[ http://issues.apache.org/struts/browse/STR-2742?page=all ] Don Brown closed STR-2742: --------------------------
Fix Version: 1.2.9 Resolution: Fixed Assign To: (was: Struts Developer Mailing List) Closing as it has been several weeks. If you are still having a problem, please open a new ticket. > Validation always skipped with Globals.CANCEL_KEY > ------------------------------------------------- > > Key: STR-2742 > URL: http://issues.apache.org/struts/browse/STR-2742 > Project: Struts Action 1 > Type: Bug > Components: Action > Versions: 1.2.8 > Environment: Operating System: other > Platform: Other > Reporter: Paul Benedict > Fix For: 1.2.9 > Attachments: InvalidCancelException.java, > UnsupportedCancellationException.java, ValidateCancelable.txt, > ValidateCancelable.txt, cancellable.txt, patch.txt, rp13-patch.txt > > * Issue: addition of a 'org.apache.struts.taglib.html.Constants.CANCEL' > parameter to any request will cause validation to be skipped, but the rest of > the request processing / action invocation cycle to proceed normally > * Consequence: any action which proceeds assuming that validation has > completed > successfully and which doesn't explicitly check isCanceled() is proceeding on > a > broken assumption. > The discussion of this issue began in the struts-user list: > http://mail-archives.apache.org/mod_mbox/struts-user/200601.mbox/[EMAIL > PROTECTED] > The thread continued in struts-dev list: > http://mail-archives.apache.org/mod_mbox/struts-dev/200601.mbox/[EMAIL > PROTECTED] > Most people have agreed that this is a security-related issue. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/struts/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]