git commit: WW-4380 Narrows excluded patterns
Repository: struts
Updated Branches:
refs/heads/develop 1a034053b -> c6b7aaf81
WW-4380 Narrows excluded patterns
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/c6b7aaf8
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/c6b7aaf8
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/c6b7aaf8
Branch: refs/heads/develop
Commit: c6b7aaf816108771b914539785f383d7e65ede50
Parents: 1a03405
Author: Lukasz Lenart
Authored: Fri Aug 22 16:15:17 2014 +0200
Committer: Lukasz Lenart
Committed: Fri Aug 22 16:15:17 2014 +0200
--
.../xwork2/security/DefaultExcludedPatternsChecker.java | 2 +-
.../security/DefaultExcludedPatternsCheckerTest.java | 11 ++-
2 files changed, 11 insertions(+), 2 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/struts/blob/c6b7aaf8/xwork-core/src/main/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsChecker.java
--
diff --git
a/xwork-core/src/main/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsChecker.java
b/xwork-core/src/main/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsChecker.java
index 983ce63..868c388 100644
---
a/xwork-core/src/main/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsChecker.java
+++
b/xwork-core/src/main/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsChecker.java
@@ -16,7 +16,7 @@ public class DefaultExcludedPatternsChecker implements
ExcludedPatternsChecker {
private static final Logger LOG =
LoggerFactory.getLogger(DefaultExcludedPatternsChecker.class);
public static final String[] EXCLUDED_PATTERNS = {
-"(.*\\.|^|.*|\\[('|\"))class(\\.|('|\")]|\\[).*",
+"(.*\\.|^|.*|\\[('|\"))\\bclass(\\.|('|\")]|\\[).*",
"(^|.*#)dojo(\\.|\\[).*",
"(^|.*#)struts(\\.|\\[).*",
"(^|.*#)session(\\.|\\[).*",
http://git-wip-us.apache.org/repos/asf/struts/blob/c6b7aaf8/xwork-core/src/test/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsCheckerTest.java
--
diff --git
a/xwork-core/src/test/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsCheckerTest.java
b/xwork-core/src/test/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsCheckerTest.java
index d9bd5bd..99f3e9e 100644
---
a/xwork-core/src/test/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsCheckerTest.java
+++
b/xwork-core/src/test/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsCheckerTest.java
@@ -43,6 +43,13 @@ public class DefaultExcludedPatternsCheckerTest extends
XWorkTestCase {
add("%{#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse')}");
add("#_memberAccess[\"allowStaticMethodAccess\"]= new
java.lang.Boolean(true)");
add("%{#_memberAccess[\"allowStaticMethodAccess\"]= new
java.lang.Boolean(true)}");
+add("form.class.classLoader");
+add("form[\"class\"][\"classLoader\"]");
+add("form['class']['classLoader']");
+add("class['classLoader']");
+add("class[\"classLoader\"]");
+add("class.classLoader.resources.dirContext.docBase=");
+add("Class.classLoader.resources.dirContext.docBase=");
}
};
@@ -62,6 +69,8 @@ public class DefaultExcludedPatternsCheckerTest extends
XWorkTestCase {
List properParams = new ArrayList();
properParams.add("eventClass");
properParams.add("form.eventClass");
+properParams.add("form[\"eventClass\"]");
+properParams.add("form['eventClass']");
ExcludedPatternsChecker checker = new DefaultExcludedPatternsChecker();
@@ -70,7 +79,7 @@ public class DefaultExcludedPatternsCheckerTest extends
XWorkTestCase {
ExcludedPatternsChecker.IsExcluded actual =
checker.isExcluded(properParam);
// then
-assertFalse("Param 'eventClass' is excluded!",
actual.isExcluded());
+assertFalse("Param '" + properParam + "' is excluded!",
actual.isExcluded());
}
}
git commit: WW-3895 Uses session id for synchronisation
Repository: struts
Updated Branches:
refs/heads/develop c6b7aaf81 -> eecd90763
WW-3895 Uses session id for synchronisation
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/eecd9076
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/eecd9076
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/eecd9076
Branch: refs/heads/develop
Commit: eecd907638d223a74b91a944476c11750adac4ab
Parents: c6b7aaf
Author: Lukasz Lenart
Authored: Fri Aug 22 17:25:45 2014 +0200
Committer: Lukasz Lenart
Committed: Fri Aug 22 17:25:45 2014 +0200
--
.../apache/struts2/dispatcher/SessionMap.java| 19 ---
.../TokenSessionStoreInterceptor.java| 2 +-
.../struts2/dispatcher/SessionMapTest.java | 1 +
.../struts2/views/jsp/StrutsMockHttpSession.java | 7 +++
4 files changed, 21 insertions(+), 8 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/struts/blob/eecd9076/core/src/main/java/org/apache/struts2/dispatcher/SessionMap.java
--
diff --git a/core/src/main/java/org/apache/struts2/dispatcher/SessionMap.java
b/core/src/main/java/org/apache/struts2/dispatcher/SessionMap.java
index d22127d..8da98da 100644
--- a/core/src/main/java/org/apache/struts2/dispatcher/SessionMap.java
+++ b/core/src/main/java/org/apache/struts2/dispatcher/SessionMap.java
@@ -21,6 +21,8 @@
package org.apache.struts2.dispatcher;
+import org.apache.struts2.components.Submit;
+
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import java.io.Serializable;
@@ -68,7 +70,7 @@ public class SessionMap extends AbstractMap
implements Serializable
return;
}
-synchronized (session) {
+synchronized (session.getId().intern()) {
session.invalidate();
session = null;
entries = null;
@@ -79,12 +81,13 @@ public class SessionMap extends AbstractMap
implements Serializable
* Removes all attributes from the session as well as clears entries in
this
* map.
*/
+@SuppressWarnings("unchecked")
public void clear() {
if (session == null) {
return;
}
-synchronized (session) {
+synchronized (session.getId().intern()) {
entries = null;
Enumeration attributeNamesEnum =
session.getAttributeNames();
while (attributeNamesEnum.hasMoreElements()) {
@@ -99,12 +102,13 @@ public class SessionMap extends AbstractMap
implements Serializable
*
* @return a Set of attributes from the http session.
*/
+@SuppressWarnings("unchecked")
public Set> entrySet() {
if (session == null) {
return Collections.emptySet();
}
-synchronized (session) {
+synchronized (session.getId().intern()) {
if (entries == null) {
entries = new HashSet>();
@@ -154,12 +158,13 @@ public class SessionMap extends AbstractMap
implements Serializable
* @param key the name of the session attribute.
* @return the session attribute or null if it doesn't exist.
*/
+@SuppressWarnings("unchecked")
public V get(Object key) {
if (session == null) {
return null;
}
-synchronized (session) {
+synchronized (session.getId().intern()) {
return (V) session.getAttribute(key.toString());
}
}
@@ -177,7 +182,7 @@ public class SessionMap extends AbstractMap
implements Serializable
session = request.getSession(true);
}
}
-synchronized (session) {
+synchronized (session.getId().intern()) {
V oldValue = get(key);
entries = null;
session.setAttribute(key.toString(), value);
@@ -196,7 +201,7 @@ public class SessionMap extends AbstractMap
implements Serializable
return null;
}
-synchronized (session) {
+synchronized (session.getId().intern()) {
entries = null;
V value = get(key);
@@ -218,7 +223,7 @@ public class SessionMap extends AbstractMap
implements Serializable
return false;
}
-synchronized (session) {
+synchronized (session.getId().intern()) {
return (session.getAttribute(key.toString()) != null);
}
}
http://git-wip-us.apache.org/repos/asf/struts/blob/eecd9076/core/src/main/java/org/apache/struts2/interceptor/TokenSessionStoreInterceptor.java
--
diff --git
a/core/src/main/java/org/apache/struts2/interceptor/TokenSessionStoreInterceptor.java
b/core/src/main/java/org/apache/struts2
[CONF] Confluence Changes in the last 24 hours
Confluence Changes in the last 24 hours Apache Ambari Pages Page: Features + Roadmap edited by Jeff Sposetti [05:01 PM] (View Changes) Apache Camel Pages Page: UuidGenerator edited by Claus Ibsen [03:27 PM] (View Changes) Page: Camel 2.14.0 Release edited by Claus Ibsen [06:39 AM] (View Changes) Apache Cloudstack Pages Page: BigSwitch Networking Plugin edited by KC Wang [11:42 PM] (View Changes) Page: Troubleshooting - uploading custom domain certificate instead of using realhostip.com created by Nitin Mehta [06:57 PM] Page: Procedure to Replace realhostip.com with Your Own Domain Name edited by Nitin Mehta [06:55 PM] (View Changes) Page: CI Design Doc created by Bharat Kumar [07:58 AM] Page: Usage and Usage Events edited by Kishan Kavala [06:49 AM] (View Changes) Apache CouchDB Pages Page: Release Procedure created by Andy Wenk [08:10 AM] Page: Testing a Source Release created by Andy Wenk [07:22 AM] Page: Release Management created by Andy Wenk [07:10 AM] Apache Gora Pages Home page: Index edited by Lewis John McGibbney [04:11 AM] (View Changes) Apache Hive Pages Page: Hive on Spark edited by Xuefu Zhang [09:57 AM] (View Changes) Apache Kafka Pages Page: Powered By edited by Gwen Shapira [07:46 PM] (View Changes) OFBiz (Open For Business) Project Open Wiki Pages Page: OFBTECH Page Review edited by Christian Geisert [02:00 PM] (View Changes)
