[
https://issues.apache.org/jira/browse/WW-5498?focusedWorklogId=950831&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-950831
]
ASF GitHub Bot logged work on WW-5498:
--------------------------------------
Author: ASF GitHub Bot
Created on: 03/Jan/25 16:23
Start Date: 03/Jan/25 16:23
Worklog Time Spent: 10m
Work Description: sonarqubecloud[bot] commented on PR #1168:
URL: https://github.com/apache/struts/pull/1168#issuecomment-2569492511
## [](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=1168)
**Quality Gate failed**
Failed conditions
 [22 Security
Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=1168&issueStatuses=OPEN,CONFIRMED&sinceLeakPeriod=true)
 [42.2% Coverage on New
Code](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=1168&metric=new_coverage&view=list)
(required ≥ 80%)
 [3.4% Duplication on New
Code](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=1168&metric=new_duplicated_lines_density&view=list)
(required ≤ 3%)
 [E Reliability Rating on New
Code](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=1168)
(required ≥ A)
 [E Security Rating on New
Code](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=1168)
(required ≥ A)
[See analysis details on SonarQube
Cloud](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=1168)
##
 Catch issues before they fail your Quality Gate with our IDE extension
 [SonarQube for
IDE](https://www.sonarsource.com/products/sonarlint/features/connected-mode/?referrer=pull-request)
Issue Time Tracking
-------------------
Worklog Id: (was: 950831)
Time Spent: 20m (was: 10m)
> <s:token /> with devMode enabled causes actionError
> ---------------------------------------------------
>
> Key: WW-5498
> URL: https://issues.apache.org/jira/browse/WW-5498
> Project: Struts 2
> Issue Type: Bug
> Affects Versions: 6.7.0
> Reporter: Jon Pulice
> Assignee: Lukasz Lenart
> Priority: Minor
> Fix For: 6.7.1, 7.0.1
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> When we upgraded Struts to 6.7.0, any form with a <s:token /> field now fails
> to submit as a result of an actionError only when devMode is enabled
> We see the following error in the logs:
> {noformat}
> ERROR org.apache.struts2.interceptor.parameter.ParametersInterceptor -
> Developer Notification (set struts.devMode to false to disable this message):
> Unexpected Exception caught setting 'token' on 'class com.example.TestAction:
> Error setting expression 'token' with value
> ['XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', ]
> {noformat}
> And the following actionError
> {noformat}
> Developer Notification (set struts.devMode to false to disable this message):
> Unexpected Exception caught setting 'token' on 'class com.example.TestAction:
> Error setting expression 'token' with value
> ['XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', ]
> {noformat}
> If devMode is disabled, then no exception is logged and there are no issues.
>
> In Struts 6.4.0, the behaviour was different. The exception is still reported
> in the logs when devMode is enabled, but instead of an actionError being
> added that prevents form submission, an actionMessage is created:
> {noformat}
> [Error setting expression 'token' with value
> ['XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', ]]
> {noformat}
>
> I don't think the Action need to be aware of the token value since the
> TokenInterceptor is handling the validation/logic.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
