[jira] [Updated] (WW-4447) Hidden fields silently drop 'label' attributes in Struts 2.3.20
[ https://issues.apache.org/jira/browse/WW-4447?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart updated WW-4447: -- Fix Version/s: (was: 2.3.x) 2.3.22 > Hidden fields silently drop 'label' attributes in Struts 2.3.20 > --- > > Key: WW-4447 > URL: https://issues.apache.org/jira/browse/WW-4447 > Project: Struts 2 > Issue Type: Bug > Components: Expression Language >Affects Versions: 2.3.20 > Environment: Freemarker 2.3.21 >Reporter: Mitth'raw'nuruodo >Priority: Minor > Labels: hidden, label > Fix For: 2.3.22 > > > Hidden fields (populated in a Freemarker template using <@s.hidden>) are > silently dropping the 'label' attribute, as of Struts 2.3.20. Renaming the > attribute to anything else works. > We are using the s.hidden tag with a custom theme to display read-only fields > on the page, and we make use of the label attribute. > This change could be intended behavior for hidden fields, but it was not the > case in 2.3.16.3, and I could not find anything in the changelog for 2.3.20. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (WW-4448) Parameters are not encoded by ServletRedirectAction before checking for valid URI
[ https://issues.apache.org/jira/browse/WW-4448?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart updated WW-4448: -- Fix Version/s: (was: 2.3.x) 2.3.22 > Parameters are not encoded by ServletRedirectAction before checking for valid > URI > - > > Key: WW-4448 > URL: https://issues.apache.org/jira/browse/WW-4448 > Project: Struts 2 > Issue Type: Bug > Components: Core Actions >Affects Versions: 2.3.20 >Reporter: Mitth'raw'nuruodo > Labels: encoding, redirect, url > Fix For: 2.3.22 > > > WW-4187 changed ServletRedirectResult to use java.net.URI to check whether a > redirect URL is actually a path. However, it does not encode parameters > first, which will often result in a URL being deemed invalid (eg if one of > the parameters contains spaces) and thus being treated as a path. > Where I work, we actually don't want parameters to be appended to our > absolute redirects at all, but I can't see a way to disable > this...DefaultResultFactory doesn't seem to be configurable. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (WW-4448) Parameters are not encoded by ServletRedirectAction before checking for valid URI
[ https://issues.apache.org/jira/browse/WW-4448?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart updated WW-4448: -- Fix Version/s: 2.3.x > Parameters are not encoded by ServletRedirectAction before checking for valid > URI > - > > Key: WW-4448 > URL: https://issues.apache.org/jira/browse/WW-4448 > Project: Struts 2 > Issue Type: Bug > Components: Core Actions >Affects Versions: 2.3.20 >Reporter: Mitth'raw'nuruodo > Labels: encoding, redirect, url > Fix For: 2.3.x > > > WW-4187 changed ServletRedirectResult to use java.net.URI to check whether a > redirect URL is actually a path. However, it does not encode parameters > first, which will often result in a URL being deemed invalid (eg if one of > the parameters contains spaces) and thus being treated as a path. > Where I work, we actually don't want parameters to be appended to our > absolute redirects at all, but I can't see a way to disable > this...DefaultResultFactory doesn't seem to be configurable. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (WW-4448) Parameters are not encoded by ServletRedirectAction before checking for valid URI
[ https://issues.apache.org/jira/browse/WW-4448?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14276580#comment-14276580 ] Lukasz Lenart commented on WW-4448: --- So the solution is to add encoding of input parameter in {{protected boolean isPathUrl(String url)}}, right? > Parameters are not encoded by ServletRedirectAction before checking for valid > URI > - > > Key: WW-4448 > URL: https://issues.apache.org/jira/browse/WW-4448 > Project: Struts 2 > Issue Type: Bug > Components: Core Actions >Affects Versions: 2.3.20 >Reporter: Mitth'raw'nuruodo > Labels: encoding, redirect, url > > WW-4187 changed ServletRedirectResult to use java.net.URI to check whether a > redirect URL is actually a path. However, it does not encode parameters > first, which will often result in a URL being deemed invalid (eg if one of > the parameters contains spaces) and thus being treated as a path. > Where I work, we actually don't want parameters to be appended to our > absolute redirects at all, but I can't see a way to disable > this...DefaultResultFactory doesn't seem to be configurable. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (WW-4448) Parameters are not encoded by ServletRedirectAction before checking for valid URI
[ https://issues.apache.org/jira/browse/WW-4448?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14276576#comment-14276576 ] Lukasz Lenart commented on WW-4448: --- {{DefaultResultFactory}} isn't configurable but you can easily defined your own, here are all the extension points [1] [1] http://struts.apache.org/docs/plugins.html#Plugins-ExtensionPoints > Parameters are not encoded by ServletRedirectAction before checking for valid > URI > - > > Key: WW-4448 > URL: https://issues.apache.org/jira/browse/WW-4448 > Project: Struts 2 > Issue Type: Bug > Components: Core Actions >Affects Versions: 2.3.20 >Reporter: Mitth'raw'nuruodo > Labels: encoding, redirect, url > > WW-4187 changed ServletRedirectResult to use java.net.URI to check whether a > redirect URL is actually a path. However, it does not encode parameters > first, which will often result in a URL being deemed invalid (eg if one of > the parameters contains spaces) and thus being treated as a path. > Where I work, we actually don't want parameters to be appended to our > absolute redirects at all, but I can't see a way to disable > this...DefaultResultFactory doesn't seem to be configurable. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Comment Edited] (WW-4448) Parameters are not encoded by ServletRedirectAction before checking for valid URI
[ https://issues.apache.org/jira/browse/WW-4448?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14276239#comment-14276239 ] Lukasz Lenart edited comment on WW-4448 at 1/14/15 6:52 AM: I've found a workaround, at least, using a 'httpheader' result type, which does not append parameters, instead of ServletRedirectAction. {code:xml} 302 ${redirectUrl} {code} was (Author: thrawnca): I've found a workaround, at least, using a 'httpheader' result type, which does not append parameters, instead of ServletRedirectAction. 302 ${redirectUrl} > Parameters are not encoded by ServletRedirectAction before checking for valid > URI > - > > Key: WW-4448 > URL: https://issues.apache.org/jira/browse/WW-4448 > Project: Struts 2 > Issue Type: Bug > Components: Core Actions >Affects Versions: 2.3.20 >Reporter: Mitth'raw'nuruodo > Labels: encoding, redirect, url > > WW-4187 changed ServletRedirectResult to use java.net.URI to check whether a > redirect URL is actually a path. However, it does not encode parameters > first, which will often result in a URL being deemed invalid (eg if one of > the parameters contains spaces) and thus being treated as a path. > Where I work, we actually don't want parameters to be appended to our > absolute redirects at all, but I can't see a way to disable > this...DefaultResultFactory doesn't seem to be configurable. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (WW-4448) Parameters are not encoded by ServletRedirectAction before checking for valid URI
[ https://issues.apache.org/jira/browse/WW-4448?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart updated WW-4448: -- Description: WW-4187 changed ServletRedirectResult to use java.net.URI to check whether a redirect URL is actually a path. However, it does not encode parameters first, which will often result in a URL being deemed invalid (eg if one of the parameters contains spaces) and thus being treated as a path. Where I work, we actually don't want parameters to be appended to our absolute redirects at all, but I can't see a way to disable this...DefaultResultFactory doesn't seem to be configurable. was: https://issues.apache.org/jira/browse/WW-4187 changed ServletRedirectResult to use java.net.URI to check whether a redirect URL is actually a path. However, it does not encode parameters first, which will often result in a URL being deemed invalid (eg if one of the parameters contains spaces) and thus being treated as a path. Where I work, we actually don't want parameters to be appended to our absolute redirects at all, but I can't see a way to disable this...DefaultResultFactory doesn't seem to be configurable. > Parameters are not encoded by ServletRedirectAction before checking for valid > URI > - > > Key: WW-4448 > URL: https://issues.apache.org/jira/browse/WW-4448 > Project: Struts 2 > Issue Type: Bug > Components: Core Actions >Affects Versions: 2.3.20 >Reporter: Mitth'raw'nuruodo > Labels: encoding, redirect, url > > WW-4187 changed ServletRedirectResult to use java.net.URI to check whether a > redirect URL is actually a path. However, it does not encode parameters > first, which will often result in a URL being deemed invalid (eg if one of > the parameters contains spaces) and thus being treated as a path. > Where I work, we actually don't want parameters to be appended to our > absolute redirects at all, but I can't see a way to disable > this...DefaultResultFactory doesn't seem to be configurable. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (WW-4447) Hidden fields silently drop 'label' attributes in Struts 2.3.20
[ https://issues.apache.org/jira/browse/WW-4447?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14276565#comment-14276565 ] Lukasz Lenart commented on WW-4447: --- Reason for the change you have in WW-4297 - the only mistake is the one I have put above with resetting the {{label}} attribute, that part must be reverted, the rest must stay. > Hidden fields silently drop 'label' attributes in Struts 2.3.20 > --- > > Key: WW-4447 > URL: https://issues.apache.org/jira/browse/WW-4447 > Project: Struts 2 > Issue Type: Bug > Components: Expression Language >Affects Versions: 2.3.20 > Environment: Freemarker 2.3.21 >Reporter: Mitth'raw'nuruodo >Priority: Minor > Labels: hidden, label > Fix For: 2.3.x > > > Hidden fields (populated in a Freemarker template using <@s.hidden>) are > silently dropping the 'label' attribute, as of Struts 2.3.20. Renaming the > attribute to anything else works. > We are using the s.hidden tag with a custom theme to display read-only fields > on the page, and we make use of the label attribute. > This change could be intended behavior for hidden fields, but it was not the > case in 2.3.16.3, and I could not find anything in the changelog for 2.3.20. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (WW-4447) Hidden fields silently drop 'label' attributes in Struts 2.3.20
[ https://issues.apache.org/jira/browse/WW-4447?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14276563#comment-14276563 ] Lukasz Lenart commented on WW-4447: --- Those hardcoded {{}} and {{}} are needed to follow pattern of {{xhtml}} theme - without them we get issue mentioned in WW-4297. But as {{hidden.ftl}} from {{simple}} theme wasn't changed you can base on that. In the current version of Struts you can override any template you want - just put your own version in {{template/xhtml/hidden.ftl}} > Hidden fields silently drop 'label' attributes in Struts 2.3.20 > --- > > Key: WW-4447 > URL: https://issues.apache.org/jira/browse/WW-4447 > Project: Struts 2 > Issue Type: Bug > Components: Expression Language >Affects Versions: 2.3.20 > Environment: Freemarker 2.3.21 >Reporter: Mitth'raw'nuruodo >Priority: Minor > Labels: hidden, label > Fix For: 2.3.x > > > Hidden fields (populated in a Freemarker template using <@s.hidden>) are > silently dropping the 'label' attribute, as of Struts 2.3.20. Renaming the > attribute to anything else works. > We are using the s.hidden tag with a custom theme to display read-only fields > on the page, and we make use of the label attribute. > This change could be intended behavior for hidden fields, but it was not the > case in 2.3.16.3, and I could not find anything in the changelog for 2.3.20. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Comment Edited] (WW-4448) Parameters are not encoded by ServletRedirectAction before checking for valid URI
[ https://issues.apache.org/jira/browse/WW-4448?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14276239#comment-14276239 ] Mitth'raw'nuruodo edited comment on WW-4448 at 1/14/15 12:14 AM: - I've found a workaround, at least, using a 'httpheader' result type, which does not append parameters, instead of ServletRedirectAction. 302 ${redirectUrl} was (Author: thrawnca): I've found a workaround, at least, using a 'httpheader' result type instead of 'redirect'. 302 ${redirectUrl} > Parameters are not encoded by ServletRedirectAction before checking for valid > URI > - > > Key: WW-4448 > URL: https://issues.apache.org/jira/browse/WW-4448 > Project: Struts 2 > Issue Type: Bug > Components: Core Actions >Affects Versions: 2.3.20 >Reporter: Mitth'raw'nuruodo > Labels: encoding, redirect, url > > https://issues.apache.org/jira/browse/WW-4187 changed ServletRedirectResult > to use java.net.URI to check whether a redirect URL is actually a path. > However, it does not encode parameters first, which will often result in a > URL being deemed invalid (eg if one of the parameters contains spaces) and > thus being treated as a path. > Where I work, we actually don't want parameters to be appended to our > absolute redirects at all, but I can't see a way to disable > this...DefaultResultFactory doesn't seem to be configurable. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Comment Edited] (WW-4448) Parameters are not encoded by ServletRedirectAction before checking for valid URI
[ https://issues.apache.org/jira/browse/WW-4448?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14276239#comment-14276239 ] Mitth'raw'nuruodo edited comment on WW-4448 at 1/14/15 12:12 AM: - I've found a workaround, at least, using a 'httpheader' result type instead of 'redirect'. 302 ${redirectUrl} was (Author: thrawnca): I've found a workaround, at least, using a 'httpheader' result type instead of 'redirect'. 302 ${redirectUrl} > Parameters are not encoded by ServletRedirectAction before checking for valid > URI > - > > Key: WW-4448 > URL: https://issues.apache.org/jira/browse/WW-4448 > Project: Struts 2 > Issue Type: Bug > Components: Core Actions >Affects Versions: 2.3.20 >Reporter: Mitth'raw'nuruodo > Labels: encoding, redirect, url > > https://issues.apache.org/jira/browse/WW-4187 changed ServletRedirectResult > to use java.net.URI to check whether a redirect URL is actually a path. > However, it does not encode parameters first, which will often result in a > URL being deemed invalid (eg if one of the parameters contains spaces) and > thus being treated as a path. > Where I work, we actually don't want parameters to be appended to our > absolute redirects at all, but I can't see a way to disable > this...DefaultResultFactory doesn't seem to be configurable. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (WW-4448) Parameters are not encoded by ServletRedirectAction before checking for valid URI
[ https://issues.apache.org/jira/browse/WW-4448?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14276239#comment-14276239 ] Mitth'raw'nuruodo commented on WW-4448: --- I've found a workaround, at least, using a 'httpheader' result type instead of 'redirect'. 302 ${redirectUrl} > Parameters are not encoded by ServletRedirectAction before checking for valid > URI > - > > Key: WW-4448 > URL: https://issues.apache.org/jira/browse/WW-4448 > Project: Struts 2 > Issue Type: Bug > Components: Core Actions >Affects Versions: 2.3.20 >Reporter: Mitth'raw'nuruodo > Labels: encoding, redirect, url > > https://issues.apache.org/jira/browse/WW-4187 changed ServletRedirectResult > to use java.net.URI to check whether a redirect URL is actually a path. > However, it does not encode parameters first, which will often result in a > URL being deemed invalid (eg if one of the parameters contains spaces) and > thus being treated as a path. > Where I work, we actually don't want parameters to be appended to our > absolute redirects at all, but I can't see a way to disable > this...DefaultResultFactory doesn't seem to be configurable. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (WW-4448) Parameters are not encoded by ServletRedirectAction before checking for valid URI
[ https://issues.apache.org/jira/browse/WW-4448?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mitth'raw'nuruodo updated WW-4448: -- Description: https://issues.apache.org/jira/browse/WW-4187 changed ServletRedirectResult to use java.net.URI to check whether a redirect URL is actually a path. However, it does not encode parameters first, which will often result in a URL being deemed invalid (eg if one of the parameters contains spaces) and thus being treated as a path. Where I work, we actually don't want parameters to be appended to our absolute redirects at all, but I can't see a way to disable this...DefaultResultFactory doesn't seem to be configurable. was: https://issues.apache.org/jira/browse/WW-4187 changed ServletRedirectResult to use java.net.URI to check whether a redirect URL is actually a path. However, it does not encode parameters first, which will often result in a URL being deemed invalid (eg if one of the parameters contains spaces) and thus being treated as a path. We actually don't want parameters to be appended to our absolute redirects at all, but I can't see a way to disable this...DefaultResultFactory doesn't seem to be configurable. > Parameters are not encoded by ServletRedirectAction before checking for valid > URI > - > > Key: WW-4448 > URL: https://issues.apache.org/jira/browse/WW-4448 > Project: Struts 2 > Issue Type: Bug > Components: Core Actions >Affects Versions: 2.3.20 >Reporter: Mitth'raw'nuruodo > Labels: encoding, redirect, url > > https://issues.apache.org/jira/browse/WW-4187 changed ServletRedirectResult > to use java.net.URI to check whether a redirect URL is actually a path. > However, it does not encode parameters first, which will often result in a > URL being deemed invalid (eg if one of the parameters contains spaces) and > thus being treated as a path. > Where I work, we actually don't want parameters to be appended to our > absolute redirects at all, but I can't see a way to disable > this...DefaultResultFactory doesn't seem to be configurable. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Created] (WW-4448) Parameters are not encoded by ServletRedirectAction before checking for valid URI
Mitth'raw'nuruodo created WW-4448: - Summary: Parameters are not encoded by ServletRedirectAction before checking for valid URI Key: WW-4448 URL: https://issues.apache.org/jira/browse/WW-4448 Project: Struts 2 Issue Type: Bug Components: Core Actions Affects Versions: 2.3.20 Reporter: Mitth'raw'nuruodo https://issues.apache.org/jira/browse/WW-4187 changed ServletRedirectResult to use java.net.URI to check whether a redirect URL is actually a path. However, it does not encode parameters first, which will often result in a URL being deemed invalid (eg if one of the parameters contains spaces) and thus being treated as a path. We actually don't want parameters to be appended to our absolute redirects at all, but I can't see a way to disable this...DefaultResultFactory doesn't seem to be configurable. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (WW-4447) Hidden fields silently drop 'label' attributes in Struts 2.3.20
[ https://issues.apache.org/jira/browse/WW-4447?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14276033#comment-14276033 ] Mitth'raw'nuruodo commented on WW-4447: --- Does anyone know the reason for the original change? Should it be reverted, or is the answer simply "Don't do that"? I realise it's a bit odd to have a supposedly-hidden field causing elements to be displayed, but as I mentioned, we're using a custom theme, so it gets formatted the same way as our other fields, and it would be messy to re-create that formatting directly in the Freemarker template. Is there a field type designed for visible read-only output? > Hidden fields silently drop 'label' attributes in Struts 2.3.20 > --- > > Key: WW-4447 > URL: https://issues.apache.org/jira/browse/WW-4447 > Project: Struts 2 > Issue Type: Bug > Components: Expression Language >Affects Versions: 2.3.20 > Environment: Freemarker 2.3.21 >Reporter: Mitth'raw'nuruodo >Priority: Minor > Labels: hidden, label > Fix For: 2.3.x > > > Hidden fields (populated in a Freemarker template using <@s.hidden>) are > silently dropping the 'label' attribute, as of Struts 2.3.20. Renaming the > attribute to anything else works. > We are using the s.hidden tag with a custom theme to display read-only fields > on the page, and we make use of the label attribute. > This change could be intended behavior for hidden fields, but it was not the > case in 2.3.16.3, and I could not find anything in the changelog for 2.3.20. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (WW-4447) Hidden fields silently drop 'label' attributes in Struts 2.3.20
[ https://issues.apache.org/jira/browse/WW-4447?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14275438#comment-14275438 ] Michael Hintenaus commented on WW-4447: --- We are extending from the xhtml theme and since struts 2.3.20 some of our layouts are destroyed. The reason is the new hardecoded tr and td tag in the hidden.ftl. I can't understand this change in bug 4297, because I can't find any other ftl with table specific markup. I think it was a dirty fix. > Hidden fields silently drop 'label' attributes in Struts 2.3.20 > --- > > Key: WW-4447 > URL: https://issues.apache.org/jira/browse/WW-4447 > Project: Struts 2 > Issue Type: Bug > Components: Expression Language >Affects Versions: 2.3.20 > Environment: Freemarker 2.3.21 >Reporter: Mitth'raw'nuruodo >Priority: Minor > Labels: hidden, label > Fix For: 2.3.x > > > Hidden fields (populated in a Freemarker template using <@s.hidden>) are > silently dropping the 'label' attribute, as of Struts 2.3.20. Renaming the > attribute to anything else works. > We are using the s.hidden tag with a custom theme to display read-only fields > on the page, and we make use of the label attribute. > This change could be intended behavior for hidden fields, but it was not the > case in 2.3.16.3, and I could not find anything in the changelog for 2.3.20. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (WW-4447) Hidden fields silently drop 'label' attributes in Struts 2.3.20
[ https://issues.apache.org/jira/browse/WW-4447?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14275113#comment-14275113 ] Lukasz Lenart commented on WW-4447: --- Looks like this change must be reverted {code:java} +@Override +public void evaluateParams() { +super.evaluateParams(); +label = null; +addParameter("label", null); +} {code} > Hidden fields silently drop 'label' attributes in Struts 2.3.20 > --- > > Key: WW-4447 > URL: https://issues.apache.org/jira/browse/WW-4447 > Project: Struts 2 > Issue Type: Bug > Components: Expression Language >Affects Versions: 2.3.20 > Environment: Freemarker 2.3.21 >Reporter: Mitth'raw'nuruodo >Priority: Minor > Labels: hidden, label > Fix For: 2.3.x > > > Hidden fields (populated in a Freemarker template using <@s.hidden>) are > silently dropping the 'label' attribute, as of Struts 2.3.20. Renaming the > attribute to anything else works. > We are using the s.hidden tag with a custom theme to display read-only fields > on the page, and we make use of the label attribute. > This change could be intended behavior for hidden fields, but it was not the > case in 2.3.16.3, and I could not find anything in the changelog for 2.3.20. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Closed] (WW-4337) CookieInterceptor allows manipulation of session, request, etc
[ https://issues.apache.org/jira/browse/WW-4337?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart closed WW-4337. - > CookieInterceptor allows manipulation of session, request, etc > -- > > Key: WW-4337 > URL: https://issues.apache.org/jira/browse/WW-4337 > Project: Struts 2 > Issue Type: Bug > Components: Core Interceptors >Affects Versions: 2.3.16.2 >Reporter: Lukasz Lenart >Assignee: Lukasz Lenart >Priority: Critical > Labels: security > Fix For: 2.3.16.3 > > -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Closed] (WW-4212) Struts DMI no longer works
[ https://issues.apache.org/jira/browse/WW-4212?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart closed WW-4212. - > Struts DMI no longer works > -- > > Key: WW-4212 > URL: https://issues.apache.org/jira/browse/WW-4212 > Project: Struts 2 > Issue Type: Bug > Components: XML Configuration >Affects Versions: 2.3.15.2 > Environment: Apache/Tomcat >Reporter: Greg Huber >Assignee: Lukasz Lenart > Fix For: 2.3.15.3 > > > Hello, > I have tried 2.3.15.2 and the dmi no longer works. > In my struts.properties file I have this: > struts.enable.DynamicMethodInvocation=true > I ahve also tried: > > in the struts.xml file > Cheers Greg. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Closed] (WW-3487) The plugin can't find the actions if the war embeded in an ear.
[ https://issues.apache.org/jira/browse/WW-3487?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart closed WW-3487. - > The plugin can't find the actions if the war embeded in an ear. > --- > > Key: WW-3487 > URL: https://issues.apache.org/jira/browse/WW-3487 > Project: Struts 2 > Issue Type: Bug > Components: Plugin - Convention >Affects Versions: 2.2.1 > Environment: JBoss 5.1 >Reporter: Böszörményi Péter >Assignee: Lukasz Lenart > Fix For: 2.3.12 > > Attachments: struts2-src.tar.gz, struts2.ear > > > If I deploy an ear that contains a war, the plugin can't find the actions > under JBoss 5.1. If I only deploy the war everything is fine. Tha actions > defined in struts.xml works perfectly in both cases. I did some > investigation, and i think the problem is in the method > org.apache.struts2.convention.PackageBasedActionConfigBuilder.findActions. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Closed] (WW-4386) "java.io.IOException: Broken pipe" occurred
[ https://issues.apache.org/jira/browse/WW-4386?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart closed WW-4386. - > "java.io.IOException: Broken pipe" occurred > --- > > Key: WW-4386 > URL: https://issues.apache.org/jira/browse/WW-4386 > Project: Struts 2 > Issue Type: Bug > Components: Core Interceptors >Affects Versions: 2.3.16.3 > Environment: OS:RHEL Server 5.3 > JRE:1.7.0_09 > Application Server:Tomcat 8.0.9 >Reporter: mougenko >Priority: Blocker > > When I call Action, Broken pipe Exception occur. > ・If don't use interceptor, Exception does not occur. > ・If action result type is not stream, Exception does not occur. > ・If read HttpResponse, Exception does not occur. > ・If OS is Windows, Exception does not occur. > ・If use Tomcat BIO protocol, Exception does not occur. > {code:title=StackTrace|borderStyle=solid} > org.apache.catalina.connector.ClientAbortException: java.io.IOException: > Broken pipe > at > org.apache.catalina.connector.OutputBuffer.realWriteBytes(OutputBuffer.java:389) > at org.apache.tomcat.util.buf.ByteChunk.flushBuffer(ByteChunk.java:426) > at > org.apache.catalina.connector.OutputBuffer.doFlush(OutputBuffer.java:338) > at > org.apache.catalina.connector.OutputBuffer.close(OutputBuffer.java:291) > at > org.apache.catalina.connector.CoyoteOutputStream.close(CoyoteOutputStream.java:151) > at > org.apache.struts2.dispatcher.StreamResult.doExecute(StreamResult.java:305) > at > org.apache.struts2.dispatcher.StrutsResultSupport.execute(StrutsResultSupport.java:186) > at > com.opensymphony.xwork2.DefaultActionInvocation.executeResult(DefaultActionInvocation.java:371) > at > com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:275) > at > org.apache.struts2.interceptor.DeprecationInterceptor.intercept(DeprecationInterceptor.java:41) > at > com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) > at > org.apache.struts2.interceptor.debugging.DebuggingInterceptor.intercept(DebuggingInterceptor.java:256) > at > com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) > at > com.opensymphony.xwork2.interceptor.DefaultWorkflowInterceptor.doIntercept(DefaultWorkflowInterceptor.java:167) > at > com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98) > at > com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) > at > com.opensymphony.xwork2.validator.ValidationInterceptor.doIntercept(ValidationInterceptor.java:265) > at > org.apache.struts2.interceptor.validation.AnnotationValidationInterceptor.doIntercept(AnnotationValidationInterceptor.java:68) > at > com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98) > at > com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) > at > com.opensymphony.xwork2.interceptor.ConversionErrorInterceptor.intercept(ConversionErrorInterceptor.java:138) > at > com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) > at > com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:254) > at > com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98) > at > com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) > at > com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:254) > at > com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98) > at > com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) > at > com.opensymphony.xwork2.interceptor.StaticParametersInterceptor.intercept(StaticParametersInterceptor.java:191) > at > com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) > at > org.apache.struts2.interceptor.MultiselectInterceptor.intercept(MultiselectInterceptor.java:73) > at > com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) > at > org.apache.struts2.interceptor.CheckboxInterceptor.intercept(CheckboxInterceptor.java:91) > at > com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) > at > org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:252) > at > com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) >
[jira] [Closed] (WW-4200) Broken Access Control Vulnerability
[ https://issues.apache.org/jira/browse/WW-4200?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart closed WW-4200. - > Broken Access Control Vulnerability > --- > > Key: WW-4200 > URL: https://issues.apache.org/jira/browse/WW-4200 > Project: Struts 2 > Issue Type: Bug > Components: Core Actions >Affects Versions: 2.3.15.1 >Reporter: Lukasz Lenart >Assignee: Lukasz Lenart >Priority: Blocker > Fix For: 2.3.15.2 > > -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Closed] (WW-4090) Remote code execution via wildcard matching and double evaluation of OGNL expression
[ https://issues.apache.org/jira/browse/WW-4090?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart closed WW-4090. - > Remote code execution via wildcard matching and double evaluation of OGNL > expression > > > Key: WW-4090 > URL: https://issues.apache.org/jira/browse/WW-4090 > Project: Struts 2 > Issue Type: Bug > Components: Core Actions, Expression Language >Affects Versions: 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.1.8, > 2.1.8.1, 2.2.1, 2.2.1.1, 2.2.3, 2.2.3.1, 2.3.1, 2.3.1.1, 2.3.1.2, 2.3.3, > 2.3.4, 2.3.4.1, 2.3.7, 2.3.8, 2.3.12, 2.3.14, 2.3.14.1, 2.3.14.2 >Reporter: Lukasz Lenart >Assignee: Lukasz Lenart >Priority: Blocker > Fix For: 2.3.14.3 > > > See http://struts.apache.org/development/2.x/docs/s2-015.html for more details -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Closed] (WW-4204) 404 error occurs on submitting (after applying 2.3.15.2)
[ https://issues.apache.org/jira/browse/WW-4204?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart closed WW-4204. - > 404 error occurs on submitting (after applying 2.3.15.2) > > > Key: WW-4204 > URL: https://issues.apache.org/jira/browse/WW-4204 > Project: Struts 2 > Issue Type: Bug > Components: Core Actions, Example Applications >Affects Versions: 2.3.15.2 >Reporter: Yuki Sugawara >Assignee: Lukasz Lenart >Priority: Blocker > Fix For: 2.3.15.3 > > > Struts 2.3.15.2 brings 404 error on press submit named > 'action:some-action-name'. > S2-018 says 'After upgrading to Struts >= 2.3.15.2, applications using the > "action:" should still work as expected.', but it seems not to be working. > You can see it in example application 'Struts2 Showcase - Validation - Store > Errors Across Request Example' > Cancel. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Closed] (WW-4201) Dynamic Method Invocation disabled by default
[ https://issues.apache.org/jira/browse/WW-4201?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart closed WW-4201. - > Dynamic Method Invocation disabled by default > - > > Key: WW-4201 > URL: https://issues.apache.org/jira/browse/WW-4201 > Project: Struts 2 > Issue Type: Bug > Components: XML Configuration >Affects Versions: 2.3.15.1 >Reporter: Lukasz Lenart >Assignee: Lukasz Lenart >Priority: Blocker > Fix For: 2.3.15.2 > > -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Closed] (WW-4211) Form enctype="multipart/form-data" no attributes
[ https://issues.apache.org/jira/browse/WW-4211?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart closed WW-4211. - > Form enctype="multipart/form-data" no attributes > > > Key: WW-4211 > URL: https://issues.apache.org/jira/browse/WW-4211 > Project: Struts 2 > Issue Type: Bug >Affects Versions: 2.3.15.2 >Reporter: lefebvre >Assignee: Lukasz Lenart >Priority: Blocker > Fix For: 2.3.15.3 > > Attachments: ws4211.zip > > > If form is defined with enctype="multipart/form-data" attributes cannot be get > {code} > > > {code} > {code} > HttpServletRequest request = ServletActionContext.getRequest(); > request.getParameterNames() <-- Empty colelction > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (WW-4447) Hidden fields silently drop 'label' attributes in Struts 2.3.20
[ https://issues.apache.org/jira/browse/WW-4447?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14275091#comment-14275091 ] Lukasz Lenart commented on WW-4447: --- Please see the linked issue and also that commit https://git-wip-us.apache.org/repos/asf?p=struts.git;a=commitdiff;h=d63deb9750a3d409be30414faaf76f5481a4417d;hp=aa744b811f9c41b80cc30ad6cf41ccaa75da5323 > Hidden fields silently drop 'label' attributes in Struts 2.3.20 > --- > > Key: WW-4447 > URL: https://issues.apache.org/jira/browse/WW-4447 > Project: Struts 2 > Issue Type: Bug > Components: Expression Language >Affects Versions: 2.3.20 > Environment: Freemarker 2.3.21 >Reporter: Mitth'raw'nuruodo >Priority: Minor > Labels: hidden, label > Fix For: 2.3.x > > > Hidden fields (populated in a Freemarker template using <@s.hidden>) are > silently dropping the 'label' attribute, as of Struts 2.3.20. Renaming the > attribute to anything else works. > We are using the s.hidden tag with a custom theme to display read-only fields > on the page, and we make use of the label attribute. > This change could be intended behavior for hidden fields, but it was not the > case in 2.3.16.3, and I could not find anything in the changelog for 2.3.20. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (WW-4447) Hidden fields silently drop 'label' attributes in Struts 2.3.20
[ https://issues.apache.org/jira/browse/WW-4447?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart updated WW-4447: -- Fix Version/s: 2.3.x > Hidden fields silently drop 'label' attributes in Struts 2.3.20 > --- > > Key: WW-4447 > URL: https://issues.apache.org/jira/browse/WW-4447 > Project: Struts 2 > Issue Type: Bug > Components: Expression Language >Affects Versions: 2.3.20 > Environment: Freemarker 2.3.21 >Reporter: Mitth'raw'nuruodo >Priority: Minor > Labels: hidden, label > Fix For: 2.3.x > > > Hidden fields (populated in a Freemarker template using <@s.hidden>) are > silently dropping the 'label' attribute, as of Struts 2.3.20. Renaming the > attribute to anything else works. > We are using the s.hidden tag with a custom theme to display read-only fields > on the page, and we make use of the label attribute. > This change could be intended behavior for hidden fields, but it was not the > case in 2.3.16.3, and I could not find anything in the changelog for 2.3.20. -- This message was sent by Atlassian JIRA (v6.3.4#6332)