date:20250215

(struts) branch fix/WW-5501-revert updated (11e791b9f -> d367be4aa)

2025-02-15 Thread lukaszlenart

This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a change to branch fix/WW-5501-revert
in repository https://gitbox.apache.org/repos/asf/struts.git


from 11e791b9f Reverts all changes related to WW-5501
 add d367be4aa Fixes CodeQL scan by using proper versions of actions

No new revisions were added by this update.

Summary of changes:
 .github/workflows/codeql.yml | 33 -
 1 file changed, 20 insertions(+), 13 deletions(-)

(struts) branch fix/WW-5501-revert created (now 11e791b9f)

2025-02-15 Thread lukaszlenart

This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a change to branch fix/WW-5501-revert
in repository https://gitbox.apache.org/repos/asf/struts.git


  at 11e791b9f Reverts all changes related to WW-5501

This branch includes the following new commits:

 new 11e791b9f Reverts all changes related to WW-5501

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

(struts) 01/01: Reverts all changes related to WW-5501

2025-02-15 Thread lukaszlenart

This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a commit to branch fix/WW-5501-revert
in repository https://gitbox.apache.org/repos/asf/struts.git

commit 11e791b9f3c3910858726cf6ad20035b8bd3200d
Author: Lukasz Lenart 
AuthorDate: Sun Feb 16 07:56:12 2025 +0100

Reverts all changes related to WW-5501
---
 .../multipart/AbstractMultiPartRequest.java| 76 --
 .../multipart/JakartaMultiPartRequest.java | 25 ++-
 .../multipart/JakartaStreamMultiPartRequest.java   | 23 ++-
 .../org/apache/struts2/struts-messages.properties  |  2 -
 .../ActionFileUploadInterceptorTest.java   | 64 --
 .../interceptor/FileUploadInterceptorTest.java | 64 --
 .../dispatcher/multipart/PellMultiPartRequest.java |  8 ---
 7 files changed, 23 insertions(+), 239 deletions(-)

diff --git 
a/core/src/main/java/org/apache/struts2/dispatcher/multipart/AbstractMultiPartRequest.java
 
b/core/src/main/java/org/apache/struts2/dispatcher/multipart/AbstractMultiPartRequest.java
index 88d6e991b..23d879ba4 100644
--- 
a/core/src/main/java/org/apache/struts2/dispatcher/multipart/AbstractMultiPartRequest.java
+++ 
b/core/src/main/java/org/apache/struts2/dispatcher/multipart/AbstractMultiPartRequest.java
@@ -20,9 +20,6 @@ package org.apache.struts2.dispatcher.multipart;
 
 import com.opensymphony.xwork2.LocaleProviderFactory;
 import com.opensymphony.xwork2.inject.Inject;
-import com.opensymphony.xwork2.security.DefaultExcludedPatternsChecker;
-import com.opensymphony.xwork2.security.ExcludedPatternsChecker;
-import org.apache.commons.io.FilenameUtils;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 import org.apache.struts2.StrutsConstants;
@@ -33,29 +30,21 @@ import java.util.ArrayList;
 import java.util.List;
 import java.util.Locale;
 
-import static org.apache.commons.lang3.StringUtils.normalizeSpace;
-
 /**
  * Abstract class with some helper methods, it should be used
  * when starting development of another implementation of {@link 
MultiPartRequest}
  */
 public abstract class AbstractMultiPartRequest implements MultiPartRequest {
 
-protected static final String 
STRUTS_MESSAGES_UPLOAD_ERROR_ILLEGAL_CHARACTERS_FIELD = 
"struts.messages.upload.error.illegal.characters.field";
-protected static final String 
STRUTS_MESSAGES_UPLOAD_ERROR_ILLEGAL_CHARACTERS_NAME = 
"struts.messages.upload.error.illegal.characters.name";
-
 private static final Logger LOG = 
LogManager.getLogger(AbstractMultiPartRequest.class);
 
-private static final String EXCLUDED_FILE_PATTERN = 
"^(.*[<>&\"'|;/?*:]+.*|.*\\.\\..*)$";
-private static final String EXCLUDED_FILE_PATTERN_WITH_DMI_SUPPORT = 
"^(?!action:[^<>&\"'|;/?*:]+(![^<>&\"'|;/?*:]+)?$)(.*[<>&\"'|;/?*:]+.*|.*\\.\\..*)$\n";
-
 /**
  * Defines the internal buffer size used during streaming operations.
  */
 public static final int BUFFER_SIZE = 10240;
 
 /**
- * Internal list of raised errors to be passed to the Struts2 framework.
+ * Internal list of raised errors to be passed to the the Struts2 
framework.
  */
 protected List errors = new ArrayList<>();
 
@@ -91,18 +80,6 @@ public abstract class AbstractMultiPartRequest implements 
MultiPartRequest {
  */
 protected Locale defaultLocale = Locale.ENGLISH;
 
-private final ExcludedPatternsChecker patternsChecker;
-
-protected AbstractMultiPartRequest() {
-this(false);
-}
-
-protected AbstractMultiPartRequest(boolean dmiValue) {
-DefaultExcludedPatternsChecker patternsChecker = new 
DefaultExcludedPatternsChecker();
-patternsChecker.setAdditionalExcludePatterns(dmiValue ? 
EXCLUDED_FILE_PATTERN_WITH_DMI_SUPPORT : EXCLUDED_FILE_PATTERN);
-this.patternsChecker = patternsChecker;
-}
-
 /**
  * @param bufferSize Sets the buffer size to be used.
  */
@@ -146,7 +123,7 @@ public abstract class AbstractMultiPartRequest implements 
MultiPartRequest {
 
 /**
  * @param request Inspect the servlet request and set the locale if one 
wasn't provided by
- *the Struts2 framework.
+ * the Struts2 framework.
  */
 protected void setLocale(HttpServletRequest request) {
 if (defaultLocale == null) {
@@ -157,7 +134,7 @@ public abstract class AbstractMultiPartRequest implements 
MultiPartRequest {
 /**
  * Build error message.
  *
- * @param ethe Throwable/Exception
+ * @param e the Throwable/Exception
  * @param args arguments
  * @return error message
  */
@@ -170,7 +147,7 @@ public abstract class AbstractMultiPartRequest implements 
MultiPartRequest {
 
 /* (non-Javadoc)
  * @see 
org.apache.struts2.dispatcher.multipart.MultiPartRequest#getErrors()
- */
+*/
 public List getErrors() {
 return errors;
 }
@@ -180,43 +157,16 @@ public abstract class AbstractMult

(struts) 01/01: WW-5501 Reverts changes related to WW-5501

2025-02-15 Thread lukaszlenart

This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a commit to branch fix/WW-5501-revert-s7
in repository https://gitbox.apache.org/repos/asf/struts.git

commit 2db4479e7375f173bbd86355e05e47ad9e854c54
Author: Lukasz Lenart 
AuthorDate: Sun Feb 16 08:20:47 2025 +0100

WW-5501 Reverts changes related to WW-5501
---
 .../multipart/AbstractMultiPartRequest.java| 62 +
 .../multipart/JakartaMultiPartRequest.java | 26 ++--
 .../multipart/JakartaStreamMultiPartRequest.java   | 27 ++--
 .../org/apache/struts2/struts-messages.properties  |  4 --
 .../multipart/AbstractMultiPartRequestTest.java| 57 +---
 .../AbstractMultiPartRequestWithDMITest.java   | 69 ---
 .../JakartaMultiPartRequestWithDMITest.java| 28 
 .../JakartaStreamMultiPartRequestWithDMITest.java  | 28 
 .../ActionFileUploadInterceptorTest.java   | 78 +++---
 .../DefaultExcludedPatternsCheckerTest.java|  2 +-
 10 files changed, 24 insertions(+), 357 deletions(-)

diff --git 
a/core/src/main/java/org/apache/struts2/dispatcher/multipart/AbstractMultiPartRequest.java
 
b/core/src/main/java/org/apache/struts2/dispatcher/multipart/AbstractMultiPartRequest.java
index 00e774a72..90ecbe816 100644
--- 
a/core/src/main/java/org/apache/struts2/dispatcher/multipart/AbstractMultiPartRequest.java
+++ 
b/core/src/main/java/org/apache/struts2/dispatcher/multipart/AbstractMultiPartRequest.java
@@ -18,6 +18,8 @@
  */
 package org.apache.struts2.dispatcher.multipart;
 
+import org.apache.struts2.inject.Inject;
+import jakarta.servlet.http.HttpServletRequest;
 import org.apache.commons.fileupload2.core.FileUploadByteCountLimitException;
 import org.apache.commons.fileupload2.core.FileUploadContentTypeException;
 import org.apache.commons.fileupload2.core.FileUploadException;
@@ -30,11 +32,7 @@ import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 import org.apache.struts2.StrutsConstants;
 import org.apache.struts2.dispatcher.LocalizedMessage;
-import org.apache.struts2.inject.Inject;
-import org.apache.struts2.security.DefaultExcludedPatternsChecker;
-import org.apache.struts2.security.ExcludedPatternsChecker;
 
-import jakarta.servlet.http.HttpServletRequest;
 import java.io.IOException;
 import java.nio.charset.Charset;
 import java.nio.file.Path;
@@ -45,8 +43,6 @@ import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
-import static org.apache.commons.lang3.StringUtils.normalizeSpace;
-
 /**
  * Abstract class with some helper methods, it should be used
  * when starting development of another implementation of {@link 
MultiPartRequest}
@@ -54,14 +50,9 @@ import static 
org.apache.commons.lang3.StringUtils.normalizeSpace;
 public abstract class AbstractMultiPartRequest implements MultiPartRequest {
 
 protected static final String 
STRUTS_MESSAGES_UPLOAD_ERROR_PARAMETER_TOO_LONG_KEY = 
"struts.messages.upload.error.parameter.too.long";
-protected static final String 
STRUTS_MESSAGES_UPLOAD_ERROR_ILLEGAL_CHARACTERS_FIELD = 
"struts.messages.upload.error.illegal.characters.field";
-protected static final String 
STRUTS_MESSAGES_UPLOAD_ERROR_ILLEGAL_CHARACTERS_NAME = 
"struts.messages.upload.error.illegal.characters.name";
 
 private static final Logger LOG = 
LogManager.getLogger(AbstractMultiPartRequest.class);
 
-private static final String EXCLUDED_FILE_PATTERN = 
"^(.*[<>&\"'|;/?*:]+.*|.*\\.\\..*)$";
-private static final String EXCLUDED_FILE_PATTERN_WITH_DMI_SUPPORT = 
"^(?!action:[^<>&\"'|;/?*:]+(![^<>&\"'|;/?*:]+)?$)(.*[<>&\"'|;/?*:]+.*|.*\\.\\..*)$\n";
-
 /**
  * Defines the internal buffer size used during streaming operations.
  */
@@ -117,19 +108,6 @@ public abstract class AbstractMultiPartRequest implements 
MultiPartRequest {
  */
 protected Map> parameters = new HashMap<>();
 
-
-private final ExcludedPatternsChecker patternsChecker;
-
-protected AbstractMultiPartRequest() {
-this(false);
-}
-
-protected AbstractMultiPartRequest(boolean dmiValue) {
-var patternsChecker = new DefaultExcludedPatternsChecker();
-patternsChecker.setAdditionalExcludePatterns(dmiValue ? 
EXCLUDED_FILE_PATTERN_WITH_DMI_SUPPORT : EXCLUDED_FILE_PATTERN);
-this.patternsChecker = patternsChecker;
-}
-
 /**
  * @param bufferSize Sets the buffer size to be used.
  */
@@ -431,40 +409,4 @@ public abstract class AbstractMultiPartRequest implements 
MultiPartRequest {
 }
 }
 
-/**
- * @param fileName file name to check
- * @return true if the file name is excluded
- */
-protected boolean isExcluded(String fileName) {
-return patternsChecker.isExcluded(fileName).isExcluded();
-}
-
-protected boolean isInvalidInput(String fieldName, String fileName) {
-// Skip file uploads that don't have a file

(struts) branch fix/WW-5501-revert-s7 created (now 2db4479e7)

2025-02-15 Thread lukaszlenart

This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a change to branch fix/WW-5501-revert-s7
in repository https://gitbox.apache.org/repos/asf/struts.git


  at 2db4479e7 WW-5501 Reverts changes related to WW-5501

This branch includes the following new commits:

 new 2db4479e7 WW-5501 Reverts changes related to WW-5501

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

(struts) branch fix/WW-5501-revert updated (11e791b9f -> d367be4aa)

(struts) branch fix/WW-5501-revert created (now 11e791b9f)

(struts) 01/01: Reverts all changes related to WW-5501

(struts) 01/01: WW-5501 Reverts changes related to WW-5501

(struts) branch fix/WW-5501-revert-s7 created (now 2db4479e7)

5 matches

Site Navigation

Mail list logo

Footer information