Merge pull request #466 from apache/WW-5056-allows-dash
[WW-5056] Accepts dashes in param names
diff --git a/core/src/main/java/com/opensymphony/xwork2/security/DefaultAcceptedPatternsChecker.java b/core/src/main/java/com/opensymphony/xwork2/security/DefaultAcceptedPatternsChecker.java
index 0489147..9b1704c 100644
--- a/core/src/main/java/com/opensymphony/xwork2/security/DefaultAcceptedPatternsChecker.java
+++ b/core/src/main/java/com/opensymphony/xwork2/security/DefaultAcceptedPatternsChecker.java
@@ -36,11 +36,11 @@
private static final Logger LOG = LogManager.getLogger(DefaultAcceptedPatternsChecker.class);
public static final String[] ACCEPTED_PATTERNS = {
- "\\w+((\\.\\w+)|(\\[\\d+])|(\\(\\d+\\))|(\\['(\\w|[\\u4e00-\\u9fa5])+'])|(\\('(\\w|[\\u4e00-\\u9fa5])+'\\)))*"
+ "\\w+((\\.\\w+)|(\\[\\d+])|(\\(\\d+\\))|(\\['(\\w-?|[\\u4e00-\\u9fa5]-?)+'])|(\\('(\\w-?|[\\u4e00-\\u9fa5]-?)+'\\)))*"
};
public static final String[] DMI_AWARE_ACCEPTED_PATTERNS = {
- "\\w+([:]?\\w+)?((\\.\\w+)|(\\[\\d+])|(\\(\\d+\\))|(\\['(\\w|[\\u4e00-\\u9fa5])+'])|(\\('(\\w|[\\u4e00-\\u9fa5])+'\\)))*([!]?\\w+)?"
+ "\\w+([:]?\\w+)?((\\.\\w+)|(\\[\\d+])|(\\(\\d+\\))|(\\['(\\w-?|[\\u4e00-\\u9fa5]-?)+'])|(\\('(\\w-?|[\\u4e00-\\u9fa5]-?)+'\\)))*([!]?\\w+)?"
};
private Set<Pattern> acceptedPatterns;
diff --git a/core/src/test/java/com/opensymphony/xwork2/security/DefaultAcceptedPatternsCheckerTest.java b/core/src/test/java/com/opensymphony/xwork2/security/DefaultAcceptedPatternsCheckerTest.java
index 1dc8d8a..7100f6c 100644
--- a/core/src/test/java/com/opensymphony/xwork2/security/DefaultAcceptedPatternsCheckerTest.java
+++ b/core/src/test/java/com/opensymphony/xwork2/security/DefaultAcceptedPatternsCheckerTest.java
@@ -57,6 +57,7 @@
add("%{#parameters.test}");
add("%{#Parameters['test']}");
add("%{#Parameters.test}");
+ add("%{#Parameters['test-1']}");
}
};
@@ -97,6 +98,35 @@
assertTrue("Param with underscore wasn't accepted!", actual.isAccepted());
}
+ public void testDashInParamName() {
+ // given
+ AcceptedPatternsChecker checker = new DefaultAcceptedPatternsChecker();
+
+ // when
+ AcceptedPatternsChecker.IsAccepted actual = checker.isAccepted("mapParam['param-1']");
+
+ // then
+ assertTrue("Param with dash wasn't accepted!", actual.isAccepted());
+
+ // when
+ actual = checker.isAccepted("mapParam['-param-1']");
+
+ // then
+ assertFalse("Param with dash was accepted!", actual.isAccepted());
+
+ // when
+ actual = checker.isAccepted("-param");
+
+ // then
+ assertFalse("Param with dash was accepted!", actual.isAccepted());
+
+ // when
+ actual = checker.isAccepted("param1-param2");
+
+ // then
+ assertFalse("Param with dash was accepted!", actual.isAccepted());
+ }
+
public void testUnderscoreInParamNameWithDmiEnabled() {
// given
AcceptedPatternsChecker checker = new DefaultAcceptedPatternsChecker(Boolean.TRUE.toString());
@@ -174,4 +204,33 @@
assertTrue("dmi isn't accepted", accepted.isAccepted());
}
-}
\ No newline at end of file
+
+ public void testDmiIsEnabledAndDash() {
+ // given
+ DefaultAcceptedPatternsChecker checker = new DefaultAcceptedPatternsChecker(Boolean.TRUE.toString());
+
+ // when
+ AcceptedPatternsChecker.IsAccepted accepted = checker.isAccepted("map['param-1']");
+
+ // then
+ assertTrue("Dash isn't accepted", accepted.isAccepted());
+
+ // when
+ accepted = checker.isAccepted("map['-param-1']");
+
+ // then
+ assertFalse("Dash was accepted", accepted.isAccepted());
+
+ // when
+ accepted = checker.isAccepted("-param");
+
+ // then
+ assertFalse("Dash was accepted", accepted.isAccepted());
+
+ // when
+ accepted = checker.isAccepted("param1-param2");
+
+ // then
+ assertFalse("Dash was accepted", accepted.isAccepted());
+ }
+}
