Just define your own value of paramNames as a parameter for the interceptor, but be aware that this can create a potential security whole in your app.
Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ Warszawa JUG conference - Confitura http://confitura.pl/ 2011/7/7 Eric Lentz <eric.le...@sherwin.com>: >>> Do we call this a bug? >> >>Probably, but I don't if it's an S2 or OGNL issue. >> >>Dave > > com.opensymphony.xwork2.interceptor.ParametersInterceptor > > private String acceptedParamNames = "[a-zA-Z0-9\\.\\]\\[\\(\\)_'\\s]+"; > private Pattern acceptedPattern = Pattern.compile(acceptedParamNames); > ... > > protected boolean acceptableName(String name) { > if (isAccepted(name) && !isExcluded(name)) { > return true; > } > return false; > } > protected boolean isAccepted(String paramName) { > if (!this.acceptParams.isEmpty()) { > for (Pattern pattern : acceptParams) { > Matcher matcher = pattern.matcher(paramName); > if (matcher.matches()) { > return true; > } > } > return false; > } else > return acceptedPattern.matcher(paramName).matches(); > } > > Using the sample app. the debugger lands on "return false" in > acceptableName and never makes it to isExcluded, so isAccepted appears to > be where it gets stopped (returns false). That must be on account of what > is considered "acceptedParamNames". --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
