public class JiraSafeActionParameterSetter extends Object
BeanUtil.setProperties(java.util.Map, Object)
This uses a different set of rules when accepting input from the web, with some nods towards webwork1 to keep its old behaviour but lose its dangerous nature.
Only Action level public java.beans
setters can be invoked. You can not longer navigate away from an Action
into other code. In the old days one could invoke nearly arbitrary code. Uncool!
Null parameter values are never set into the action. This is old behaviour.
See the class KnownParameterConverters
for a complete list but
basically its Strings, Longs, Integers, Shorts, Bytes and so on.
The webwork1 code used the above precedence in choosing a setter. More by accident that by design I suspect.
If an action is IllegalArgumentAware
, then it will be told about bad parameters and the
exception will be ignored. All JiraWebActionSupport
actions implements IllegalArgumentAware
. JIRA is aware!
Introduced / changed as part of JRA-15664
Constructor and Description |
---|
JiraSafeActionParameterSetter() |
Modifier and Type | Method and Description |
---|---|
void |
setSafeParameters(webwork.action.Action action,
Map<String,?> webParameters)
This is called to set a map of parameters into an action.
|
public void setSafeParameters(webwork.action.Action action, Map<String,?> webParameters)
The action MUST not be a SafeAction
and an assertions is made to that end.
action
- the action in playwebParameters
- the map of web request parametersCopyright © 2002-2018 Atlassian. All Rights Reserved.