[ http://issues.apache.org/struts/browse/STR-2742?page=all ]
Don Brown closed STR-2742:
--------------------------
Fix Version: 1.2.9
Resolution: Fixed
Assign To: (was: Struts Developer Mailing List)
Closing as it has been several weeks. If you are still having a problem,
please open a new ticket.
> Validation always skipped with Globals.CANCEL_KEY
> -------------------------------------------------
>
> Key: STR-2742
> URL: http://issues.apache.org/struts/browse/STR-2742
> Project: Struts Action 1
> Type: Bug
> Components: Action
> Versions: 1.2.8
> Environment: Operating System: other
> Platform: Other
> Reporter: Paul Benedict
> Fix For: 1.2.9
> Attachments: InvalidCancelException.java,
> UnsupportedCancellationException.java, ValidateCancelable.txt,
> ValidateCancelable.txt, cancellable.txt, patch.txt, rp13-patch.txt
>
> * Issue: addition of a 'org.apache.struts.taglib.html.Constants.CANCEL'
> parameter to any request will cause validation to be skipped, but the rest of
> the request processing / action invocation cycle to proceed normally
> * Consequence: any action which proceeds assuming that validation has
> completed
> successfully and which doesn't explicitly check isCanceled() is proceeding on
> a
> broken assumption.
> The discussion of this issue began in the struts-user list:
> http://mail-archives.apache.org/mod_mbox/struts-user/200601.mbox/[EMAIL
> PROTECTED]
> The thread continued in struts-dev list:
> http://mail-archives.apache.org/mod_mbox/struts-dev/200601.mbox/[EMAIL
> PROTECTED]
> Most people have agreed that this is a security-related issue.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/struts/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
