DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=38374>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38374 Summary: Automatic Validation always bypassed with CANCEL_PROPERTY Product: Struts Version: 1.2.8 Platform: Other OS/Version: other Status: NEW Severity: major Priority: P2 Component: Action AssignedTo: dev@struts.apache.org ReportedBy: [EMAIL PROTECTED] * Issue: addition of a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter to any request will cause validation to be skipped, but the rest of the request processing / action invocation cycle to proceed normally * Consequence: any action which proceeds assuming that validation has completed successfully and which doesn't explicitly check isCanceled() is proceeding on a broken assumption. The discussion of this issue began in the struts-user list: http://mail-archives.apache.org/mod_mbox/struts-user/200601.mbox/[EMAIL PROTECTED] The thread continued in struts-dev list: http://mail-archives.apache.org/mod_mbox/struts-dev/200601.mbox/[EMAIL PROTECTED] Most people have agreed that this is a security-related issue. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]