struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (WW-4983) Set private access modifier for HttpParameters.toMap
Date Tue, 20 Nov 2018 11:46:01 GMT

    [ https://issues.apache.org/jira/browse/WW-4983?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16693114#comment-16693114
] 

ASF GitHub Bot commented on WW-4983:
------------------------------------

lukaszlenart closed pull request #276: WW-4983 Set private access modifier for HttpParameters.toMap
URL: https://github.com/apache/struts/pull/276
 
 
   

This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:

As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):

diff --git a/core/src/main/java/org/apache/struts2/dispatcher/HttpParameters.java b/core/src/main/java/org/apache/struts2/dispatcher/HttpParameters.java
index f46c40dab..6bf35a98b 100644
--- a/core/src/main/java/org/apache/struts2/dispatcher/HttpParameters.java
+++ b/core/src/main/java/org/apache/struts2/dispatcher/HttpParameters.java
@@ -65,13 +65,10 @@ public boolean contains(String name) {
     }
 
     /**
-     * Access to this method will be restricted with the next versiob
-     * @deprecated since 2.5.6, do not use it
-     * TODO: reduce access level to `private`
+     * Access to this method can be potentially dangerous as it allows access to raw parameter
values.
      */
-    @Deprecated
-    public Map<String, String[]> toMap() {
-        Map<String, String[]> result = new HashMap<>(parameters.size());
+    private Map<String, String[]> toMap() {
+        final Map<String, String[]> result = new HashMap<>(parameters.size());
         for (Map.Entry<String, Parameter> entry : parameters.entrySet()) {
             result.put(entry.getKey(), entry.getValue().getMultipleValues());
         }


 

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


> Set private access modifier for HttpParameters.toMap
> ----------------------------------------------------
>
>                 Key: WW-4983
>                 URL: https://issues.apache.org/jira/browse/WW-4983
>             Project: Struts 2
>          Issue Type: Task
>          Components: Core
>            Reporter: Sebastian Peters
>            Priority: Minor
>              Labels: easyfix, security
>             Fix For: 2.6
>
>
> As stated in WW-4710 by [~lukaszlenart] this method can be potentially dangerous as it
allows access to raw parameter values. It should only be used internally.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message