Throws away methods that doesn't match pattern

apache · May 12, 2016 · 27ca165 · 27ca165
1 parent 8b688cc
commit 27ca165
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 11 deletions.
diff --git a/core/src/main/java/org/apache/struts2/dispatcher/mapper/DefaultActionMapper.java b/core/src/main/java/org/apache/struts2/dispatcher/mapper/DefaultActionMapper.java
@@ -34,6 +34,7 @@
 import org.apache.struts2.RequestUtils;
 import org.apache.struts2.ServletActionContext;
 import org.apache.struts2.StrutsConstants;
+import org.apache.struts2.StrutsException;
 import org.apache.struts2.util.PrefixTrie;
 
 import javax.servlet.http.HttpServletRequest;
@@ -385,14 +386,7 @@ protected String cleanupActionName(final String rawActionName) {
         if (allowedActionNames.matcher(rawActionName).matches()) {
             return rawActionName;
         } else {
-            LOG.warn("Action [{}] does not match allowed action names pattern [{}], cleaning it up!",
-                    rawActionName, allowedActionNames);
-            String cleanActionName = rawActionName;
-            for (String chunk : allowedActionNames.split(rawActionName)) {
-                cleanActionName = cleanActionName.replace(chunk, "");
-            }
-            LOG.debug("Cleaned action name [{}]", cleanActionName);
-            return cleanActionName;
+            throw new StrutsException("Action [" + rawActionName + "] does not match allowed action names pattern [" + allowedActionNames + "]!");
         }
     }
 

diff --git a/core/src/test/java/org/apache/struts2/dispatcher/mapper/DefaultActionMapperTest.java b/core/src/test/java/org/apache/struts2/dispatcher/mapper/DefaultActionMapperTest.java
@@ -30,6 +30,7 @@
 import com.opensymphony.xwork2.config.entities.PackageConfig;
 import com.opensymphony.xwork2.config.impl.DefaultConfiguration;
 import org.apache.struts2.ServletActionContext;
+import org.apache.struts2.StrutsException;
 import org.apache.struts2.StrutsInternalTestCase;
 import org.apache.struts2.result.StrutsResultSupport;
 import org.apache.struts2.views.jsp.StrutsMockHttpServletRequest;
@@ -844,14 +845,37 @@ public void testAllowedActionNames() throws Exception {
         String actionName = "action";
         assertEquals(actionName, mapper.cleanupActionName(actionName));
 
+        Throwable expected = null;
+
         actionName = "${action}";
-        assertEquals("action", mapper.cleanupActionName(actionName));
+        try {
+            mapper.cleanupActionName(actionName);
+            fail();
+        } catch (Throwable t) {
+            expected = t;
+        }
+        assertTrue(expected instanceof StrutsException);
+        assertEquals("Action [${action}] does not match allowed action names pattern [[a-zA-Z0-9._!/\\-]*]!", expected.getMessage());
 
         actionName = "${${%{action}}}";
-        assertEquals("action", mapper.cleanupActionName(actionName));
+        try {
+            mapper.cleanupActionName(actionName);
+            fail();
+        } catch (Throwable t) {
+            expected = t;
+        }
+        assertTrue(expected instanceof StrutsException);
+        assertEquals("Action [${${%{action}}}] does not match allowed action names pattern [[a-zA-Z0-9._!/\\-]*]!", expected.getMessage());
 
         actionName = "${#foo='action',#foo}";
-        assertEquals("fooactionfoo", mapper.cleanupActionName(actionName));
+        try {
+            mapper.cleanupActionName(actionName);
+            fail();
+        } catch (Throwable t) {
+            expected = t;
+        }
+        assertTrue(expected instanceof StrutsException);
+        assertEquals("Action [${#foo='action',#foo}] does not match allowed action names pattern [[a-zA-Z0-9._!/\\-]*]!", expected.getMessage());
 
         actionName = "test-action";
         assertEquals("test-action", mapper.cleanupActionName(actionName));