -2.3.16.2-SNAPSHOT +2.3.16.2 struts2-jboss-blank http://git-wip-us.apache.org/repos/asf/struts/blob/7dd83dff/apps/mailreader/pom.xml -- diff --git a/apps/mailreader/pom.xml b/apps/mailreader/pom.xml index de7cfb2..f2fc344 100644 --- a/apps/mailreader/pom.xml +++ b/apps/mailreader/pom.xml @@ -26,7 +26,7 @@ org.apache.struts struts2-apps - 2.3.16.2-SNAPSHOT + 2.3.16.2 struts2-mailreader http://git-wip-us.apache.org/repos
[18/23] git commit: [maven-release-plugin] prepare for next development iteration
[maven-release-plugin] prepare for next development iteration Project: http://git-wip-us.apache.org/repos/asf/struts/repo Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/fbd75a89 Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/fbd75a89 Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/fbd75a89 Branch: refs/heads/develop Commit: fbd75a892bdad741f8a4247e3b8e5c2727651816 Parents: 7dd83df Author: Lukasz Lenart Authored: Thu Apr 24 21:32:49 2014 +0200 Committer: Lukasz Lenart Committed: Thu Apr 24 21:32:49 2014 +0200 -- apps/blank/pom.xml | 2 +- apps/jboss-blank/pom.xml| 2 +- apps/mailreader/pom.xml | 2 +- apps/pom.xml| 2 +- apps/portlet/pom.xml| 2 +- apps/rest-showcase/pom.xml | 4 ++-- apps/showcase/pom.xml | 2 +- archetypes/pom.xml | 2 +- archetypes/struts2-archetype-angularjs/pom.xml | 4 ++-- archetypes/struts2-archetype-blank/pom.xml | 4 ++-- archetypes/struts2-archetype-convention/pom.xml | 4 ++-- archetypes/struts2-archetype-dbportlet/pom.xml | 4 ++-- archetypes/struts2-archetype-plugin/pom.xml | 4 ++-- archetypes/struts2-archetype-portlet/pom.xml| 4 ++-- archetypes/struts2-archetype-starter/pom.xml| 4 ++-- assembly/pom.xml| 2 +- bundles/admin/pom.xml | 2 +- bundles/demo/pom.xml| 2 +- bundles/pom.xml | 2 +- core/pom.xml| 2 +- plugins/cdi/pom.xml | 2 +- plugins/codebehind/pom.xml | 2 +- plugins/config-browser/pom.xml | 2 +- plugins/convention/pom.xml | 2 +- plugins/dojo/pom.xml| 2 +- plugins/dwr/pom.xml | 2 +- plugins/embeddedjsp/pom.xml | 2 +- plugins/gxp/pom.xml | 2 +- plugins/jasperreports/pom.xml | 2 +- plugins/javatemplates/pom.xml | 2 +- plugins/jfreechart/pom.xml | 2 +- plugins/jsf/pom.xml | 2 +- plugins/json/pom.xml| 2 +- plugins/junit/pom.xml | 2 +- plugins/osgi/pom.xml| 2 +- plugins/oval/pom.xml| 2 +- plugins/pell-multipart/pom.xml | 2 +- plugins/plexus/pom.xml | 2 +- plugins/pom.xml | 2 +- plugins/portlet-tiles/pom.xml | 2 +- plugins/portlet/pom.xml | 2 +- plugins/rest/pom.xml| 4 ++-- plugins/sitegraph/pom.xml | 2 +- plugins/sitemesh/pom.xml| 2 +- plugins/spring/pom.xml | 2 +- plugins/struts1/pom.xml | 2 +- plugins/testng/pom.xml | 2 +- plugins/tiles/pom.xml | 2 +- plugins/tiles3/pom.xml | 2 +- pom.xml | 4 ++-- xwork-core/pom.xml | 2 +- 51 files changed, 61 insertions(+), 61 deletions(-) -- http://git-wip-us.apache.org/repos/asf/struts/blob/fbd75a89/apps/blank/pom.xml -- diff --git a/apps/blank/pom.xml b/apps/blank/pom.xml index 6054fc4..81a88d5 100644 --- a/apps/blank/pom.xml +++ b/apps/blank/pom.xml @@ -26,7 +26,7 @@ org.apache.struts struts2-apps -2.3.16.2 +2.3.16.3-SNAPSHOT struts2-blank http://git-wip-us.apache.org/repos/asf/struts/blob/fbd75a89/apps/jboss-blank/pom.xml -- diff --git a/apps/jboss-blank/pom.xml b/apps/jboss-blank/pom.xml index 0aebae0..b77c977 100644 --- a/apps/jboss-blank/pom.xml +++ b/apps/jboss-blank/pom.xml @@ -26,7 +26,7 @@ org.apache.struts struts2-apps -2.3.16.2 +2.3.16.3-SNAPSHOT struts2-jboss-blank http://git-wip-us.apache.org/repos/asf/struts/blob/fbd75a89/apps/mailreader/pom.xml -- diff --git a/apps/mailreader/pom.xml b/apps/mailreader/pom.xml index f2fc344..bb7ae7c 100644 --- a/apps/mailreader/pom.xml +++ b/apps/mailreader/pom.xml @@ -26,7 +26,7 @@ org.apache.struts struts2-apps - 2.3.16.2 + 2.3.16.3-SNAPSHOT struts2-mailreader http://git-wip-us.apache.org
[21/23] git commit: Merge branch 'hotfix/2.3.16.2'
Merge branch 'hotfix/2.3.16.2' Conflicts: apps/blank/pom.xml apps/jboss-blank/pom.xml apps/mailreader/pom.xml apps/pom.xml apps/portlet/pom.xml apps/rest-showcase/pom.xml apps/showcase/pom.xml archetypes/pom.xml archetypes/struts2-archetype-angularjs/pom.xml archetypes/struts2-archetype-blank/pom.xml archetypes/struts2-archetype-convention/pom.xml archetypes/struts2-archetype-dbportlet/pom.xml archetypes/struts2-archetype-plugin/pom.xml archetypes/struts2-archetype-portlet/pom.xml archetypes/struts2-archetype-starter/pom.xml assembly/pom.xml bundles/admin/pom.xml bundles/demo/pom.xml bundles/pom.xml core/pom.xml core/src/main/resources/struts-default.xml plugins/cdi/pom.xml plugins/codebehind/pom.xml plugins/config-browser/pom.xml plugins/convention/pom.xml plugins/dojo/pom.xml plugins/dwr/pom.xml plugins/embeddedjsp/pom.xml plugins/gxp/pom.xml plugins/jasperreports/pom.xml plugins/javatemplates/pom.xml plugins/jfreechart/pom.xml plugins/jsf/pom.xml plugins/json/pom.xml plugins/junit/pom.xml plugins/osgi/pom.xml plugins/oval/pom.xml plugins/pell-multipart/pom.xml plugins/plexus/pom.xml plugins/pom.xml plugins/portlet-tiles/pom.xml plugins/portlet/pom.xml plugins/rest/pom.xml plugins/sitegraph/pom.xml plugins/sitemesh/pom.xml plugins/spring/pom.xml plugins/struts1/pom.xml plugins/testng/pom.xml plugins/tiles/pom.xml plugins/tiles3/pom.xml pom.xml xwork-core/pom.xml Project: http://git-wip-us.apache.org/repos/asf/struts/repo Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/1be8ed61 Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/1be8ed61 Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/1be8ed61 Branch: refs/heads/develop Commit: 1be8ed61e499b58b3fb6a45253f47865f83f35fb Parents: 6d55d01 fbd75a8 Author: Lukasz Lenart Authored: Mon Apr 28 08:50:53 2014 +0200 Committer: Lukasz Lenart Committed: Mon Apr 28 08:50:53 2014 +0200 -- apps/blank/pom.xml | 2 +- apps/jboss-blank/pom.xml| 2 +- apps/mailreader/pom.xml | 2 +- apps/pom.xml| 2 +- apps/portlet/pom.xml| 2 +- apps/rest-showcase/pom.xml | 4 +- apps/showcase/pom.xml | 2 +- archetypes/pom.xml | 2 +- archetypes/struts2-archetype-angularjs/pom.xml | 2 +- archetypes/struts2-archetype-blank/pom.xml | 2 +- archetypes/struts2-archetype-convention/pom.xml | 2 +- archetypes/struts2-archetype-dbportlet/pom.xml | 2 +- archetypes/struts2-archetype-plugin/pom.xml | 2 +- archetypes/struts2-archetype-portlet/pom.xml| 2 +- archetypes/struts2-archetype-starter/pom.xml| 2 +- assembly/pom.xml| 2 +- bundles/admin/pom.xml | 2 +- bundles/demo/pom.xml| 2 +- bundles/pom.xml | 2 +- core/pom.xml| 2 +- .../struts2/interceptor/CookieInterceptor.java | 74 +++- core/src/main/resources/struts-default.xml | 8 +-- .../interceptor/CookieInterceptorTest.java | 66 + plugins/cdi/pom.xml | 2 +- plugins/codebehind/pom.xml | 2 +- plugins/config-browser/pom.xml | 2 +- plugins/convention/pom.xml | 2 +- plugins/dojo/pom.xml| 2 +- plugins/dwr/pom.xml | 2 +- plugins/embeddedjsp/pom.xml | 2 +- plugins/gxp/pom.xml | 2 +- plugins/jasperreports/pom.xml | 2 +- plugins/javatemplates/pom.xml | 2 +- plugins/jfreechart/pom.xml | 2 +- plugins/jsf/pom.xml | 2 +- plugins/json/pom.xml| 2 +- plugins/junit/pom.xml | 2 +- plugins/osgi/pom.xml| 2 +- plugins/oval/pom.xml| 2 +- plugins/pell-multipart/pom.xml | 2 +- plugins/plexus/pom.xml | 2 +- plugins/pom.xml | 2 +- plugins/portlet-tiles/pom.xml | 2 +- plugins/portlet/pom.xml | 2 +- plugins/rest/pom.xml| 4 +- plugins/sitegraph/pom.xml
[12/23] git commit: Updates maven-release-plugin to solve problem with tagging
Updates maven-release-plugin to solve problem with tagging Project: http://git-wip-us.apache.org/repos/asf/struts/repo Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/1540ab3c Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/1540ab3c Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/1540ab3c Branch: refs/heads/master Commit: 1540ab3c74b323890caa82046e69d507c936e361 Parents: 9862157 Author: Lukasz Lenart Authored: Thu Apr 24 20:46:43 2014 +0200 Committer: Lukasz Lenart Committed: Thu Apr 24 20:46:43 2014 +0200 -- pom.xml | 5 + 1 file changed, 5 insertions(+) -- http://git-wip-us.apache.org/repos/asf/struts/blob/1540ab3c/pom.xml -- diff --git a/pom.xml b/pom.xml index 1e89047..0d7f275 100644 --- a/pom.xml +++ b/pom.xml @@ -122,6 +122,11 @@ org.apache.maven.plugins +maven-release-plugin +2.5 + + +org.apache.maven.plugins maven-site-plugin 3.2
[13/23] git commit: Updates maven-release-plugin to solve problem with tagging
Updates maven-release-plugin to solve problem with tagging Project: http://git-wip-us.apache.org/repos/asf/struts/repo Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/1540ab3c Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/1540ab3c Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/1540ab3c Branch: refs/heads/develop Commit: 1540ab3c74b323890caa82046e69d507c936e361 Parents: 9862157 Author: Lukasz Lenart Authored: Thu Apr 24 20:46:43 2014 +0200 Committer: Lukasz Lenart Committed: Thu Apr 24 20:46:43 2014 +0200 -- pom.xml | 5 + 1 file changed, 5 insertions(+) -- http://git-wip-us.apache.org/repos/asf/struts/blob/1540ab3c/pom.xml -- diff --git a/pom.xml b/pom.xml index 1e89047..0d7f275 100644 --- a/pom.xml +++ b/pom.xml @@ -122,6 +122,11 @@ org.apache.maven.plugins +maven-release-plugin +2.5 + + +org.apache.maven.plugins maven-site-plugin 3.2
[09/23] git commit: Adds test cases to test ClassLoader pollution
Adds test cases to test ClassLoader pollution
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/149181a7
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/149181a7
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/149181a7
Branch: refs/heads/develop
Commit: 149181a776afc94a39676a570bda72e14826476e
Parents: 6315241
Author: Lukasz Lenart
Authored: Thu Apr 24 19:52:03 2014 +0200
Committer: Lukasz Lenart
Committed: Thu Apr 24 19:52:03 2014 +0200
--
.../interceptor/CookieInterceptorTest.java | 66
.../interceptor/ParametersInterceptorTest.java | 64 +++
2 files changed, 130 insertions(+)
--
http://git-wip-us.apache.org/repos/asf/struts/blob/149181a7/core/src/test/java/org/apache/struts2/interceptor/CookieInterceptorTest.java
--
diff --git
a/core/src/test/java/org/apache/struts2/interceptor/CookieInterceptorTest.java
b/core/src/test/java/org/apache/struts2/interceptor/CookieInterceptorTest.java
index 2d22fac..d1014a8 100644
---
a/core/src/test/java/org/apache/struts2/interceptor/CookieInterceptorTest.java
+++
b/core/src/test/java/org/apache/struts2/interceptor/CookieInterceptorTest.java
@@ -22,10 +22,12 @@
package org.apache.struts2.interceptor;
import java.util.Collections;
+import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.Cookie;
+import com.opensymphony.xwork2.mock.MockActionInvocation;
import org.easymock.MockControl;
import org.springframework.mock.web.MockHttpServletRequest;
@@ -316,6 +318,70 @@ public class CookieInterceptorTest extends
StrutsInternalTestCase {
assertEquals(ActionContext.getContext().getValueStack().findValue("cookie3"),
null);
}
+public void testCookiesWithClassPollution() throws Exception {
+MockHttpServletRequest request = new MockHttpServletRequest();
+String pollution1 = "model['class']['classLoader']['jarPath']";
+String pollution2 = "model.class.classLoader.jarPath";
+String pollution3 = "class.classLoader.jarPath";
+String pollution4 = "class['classLoader']['jarPath']";
+String pollution5 = "model[\"class\"]['classLoader']['jarPath']";
+String pollution6 = "class[\"classLoader\"]['jarPath']";
+
+request.setCookies(
+new Cookie(pollution1, "pollution1"),
+new Cookie("pollution1", pollution1),
+new Cookie(pollution2, "pollution2"),
+new Cookie("pollution2", pollution2),
+new Cookie(pollution3, "pollution3"),
+new Cookie("pollution3", pollution3),
+new Cookie(pollution4, "pollution4"),
+new Cookie("pollution4", pollution4),
+new Cookie(pollution5, "pollution5"),
+new Cookie("pollution5", pollution5),
+new Cookie(pollution6, "pollution6"),
+new Cookie("pollution6", pollution6)
+);
+ServletActionContext.setRequest(request);
+
+final Map excludedName = new HashMap();
+final Map excludedValue = new HashMap();
+
+CookieInterceptor interceptor = new CookieInterceptor() {
+@Override
+protected boolean isAcceptableName(String name) {
+boolean accepted = super.isAcceptableName(name);
+excludedName.put(name, accepted);
+return accepted;
+}
+
+@Override
+protected boolean isAcceptableValue(String value) {
+boolean accepted = super.isAcceptableValue(value);
+excludedValue.put(value, accepted);
+return accepted;
+}
+};
+interceptor.setCookiesName("*");
+
+MockActionInvocation invocation = new MockActionInvocation();
+invocation.setAction(new MockActionWithCookieAware());
+
+interceptor.intercept(invocation);
+
+assertFalse(excludedName.get(pollution1));
+assertFalse(excludedName.get(pollution2));
+assertFalse(excludedName.get(pollution3));
+assertFalse(excludedName.get(pollution4));
+assertFalse(excludedName.get(pollution5));
+assertFalse(excludedName.get(pollution6));
+
+assertFalse(excludedValue.get(pollution1));
+assertFalse(excludedValue.get(pollution2));
+assertFalse(excludedValue.get(pollution3));
+assertFalse(excludedValue.get(pollution4));
+assertFalse(excludedValue.get(pollution5));
+assertFalse(excludedValue.get(pollution6));
+}
public static class MockActionWithCookieAware extends ActionSupport
implements CookiesAware {
http://git-wip-us.apache.org/repos/asf/struts/blob/149181a7/
[11/23] git commit: Updates archetypes' version
Updates archetypes' version Project: http://git-wip-us.apache.org/repos/asf/struts/repo Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/98621574 Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/98621574 Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/98621574 Branch: refs/heads/master Commit: 986215740a0c51c4a2a2eb3e2b22c66ebeb279ed Parents: 149181a Author: Lukasz Lenart Authored: Thu Apr 24 20:19:02 2014 +0200 Committer: Lukasz Lenart Committed: Thu Apr 24 20:19:02 2014 +0200 -- src/site/resources/archetype-catalog.xml | 12 ++-- 1 file changed, 6 insertions(+), 6 deletions(-) -- http://git-wip-us.apache.org/repos/asf/struts/blob/98621574/src/site/resources/archetype-catalog.xml -- diff --git a/src/site/resources/archetype-catalog.xml b/src/site/resources/archetype-catalog.xml index d1989bb..fab8fde 100644 --- a/src/site/resources/archetype-catalog.xml +++ b/src/site/resources/archetype-catalog.xml @@ -7,42 +7,42 @@ org.apache.struts struts2-archetype-blank -2.3.16.1 +2.3.16.2 http://repo1.maven.org/maven2/ Struts 2 Archetypes - Blank org.apache.struts struts2-archetype-convention -2.3.16.1 +2.3.16.2 http://repo1.maven.org/maven2/ Struts 2 Archetypes - Blank Convention org.apache.struts struts2-archetype-dbportlet -2.3.16.1 +2.3.16.2 http://repo1.maven.org/maven2/ Struts 2 Archetypes - Database Portlet org.apache.struts struts2-archetype-plugin -2.3.16.1 +2.3.16.2 http://repo1.maven.org/maven2/ Struts 2 Archetypes - Plugin org.apache.struts struts2-archetype-portlet -2.3.16.1 +2.3.16.2 http://repo1.maven.org/maven2/ Struts 2 Archetypes - Portlet org.apache.struts struts2-archetype-starter -2.3.16.1 +2.3.16.2 http://repo1.maven.org/maven2/ Struts 2 Archetypes - Starter
[19/23] git commit: [maven-release-plugin] prepare for next development iteration
[maven-release-plugin] prepare for next development iteration Project: http://git-wip-us.apache.org/repos/asf/struts/repo Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/fbd75a89 Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/fbd75a89 Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/fbd75a89 Branch: refs/heads/master Commit: fbd75a892bdad741f8a4247e3b8e5c2727651816 Parents: 7dd83df Author: Lukasz Lenart Authored: Thu Apr 24 21:32:49 2014 +0200 Committer: Lukasz Lenart Committed: Thu Apr 24 21:32:49 2014 +0200 -- apps/blank/pom.xml | 2 +- apps/jboss-blank/pom.xml| 2 +- apps/mailreader/pom.xml | 2 +- apps/pom.xml| 2 +- apps/portlet/pom.xml| 2 +- apps/rest-showcase/pom.xml | 4 ++-- apps/showcase/pom.xml | 2 +- archetypes/pom.xml | 2 +- archetypes/struts2-archetype-angularjs/pom.xml | 4 ++-- archetypes/struts2-archetype-blank/pom.xml | 4 ++-- archetypes/struts2-archetype-convention/pom.xml | 4 ++-- archetypes/struts2-archetype-dbportlet/pom.xml | 4 ++-- archetypes/struts2-archetype-plugin/pom.xml | 4 ++-- archetypes/struts2-archetype-portlet/pom.xml| 4 ++-- archetypes/struts2-archetype-starter/pom.xml| 4 ++-- assembly/pom.xml| 2 +- bundles/admin/pom.xml | 2 +- bundles/demo/pom.xml| 2 +- bundles/pom.xml | 2 +- core/pom.xml| 2 +- plugins/cdi/pom.xml | 2 +- plugins/codebehind/pom.xml | 2 +- plugins/config-browser/pom.xml | 2 +- plugins/convention/pom.xml | 2 +- plugins/dojo/pom.xml| 2 +- plugins/dwr/pom.xml | 2 +- plugins/embeddedjsp/pom.xml | 2 +- plugins/gxp/pom.xml | 2 +- plugins/jasperreports/pom.xml | 2 +- plugins/javatemplates/pom.xml | 2 +- plugins/jfreechart/pom.xml | 2 +- plugins/jsf/pom.xml | 2 +- plugins/json/pom.xml| 2 +- plugins/junit/pom.xml | 2 +- plugins/osgi/pom.xml| 2 +- plugins/oval/pom.xml| 2 +- plugins/pell-multipart/pom.xml | 2 +- plugins/plexus/pom.xml | 2 +- plugins/pom.xml | 2 +- plugins/portlet-tiles/pom.xml | 2 +- plugins/portlet/pom.xml | 2 +- plugins/rest/pom.xml| 4 ++-- plugins/sitegraph/pom.xml | 2 +- plugins/sitemesh/pom.xml| 2 +- plugins/spring/pom.xml | 2 +- plugins/struts1/pom.xml | 2 +- plugins/testng/pom.xml | 2 +- plugins/tiles/pom.xml | 2 +- plugins/tiles3/pom.xml | 2 +- pom.xml | 4 ++-- xwork-core/pom.xml | 2 +- 51 files changed, 61 insertions(+), 61 deletions(-) -- http://git-wip-us.apache.org/repos/asf/struts/blob/fbd75a89/apps/blank/pom.xml -- diff --git a/apps/blank/pom.xml b/apps/blank/pom.xml index 6054fc4..81a88d5 100644 --- a/apps/blank/pom.xml +++ b/apps/blank/pom.xml @@ -26,7 +26,7 @@ org.apache.struts struts2-apps -2.3.16.2 +2.3.16.3-SNAPSHOT struts2-blank http://git-wip-us.apache.org/repos/asf/struts/blob/fbd75a89/apps/jboss-blank/pom.xml -- diff --git a/apps/jboss-blank/pom.xml b/apps/jboss-blank/pom.xml index 0aebae0..b77c977 100644 --- a/apps/jboss-blank/pom.xml +++ b/apps/jboss-blank/pom.xml @@ -26,7 +26,7 @@ org.apache.struts struts2-apps -2.3.16.2 +2.3.16.3-SNAPSHOT struts2-jboss-blank http://git-wip-us.apache.org/repos/asf/struts/blob/fbd75a89/apps/mailreader/pom.xml -- diff --git a/apps/mailreader/pom.xml b/apps/mailreader/pom.xml index f2fc344..bb7ae7c 100644 --- a/apps/mailreader/pom.xml +++ b/apps/mailreader/pom.xml @@ -26,7 +26,7 @@ org.apache.struts struts2-apps - 2.3.16.2 + 2.3.16.3-SNAPSHOT struts2-mailreader http://git-wip-us.apache.org/
[02/23] git commit: Sets -SNAPSHOT version
Sets -SNAPSHOT version Project: http://git-wip-us.apache.org/repos/asf/struts/repo Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/a2d0ecdc Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/a2d0ecdc Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/a2d0ecdc Branch: refs/heads/develop Commit: a2d0ecdcd3594c87265f483ecb3c202fec18937c Parents: 6cddee6 Author: Lukasz Lenart Authored: Tue Apr 22 11:54:59 2014 +0200 Committer: Lukasz Lenart Committed: Tue Apr 22 11:54:59 2014 +0200 -- apps/blank/pom.xml | 2 +- apps/jboss-blank/pom.xml| 2 +- apps/mailreader/pom.xml | 2 +- apps/pom.xml| 2 +- apps/portlet/pom.xml| 2 +- apps/rest-showcase/pom.xml | 4 ++-- apps/showcase/pom.xml | 2 +- archetypes/pom.xml | 2 +- archetypes/struts2-archetype-angularjs/pom.xml | 4 ++-- archetypes/struts2-archetype-blank/pom.xml | 4 ++-- archetypes/struts2-archetype-convention/pom.xml | 4 ++-- archetypes/struts2-archetype-dbportlet/pom.xml | 4 ++-- archetypes/struts2-archetype-plugin/pom.xml | 4 ++-- archetypes/struts2-archetype-portlet/pom.xml| 4 ++-- archetypes/struts2-archetype-starter/pom.xml| 4 ++-- assembly/pom.xml| 2 +- bundles/admin/pom.xml | 2 +- bundles/demo/pom.xml| 2 +- bundles/pom.xml | 2 +- core/pom.xml| 2 +- plugins/cdi/pom.xml | 2 +- plugins/codebehind/pom.xml | 2 +- plugins/config-browser/pom.xml | 2 +- plugins/convention/pom.xml | 2 +- plugins/dojo/pom.xml| 2 +- plugins/dwr/pom.xml | 2 +- plugins/embeddedjsp/pom.xml | 2 +- plugins/gxp/pom.xml | 2 +- plugins/jasperreports/pom.xml | 2 +- plugins/javatemplates/pom.xml | 2 +- plugins/jfreechart/pom.xml | 2 +- plugins/jsf/pom.xml | 2 +- plugins/json/pom.xml| 2 +- plugins/junit/pom.xml | 2 +- plugins/osgi/pom.xml| 2 +- plugins/oval/pom.xml| 2 +- plugins/pell-multipart/pom.xml | 2 +- plugins/plexus/pom.xml | 2 +- plugins/pom.xml | 2 +- plugins/portlet-tiles/pom.xml | 2 +- plugins/portlet/pom.xml | 2 +- plugins/rest/pom.xml| 4 ++-- plugins/sitegraph/pom.xml | 2 +- plugins/sitemesh/pom.xml| 2 +- plugins/spring/pom.xml | 2 +- plugins/struts1/pom.xml | 2 +- plugins/testng/pom.xml | 2 +- plugins/tiles/pom.xml | 2 +- plugins/tiles3/pom.xml | 2 +- pom.xml | 2 +- xwork-core/pom.xml | 2 +- 51 files changed, 60 insertions(+), 60 deletions(-) -- http://git-wip-us.apache.org/repos/asf/struts/blob/a2d0ecdc/apps/blank/pom.xml -- diff --git a/apps/blank/pom.xml b/apps/blank/pom.xml index 2b2cf63..dce8aa0 100644 --- a/apps/blank/pom.xml +++ b/apps/blank/pom.xml @@ -26,7 +26,7 @@ org.apache.struts struts2-apps -2.3.16.1 +2.3.16.2-SNAPSHOT struts2-blank http://git-wip-us.apache.org/repos/asf/struts/blob/a2d0ecdc/apps/jboss-blank/pom.xml -- diff --git a/apps/jboss-blank/pom.xml b/apps/jboss-blank/pom.xml index e16d5ff..9a6abee 100644 --- a/apps/jboss-blank/pom.xml +++ b/apps/jboss-blank/pom.xml @@ -26,7 +26,7 @@ org.apache.struts struts2-apps -2.3.16.1 +2.3.16.2-SNAPSHOT struts2-jboss-blank http://git-wip-us.apache.org/repos/asf/struts/blob/a2d0ecdc/apps/mailreader/pom.xml -- diff --git a/apps/mailreader/pom.xml b/apps/mailreader/pom.xml index 1992cde..de7cfb2 100644 --- a/apps/mailreader/pom.xml +++ b/apps/mailreader/pom.xml @@ -26,7 +26,7 @@ org.apache.struts struts2-apps - 2.3.16.1 + 2.3.16.2-SNAPSHOT struts2-mailreader http://git-wip-us.apache.org/repos/asf/struts/blob/a2d0ecdc/apps/pom.
[10/23] git commit: Updates archetypes' version
Updates archetypes' version Project: http://git-wip-us.apache.org/repos/asf/struts/repo Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/98621574 Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/98621574 Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/98621574 Branch: refs/heads/develop Commit: 986215740a0c51c4a2a2eb3e2b22c66ebeb279ed Parents: 149181a Author: Lukasz Lenart Authored: Thu Apr 24 20:19:02 2014 +0200 Committer: Lukasz Lenart Committed: Thu Apr 24 20:19:02 2014 +0200 -- src/site/resources/archetype-catalog.xml | 12 ++-- 1 file changed, 6 insertions(+), 6 deletions(-) -- http://git-wip-us.apache.org/repos/asf/struts/blob/98621574/src/site/resources/archetype-catalog.xml -- diff --git a/src/site/resources/archetype-catalog.xml b/src/site/resources/archetype-catalog.xml index d1989bb..fab8fde 100644 --- a/src/site/resources/archetype-catalog.xml +++ b/src/site/resources/archetype-catalog.xml @@ -7,42 +7,42 @@ org.apache.struts struts2-archetype-blank -2.3.16.1 +2.3.16.2 http://repo1.maven.org/maven2/ Struts 2 Archetypes - Blank org.apache.struts struts2-archetype-convention -2.3.16.1 +2.3.16.2 http://repo1.maven.org/maven2/ Struts 2 Archetypes - Blank Convention org.apache.struts struts2-archetype-dbportlet -2.3.16.1 +2.3.16.2 http://repo1.maven.org/maven2/ Struts 2 Archetypes - Database Portlet org.apache.struts struts2-archetype-plugin -2.3.16.1 +2.3.16.2 http://repo1.maven.org/maven2/ Struts 2 Archetypes - Plugin org.apache.struts struts2-archetype-portlet -2.3.16.1 +2.3.16.2 http://repo1.maven.org/maven2/ Struts 2 Archetypes - Portlet org.apache.struts struts2-archetype-starter -2.3.16.1 +2.3.16.2 http://repo1.maven.org/maven2/ Struts 2 Archetypes - Starter
[20/23] git commit: Merge branch 'hotfix/2.3.16.2'
Merge branch 'hotfix/2.3.16.2' Conflicts: apps/blank/pom.xml apps/jboss-blank/pom.xml apps/mailreader/pom.xml apps/pom.xml apps/portlet/pom.xml apps/rest-showcase/pom.xml apps/showcase/pom.xml archetypes/pom.xml archetypes/struts2-archetype-angularjs/pom.xml archetypes/struts2-archetype-blank/pom.xml archetypes/struts2-archetype-convention/pom.xml archetypes/struts2-archetype-dbportlet/pom.xml archetypes/struts2-archetype-plugin/pom.xml archetypes/struts2-archetype-portlet/pom.xml archetypes/struts2-archetype-starter/pom.xml assembly/pom.xml bundles/admin/pom.xml bundles/demo/pom.xml bundles/pom.xml core/pom.xml core/src/main/resources/struts-default.xml plugins/cdi/pom.xml plugins/codebehind/pom.xml plugins/config-browser/pom.xml plugins/convention/pom.xml plugins/dojo/pom.xml plugins/dwr/pom.xml plugins/embeddedjsp/pom.xml plugins/gxp/pom.xml plugins/jasperreports/pom.xml plugins/javatemplates/pom.xml plugins/jfreechart/pom.xml plugins/jsf/pom.xml plugins/json/pom.xml plugins/junit/pom.xml plugins/osgi/pom.xml plugins/oval/pom.xml plugins/pell-multipart/pom.xml plugins/plexus/pom.xml plugins/pom.xml plugins/portlet-tiles/pom.xml plugins/portlet/pom.xml plugins/rest/pom.xml plugins/sitegraph/pom.xml plugins/sitemesh/pom.xml plugins/spring/pom.xml plugins/struts1/pom.xml plugins/testng/pom.xml plugins/tiles/pom.xml plugins/tiles3/pom.xml pom.xml xwork-core/pom.xml Project: http://git-wip-us.apache.org/repos/asf/struts/repo Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/1be8ed61 Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/1be8ed61 Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/1be8ed61 Branch: refs/heads/master Commit: 1be8ed61e499b58b3fb6a45253f47865f83f35fb Parents: 6d55d01 fbd75a8 Author: Lukasz Lenart Authored: Mon Apr 28 08:50:53 2014 +0200 Committer: Lukasz Lenart Committed: Mon Apr 28 08:50:53 2014 +0200 -- apps/blank/pom.xml | 2 +- apps/jboss-blank/pom.xml| 2 +- apps/mailreader/pom.xml | 2 +- apps/pom.xml| 2 +- apps/portlet/pom.xml| 2 +- apps/rest-showcase/pom.xml | 4 +- apps/showcase/pom.xml | 2 +- archetypes/pom.xml | 2 +- archetypes/struts2-archetype-angularjs/pom.xml | 2 +- archetypes/struts2-archetype-blank/pom.xml | 2 +- archetypes/struts2-archetype-convention/pom.xml | 2 +- archetypes/struts2-archetype-dbportlet/pom.xml | 2 +- archetypes/struts2-archetype-plugin/pom.xml | 2 +- archetypes/struts2-archetype-portlet/pom.xml| 2 +- archetypes/struts2-archetype-starter/pom.xml| 2 +- assembly/pom.xml| 2 +- bundles/admin/pom.xml | 2 +- bundles/demo/pom.xml| 2 +- bundles/pom.xml | 2 +- core/pom.xml| 2 +- .../struts2/interceptor/CookieInterceptor.java | 74 +++- core/src/main/resources/struts-default.xml | 8 +-- .../interceptor/CookieInterceptorTest.java | 66 + plugins/cdi/pom.xml | 2 +- plugins/codebehind/pom.xml | 2 +- plugins/config-browser/pom.xml | 2 +- plugins/convention/pom.xml | 2 +- plugins/dojo/pom.xml| 2 +- plugins/dwr/pom.xml | 2 +- plugins/embeddedjsp/pom.xml | 2 +- plugins/gxp/pom.xml | 2 +- plugins/jasperreports/pom.xml | 2 +- plugins/javatemplates/pom.xml | 2 +- plugins/jfreechart/pom.xml | 2 +- plugins/jsf/pom.xml | 2 +- plugins/json/pom.xml| 2 +- plugins/junit/pom.xml | 2 +- plugins/osgi/pom.xml| 2 +- plugins/oval/pom.xml| 2 +- plugins/pell-multipart/pom.xml | 2 +- plugins/plexus/pom.xml | 2 +- plugins/pom.xml | 2 +- plugins/portlet-tiles/pom.xml | 2 +- plugins/portlet/pom.xml | 2 +- plugins/rest/pom.xml| 4 +- plugins/sitegraph/pom.xml
[04/23] git commit: Moves global exclude patterns into dedicated class
Moves global exclude patterns into dedicated class
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/2e2da292
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/2e2da292
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/2e2da292
Branch: refs/heads/develop
Commit: 2e2da292166adbc78c4cb1e308b30ddb4fba6d3f
Parents: a2d0ecd
Author: Lukasz Lenart
Authored: Thu Apr 24 19:51:02 2014 +0200
Committer: Lukasz Lenart
Committed: Thu Apr 24 19:51:02 2014 +0200
--
core/src/main/resources/struts-default.xml | 8 +++
.../opensymphony/xwork2/ExcludedPatterns.java | 22
2 files changed, 26 insertions(+), 4 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/struts/blob/2e2da292/core/src/main/resources/struts-default.xml
--
diff --git a/core/src/main/resources/struts-default.xml
b/core/src/main/resources/struts-default.xml
index 2f5b259..398dd43 100644
--- a/core/src/main/resources/struts-default.xml
+++ b/core/src/main/resources/struts-default.xml
@@ -197,7 +197,7 @@
-^class\..*,^dojo\..*,^struts\..*,^session\..*,^request\..*,^application\..*,^servlet(Request|Response)\..*,^parameters\..*,^action:.*,^method:.*
+^action:.*,^method:.*
@@ -253,7 +253,7 @@
-^class\..*,^dojo\..*,^struts\..*,^session\..*,^request\..*,^application\..*,^servlet(Request|Response)\..*,^parameters\..*,^action:.*,^method:.*
+^action:.*,^method:.*
@@ -263,7 +263,7 @@
-^class\..*,^dojo\..*,^struts\..*,^session\..*,^request\..*,^application\..*,^servlet(Request|Response)\..*,^parameters\..*,^action:.*,^method:.*
+^action:.*,^method:.*
@@ -300,7 +300,7 @@
-^class\..*,^dojo\..*,^struts\..*,^session\..*,^request\..*,^application\..*,^servlet(Request|Response)\..*,^parameters\..*,^action:.*,^method:.*
+^action:.*,^method:.*
http://git-wip-us.apache.org/repos/asf/struts/blob/2e2da292/xwork-core/src/main/java/com/opensymphony/xwork2/ExcludedPatterns.java
--
diff --git
a/xwork-core/src/main/java/com/opensymphony/xwork2/ExcludedPatterns.java
b/xwork-core/src/main/java/com/opensymphony/xwork2/ExcludedPatterns.java
new file mode 100644
index 000..b618a52
--- /dev/null
+++ b/xwork-core/src/main/java/com/opensymphony/xwork2/ExcludedPatterns.java
@@ -0,0 +1,22 @@
+package com.opensymphony.xwork2;
+
+/**
+ * ExcludedPatterns contains hard-coded patterns that must be rejected by
{@link com.opensymphony.xwork2.interceptor.ParametersInterceptor}
+ * and partially in CookInterceptor
+ */
+public class ExcludedPatterns {
+
+public static final String CLASS_ACCESS_PATTERN =
"(.*\\.|^|.*|\\[('|\"))class(\\.|('|\")]|\\[).*";
+
+public static final String[] EXCLUDED_PATTERNS = {
+CLASS_ACCESS_PATTERN,
+"^dojo\\..*",
+"^struts\\..*",
+"^session\\..*",
+"^request\\..*",
+"^application\\..*",
+"^servlet(Request|Response)\\..*",
+"^parameters\\..*"
+};
+
+}
[08/23] git commit: Adds test cases to test ClassLoader pollution
Adds test cases to test ClassLoader pollution
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/149181a7
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/149181a7
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/149181a7
Branch: refs/heads/master
Commit: 149181a776afc94a39676a570bda72e14826476e
Parents: 6315241
Author: Lukasz Lenart
Authored: Thu Apr 24 19:52:03 2014 +0200
Committer: Lukasz Lenart
Committed: Thu Apr 24 19:52:03 2014 +0200
--
.../interceptor/CookieInterceptorTest.java | 66
.../interceptor/ParametersInterceptorTest.java | 64 +++
2 files changed, 130 insertions(+)
--
http://git-wip-us.apache.org/repos/asf/struts/blob/149181a7/core/src/test/java/org/apache/struts2/interceptor/CookieInterceptorTest.java
--
diff --git
a/core/src/test/java/org/apache/struts2/interceptor/CookieInterceptorTest.java
b/core/src/test/java/org/apache/struts2/interceptor/CookieInterceptorTest.java
index 2d22fac..d1014a8 100644
---
a/core/src/test/java/org/apache/struts2/interceptor/CookieInterceptorTest.java
+++
b/core/src/test/java/org/apache/struts2/interceptor/CookieInterceptorTest.java
@@ -22,10 +22,12 @@
package org.apache.struts2.interceptor;
import java.util.Collections;
+import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.Cookie;
+import com.opensymphony.xwork2.mock.MockActionInvocation;
import org.easymock.MockControl;
import org.springframework.mock.web.MockHttpServletRequest;
@@ -316,6 +318,70 @@ public class CookieInterceptorTest extends
StrutsInternalTestCase {
assertEquals(ActionContext.getContext().getValueStack().findValue("cookie3"),
null);
}
+public void testCookiesWithClassPollution() throws Exception {
+MockHttpServletRequest request = new MockHttpServletRequest();
+String pollution1 = "model['class']['classLoader']['jarPath']";
+String pollution2 = "model.class.classLoader.jarPath";
+String pollution3 = "class.classLoader.jarPath";
+String pollution4 = "class['classLoader']['jarPath']";
+String pollution5 = "model[\"class\"]['classLoader']['jarPath']";
+String pollution6 = "class[\"classLoader\"]['jarPath']";
+
+request.setCookies(
+new Cookie(pollution1, "pollution1"),
+new Cookie("pollution1", pollution1),
+new Cookie(pollution2, "pollution2"),
+new Cookie("pollution2", pollution2),
+new Cookie(pollution3, "pollution3"),
+new Cookie("pollution3", pollution3),
+new Cookie(pollution4, "pollution4"),
+new Cookie("pollution4", pollution4),
+new Cookie(pollution5, "pollution5"),
+new Cookie("pollution5", pollution5),
+new Cookie(pollution6, "pollution6"),
+new Cookie("pollution6", pollution6)
+);
+ServletActionContext.setRequest(request);
+
+final Map excludedName = new HashMap();
+final Map excludedValue = new HashMap();
+
+CookieInterceptor interceptor = new CookieInterceptor() {
+@Override
+protected boolean isAcceptableName(String name) {
+boolean accepted = super.isAcceptableName(name);
+excludedName.put(name, accepted);
+return accepted;
+}
+
+@Override
+protected boolean isAcceptableValue(String value) {
+boolean accepted = super.isAcceptableValue(value);
+excludedValue.put(value, accepted);
+return accepted;
+}
+};
+interceptor.setCookiesName("*");
+
+MockActionInvocation invocation = new MockActionInvocation();
+invocation.setAction(new MockActionWithCookieAware());
+
+interceptor.intercept(invocation);
+
+assertFalse(excludedName.get(pollution1));
+assertFalse(excludedName.get(pollution2));
+assertFalse(excludedName.get(pollution3));
+assertFalse(excludedName.get(pollution4));
+assertFalse(excludedName.get(pollution5));
+assertFalse(excludedName.get(pollution6));
+
+assertFalse(excludedValue.get(pollution1));
+assertFalse(excludedValue.get(pollution2));
+assertFalse(excludedValue.get(pollution3));
+assertFalse(excludedValue.get(pollution4));
+assertFalse(excludedValue.get(pollution5));
+assertFalse(excludedValue.get(pollution6));
+}
public static class MockActionWithCookieAware extends ActionSupport
implements CookiesAware {
http://git-wip-us.apache.org/repos/asf/struts/blob/149181a7/x
[15/23] git commit: Updates maven-release-plugin to solve problem with tagging
Updates maven-release-plugin to solve problem with tagging Project: http://git-wip-us.apache.org/repos/asf/struts/repo Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/78096665 Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/78096665 Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/78096665 Branch: refs/heads/master Commit: 78096665fea8f4265df172b1bc6f74facedfcd99 Parents: 1540ab3 Author: Lukasz Lenart Authored: Thu Apr 24 21:13:06 2014 +0200 Committer: Lukasz Lenart Committed: Thu Apr 24 21:13:06 2014 +0200 -- pom.xml | 9 +++-- 1 file changed, 7 insertions(+), 2 deletions(-) -- http://git-wip-us.apache.org/repos/asf/struts/blob/78096665/pom.xml -- diff --git a/pom.xml b/pom.xml index 0d7f275..9d2ef8b 100644 --- a/pom.xml +++ b/pom.xml @@ -12,7 +12,7 @@ 2.3.16.2-SNAPSHOT pom Struts 2 -http://struts.apache.org/2.x/ +http://struts.apache.org/ Apache Struts 2 2000 @@ -123,7 +123,7 @@ org.apache.maven.plugins maven-release-plugin -2.5 +2.52 org.apache.maven.plugins @@ -175,6 +175,11 @@ +org.apache.maven.plugins +maven-release-plugin +2.5 + + maven-jar-plugin
[22/23] git commit: Merge branch 'master' into develop
Merge branch 'master' into develop Project: http://git-wip-us.apache.org/repos/asf/struts/repo Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/c22146b9 Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/c22146b9 Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/c22146b9 Branch: refs/heads/develop Commit: c22146b9e30a2ff6b1a6aa446d3698d31eac0835 Parents: 9519cd1 1be8ed6 Author: Lukasz Lenart Authored: Mon Apr 28 08:51:05 2014 +0200 Committer: Lukasz Lenart Committed: Mon Apr 28 08:51:05 2014 +0200 -- apps/blank/pom.xml | 2 +- apps/jboss-blank/pom.xml| 2 +- apps/mailreader/pom.xml | 2 +- apps/pom.xml| 2 +- apps/portlet/pom.xml| 2 +- apps/rest-showcase/pom.xml | 4 +- apps/showcase/pom.xml | 2 +- archetypes/pom.xml | 2 +- archetypes/struts2-archetype-angularjs/pom.xml | 2 +- archetypes/struts2-archetype-blank/pom.xml | 2 +- archetypes/struts2-archetype-convention/pom.xml | 2 +- archetypes/struts2-archetype-dbportlet/pom.xml | 2 +- archetypes/struts2-archetype-plugin/pom.xml | 2 +- archetypes/struts2-archetype-portlet/pom.xml| 2 +- archetypes/struts2-archetype-starter/pom.xml| 2 +- assembly/pom.xml| 2 +- bundles/admin/pom.xml | 2 +- bundles/demo/pom.xml| 2 +- bundles/pom.xml | 2 +- core/pom.xml| 2 +- .../struts2/interceptor/CookieInterceptor.java | 74 +++- core/src/main/resources/struts-default.xml | 8 +-- .../interceptor/CookieInterceptorTest.java | 66 + plugins/cdi/pom.xml | 2 +- plugins/codebehind/pom.xml | 2 +- plugins/config-browser/pom.xml | 2 +- plugins/convention/pom.xml | 2 +- plugins/dojo/pom.xml| 2 +- plugins/dwr/pom.xml | 2 +- plugins/embeddedjsp/pom.xml | 2 +- plugins/gxp/pom.xml | 2 +- plugins/jasperreports/pom.xml | 2 +- plugins/javatemplates/pom.xml | 2 +- plugins/jfreechart/pom.xml | 2 +- plugins/jsf/pom.xml | 2 +- plugins/json/pom.xml| 2 +- plugins/junit/pom.xml | 2 +- plugins/osgi/pom.xml| 2 +- plugins/oval/pom.xml| 2 +- plugins/pell-multipart/pom.xml | 2 +- plugins/plexus/pom.xml | 2 +- plugins/pom.xml | 2 +- plugins/portlet-tiles/pom.xml | 2 +- plugins/portlet/pom.xml | 2 +- plugins/rest/pom.xml| 4 +- plugins/sitegraph/pom.xml | 2 +- plugins/sitemesh/pom.xml| 2 +- plugins/spring/pom.xml | 2 +- plugins/struts1/pom.xml | 2 +- plugins/testng/pom.xml | 2 +- plugins/tiles/pom.xml | 2 +- plugins/tiles3/pom.xml | 2 +- pom.xml | 5 +- src/site/resources/archetype-catalog.xml| 12 ++-- xwork-core/pom.xml | 2 +- .../opensymphony/xwork2/ExcludedPatterns.java | 22 ++ .../interceptor/ParametersInterceptor.java | 19 +++-- .../interceptor/ParametersInterceptorTest.java | 64 + 58 files changed, 302 insertions(+), 72 deletions(-) --
git commit: Removes version and add packaging
Repository: struts Updated Branches: refs/heads/develop 3575bebf0 -> dddb273b1 Removes version and add packaging Project: http://git-wip-us.apache.org/repos/asf/struts/repo Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/dddb273b Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/dddb273b Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/dddb273b Branch: refs/heads/develop Commit: dddb273b1db7b16c66691da49636d5cdb7d344b4 Parents: 3575beb Author: Lukasz Lenart Authored: Mon Apr 28 08:55:50 2014 +0200 Committer: Lukasz Lenart Committed: Mon Apr 28 08:55:50 2014 +0200 -- plugins/rest/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/struts/blob/dddb273b/plugins/rest/pom.xml -- diff --git a/plugins/rest/pom.xml b/plugins/rest/pom.xml index 66d566f..afae587 100644 --- a/plugins/rest/pom.xml +++ b/plugins/rest/pom.xml @@ -30,8 +30,8 @@ struts2-rest-plugin -2.3.18-SNAPSHOT Struts 2 REST Plugin +jar 1.9.2
