--- /dev/null
+package org.apache.maven.archiva.web.interceptor;
+
+import com.opensymphony.xwork2.interceptor.ParametersInterceptor;
+
+import java.util.regex.Pattern;
+
+/**
+ * Created by IntelliJ IDEA.
+ * User: olamy
+ * Date: 10/08/11
+ * Time: 16:55
+ * To change this template use File | Settings | File Templates.
+ */
+public class ArchivaParametersInterceptor extends ParametersInterceptor
+{
+
+ private String acceptedParamNames = "[a-zA-Z0-9\\-\\.\\]\\[\\(\\)_'\\s]+";
+ private Pattern acceptedPattern = Pattern.compile(acceptedParamNames);
+
+ @Override
+ protected boolean acceptableName( String name )
+ {
+ boolean accept = super.acceptableName( name );
+ if (!accept)
+ {
+ // [MRM-1487] second try adding '-' in pattern
+ accept = acceptedPattern.matcher( name ).matches();
+ }
+ return accept;
+ }
+}
<interceptor name="redbackAutoLogin" class="redbackAutoLoginInterceptor"/>
<interceptor name="redbackPolicyEnforcement" class="redbackPolicyEnforcementInterceptor"/>
<interceptor name="paramFilter" class="com.opensymphony.xwork2.interceptor.ParameterFilterInterceptor"/>
+ <interceptor name="archivaParams" class="org.apache.maven.archiva.web.interceptor.ArchivaParametersInterceptor"/>
+
+
+ <interceptor-stack name="defaultArchivaStack">
+ <interceptor-ref name="exception"/>
+ <interceptor-ref name="alias"/>
+ <interceptor-ref name="servletConfig"/>
+ <interceptor-ref name="i18n"/>
+ <interceptor-ref name="prepare"/>
+ <interceptor-ref name="chain"/>
+ <interceptor-ref name="debugging"/>
+ <interceptor-ref name="scopedModelDriven"/>
+ <interceptor-ref name="modelDriven"/>
+ <interceptor-ref name="fileUpload"/>
+ <interceptor-ref name="checkbox"/>
+ <interceptor-ref name="multiselect"/>
+ <interceptor-ref name="staticParams"/>
+ <interceptor-ref name="actionMappingParams"/>
+ <interceptor-ref name="archivaParams">
+ <param name="excludeParams">dojo\..*,^struts\..*</param>
+ </interceptor-ref>
+ <interceptor-ref name="conversionError"/>
+ <interceptor-ref name="validation">
+ <param name="excludeMethods">input,back,cancel,browse</param>
+ </interceptor-ref>
+ <interceptor-ref name="workflow">
+ <param name="excludeMethods">input,back,cancel,browse</param>
+ </interceptor-ref>
+ </interceptor-stack>
<interceptor-stack name="configuredArchivaStack">
<interceptor-ref name="redbackForceAdminUser"/>
<interceptor-ref name="redbackAutoLogin"/>
- <interceptor-ref name="defaultStack"/>
+ <interceptor-ref name="defaultArchivaStack"/>
<interceptor-ref name="paramFilter">
<param name="blocked">externalResult</param>
</interceptor-ref>
<interceptor-stack name="unconfiguredArchivaStack">
<interceptor-ref name="redbackForceAdminUser"/>
<interceptor-ref name="redbackAutoLogin"/>
- <interceptor-ref name="defaultStack"/>
+ <interceptor-ref name="defaultArchivaStack"/>
<interceptor-ref name="redbackPolicyEnforcement"/>
<interceptor-ref name="redbackSecureActions">
<param name="enableReferrerCheck">false</param>
<interceptor-stack name="configuredPrepareParamsStack">
<!-- <interceptor-ref name="prepare" /> -->
- <interceptor-ref name="params"/>
+ <interceptor-ref name="archivaParams"/>
<interceptor-ref name="configuredArchivaStack"/>
</interceptor-stack>
</interceptors>