[seam-commits] Seam SVN: r13593 - branches/enterprise/JBPAPP_4_2_CP01/src/main/org/jboss/seam/core.
seam-commits at lists.jboss.org
seam-commits at lists.jboss.org
Tue Aug 10 10:52:18 EDT 2010
Author: manaRH
Date: 2010-08-10 10:52:18 -0400 (Tue, 10 Aug 2010)
New Revision: 13593
Modified:
branches/enterprise/JBPAPP_4_2_CP01/src/main/org/jboss/seam/core/Pages.java
Log:
JBPAPP-4803
Modified: branches/enterprise/JBPAPP_4_2_CP01/src/main/org/jboss/seam/core/Pages.java
===================================================================
--- branches/enterprise/JBPAPP_4_2_CP01/src/main/org/jboss/seam/core/Pages.java 2010-08-10 14:36:12 UTC (rev 13592)
+++ branches/enterprise/JBPAPP_4_2_CP01/src/main/org/jboss/seam/core/Pages.java 2010-08-10 14:52:18 UTC (rev 13593)
@@ -5,6 +5,7 @@
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URL;
+import java.net.URLDecoder;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Comparator;
@@ -480,14 +481,24 @@
boolean result = false;
- String outcome = (String) facesContext.getExternalContext()
+ String outcome = facesContext.getExternalContext()
.getRequestParameterMap()
.get("actionOutcome");
String fromAction = outcome;
+ String decodedOutcome = null;
+ if (outcome != null)
+ {
+ decodedOutcome = URLDecoder.decode(outcome);
+ }
+
+ if (decodedOutcome != null && (decodedOutcome.indexOf('#') >= 0 || decodedOutcome.indexOf('{') >= 0) ){
+ throw new IllegalArgumentException("EL expressions are not allowed in actionOutcome parameter");
+ }
+
if (outcome==null)
{
- String actionId = (String) facesContext.getExternalContext()
+ String actionId = facesContext.getExternalContext()
.getRequestParameterMap()
.get("actionMethod");
if (actionId!=null)
More information about the seam-commits
mailing list