package com.atlassian.crowd.xwork.interceptors;

import com.atlassian.crowd.xwork.XWorkVersionSupport;
import com.opensymphony.xwork.Action;
import com.opensymphony.xwork.ActionContext;
import com.opensymphony.xwork.ActionInvocation;
import com.opensymphony.xwork.interceptor.Interceptor;
import com.opensymphony.xwork.interceptor.NoParameters;
import com.opensymphony.xwork.util.OgnlValueStack;
import java.util.HashMap;
import java.util.Map;
import java.util.regex.Pattern;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/crowd/xwork/interceptors/SafeParametersInterceptor.class */
public class SafeParametersInterceptor implements Interceptor {
    public static final Logger log = LoggerFactory.getLogger(SafeParametersInterceptor.class);
    private static final Pattern SAFE_PARAMETER_NAME_PATTERN = Pattern.compile("[a-zA-Z0-9_]+");
    private final XWorkVersionSupport versionSupport = new XWorkVersionSupport();

    public void init() {
    }

    public void destroy() {
    }

    public String intercept(ActionInvocation actionInvocation) throws Exception {
        before(actionInvocation);
        return actionInvocation.invoke();
    }

    protected boolean shouldNotIntercept(ActionInvocation actionInvocation) {
        return this.versionSupport.extractAction(actionInvocation) instanceof NoParameters;
    }

    protected void before(ActionInvocation actionInvocation) throws Exception {
        if (shouldNotIntercept(actionInvocation)) {
            return;
        }
        Map<String, Object> filterSafeParameters = filterSafeParameters(ActionContext.getContext().getParameters(), this.versionSupport.extractAction(actionInvocation));
        if (log.isDebugEnabled()) {
            log.debug("Setting params " + filterSafeParameters);
        }
        ActionContext invocationContext = actionInvocation.getInvocationContext();
        try {
            invocationContext.put("xwork.NullHandler.createNullObjects", Boolean.TRUE);
            invocationContext.put("xwork.MethodAccessor.denyMethodExecution", Boolean.TRUE);
            invocationContext.put("report.conversion.errors", Boolean.TRUE);
            if (filterSafeParameters != null) {
                OgnlValueStack valueStack = ActionContext.getContext().getValueStack();
                for (Map.Entry<String, Object> entry : filterSafeParameters.entrySet()) {
                    valueStack.setValue(entry.getKey(), entry.getValue());
                }
            }
        } finally {
            invocationContext.put("xwork.NullHandler.createNullObjects", Boolean.FALSE);
            invocationContext.put("xwork.MethodAccessor.denyMethodExecution", Boolean.FALSE);
            invocationContext.put("report.conversion.errors", Boolean.FALSE);
        }
    }

    private static Map<String, Object> filterSafeParameters(Map<String, ?> map, Action action) {
        HashMap hashMap = new HashMap();
        for (Map.Entry<String, ?> entry : map.entrySet()) {
            if (isSafeParameterName(entry.getKey(), action)) {
                hashMap.put(entry.getKey(), entry.getValue());
            }
        }
        return hashMap;
    }

    static boolean isSafeParameterName(String str, Action action) {
        return SAFE_PARAMETER_NAME_PATTERN.matcher(str).matches();
    }
}
