struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Zoran Avtarovski (JIRA)" <>
Subject [jira] [Commented] (WW-4677) I18N Interceptor Automatically validates locales
Date Thu, 18 Aug 2016 02:56:22 GMT


Zoran Avtarovski commented on WW-4677:

Thanks Lukasz,

I see the issue nut in reality, it's only an issue if you display the locale. Which can be
accommodated by setting the default behaviour to validate.

We could add some simple validation to ensure no special characters are included in the request.
All I did was run a simple regex to remove potentially dangerous characters :

String result = localeParameter.replaceAll("[%{}+.^:,]","");

I'll leave it up to you guys. Just let me know if you'd like me to submit a patch. 

I looked at it a little further and I think using a struts constant is the least intrusive


> I18N Interceptor Automatically validates locales
> ------------------------------------------------
>                 Key: WW-4677
>                 URL:
>             Project: Struts 2
>          Issue Type: Improvement
>          Components: Core Interceptors
>    Affects Versions: 2.5
>         Environment: 2.5.1 running on Java 8, RHEL Linux 6/7 
>            Reporter: Zoran Avtarovski
>             Fix For: 2.5.3
> There is an annoying issue with the I18N Interceptor, which now validates locales against
the list of default available locales in this bit of code:
> {code:java}
> if (locale != null && Arrays.asList(Locale.getAvailableLocales()).contains(locale))
>     locale = Locale.getDefault();
> }
> {code}
> The problem is I have a web app for refugees and not all the languages are in the available
locales array. This must be relatively new as it worked in the old version 2.x ish.
> Ideally it would be great if we could add a parameter (or constant) to bi-pass the validation.
> For example a tag in the struts.xml file:
> {code:xml}
> <interceptor-ref name="I18nInterceptor">
>   <param name="validation">
>      false
>   </param>
> </interceptor-ref>
> {code}
> and then access it in the interceptor to override default behaviour.

This message was sent by Atlassian JIRA

View raw message