Merge 0f69c3b into b2580e1

Author: lukaszlenart

core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java

@@ -33,13 +33,15 @@
 import org.apache.commons.lang3.BooleanUtils;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
+import org.apache.struts2.StrutsConstants;
 import org.apache.struts2.dispatcher.HttpParameters;
 import org.apache.struts2.dispatcher.Parameter;
 
 import java.util.Collection;
 import java.util.Comparator;
 import java.util.Map;
 import java.util.TreeMap;
+import java.util.regex.Pattern;
 
 /**
  * This interceptor sets all parameters on the value stack.
@@ -49,9 +51,11 @@ public class ParametersInterceptor extends MethodFilterInterceptor {
     private static final Logger LOG = LogManager.getLogger(ParametersInterceptor.class);
 
     protected static final int PARAM_NAME_MAX_LENGTH = 100;
+    private static final Pattern DMI_IGNORED_PATTERN = Pattern.compile("^(action|method):.*", Pattern.CASE_INSENSITIVE);
 
     private int paramNameMaxLength = PARAM_NAME_MAX_LENGTH;
     private boolean devMode = false;
+    private boolean dmiEnabled = false;
 
     protected boolean ordered = false;
 
@@ -79,6 +83,11 @@ public void setAcceptedPatterns(AcceptedPatternsChecker acceptedPatterns) {
         this.acceptedPatterns = acceptedPatterns;
     }
 
+    @Inject(value = StrutsConstants.STRUTS_ENABLE_DYNAMIC_METHOD_INVOCATION, required = false)
+    public void setDmiEnabled(String dmiEnabled) {
+        this.dmiEnabled = Boolean.parseBoolean(dmiEnabled);
+    }
+
     /**
      * If the param name exceeds the configured maximum length it will not be
      * accepted.
@@ -285,13 +294,25 @@ protected String getParameterLogMap(HttpParameters parameters) {
     }
 
     protected boolean acceptableName(String name) {
+        if (isIgnoredDMI(name)) {
+            LOG.trace("DMI is enabled, ignoring DMI method: {}", name);
+            return false;
+        }
         boolean accepted = isWithinLengthLimit(name) && !isExcluded(name) && isAccepted(name);
         if (devMode && accepted) { // notify only when in devMode
             LOG.debug("Parameter [{}] was accepted and will be appended to action!", name);
         }
         return accepted;
     }
 
+    private boolean isIgnoredDMI(String name) {
+        if (dmiEnabled) {
+            return DMI_IGNORED_PATTERN.matcher(name).matches();
+        } else {
+            return false;
+        }
+    }
+
     protected boolean isWithinLengthLimit(String name) {
         boolean matchLength = name.length() <= paramNameMaxLength;
         if (!matchLength) {

core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java

@@ -715,6 +715,33 @@ public void testInternalParametersAreIgnored() throws Exception {
         assertEquals(expected, actual);
     }
 
+    public void testDMIMethodsAreIgnored() throws Exception {
+        // given
+        ParametersInterceptor interceptor = createParametersInterceptor();
+        final Map<String, Object> actual = injectValueStackFactory(interceptor);
+        ValueStack stack = injectValueStack(actual);
+
+        final Map<String, Object> expected = new HashMap<String, Object>() {
+            {
+                put("ordinary.bean", "value");
+            }
+        };
+
+        Map<String, Object> parameters = new HashMap<String, Object>() {
+            {
+                put("ordinary.bean", "value");
+                put("action:", "myAction");
+                put("method:", "doExecute");
+            }
+        };
+
+        // when
+        interceptor.setParameters(new NoParametersAction(), stack, HttpParameters.create(parameters).build());
+
+        // then
+        assertEquals(expected, actual);
+    }
+
     public void testBeanListSingleValue() throws Exception {
         Map<String, Object> params = new HashMap<>();
         params.put("beanList.name", new String[] { "Superman" });