[jira] [Updated] (WW-4447) Hidden fields silently drop 'label' attributes in Struts 2.3.20
[ https://issues.apache.org/jira/browse/WW-4447?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart updated WW-4447: -- Fix Version/s: (was: 2.3.x) 2.3.22 > Hidden fields silently drop 'label' attributes in Struts 2.3.20 > --- > > Key: WW-4447 > URL: https://issues.apache.org/jira/browse/WW-4447 > Project: Struts 2 > Issue Type: Bug > Components: Expression Language >Affects Versions: 2.3.20 > Environment: Freemarker 2.3.21 >Reporter: Mitth'raw'nuruodo >Priority: Minor > Labels: hidden, label > Fix For: 2.3.22 > > > Hidden fields (populated in a Freemarker template using <@s.hidden>) are > silently dropping the 'label' attribute, as of Struts 2.3.20. Renaming the > attribute to anything else works. > We are using the s.hidden tag with a custom theme to display read-only fields > on the page, and we make use of the label attribute. > This change could be intended behavior for hidden fields, but it was not the > case in 2.3.16.3, and I could not find anything in the changelog for 2.3.20. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (WW-4448) Parameters are not encoded by ServletRedirectAction before checking for valid URI
[ https://issues.apache.org/jira/browse/WW-4448?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart updated WW-4448: -- Fix Version/s: (was: 2.3.x) 2.3.22 > Parameters are not encoded by ServletRedirectAction before checking for valid > URI > - > > Key: WW-4448 > URL: https://issues.apache.org/jira/browse/WW-4448 > Project: Struts 2 > Issue Type: Bug > Components: Core Actions >Affects Versions: 2.3.20 >Reporter: Mitth'raw'nuruodo > Labels: encoding, redirect, url > Fix For: 2.3.22 > > > WW-4187 changed ServletRedirectResult to use java.net.URI to check whether a > redirect URL is actually a path. However, it does not encode parameters > first, which will often result in a URL being deemed invalid (eg if one of > the parameters contains spaces) and thus being treated as a path. > Where I work, we actually don't want parameters to be appended to our > absolute redirects at all, but I can't see a way to disable > this...DefaultResultFactory doesn't seem to be configurable. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (WW-4448) Parameters are not encoded by ServletRedirectAction before checking for valid URI
[ https://issues.apache.org/jira/browse/WW-4448?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart updated WW-4448: -- Fix Version/s: 2.3.x > Parameters are not encoded by ServletRedirectAction before checking for valid > URI > - > > Key: WW-4448 > URL: https://issues.apache.org/jira/browse/WW-4448 > Project: Struts 2 > Issue Type: Bug > Components: Core Actions >Affects Versions: 2.3.20 >Reporter: Mitth'raw'nuruodo > Labels: encoding, redirect, url > Fix For: 2.3.x > > > WW-4187 changed ServletRedirectResult to use java.net.URI to check whether a > redirect URL is actually a path. However, it does not encode parameters > first, which will often result in a URL being deemed invalid (eg if one of > the parameters contains spaces) and thus being treated as a path. > Where I work, we actually don't want parameters to be appended to our > absolute redirects at all, but I can't see a way to disable > this...DefaultResultFactory doesn't seem to be configurable. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (WW-4448) Parameters are not encoded by ServletRedirectAction before checking for valid URI
[
https://issues.apache.org/jira/browse/WW-4448?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14276580#comment-14276580
]
Lukasz Lenart commented on WW-4448:
---
So the solution is to add encoding of input parameter in {{protected boolean
isPathUrl(String url)}}, right?
> Parameters are not encoded by ServletRedirectAction before checking for valid
> URI
> -
>
> Key: WW-4448
> URL: https://issues.apache.org/jira/browse/WW-4448
> Project: Struts 2
> Issue Type: Bug
> Components: Core Actions
>Affects Versions: 2.3.20
>Reporter: Mitth'raw'nuruodo
> Labels: encoding, redirect, url
>
> WW-4187 changed ServletRedirectResult to use java.net.URI to check whether a
> redirect URL is actually a path. However, it does not encode parameters
> first, which will often result in a URL being deemed invalid (eg if one of
> the parameters contains spaces) and thus being treated as a path.
> Where I work, we actually don't want parameters to be appended to our
> absolute redirects at all, but I can't see a way to disable
> this...DefaultResultFactory doesn't seem to be configurable.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (WW-4448) Parameters are not encoded by ServletRedirectAction before checking for valid URI
[
https://issues.apache.org/jira/browse/WW-4448?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14276576#comment-14276576
]
Lukasz Lenart commented on WW-4448:
---
{{DefaultResultFactory}} isn't configurable but you can easily defined your
own, here are all the extension points [1]
[1] http://struts.apache.org/docs/plugins.html#Plugins-ExtensionPoints
> Parameters are not encoded by ServletRedirectAction before checking for valid
> URI
> -
>
> Key: WW-4448
> URL: https://issues.apache.org/jira/browse/WW-4448
> Project: Struts 2
> Issue Type: Bug
> Components: Core Actions
>Affects Versions: 2.3.20
>Reporter: Mitth'raw'nuruodo
> Labels: encoding, redirect, url
>
> WW-4187 changed ServletRedirectResult to use java.net.URI to check whether a
> redirect URL is actually a path. However, it does not encode parameters
> first, which will often result in a URL being deemed invalid (eg if one of
> the parameters contains spaces) and thus being treated as a path.
> Where I work, we actually don't want parameters to be appended to our
> absolute redirects at all, but I can't see a way to disable
> this...DefaultResultFactory doesn't seem to be configurable.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Comment Edited] (WW-4448) Parameters are not encoded by ServletRedirectAction before checking for valid URI
[
https://issues.apache.org/jira/browse/WW-4448?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14276239#comment-14276239
]
Lukasz Lenart edited comment on WW-4448 at 1/14/15 6:52 AM:
I've found a workaround, at least, using a 'httpheader' result type, which does
not append parameters, instead of ServletRedirectAction.
{code:xml}
302
${redirectUrl}
{code}
was (Author: thrawnca):
I've found a workaround, at least, using a 'httpheader' result type, which does
not append parameters, instead of ServletRedirectAction.
302
${redirectUrl}
> Parameters are not encoded by ServletRedirectAction before checking for valid
> URI
> -
>
> Key: WW-4448
> URL: https://issues.apache.org/jira/browse/WW-4448
> Project: Struts 2
> Issue Type: Bug
> Components: Core Actions
>Affects Versions: 2.3.20
>Reporter: Mitth'raw'nuruodo
> Labels: encoding, redirect, url
>
> WW-4187 changed ServletRedirectResult to use java.net.URI to check whether a
> redirect URL is actually a path. However, it does not encode parameters
> first, which will often result in a URL being deemed invalid (eg if one of
> the parameters contains spaces) and thus being treated as a path.
> Where I work, we actually don't want parameters to be appended to our
> absolute redirects at all, but I can't see a way to disable
> this...DefaultResultFactory doesn't seem to be configurable.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (WW-4448) Parameters are not encoded by ServletRedirectAction before checking for valid URI
[ https://issues.apache.org/jira/browse/WW-4448?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart updated WW-4448: -- Description: WW-4187 changed ServletRedirectResult to use java.net.URI to check whether a redirect URL is actually a path. However, it does not encode parameters first, which will often result in a URL being deemed invalid (eg if one of the parameters contains spaces) and thus being treated as a path. Where I work, we actually don't want parameters to be appended to our absolute redirects at all, but I can't see a way to disable this...DefaultResultFactory doesn't seem to be configurable. was: https://issues.apache.org/jira/browse/WW-4187 changed ServletRedirectResult to use java.net.URI to check whether a redirect URL is actually a path. However, it does not encode parameters first, which will often result in a URL being deemed invalid (eg if one of the parameters contains spaces) and thus being treated as a path. Where I work, we actually don't want parameters to be appended to our absolute redirects at all, but I can't see a way to disable this...DefaultResultFactory doesn't seem to be configurable. > Parameters are not encoded by ServletRedirectAction before checking for valid > URI > - > > Key: WW-4448 > URL: https://issues.apache.org/jira/browse/WW-4448 > Project: Struts 2 > Issue Type: Bug > Components: Core Actions >Affects Versions: 2.3.20 >Reporter: Mitth'raw'nuruodo > Labels: encoding, redirect, url > > WW-4187 changed ServletRedirectResult to use java.net.URI to check whether a > redirect URL is actually a path. However, it does not encode parameters > first, which will often result in a URL being deemed invalid (eg if one of > the parameters contains spaces) and thus being treated as a path. > Where I work, we actually don't want parameters to be appended to our > absolute redirects at all, but I can't see a way to disable > this...DefaultResultFactory doesn't seem to be configurable. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (WW-4447) Hidden fields silently drop 'label' attributes in Struts 2.3.20
[
https://issues.apache.org/jira/browse/WW-4447?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14276565#comment-14276565
]
Lukasz Lenart commented on WW-4447:
---
Reason for the change you have in WW-4297 - the only mistake is the one I have
put above with resetting the {{label}} attribute, that part must be reverted,
the rest must stay.
> Hidden fields silently drop 'label' attributes in Struts 2.3.20
> ---
>
> Key: WW-4447
> URL: https://issues.apache.org/jira/browse/WW-4447
> Project: Struts 2
> Issue Type: Bug
> Components: Expression Language
>Affects Versions: 2.3.20
> Environment: Freemarker 2.3.21
>Reporter: Mitth'raw'nuruodo
>Priority: Minor
> Labels: hidden, label
> Fix For: 2.3.x
>
>
> Hidden fields (populated in a Freemarker template using <@s.hidden>) are
> silently dropping the 'label' attribute, as of Struts 2.3.20. Renaming the
> attribute to anything else works.
> We are using the s.hidden tag with a custom theme to display read-only fields
> on the page, and we make use of the label attribute.
> This change could be intended behavior for hidden fields, but it was not the
> case in 2.3.16.3, and I could not find anything in the changelog for 2.3.20.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (WW-4447) Hidden fields silently drop 'label' attributes in Struts 2.3.20
[
https://issues.apache.org/jira/browse/WW-4447?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14276563#comment-14276563
]
Lukasz Lenart commented on WW-4447:
---
Those hardcoded {{}} and {{}} are needed to follow pattern of
{{xhtml}} theme - without them we get issue mentioned in WW-4297. But as
{{hidden.ftl}} from {{simple}} theme wasn't changed you can base on that. In
the current version of Struts you can override any template you want - just
put your own version in {{template/xhtml/hidden.ftl}}
> Hidden fields silently drop 'label' attributes in Struts 2.3.20
> ---
>
> Key: WW-4447
> URL: https://issues.apache.org/jira/browse/WW-4447
> Project: Struts 2
> Issue Type: Bug
> Components: Expression Language
>Affects Versions: 2.3.20
> Environment: Freemarker 2.3.21
>Reporter: Mitth'raw'nuruodo
>Priority: Minor
> Labels: hidden, label
> Fix For: 2.3.x
>
>
> Hidden fields (populated in a Freemarker template using <@s.hidden>) are
> silently dropping the 'label' attribute, as of Struts 2.3.20. Renaming the
> attribute to anything else works.
> We are using the s.hidden tag with a custom theme to display read-only fields
> on the page, and we make use of the label attribute.
> This change could be intended behavior for hidden fields, but it was not the
> case in 2.3.16.3, and I could not find anything in the changelog for 2.3.20.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Comment Edited] (WW-4448) Parameters are not encoded by ServletRedirectAction before checking for valid URI
[
https://issues.apache.org/jira/browse/WW-4448?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14276239#comment-14276239
]
Mitth'raw'nuruodo edited comment on WW-4448 at 1/14/15 12:14 AM:
-
I've found a workaround, at least, using a 'httpheader' result type, which does
not append parameters, instead of ServletRedirectAction.
302
${redirectUrl}
was (Author: thrawnca):
I've found a workaround, at least, using a 'httpheader' result type instead of
'redirect'.
302
${redirectUrl}
> Parameters are not encoded by ServletRedirectAction before checking for valid
> URI
> -
>
> Key: WW-4448
> URL: https://issues.apache.org/jira/browse/WW-4448
> Project: Struts 2
> Issue Type: Bug
> Components: Core Actions
>Affects Versions: 2.3.20
>Reporter: Mitth'raw'nuruodo
> Labels: encoding, redirect, url
>
> https://issues.apache.org/jira/browse/WW-4187 changed ServletRedirectResult
> to use java.net.URI to check whether a redirect URL is actually a path.
> However, it does not encode parameters first, which will often result in a
> URL being deemed invalid (eg if one of the parameters contains spaces) and
> thus being treated as a path.
> Where I work, we actually don't want parameters to be appended to our
> absolute redirects at all, but I can't see a way to disable
> this...DefaultResultFactory doesn't seem to be configurable.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Comment Edited] (WW-4448) Parameters are not encoded by ServletRedirectAction before checking for valid URI
[
https://issues.apache.org/jira/browse/WW-4448?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14276239#comment-14276239
]
Mitth'raw'nuruodo edited comment on WW-4448 at 1/14/15 12:12 AM:
-
I've found a workaround, at least, using a 'httpheader' result type instead of
'redirect'.
302
${redirectUrl}
was (Author: thrawnca):
I've found a workaround, at least, using a 'httpheader' result type instead of
'redirect'.
302
${redirectUrl}
> Parameters are not encoded by ServletRedirectAction before checking for valid
> URI
> -
>
> Key: WW-4448
> URL: https://issues.apache.org/jira/browse/WW-4448
> Project: Struts 2
> Issue Type: Bug
> Components: Core Actions
>Affects Versions: 2.3.20
>Reporter: Mitth'raw'nuruodo
> Labels: encoding, redirect, url
>
> https://issues.apache.org/jira/browse/WW-4187 changed ServletRedirectResult
> to use java.net.URI to check whether a redirect URL is actually a path.
> However, it does not encode parameters first, which will often result in a
> URL being deemed invalid (eg if one of the parameters contains spaces) and
> thus being treated as a path.
> Where I work, we actually don't want parameters to be appended to our
> absolute redirects at all, but I can't see a way to disable
> this...DefaultResultFactory doesn't seem to be configurable.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (WW-4448) Parameters are not encoded by ServletRedirectAction before checking for valid URI
[
https://issues.apache.org/jira/browse/WW-4448?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14276239#comment-14276239
]
Mitth'raw'nuruodo commented on WW-4448:
---
I've found a workaround, at least, using a 'httpheader' result type instead of
'redirect'.
302
${redirectUrl}
> Parameters are not encoded by ServletRedirectAction before checking for valid
> URI
> -
>
> Key: WW-4448
> URL: https://issues.apache.org/jira/browse/WW-4448
> Project: Struts 2
> Issue Type: Bug
> Components: Core Actions
>Affects Versions: 2.3.20
>Reporter: Mitth'raw'nuruodo
> Labels: encoding, redirect, url
>
> https://issues.apache.org/jira/browse/WW-4187 changed ServletRedirectResult
> to use java.net.URI to check whether a redirect URL is actually a path.
> However, it does not encode parameters first, which will often result in a
> URL being deemed invalid (eg if one of the parameters contains spaces) and
> thus being treated as a path.
> Where I work, we actually don't want parameters to be appended to our
> absolute redirects at all, but I can't see a way to disable
> this...DefaultResultFactory doesn't seem to be configurable.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (WW-4448) Parameters are not encoded by ServletRedirectAction before checking for valid URI
[ https://issues.apache.org/jira/browse/WW-4448?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mitth'raw'nuruodo updated WW-4448: -- Description: https://issues.apache.org/jira/browse/WW-4187 changed ServletRedirectResult to use java.net.URI to check whether a redirect URL is actually a path. However, it does not encode parameters first, which will often result in a URL being deemed invalid (eg if one of the parameters contains spaces) and thus being treated as a path. Where I work, we actually don't want parameters to be appended to our absolute redirects at all, but I can't see a way to disable this...DefaultResultFactory doesn't seem to be configurable. was: https://issues.apache.org/jira/browse/WW-4187 changed ServletRedirectResult to use java.net.URI to check whether a redirect URL is actually a path. However, it does not encode parameters first, which will often result in a URL being deemed invalid (eg if one of the parameters contains spaces) and thus being treated as a path. We actually don't want parameters to be appended to our absolute redirects at all, but I can't see a way to disable this...DefaultResultFactory doesn't seem to be configurable. > Parameters are not encoded by ServletRedirectAction before checking for valid > URI > - > > Key: WW-4448 > URL: https://issues.apache.org/jira/browse/WW-4448 > Project: Struts 2 > Issue Type: Bug > Components: Core Actions >Affects Versions: 2.3.20 >Reporter: Mitth'raw'nuruodo > Labels: encoding, redirect, url > > https://issues.apache.org/jira/browse/WW-4187 changed ServletRedirectResult > to use java.net.URI to check whether a redirect URL is actually a path. > However, it does not encode parameters first, which will often result in a > URL being deemed invalid (eg if one of the parameters contains spaces) and > thus being treated as a path. > Where I work, we actually don't want parameters to be appended to our > absolute redirects at all, but I can't see a way to disable > this...DefaultResultFactory doesn't seem to be configurable. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Created] (WW-4448) Parameters are not encoded by ServletRedirectAction before checking for valid URI
Mitth'raw'nuruodo created WW-4448: - Summary: Parameters are not encoded by ServletRedirectAction before checking for valid URI Key: WW-4448 URL: https://issues.apache.org/jira/browse/WW-4448 Project: Struts 2 Issue Type: Bug Components: Core Actions Affects Versions: 2.3.20 Reporter: Mitth'raw'nuruodo https://issues.apache.org/jira/browse/WW-4187 changed ServletRedirectResult to use java.net.URI to check whether a redirect URL is actually a path. However, it does not encode parameters first, which will often result in a URL being deemed invalid (eg if one of the parameters contains spaces) and thus being treated as a path. We actually don't want parameters to be appended to our absolute redirects at all, but I can't see a way to disable this...DefaultResultFactory doesn't seem to be configurable. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (WW-4447) Hidden fields silently drop 'label' attributes in Struts 2.3.20
[ https://issues.apache.org/jira/browse/WW-4447?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14276033#comment-14276033 ] Mitth'raw'nuruodo commented on WW-4447: --- Does anyone know the reason for the original change? Should it be reverted, or is the answer simply "Don't do that"? I realise it's a bit odd to have a supposedly-hidden field causing elements to be displayed, but as I mentioned, we're using a custom theme, so it gets formatted the same way as our other fields, and it would be messy to re-create that formatting directly in the Freemarker template. Is there a field type designed for visible read-only output? > Hidden fields silently drop 'label' attributes in Struts 2.3.20 > --- > > Key: WW-4447 > URL: https://issues.apache.org/jira/browse/WW-4447 > Project: Struts 2 > Issue Type: Bug > Components: Expression Language >Affects Versions: 2.3.20 > Environment: Freemarker 2.3.21 >Reporter: Mitth'raw'nuruodo >Priority: Minor > Labels: hidden, label > Fix For: 2.3.x > > > Hidden fields (populated in a Freemarker template using <@s.hidden>) are > silently dropping the 'label' attribute, as of Struts 2.3.20. Renaming the > attribute to anything else works. > We are using the s.hidden tag with a custom theme to display read-only fields > on the page, and we make use of the label attribute. > This change could be intended behavior for hidden fields, but it was not the > case in 2.3.16.3, and I could not find anything in the changelog for 2.3.20. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (WW-4447) Hidden fields silently drop 'label' attributes in Struts 2.3.20
[ https://issues.apache.org/jira/browse/WW-4447?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14275438#comment-14275438 ] Michael Hintenaus commented on WW-4447: --- We are extending from the xhtml theme and since struts 2.3.20 some of our layouts are destroyed. The reason is the new hardecoded tr and td tag in the hidden.ftl. I can't understand this change in bug 4297, because I can't find any other ftl with table specific markup. I think it was a dirty fix. > Hidden fields silently drop 'label' attributes in Struts 2.3.20 > --- > > Key: WW-4447 > URL: https://issues.apache.org/jira/browse/WW-4447 > Project: Struts 2 > Issue Type: Bug > Components: Expression Language >Affects Versions: 2.3.20 > Environment: Freemarker 2.3.21 >Reporter: Mitth'raw'nuruodo >Priority: Minor > Labels: hidden, label > Fix For: 2.3.x > > > Hidden fields (populated in a Freemarker template using <@s.hidden>) are > silently dropping the 'label' attribute, as of Struts 2.3.20. Renaming the > attribute to anything else works. > We are using the s.hidden tag with a custom theme to display read-only fields > on the page, and we make use of the label attribute. > This change could be intended behavior for hidden fields, but it was not the > case in 2.3.16.3, and I could not find anything in the changelog for 2.3.20. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (WW-4447) Hidden fields silently drop 'label' attributes in Struts 2.3.20
[
https://issues.apache.org/jira/browse/WW-4447?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14275113#comment-14275113
]
Lukasz Lenart commented on WW-4447:
---
Looks like this change must be reverted
{code:java}
+@Override
+public void evaluateParams() {
+super.evaluateParams();
+label = null;
+addParameter("label", null);
+}
{code}
> Hidden fields silently drop 'label' attributes in Struts 2.3.20
> ---
>
> Key: WW-4447
> URL: https://issues.apache.org/jira/browse/WW-4447
> Project: Struts 2
> Issue Type: Bug
> Components: Expression Language
>Affects Versions: 2.3.20
> Environment: Freemarker 2.3.21
>Reporter: Mitth'raw'nuruodo
>Priority: Minor
> Labels: hidden, label
> Fix For: 2.3.x
>
>
> Hidden fields (populated in a Freemarker template using <@s.hidden>) are
> silently dropping the 'label' attribute, as of Struts 2.3.20. Renaming the
> attribute to anything else works.
> We are using the s.hidden tag with a custom theme to display read-only fields
> on the page, and we make use of the label attribute.
> This change could be intended behavior for hidden fields, but it was not the
> case in 2.3.16.3, and I could not find anything in the changelog for 2.3.20.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Closed] (WW-4337) CookieInterceptor allows manipulation of session, request, etc
[ https://issues.apache.org/jira/browse/WW-4337?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart closed WW-4337. - > CookieInterceptor allows manipulation of session, request, etc > -- > > Key: WW-4337 > URL: https://issues.apache.org/jira/browse/WW-4337 > Project: Struts 2 > Issue Type: Bug > Components: Core Interceptors >Affects Versions: 2.3.16.2 >Reporter: Lukasz Lenart >Assignee: Lukasz Lenart >Priority: Critical > Labels: security > Fix For: 2.3.16.3 > > -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Closed] (WW-4212) Struts DMI no longer works
[ https://issues.apache.org/jira/browse/WW-4212?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart closed WW-4212. - > Struts DMI no longer works > -- > > Key: WW-4212 > URL: https://issues.apache.org/jira/browse/WW-4212 > Project: Struts 2 > Issue Type: Bug > Components: XML Configuration >Affects Versions: 2.3.15.2 > Environment: Apache/Tomcat >Reporter: Greg Huber >Assignee: Lukasz Lenart > Fix For: 2.3.15.3 > > > Hello, > I have tried 2.3.15.2 and the dmi no longer works. > In my struts.properties file I have this: > struts.enable.DynamicMethodInvocation=true > I ahve also tried: > > in the struts.xml file > Cheers Greg. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Closed] (WW-3487) The plugin can't find the actions if the war embeded in an ear.
[ https://issues.apache.org/jira/browse/WW-3487?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart closed WW-3487. - > The plugin can't find the actions if the war embeded in an ear. > --- > > Key: WW-3487 > URL: https://issues.apache.org/jira/browse/WW-3487 > Project: Struts 2 > Issue Type: Bug > Components: Plugin - Convention >Affects Versions: 2.2.1 > Environment: JBoss 5.1 >Reporter: Böszörményi Péter >Assignee: Lukasz Lenart > Fix For: 2.3.12 > > Attachments: struts2-src.tar.gz, struts2.ear > > > If I deploy an ear that contains a war, the plugin can't find the actions > under JBoss 5.1. If I only deploy the war everything is fine. Tha actions > defined in struts.xml works perfectly in both cases. I did some > investigation, and i think the problem is in the method > org.apache.struts2.convention.PackageBasedActionConfigBuilder.findActions. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Closed] (WW-4386) "java.io.IOException: Broken pipe" occurred
[
https://issues.apache.org/jira/browse/WW-4386?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Lukasz Lenart closed WW-4386.
-
> "java.io.IOException: Broken pipe" occurred
> ---
>
> Key: WW-4386
> URL: https://issues.apache.org/jira/browse/WW-4386
> Project: Struts 2
> Issue Type: Bug
> Components: Core Interceptors
>Affects Versions: 2.3.16.3
> Environment: OS:RHEL Server 5.3
> JRE:1.7.0_09
> Application Server:Tomcat 8.0.9
>Reporter: mougenko
>Priority: Blocker
>
> When I call Action, Broken pipe Exception occur.
> ・If don't use interceptor, Exception does not occur.
> ・If action result type is not stream, Exception does not occur.
> ・If read HttpResponse, Exception does not occur.
> ・If OS is Windows, Exception does not occur.
> ・If use Tomcat BIO protocol, Exception does not occur.
> {code:title=StackTrace|borderStyle=solid}
> org.apache.catalina.connector.ClientAbortException: java.io.IOException:
> Broken pipe
> at
> org.apache.catalina.connector.OutputBuffer.realWriteBytes(OutputBuffer.java:389)
> at org.apache.tomcat.util.buf.ByteChunk.flushBuffer(ByteChunk.java:426)
> at
> org.apache.catalina.connector.OutputBuffer.doFlush(OutputBuffer.java:338)
> at
> org.apache.catalina.connector.OutputBuffer.close(OutputBuffer.java:291)
> at
> org.apache.catalina.connector.CoyoteOutputStream.close(CoyoteOutputStream.java:151)
> at
> org.apache.struts2.dispatcher.StreamResult.doExecute(StreamResult.java:305)
> at
> org.apache.struts2.dispatcher.StrutsResultSupport.execute(StrutsResultSupport.java:186)
> at
> com.opensymphony.xwork2.DefaultActionInvocation.executeResult(DefaultActionInvocation.java:371)
> at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:275)
> at
> org.apache.struts2.interceptor.DeprecationInterceptor.intercept(DeprecationInterceptor.java:41)
> at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
> at
> org.apache.struts2.interceptor.debugging.DebuggingInterceptor.intercept(DebuggingInterceptor.java:256)
> at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
> at
> com.opensymphony.xwork2.interceptor.DefaultWorkflowInterceptor.doIntercept(DefaultWorkflowInterceptor.java:167)
> at
> com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
> at
> com.opensymphony.xwork2.validator.ValidationInterceptor.doIntercept(ValidationInterceptor.java:265)
> at
> org.apache.struts2.interceptor.validation.AnnotationValidationInterceptor.doIntercept(AnnotationValidationInterceptor.java:68)
> at
> com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
> at
> com.opensymphony.xwork2.interceptor.ConversionErrorInterceptor.intercept(ConversionErrorInterceptor.java:138)
> at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
> at
> com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:254)
> at
> com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
> at
> com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:254)
> at
> com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
> at
> com.opensymphony.xwork2.interceptor.StaticParametersInterceptor.intercept(StaticParametersInterceptor.java:191)
> at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
> at
> org.apache.struts2.interceptor.MultiselectInterceptor.intercept(MultiselectInterceptor.java:73)
> at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
> at
> org.apache.struts2.interceptor.CheckboxInterceptor.intercept(CheckboxInterceptor.java:91)
> at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
> at
> org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:252)
> at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
>
[jira] [Closed] (WW-4200) Broken Access Control Vulnerability
[ https://issues.apache.org/jira/browse/WW-4200?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart closed WW-4200. - > Broken Access Control Vulnerability > --- > > Key: WW-4200 > URL: https://issues.apache.org/jira/browse/WW-4200 > Project: Struts 2 > Issue Type: Bug > Components: Core Actions >Affects Versions: 2.3.15.1 >Reporter: Lukasz Lenart >Assignee: Lukasz Lenart >Priority: Blocker > Fix For: 2.3.15.2 > > -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Closed] (WW-4090) Remote code execution via wildcard matching and double evaluation of OGNL expression
[ https://issues.apache.org/jira/browse/WW-4090?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart closed WW-4090. - > Remote code execution via wildcard matching and double evaluation of OGNL > expression > > > Key: WW-4090 > URL: https://issues.apache.org/jira/browse/WW-4090 > Project: Struts 2 > Issue Type: Bug > Components: Core Actions, Expression Language >Affects Versions: 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.1.8, > 2.1.8.1, 2.2.1, 2.2.1.1, 2.2.3, 2.2.3.1, 2.3.1, 2.3.1.1, 2.3.1.2, 2.3.3, > 2.3.4, 2.3.4.1, 2.3.7, 2.3.8, 2.3.12, 2.3.14, 2.3.14.1, 2.3.14.2 >Reporter: Lukasz Lenart >Assignee: Lukasz Lenart >Priority: Blocker > Fix For: 2.3.14.3 > > > See http://struts.apache.org/development/2.x/docs/s2-015.html for more details -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Closed] (WW-4204) 404 error occurs on submitting (after applying 2.3.15.2)
[ https://issues.apache.org/jira/browse/WW-4204?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart closed WW-4204. - > 404 error occurs on submitting (after applying 2.3.15.2) > > > Key: WW-4204 > URL: https://issues.apache.org/jira/browse/WW-4204 > Project: Struts 2 > Issue Type: Bug > Components: Core Actions, Example Applications >Affects Versions: 2.3.15.2 >Reporter: Yuki Sugawara >Assignee: Lukasz Lenart >Priority: Blocker > Fix For: 2.3.15.3 > > > Struts 2.3.15.2 brings 404 error on press submit named > 'action:some-action-name'. > S2-018 says 'After upgrading to Struts >= 2.3.15.2, applications using the > "action:" should still work as expected.', but it seems not to be working. > You can see it in example application 'Struts2 Showcase - Validation - Store > Errors Across Request Example' > Cancel. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Closed] (WW-4201) Dynamic Method Invocation disabled by default
[ https://issues.apache.org/jira/browse/WW-4201?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart closed WW-4201. - > Dynamic Method Invocation disabled by default > - > > Key: WW-4201 > URL: https://issues.apache.org/jira/browse/WW-4201 > Project: Struts 2 > Issue Type: Bug > Components: XML Configuration >Affects Versions: 2.3.15.1 >Reporter: Lukasz Lenart >Assignee: Lukasz Lenart >Priority: Blocker > Fix For: 2.3.15.2 > > -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Closed] (WW-4211) Form enctype="multipart/form-data" no attributes
[
https://issues.apache.org/jira/browse/WW-4211?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Lukasz Lenart closed WW-4211.
-
> Form enctype="multipart/form-data" no attributes
>
>
> Key: WW-4211
> URL: https://issues.apache.org/jira/browse/WW-4211
> Project: Struts 2
> Issue Type: Bug
>Affects Versions: 2.3.15.2
>Reporter: lefebvre
>Assignee: Lukasz Lenart
>Priority: Blocker
> Fix For: 2.3.15.3
>
> Attachments: ws4211.zip
>
>
> If form is defined with enctype="multipart/form-data" attributes cannot be get
> {code}
>
>
> {code}
> {code}
> HttpServletRequest request = ServletActionContext.getRequest();
> request.getParameterNames() <-- Empty colelction
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (WW-4447) Hidden fields silently drop 'label' attributes in Struts 2.3.20
[ https://issues.apache.org/jira/browse/WW-4447?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14275091#comment-14275091 ] Lukasz Lenart commented on WW-4447: --- Please see the linked issue and also that commit https://git-wip-us.apache.org/repos/asf?p=struts.git;a=commitdiff;h=d63deb9750a3d409be30414faaf76f5481a4417d;hp=aa744b811f9c41b80cc30ad6cf41ccaa75da5323 > Hidden fields silently drop 'label' attributes in Struts 2.3.20 > --- > > Key: WW-4447 > URL: https://issues.apache.org/jira/browse/WW-4447 > Project: Struts 2 > Issue Type: Bug > Components: Expression Language >Affects Versions: 2.3.20 > Environment: Freemarker 2.3.21 >Reporter: Mitth'raw'nuruodo >Priority: Minor > Labels: hidden, label > Fix For: 2.3.x > > > Hidden fields (populated in a Freemarker template using <@s.hidden>) are > silently dropping the 'label' attribute, as of Struts 2.3.20. Renaming the > attribute to anything else works. > We are using the s.hidden tag with a custom theme to display read-only fields > on the page, and we make use of the label attribute. > This change could be intended behavior for hidden fields, but it was not the > case in 2.3.16.3, and I could not find anything in the changelog for 2.3.20. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (WW-4447) Hidden fields silently drop 'label' attributes in Struts 2.3.20
[ https://issues.apache.org/jira/browse/WW-4447?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart updated WW-4447: -- Fix Version/s: 2.3.x > Hidden fields silently drop 'label' attributes in Struts 2.3.20 > --- > > Key: WW-4447 > URL: https://issues.apache.org/jira/browse/WW-4447 > Project: Struts 2 > Issue Type: Bug > Components: Expression Language >Affects Versions: 2.3.20 > Environment: Freemarker 2.3.21 >Reporter: Mitth'raw'nuruodo >Priority: Minor > Labels: hidden, label > Fix For: 2.3.x > > > Hidden fields (populated in a Freemarker template using <@s.hidden>) are > silently dropping the 'label' attribute, as of Struts 2.3.20. Renaming the > attribute to anything else works. > We are using the s.hidden tag with a custom theme to display read-only fields > on the page, and we make use of the label attribute. > This change could be intended behavior for hidden fields, but it was not the > case in 2.3.16.3, and I could not find anything in the changelog for 2.3.20. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
