public class JiraSafeActionParameterSetter extends Object
This uses a different set of rules when accepting input from the web, with some nods towards webwork1 to keep its old behaviour but lose its dangerous nature.
Only Action level public
java.beans setters can be invoked. You can not longer navigate away from an Action
into other code. In the old days one could invoke nearly arbitrary code. Uncool!
Null parameter values are never set into the action. This is old behaviour.
See the class
KnownParameterConverters for a complete list but
basically its Strings, Longs, Integers, Shorts, Bytes and so on.
The webwork1 code used the above precedence in choosing a setter. More by accident that by design I suspect.
If an action is
IllegalArgumentAware, then it will be told about bad parameters and the
exception will be ignored. All
JiraWebActionSupport actions implements
IllegalArgumentAware. JIRA is aware!
Introduced / changed as part of JRA-15664
|Constructor and Description|
|Modifier and Type||Method and Description|
This is called to set a map of parameters into an action.
The action MUST not be a
SafeAction and an assertions is made to that end.
action- the action in play
webParameters- the map of web request parameters
Copyright © 2002-2021 Atlassian. All Rights Reserved.