[jira] [Commented] (WW-5268) Add configuration option to exempt classes from OGNL package exclusions
[ https://issues.apache.org/jira/browse/WW-5268?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17690864#comment-17690864 ] Yasser Zamani commented on WW-5268: --- [~kusal] IMHO this mechanism would be completely replaced with a more generic solution like [1] in future major releases. As you said it sometime might fell in false positives. Generally I found it hard to maintain it and its default values. Regarding your PR however I agree, it is better if Struts have it rather than nothing at all, specially now that it's already implemented. thanks! [1] https://struts.apache.org/security/#run-ognl-expressions-inside-sandbox > Add configuration option to exempt classes from OGNL package exclusions > --- > > Key: WW-5268 > URL: https://issues.apache.org/jira/browse/WW-5268 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.2.0 > > Time Spent: 10m > Remaining Estimate: 0h > > It is currently possible to exclude packages from OGNL evaluation using > `struts.excludedPackageNamePatterns` and `struts.excludedPackageNames`. > There may exist a scenario where you wish to have certain packages > excluded/blocklisted by default, but exempt specific classes from these > packages that have been assessed to be safe. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (WW-5268) Add configuration option to exempt classes from OGNL package exclusions
[ https://issues.apache.org/jira/browse/WW-5268?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17689295#comment-17689295 ] Yasser Zamani commented on WW-5268: --- Thanks for the PR but typically you wouldn't use those classes directly in an OGNL expression. If you really need it for example instead of "System.exit()" OGNL expression, define a method in your action as below: {code:java} Class MyAction { public String myExit() { return System.exit(); } } {code} and then use "myExit()" in your OGNL expression String. > Add configuration option to exempt classes from OGNL package exclusions > --- > > Key: WW-5268 > URL: https://issues.apache.org/jira/browse/WW-5268 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.2.0 > > Time Spent: 10m > Remaining Estimate: 0h > > It is currently possible to exclude packages from OGNL evaluation using > `struts.excludedPackageNamePatterns` and `struts.excludedPackageNames`. > There may exist a scenario where you wish to have certain packages > excluded/blocklisted by default, but exempt specific classes from these > packages that have been assessed to be safe. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (WW-5254) Document how to use the Async plugin
[ https://issues.apache.org/jira/browse/WW-5254?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17626037#comment-17626037 ] Yasser Zamani commented on WW-5254: --- And BTW the corresponding PR's description as well: [https://github.com/apache/struts/pull/179] > Document how to use the Async plugin > > > Key: WW-5254 > URL: https://issues.apache.org/jira/browse/WW-5254 > Project: Struts 2 > Issue Type: Improvement > Components: Plugin - Async >Reporter: Lukasz Lenart >Priority: Major > Fix For: 6.1.0 > > > The Async plugin is missing documentation > https://struts.apache.org/plugins/ -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (WW-5254) Document how to use the Async plugin
[ https://issues.apache.org/jira/browse/WW-5254?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17626036#comment-17626036 ] Yasser Zamani commented on WW-5254: --- There is a showcase already had been added which is helpful I think: https://github.com/apache/struts/commit/aee171c3b8ad401006612c4df44ed540fb2ed7e3 > Document how to use the Async plugin > > > Key: WW-5254 > URL: https://issues.apache.org/jira/browse/WW-5254 > Project: Struts 2 > Issue Type: Improvement > Components: Plugin - Async >Reporter: Lukasz Lenart >Priority: Major > Fix For: 6.1.0 > > > The Async plugin is missing documentation > https://struts.apache.org/plugins/ -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (WW-5216) Freemarker Checkbox error after migrating from Struts 2.5.29 to 2.5.30
[ https://issues.apache.org/jira/browse/WW-5216?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yasser Zamani resolved WW-5216. --- Fix Version/s: 6.0.2 Resolution: Not A Problem No problem, happy that it helped and to see that your code will be more secure now :) > Freemarker Checkbox error after migrating from Struts 2.5.29 to 2.5.30 > -- > > Key: WW-5216 > URL: https://issues.apache.org/jira/browse/WW-5216 > Project: Struts 2 > Issue Type: Bug > Components: Core >Affects Versions: 2.5.30 >Reporter: Abdel-B ELMILI >Assignee: Yasser Zamani >Priority: Major > Fix For: 6.0.2 > > > Hello, > We had the following error after migrating from struts 2.5.16 to struts > 2.5.30 : > {{2022-08-24 17:31:40 [https-jsse-nio-127.0.0.1-7443-exec-23] WARN :: > Expression [_sharedmb_a-b@sc.d_member_j@e.com] isn't allowed by pattern > [[\w+((\.\w+)|(\[\d+])|(\(\d+\))|(\['(\w|[\u4e00-\u9fa5])+'])|(\('(\w|[\u4e00-\u9fa5])+'\)))*]]! > See Accepted / Excluded patterns at > https://struts.apache.org/security/ > 2022-08-24 17:31:40 [https-jsse-nio-127.0.0.1-7443-exec-23] DEBUG:: > TemplateLoader.findTemplateSource("template/simple/checkbox.ftl"): Found > 2022-08-24 17:31:40 [https-jsse-nio-127.0.0.1-7443-exec-23] DEBUG:: > "template/simple/checkbox.ftl"("en_US", UTF-8, parsed): using cached since > jar:file://WEB-INF/lib/struts2-core-2.5.30.jar!/template/simple/checkbox.ftl > hasn't changed. > 2022-08-24 17:31:40 [https-jsse-nio-127.0.0.1-7443-exec-23] ERROR:: Error > executing FreeMarker template > freemarker.core.NonBooleanException: For "&&" right-hand operand: Expected a > boolean, but this has evaluated to a string+extended_hash (String wrapped > into f.e.b.StringModel): > ==> parameters.nameValue [in template "template/simple/checkbox.ftl" at line > 22, column 32] > > FTL stack trace ("~" means nesting-related): > - Failed at: #if parameters.nameValue?? && paramet... [in template > "template/simple/checkbox.ftl" at line 22, column 1] > > at freemarker.core.Expression.modelToBoolean(Expression.java:195) > ~[freemarker-2.3.31.jar:2.3.31] > at freemarker.core.Expression.evalToBoolean(Expression.java:178) > ~[freemarker-2.3.31.jar:2.3.31] > at freemarker.core.Expression.evalToBoolean(Expression.java:163) > ~[freemarker-2.3.31.jar:2.3.31] > at freemarker.core.AndExpression.evalToBoolean(AndExpression.java:36) > ~[freemarker-2.3.31.jar:2.3.31] > at freemarker.core.ConditionalBlock.accept(ConditionalBlock.java:48) > ~[freemarker-2.3.31.jar:2.3.31] > at freemarker.core.Environment.visit(Environment.java:347) > [freemarker-2.3.31.jar:2.3.31] > at freemarker.core.Environment.visit(Environment.java:353) > [freemarker-2.3.31.jar:2.3.31] > at freemarker.core.Environment.process(Environment.java:326) > [freemarker-2.3.31.jar:2.3.31] > at freemarker.template.Template.process(Template.java:383) > [freemarker-2.3.31.jar:2.3.31] > at > org.apache.struts2.components.template.FreemarkerTemplateEngine.renderTemplate(FreemarkerTemplateEngine.java:154) > [struts2-core-2.5.30.jar:2.5.30]}} > We don't have the issue if we downgrade to struts 2.5.9 > The checkbox causing the error is the following : > > id="%\{j_prefixe_shared_mailbox+#smbEmail+j_prefixe_member+#emailMember}"?? > > name="%\{j_prefixe_shared_mailbox+#smbEmail+j_prefixe_member+#emailMember}"?? > fieldValue="%\{#emailMember}"?? > value="false"/>?? > We saw the WW-5178 , but in our case the value attribute is defined. > We set a breakpoint in the modelToBoolean() function where the exception is > thrown (Expression.java). It seems that the parameters.nameValue used in the > template (<#if parameters.nameValue?? && parameters.nameValue>) is a > modelString (and not a boolean) which is equal to : > _sharedmb_a-b@sc.d_member_j@e.com (this value is what we set in the name > / id attributes of the checkbox) > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (WW-5216) Freemarker Checkbox error after migrating from Struts 2.5.29 to 2.5.30
[ https://issues.apache.org/jira/browse/WW-5216?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yasser Zamani reassigned WW-5216: - Assignee: Yasser Zamani > Freemarker Checkbox error after migrating from Struts 2.5.29 to 2.5.30 > -- > > Key: WW-5216 > URL: https://issues.apache.org/jira/browse/WW-5216 > Project: Struts 2 > Issue Type: Bug > Components: Core >Affects Versions: 2.5.30 >Reporter: Abdel-B ELMILI >Assignee: Yasser Zamani >Priority: Major > > Hello, > We had the following error after migrating from struts 2.5.16 to struts > 2.5.30 : > {{2022-08-24 17:31:40 [https-jsse-nio-127.0.0.1-7443-exec-23] WARN :: > Expression [_sharedmb_a-b@sc.d_member_j@e.com] isn't allowed by pattern > [[\w+((\.\w+)|(\[\d+])|(\(\d+\))|(\['(\w|[\u4e00-\u9fa5])+'])|(\('(\w|[\u4e00-\u9fa5])+'\)))*]]! > See Accepted / Excluded patterns at > https://struts.apache.org/security/ > 2022-08-24 17:31:40 [https-jsse-nio-127.0.0.1-7443-exec-23] DEBUG:: > TemplateLoader.findTemplateSource("template/simple/checkbox.ftl"): Found > 2022-08-24 17:31:40 [https-jsse-nio-127.0.0.1-7443-exec-23] DEBUG:: > "template/simple/checkbox.ftl"("en_US", UTF-8, parsed): using cached since > jar:file://WEB-INF/lib/struts2-core-2.5.30.jar!/template/simple/checkbox.ftl > hasn't changed. > 2022-08-24 17:31:40 [https-jsse-nio-127.0.0.1-7443-exec-23] ERROR:: Error > executing FreeMarker template > freemarker.core.NonBooleanException: For "&&" right-hand operand: Expected a > boolean, but this has evaluated to a string+extended_hash (String wrapped > into f.e.b.StringModel): > ==> parameters.nameValue [in template "template/simple/checkbox.ftl" at line > 22, column 32] > > FTL stack trace ("~" means nesting-related): > - Failed at: #if parameters.nameValue?? && paramet... [in template > "template/simple/checkbox.ftl" at line 22, column 1] > > at freemarker.core.Expression.modelToBoolean(Expression.java:195) > ~[freemarker-2.3.31.jar:2.3.31] > at freemarker.core.Expression.evalToBoolean(Expression.java:178) > ~[freemarker-2.3.31.jar:2.3.31] > at freemarker.core.Expression.evalToBoolean(Expression.java:163) > ~[freemarker-2.3.31.jar:2.3.31] > at freemarker.core.AndExpression.evalToBoolean(AndExpression.java:36) > ~[freemarker-2.3.31.jar:2.3.31] > at freemarker.core.ConditionalBlock.accept(ConditionalBlock.java:48) > ~[freemarker-2.3.31.jar:2.3.31] > at freemarker.core.Environment.visit(Environment.java:347) > [freemarker-2.3.31.jar:2.3.31] > at freemarker.core.Environment.visit(Environment.java:353) > [freemarker-2.3.31.jar:2.3.31] > at freemarker.core.Environment.process(Environment.java:326) > [freemarker-2.3.31.jar:2.3.31] > at freemarker.template.Template.process(Template.java:383) > [freemarker-2.3.31.jar:2.3.31] > at > org.apache.struts2.components.template.FreemarkerTemplateEngine.renderTemplate(FreemarkerTemplateEngine.java:154) > [struts2-core-2.5.30.jar:2.5.30]}} > We don't have the issue if we downgrade to struts 2.5.9 > The checkbox causing the error is the following : > > id="%\{j_prefixe_shared_mailbox+#smbEmail+j_prefixe_member+#emailMember}"?? > > name="%\{j_prefixe_shared_mailbox+#smbEmail+j_prefixe_member+#emailMember}"?? > fieldValue="%\{#emailMember}"?? > value="false"/>?? > We saw the WW-5178 , but in our case the value attribute is defined. > We set a breakpoint in the modelToBoolean() function where the exception is > thrown (Expression.java). It seems that the parameters.nameValue used in the > template (<#if parameters.nameValue?? && parameters.nameValue>) is a > modelString (and not a boolean) which is equal to : > _sharedmb_a-b@sc.d_member_j@e.com (this value is what we set in the name > / id attributes of the checkbox) > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (WW-5217) new OgnlContext() is removed
[ https://issues.apache.org/jira/browse/WW-5217?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17594330#comment-17594330 ] Yasser Zamani commented on WW-5217: --- thanks for reaching out! Looks like you're affected by [https://github.com/orphan-oss/ognl/issues/81.] But could you please check from which jar and version your mentioned OgnlContext class comes from?! because I see that in ognl repository this class never have an empty constructor in the first place! I'm wondering how new OgnlContext() i.e. an empty constructor works for you. Have you downgraded ognl by droping jar file manually? > new OgnlContext() is removed > > > Key: WW-5217 > URL: https://issues.apache.org/jira/browse/WW-5217 > Project: Struts 2 > Issue Type: Bug > Components: Expression Language >Reporter: Alireza Fattahi >Priority: Major > > We used the OGNL in our classes as below > > {code:java} > OgnlExpression ognlExpression = new OgnlExpression(expressionString); > ognlExpression.getValue(new OgnlContext(), rootObject);{code} > > The OgnlExpression is a simple wrapper. > > > {code:java} > public class OgnlExpression{ > private Object expression; > private static final Logger LOG = > LoggerFactory.getLogger(OgnlExpression.class); > public OgnlExpression( String expressionString ) > throws OgnlException > { > super(); > expression = Ognl.parseExpression( expressionString ); > } > public Object getExpression() > { > return expression; > } > public Object getValue( OgnlContext context, Object rootObject ) > throws OgnlException > { > LOG.debug("parse the expression with OGNL"); > return Ognl.getValue( getExpression(), context, rootObject ); > } > public void setValue( OgnlContext context, Object rootObject, Object > value ) > throws OgnlException > { > Ognl.setValue(getExpression(), context, rootObject, value); > } > {code} > > After upgrade to version 6, the `new OgnlContext()` constructor seems to be > removed. I test the `new OgnlContext(null,null,null)` but got illegal > argument exception. > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (WW-5216) Freemarker Checkbox error after migrating from Struts 2.5.29 to 2.5.30
[ https://issues.apache.org/jira/browse/WW-5216?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17586161#comment-17586161 ] Yasser Zamani commented on WW-5216: --- BTW I'm wondering how Struts 2.5.29 evaluates '_sharedmb_a-b@sc.d_member_j@e.com' expression to a boolean?! Do you know? just am curious! Anyway, in Struts 2.5.30, because it's a re-evaluation, it checks it against accepted patterns. And here it doesn't match accepted patterns so Struts doesn't evaluate it due to security reasons. > Freemarker Checkbox error after migrating from Struts 2.5.29 to 2.5.30 > -- > > Key: WW-5216 > URL: https://issues.apache.org/jira/browse/WW-5216 > Project: Struts 2 > Issue Type: Bug > Components: Core >Affects Versions: 2.5.30 >Reporter: Abdel-B ELMILI >Priority: Major > > Hello, > We had the following error after migrating from struts 2.5.16 to struts > 2.5.30 : > {{2022-08-24 17:31:40 [https-jsse-nio-127.0.0.1-7443-exec-23] WARN :: > Expression [_sharedmb_a-b@sc.d_member_j@e.com] isn't allowed by pattern > [[\w+((\.\w+)|(\[\d+])|(\(\d+\))|(\['(\w|[\u4e00-\u9fa5])+'])|(\('(\w|[\u4e00-\u9fa5])+'\)))*]]! > See Accepted / Excluded patterns at > https://struts.apache.org/security/ > 2022-08-24 17:31:40 [https-jsse-nio-127.0.0.1-7443-exec-23] DEBUG:: > TemplateLoader.findTemplateSource("template/simple/checkbox.ftl"): Found > 2022-08-24 17:31:40 [https-jsse-nio-127.0.0.1-7443-exec-23] DEBUG:: > "template/simple/checkbox.ftl"("en_US", UTF-8, parsed): using cached since > jar:file://WEB-INF/lib/struts2-core-2.5.30.jar!/template/simple/checkbox.ftl > hasn't changed. > 2022-08-24 17:31:40 [https-jsse-nio-127.0.0.1-7443-exec-23] ERROR:: Error > executing FreeMarker template > freemarker.core.NonBooleanException: For "&&" right-hand operand: Expected a > boolean, but this has evaluated to a string+extended_hash (String wrapped > into f.e.b.StringModel): > ==> parameters.nameValue [in template "template/simple/checkbox.ftl" at line > 22, column 32] > > FTL stack trace ("~" means nesting-related): > - Failed at: #if parameters.nameValue?? && paramet... [in template > "template/simple/checkbox.ftl" at line 22, column 1] > > at freemarker.core.Expression.modelToBoolean(Expression.java:195) > ~[freemarker-2.3.31.jar:2.3.31] > at freemarker.core.Expression.evalToBoolean(Expression.java:178) > ~[freemarker-2.3.31.jar:2.3.31] > at freemarker.core.Expression.evalToBoolean(Expression.java:163) > ~[freemarker-2.3.31.jar:2.3.31] > at freemarker.core.AndExpression.evalToBoolean(AndExpression.java:36) > ~[freemarker-2.3.31.jar:2.3.31] > at freemarker.core.ConditionalBlock.accept(ConditionalBlock.java:48) > ~[freemarker-2.3.31.jar:2.3.31] > at freemarker.core.Environment.visit(Environment.java:347) > [freemarker-2.3.31.jar:2.3.31] > at freemarker.core.Environment.visit(Environment.java:353) > [freemarker-2.3.31.jar:2.3.31] > at freemarker.core.Environment.process(Environment.java:326) > [freemarker-2.3.31.jar:2.3.31] > at freemarker.template.Template.process(Template.java:383) > [freemarker-2.3.31.jar:2.3.31] > at > org.apache.struts2.components.template.FreemarkerTemplateEngine.renderTemplate(FreemarkerTemplateEngine.java:154) > [struts2-core-2.5.30.jar:2.5.30]}} > We don't have the issue if we downgrade to struts 2.5.9 > The checkbox causing the error is the following : > > id="%\{j_prefixe_shared_mailbox+#smbEmail+j_prefixe_member+#emailMember}"?? > > name="%\{j_prefixe_shared_mailbox+#smbEmail+j_prefixe_member+#emailMember}"?? > fieldValue="%\{#emailMember}"?? > value="false"/>?? > We saw the WW-5178 , but in our case the value attribute is defined. > We set a breakpoint in the modelToBoolean() function where the exception is > thrown (Expression.java). It seems that the parameters.nameValue used in the > template (<#if parameters.nameValue?? && parameters.nameValue>) is a > modelString (and not a boolean) which is equal to : > _sharedmb_a-b@sc.d_member_j@e.com (this value is what we set in the name > / id attributes of the checkbox) > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (WW-5216) Freemarker Checkbox error after migrating from Struts 2.5.29 to 2.5.30
[ https://issues.apache.org/jira/browse/WW-5216?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17586160#comment-17586160 ] Yasser Zamani commented on WW-5216: --- Thanks for reaching out! Are you sure that those logs belong to that specific checkbox you mentioned i.e. that with value="false"?! I don't think so, because the first WARN log above in description shows that it's going to re-evaluate 'name', and it re-evaluates 'name' if and only if 'value' isn't set, provided you've set it to "false"! These mean that probably those logs belong to another checkbox with a not set value. wdyt? > Freemarker Checkbox error after migrating from Struts 2.5.29 to 2.5.30 > -- > > Key: WW-5216 > URL: https://issues.apache.org/jira/browse/WW-5216 > Project: Struts 2 > Issue Type: Bug > Components: Core >Affects Versions: 2.5.30 >Reporter: Abdel-B ELMILI >Priority: Major > > Hello, > We had the following error after migrating from struts 2.5.16 to struts > 2.5.30 : > {{2022-08-24 17:31:40 [https-jsse-nio-127.0.0.1-7443-exec-23] WARN :: > Expression [_sharedmb_a-b@sc.d_member_j@e.com] isn't allowed by pattern > [[\w+((\.\w+)|(\[\d+])|(\(\d+\))|(\['(\w|[\u4e00-\u9fa5])+'])|(\('(\w|[\u4e00-\u9fa5])+'\)))*]]! > See Accepted / Excluded patterns at > https://struts.apache.org/security/ > 2022-08-24 17:31:40 [https-jsse-nio-127.0.0.1-7443-exec-23] DEBUG:: > TemplateLoader.findTemplateSource("template/simple/checkbox.ftl"): Found > 2022-08-24 17:31:40 [https-jsse-nio-127.0.0.1-7443-exec-23] DEBUG:: > "template/simple/checkbox.ftl"("en_US", UTF-8, parsed): using cached since > jar:file://WEB-INF/lib/struts2-core-2.5.30.jar!/template/simple/checkbox.ftl > hasn't changed. > 2022-08-24 17:31:40 [https-jsse-nio-127.0.0.1-7443-exec-23] ERROR:: Error > executing FreeMarker template > freemarker.core.NonBooleanException: For "&&" right-hand operand: Expected a > boolean, but this has evaluated to a string+extended_hash (String wrapped > into f.e.b.StringModel): > ==> parameters.nameValue [in template "template/simple/checkbox.ftl" at line > 22, column 32] > > FTL stack trace ("~" means nesting-related): > - Failed at: #if parameters.nameValue?? && paramet... [in template > "template/simple/checkbox.ftl" at line 22, column 1] > > at freemarker.core.Expression.modelToBoolean(Expression.java:195) > ~[freemarker-2.3.31.jar:2.3.31] > at freemarker.core.Expression.evalToBoolean(Expression.java:178) > ~[freemarker-2.3.31.jar:2.3.31] > at freemarker.core.Expression.evalToBoolean(Expression.java:163) > ~[freemarker-2.3.31.jar:2.3.31] > at freemarker.core.AndExpression.evalToBoolean(AndExpression.java:36) > ~[freemarker-2.3.31.jar:2.3.31] > at freemarker.core.ConditionalBlock.accept(ConditionalBlock.java:48) > ~[freemarker-2.3.31.jar:2.3.31] > at freemarker.core.Environment.visit(Environment.java:347) > [freemarker-2.3.31.jar:2.3.31] > at freemarker.core.Environment.visit(Environment.java:353) > [freemarker-2.3.31.jar:2.3.31] > at freemarker.core.Environment.process(Environment.java:326) > [freemarker-2.3.31.jar:2.3.31] > at freemarker.template.Template.process(Template.java:383) > [freemarker-2.3.31.jar:2.3.31] > at > org.apache.struts2.components.template.FreemarkerTemplateEngine.renderTemplate(FreemarkerTemplateEngine.java:154) > [struts2-core-2.5.30.jar:2.5.30]}} > We don't have the issue if we downgrade to struts 2.5.9 > The checkbox causing the error is the following : > > id="%\{j_prefixe_shared_mailbox+#smbEmail+j_prefixe_member+#emailMember}"?? > > name="%\{j_prefixe_shared_mailbox+#smbEmail+j_prefixe_member+#emailMember}"?? > fieldValue="%\{#emailMember}"?? > value="false"/>?? > We saw the WW-5178 , but in our case the value attribute is defined. > We set a breakpoint in the modelToBoolean() function where the exception is > thrown (Expression.java). It seems that the parameters.nameValue used in the > template (<#if parameters.nameValue?? && parameters.nameValue>) is a > modelString (and not a boolean) which is equal to : > _sharedmb_a-b@sc.d_member_j@e.com (this value is what we set in the name > / id attributes of the checkbox) > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (WW-5173) Implement additional OGNL cache configuration controls
[ https://issues.apache.org/jira/browse/WW-5173?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yasser Zamani resolved WW-5173. --- Resolution: Fixed PR got merged, thanks! > Implement additional OGNL cache configuration controls > -- > > Key: WW-5173 > URL: https://issues.apache.org/jira/browse/WW-5173 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Affects Versions: 6.0.0 >Reporter: James Chaplin >Priority: Minor > Fix For: 6.1.0 > > Attachments: S2_StarterApp_1.zip > > Time Spent: 3h > Remaining Estimate: 0h > > With Struts 2.6, there may be an opportunity to introduce some additional > OGNL cache configuration capabilities. One idea is to provide an cache size > control, and a toggle for an LRU cache mode. These configuration controls > could be applied to the expression cache and BeanInfo caches independently. > The new properties could be optional, with the framework using a standard > default cache if the properties are not provided. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (WW-5177) Support testing with JUnit 5
[ https://issues.apache.org/jira/browse/WW-5177?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17558420#comment-17558420 ] Yasser Zamani commented on WW-5177: --- {quote}For POC purposes, I created parallels to {{{}XWorkJUnit4TestCase{}}}, {{{}StrutsJUnit4TestCase{}}}, and {{StrutsSpringJUnit4TestCase}} with much of the code remaining same. I was able to run tests using Spring's {{ExtendWith}} with a workaround and the workaround needs to be fixed properly. {quote} Could you please share or PR? Maybe it makes sense to refactor same things to a separate base class and extend it to support Junit4 and Junit5 both. > Support testing with JUnit 5 > > > Key: WW-5177 > URL: https://issues.apache.org/jira/browse/WW-5177 > Project: Struts 2 > Issue Type: New Feature > Components: Plugin - JUnit >Reporter: Ganapati >Priority: Major > Labels: features > Fix For: 6.1.0 > > > Hi Team, > > Currently, struts2-junit-plugin supports testing of Spring based struts > actions with on JUnit 4 and 3 using {{StrutsSpringTestCase}} and > {{StrutsSpringJUnit4TestCase}}. The request is to add support for JUnit 5 > with something similar to {{StrutsSpringJUnit5TestCase}}. I understand that > we can run JUnit 4 tests using {{junit-vintage-engine}} but in our case we > need to combine with other JUnit 5 based extensions - some custom and some > already available - Spring, Testcontainers, etc. > > There is no issue in the current issues list to support this. Can I know if > there is any plan to support the same? I am happy to make contribution if > some one can guide me. > --- > For POC purposes, I created parallels to {{XWorkJUnit4TestCase}}, > {{StrutsJUnit4TestCase}}, and {{StrutsSpringJUnit4TestCase}} with much of the > code remaining same. I was able to run tests using Spring's {{ExtendWith}} > with a workaround and the workaround needs to be fixed properly. > > Thanks. -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Resolved] (WW-5185) TilesDefinition is not found and the request for a Struts action fails after an upgrade from Struts 2.5.30 to Struts 6.0.
[ https://issues.apache.org/jira/browse/WW-5185?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yasser Zamani resolved WW-5185. --- Resolution: Fixed PR got merged. thanks! > TilesDefinition is not found and the request for a Struts action fails after > an upgrade from Struts 2.5.30 to Struts 6.0. > - > > Key: WW-5185 > URL: https://issues.apache.org/jira/browse/WW-5185 > Project: Struts 2 > Issue Type: Bug >Affects Versions: 6.0.0 > Environment: openjdk 11.0.28 > apache tomcat 8.5.78 > Struts 6.0.0 configured with org.apache.struts2.tiles.StrutsTilesListener > >Reporter: Zdenek Nejedly >Assignee: Lukasz Lenart >Priority: Major > Fix For: 6.0.1 > > Time Spent: 50m > Remaining Estimate: 0h > > When a web app using Struts2 with Tiles via the Tiles Struts plugin is > upgraded from 2.5.30 to Struts 6.0.0 the Tiles definitions in > WEB-INF/tiles.xml are not discovered automatically thus all requests for the > Struts actions with Tiles will fail. The following errors are generated > {noformat} > 2022-06-08 21:45:58,525 DEBUG [http-nio-8080-exec-19] tiles.TilesResult > (TilesResult.java:135) - checking if tiles definition exists > 'app.myAccount.viewSummary' > 2022-06-08 21:45:58,532 TRACE [http-nio-8080-exec-19] tiles.TilesResult > (TilesResult.java:142) - tilesDefinition not found yet, searching in action > 2022-06-08 21:45:58,537 WARN [http-nio-8080-exec-19] tiles.TilesResult > (TilesResult.java:154) - could not find @TilesDefinition for action: > view-summary > {noformat} > and > {noformat} > org.apache.tiles.definition.NoSuchDefinitionException: Cannot find definition > named 'app.myAccount.viewSummary' > at > org.apache.tiles.impl.mgmt.CachingTilesContainer.render(CachingTilesContainer.java:123) > at > org.apache.struts2.views.tiles.TilesResult.doExecute(TilesResult.java:158) > at > org.apache.struts2.result.StrutsResultSupport.execute(StrutsResultSupport.java:206) > at > com.opensymphony.xwork2.DefaultActionInvocation.executeResult(DefaultActionInvocation.java:363) > at > com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:280) > at > org.apache.struts2.interceptor.debugging.DebuggingInterceptor.intercept(DebuggingInterceptor.java:256) > at > com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:251) > at > com.opensymphony.xwork2.interceptor.DefaultWorkflowInterceptor.doIntercept(DefaultWorkflowInterceptor.java:179) > at > com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:99) > at > com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:251) > at > com.opensymphony.xwork2.validator.ValidationInterceptor.doIntercept(ValidationInterceptor.java:263) > at > org.apache.struts2.interceptor.validation.AnnotationValidationInterceptor.doIntercept(AnnotationValidationInterceptor.java:49) > at > com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:99) > at > com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:251) > at > org.apache.struts2.interceptor.FetchMetadataInterceptor.intercept(FetchMetadataInterceptor.java:76) > at > com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:251) > at > org.apache.struts2.interceptor.CoopInterceptor.intercept(CoopInterceptor.java:57) > at > com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:251) > at > org.apache.struts2.interceptor.CoepInterceptor.intercept(CoepInterceptor.java:56) > at > com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:251) > at > com.opensymphony.xwork2.interceptor.ConversionErrorInterceptor.doIntercept(ConversionErrorInterceptor.java:143) > at > com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:99) > at > com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:251) > at > com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:146) > at > com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:99) > at > com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:251) > at > com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:146) > at > com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:99) > at > com.opensymphony.xwor
[jira] [Resolved] (WW-5187) java.lang.NoClassDefFoundError: org/apache/struts2/views/velocity/VelocityManager
[ https://issues.apache.org/jira/browse/WW-5187?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yasser Zamani resolved WW-5187. --- Resolution: Fixed PR got merged. thanks! > java.lang.NoClassDefFoundError: > org/apache/struts2/views/velocity/VelocityManager > - > > Key: WW-5187 > URL: https://issues.apache.org/jira/browse/WW-5187 > Project: Struts 2 > Issue Type: New Feature > Components: Plugin - SiteMesh >Affects Versions: 6.0.0 >Reporter: Tobias Stadler >Assignee: Lukasz Lenart >Priority: Critical > Fix For: 6.0.1 > > Time Spent: 0.5h > Remaining Estimate: 0h > > We are getting a {{{}java.lang.NoClassDefFoundError{}}}, when using the > SiteMesh plugin. Adding the Velocity plugin to the class path fixes the > problem for us. > Here is a stacktrace: > {noformat} > java.lang.NoClassDefFoundError: > org/apache/struts2/views/velocity/VelocityManager > at java.lang.Class.getDeclaredMethods0(Native Method) > at java.lang.Class.privateGetDeclaredMethods(Class.java:2729) > at java.lang.Class.getDeclaredMethods(Class.java:2003) > at > com.opensymphony.xwork2.inject.ContainerImpl.injectStatics(ContainerImpl.java:97) > at > com.opensymphony.xwork2.inject.ContainerBuilder.create(ContainerBuilder.java:632) > at > com.opensymphony.xwork2.config.impl.DefaultConfiguration.reloadContainer(DefaultConfiguration.java:209) > at > com.opensymphony.xwork2.config.ConfigurationManager.getConfiguration(ConfigurationManager.java:65) > at > org.apache.struts2.dispatcher.Dispatcher.getContainer(Dispatcher.java:1035) > at > org.apache.struts2.dispatcher.Dispatcher.init_PreloadConfiguration(Dispatcher.java:516) > at org.apache.struts2.dispatcher.Dispatcher.init(Dispatcher.java:549) > at > org.apache.struts2.dispatcher.InitOperations.initDispatcher(InitOperations.java:44) > at > org.apache.struts2.dispatcher.filter.StrutsPrepareFilter.init(StrutsPrepareFilter.java:53) > ... > {noformat} -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Resolved] (WW-5194) UIBean.evaluateParams() throws an IllegalStateException when getting the nonce out of a session that has been invalidated.
[ https://issues.apache.org/jira/browse/WW-5194?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yasser Zamani resolved WW-5194. --- Resolution: Not A Problem > UIBean.evaluateParams() throws an IllegalStateException when getting the > nonce out of a session that has been invalidated. > -- > > Key: WW-5194 > URL: https://issues.apache.org/jira/browse/WW-5194 > Project: Struts 2 > Issue Type: Bug > Components: Core >Affects Versions: 6.0.0 >Reporter: Joseph Wolschon >Assignee: Yasser Zamani >Priority: Minor > Labels: UIBean > Fix For: 6.0.1 > > > h2. Summary > UIBean.evaluateParams() grabs the nonce out of the session without first > checking that it exists, causing an IllegalStateException to be thrown if the > session has been invalidated. This breaks our use case where we invalidate a > session, but still want to use ActionError to convey information to the user. > It doesn't appear that this change relates to removing double evaluations, so > I would consider this a regression. > h2. Triage > This was introduced when [refactoring to fix double > evaluations|https://github.com/apache/struts/commit/b2bfdc5c88a13e82d647e7ae836089a12ce001fe#diff-cfe644a2b24b492d6835fa1f38e7a770dad354b286cbe6b056a5fe7e80e669caL900]: > {noformat} > Object nonceValue = session != null ? session.get("nonce") : null; > if (nonceValue != null){ > addParameter("nonce", nonceValue.toString()); > }{noformat} > The previous previous revision first checks that the key exists before > attempting to pull it out: > {noformat} > if (session.containsKey("nonce")) { >String nonceValue = session.get("nonce").toString(); >addParameter("nonce", nonceValue); > } > {noformat} -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Commented] (WW-5194) UIBean.evaluateParams() throws an IllegalStateException when getting the nonce out of a session that has been invalidated.
[ https://issues.apache.org/jira/browse/WW-5194?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17557539#comment-17557539 ] Yasser Zamani commented on WW-5194: --- [~joseph.wolschon] yes please. See also [this book page 65|https://books.google.de/books?id=BJl_V6kTjNsC&lpg=PA64&ots=JnpUz9K3H_&dq=struts%20invalidate%20session&pg=PA65#v=onepage&q=struts%20invalidate%20session&f=false] and a few pages before :) > UIBean.evaluateParams() throws an IllegalStateException when getting the > nonce out of a session that has been invalidated. > -- > > Key: WW-5194 > URL: https://issues.apache.org/jira/browse/WW-5194 > Project: Struts 2 > Issue Type: Bug > Components: Core >Affects Versions: 6.0.0 >Reporter: Joseph Wolschon >Assignee: Yasser Zamani >Priority: Minor > Labels: UIBean > Fix For: 6.0.1 > > > h2. Summary > UIBean.evaluateParams() grabs the nonce out of the session without first > checking that it exists, causing an IllegalStateException to be thrown if the > session has been invalidated. This breaks our use case where we invalidate a > session, but still want to use ActionError to convey information to the user. > It doesn't appear that this change relates to removing double evaluations, so > I would consider this a regression. > h2. Triage > This was introduced when [refactoring to fix double > evaluations|https://github.com/apache/struts/commit/b2bfdc5c88a13e82d647e7ae836089a12ce001fe#diff-cfe644a2b24b492d6835fa1f38e7a770dad354b286cbe6b056a5fe7e80e669caL900]: > {noformat} > Object nonceValue = session != null ? session.get("nonce") : null; > if (nonceValue != null){ > addParameter("nonce", nonceValue.toString()); > }{noformat} > The previous previous revision first checks that the key exists before > attempting to pull it out: > {noformat} > if (session.containsKey("nonce")) { >String nonceValue = session.get("nonce").toString(); >addParameter("nonce", nonceValue); > } > {noformat} -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Commented] (WW-5194) UIBean.evaluateParams() throws an IllegalStateException when getting the nonce out of a session that has been invalidated.
[ https://issues.apache.org/jira/browse/WW-5194?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17557488#comment-17557488 ] Yasser Zamani commented on WW-5194: --- Hmmm... I don't think so, don't know what's happening. Because [Struts session's get|https://github.com/apache/struts/blob/master/core/src/main/java/org/apache/struts2/dispatcher/SessionMap.java#L151] and [Struts session's containsKey|https://github.com/apache/struts/blob/master/core/src/main/java/org/apache/struts2/dispatcher/SessionMap.java#L210] both similarly use HttpSession's getAttribute. So the problem shouldn't be related to containsKey I think. How do you invalidate session? Using [Struts session's invalidate|https://github.com/apache/struts/blob/master/core/src/main/java/org/apache/struts2/dispatcher/SessionMap.java#L57]? e.g. getActionContext().getSession().invalidate()? If not, could you please test with this approach? > UIBean.evaluateParams() throws an IllegalStateException when getting the > nonce out of a session that has been invalidated. > -- > > Key: WW-5194 > URL: https://issues.apache.org/jira/browse/WW-5194 > Project: Struts 2 > Issue Type: Bug > Components: Core >Affects Versions: 6.0.0 >Reporter: Joseph Wolschon >Assignee: Yasser Zamani >Priority: Minor > Labels: UIBean > Fix For: 6.0.1 > > > h2. Summary > UIBean.evaluateParams() grabs the nonce out of the session without first > checking that it exists, causing an IllegalStateException to be thrown if the > session has been invalidated. This breaks our use case where we invalidate a > session, but still want to use ActionError to convey information to the user. > It doesn't appear that this change relates to removing double evaluations, so > I would consider this a regression. > h2. Triage > This was introduced when [refactoring to fix double > evaluations|https://github.com/apache/struts/commit/b2bfdc5c88a13e82d647e7ae836089a12ce001fe#diff-cfe644a2b24b492d6835fa1f38e7a770dad354b286cbe6b056a5fe7e80e669caL900]: > {noformat} > Object nonceValue = session != null ? session.get("nonce") : null; > if (nonceValue != null){ > addParameter("nonce", nonceValue.toString()); > }{noformat} > The previous previous revision first checks that the key exists before > attempting to pull it out: > {noformat} > if (session.containsKey("nonce")) { >String nonceValue = session.get("nonce").toString(); >addParameter("nonce", nonceValue); > } > {noformat} > h2. Proposed Fix > Revert to the previous revision and first check that the session contains the > nonce before getting it from the session. -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Assigned] (WW-5194) UIBean.evaluateParams() throws an IllegalStateException when getting the nonce out of a session that has been invalidated.
[ https://issues.apache.org/jira/browse/WW-5194?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yasser Zamani reassigned WW-5194: - Assignee: Yasser Zamani > UIBean.evaluateParams() throws an IllegalStateException when getting the > nonce out of a session that has been invalidated. > -- > > Key: WW-5194 > URL: https://issues.apache.org/jira/browse/WW-5194 > Project: Struts 2 > Issue Type: Bug > Components: Core >Affects Versions: 6.0.0 >Reporter: Joseph Wolschon >Assignee: Yasser Zamani >Priority: Minor > Labels: UIBean > Fix For: 6.0.1 > > > h2. Summary > UIBean.evaluateParams() grabs the nonce out of the session without first > checking that it exists, causing an IllegalStateException to be thrown if the > session has been invalidated. This breaks our use case where we invalidate a > session, but still want to use ActionError to convey information to the user. > It doesn't appear that this change relates to removing double evaluations, so > I would consider this a regression. > h2. Triage > This was introduced when [refactoring to fix double > evaluations|https://github.com/apache/struts/commit/b2bfdc5c88a13e82d647e7ae836089a12ce001fe#diff-cfe644a2b24b492d6835fa1f38e7a770dad354b286cbe6b056a5fe7e80e669caL900]: > {noformat} > Object nonceValue = session != null ? session.get("nonce") : null; > if (nonceValue != null){ > addParameter("nonce", nonceValue.toString()); > }{noformat} > The previous previous revision first checks that the key exists before > attempting to pull it out: > {noformat} > if (session.containsKey("nonce")) { >String nonceValue = session.get("nonce").toString(); >addParameter("nonce", nonceValue); > } > {noformat} > h2. Proposed Fix > Revert to the previous revision and first check that the session contains the > nonce before getting it from the session. -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Commented] (WW-5194) UIBean.evaluateParams() throws an IllegalStateException when getting the nonce out of a session that has been invalidated.
[ https://issues.apache.org/jira/browse/WW-5194?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17556819#comment-17556819 ] Yasser Zamani commented on WW-5194: --- [~joseph.wolschon] Sorry for the inconvenience :( that's my change. However, it was an IntelliJ IDEA suggestion with an auto-fix. So do you mean that `session.get("nonce")` returns a non-null object even when it doesn't contain that key?! looks strange to me! > UIBean.evaluateParams() throws an IllegalStateException when getting the > nonce out of a session that has been invalidated. > -- > > Key: WW-5194 > URL: https://issues.apache.org/jira/browse/WW-5194 > Project: Struts 2 > Issue Type: Bug > Components: Core >Affects Versions: 6.0.0 >Reporter: Joseph Wolschon >Priority: Minor > Labels: UIBean > Fix For: 6.0.1 > > > h2. Summary > UIBean.evaluateParams() grabs the nonce out of the session without first > checking that it exists, causing an IllegalStateException to be thrown if the > session has been invalidated. This breaks our use case where we invalidate a > session, but still want to use ActionError to convey information to the user. > It doesn't appear that this change relates to removing double evaluations, so > I would consider this a regression. > h2. Triage > This was introduced when [refactoring to fix double > evaluations|https://github.com/apache/struts/commit/b2bfdc5c88a13e82d647e7ae836089a12ce001fe#diff-cfe644a2b24b492d6835fa1f38e7a770dad354b286cbe6b056a5fe7e80e669caL900]: > {noformat} > Object nonceValue = session != null ? session.get("nonce") : null; > if (nonceValue != null){ > addParameter("nonce", nonceValue.toString()); > }{noformat} > The previous previous revision first checks that the key exists before > attempting to pull it out: > {noformat} > if (session.containsKey("nonce")) { >String nonceValue = session.get("nonce").toString(); >addParameter("nonce", nonceValue); > } > {noformat} > h2. Proposed Fix > Revert to the previous revision and first check that the session contains the > nonce before getting it from the session. -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Commented] (WW-5173) Implement additional OGNL cache configuration controls
[ https://issues.apache.org/jira/browse/WW-5173?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17550892#comment-17550892 ] Yasser Zamani commented on WW-5173: --- Hi [~jchaplin], I took a look on your PR and I think that it matches documents and should work. However it's for long time ago but I remember that I also had same difficulties with CDI and I needed to debug. For example could you please evaluate {code:java} container.getInstance(ExpressionCacheFactory.class, container.getInstance(String.class, StrutsConstants.STRUTS_OGNL_EXPRESSION_CACHE_FACTORY) {code} and see if it's your plugged-in bean or no, still it's default bean? > Implement additional OGNL cache configuration controls > -- > > Key: WW-5173 > URL: https://issues.apache.org/jira/browse/WW-5173 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Affects Versions: 6.0.0 >Reporter: James Chaplin >Priority: Minor > > With Struts 2.6, there may be an opportunity to introduce some additional > OGNL cache configuration capabilities. One idea is to provide an cache size > control, and a toggle for an LRU cache mode. These configuration controls > could be applied to the expression cache and BeanInfo caches independently. > The new properties could be optional, with the framework using a standard > default cache if the properties are not provided. -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Commented] (WW-5183) HTML tag's ID attribute's value output by struts is different between struts2.5.26 and struts2.5.30.
[ https://issues.apache.org/jira/browse/WW-5183?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17545276#comment-17545276 ] Yasser Zamani commented on WW-5183: --- You're welcome and sorry for inconvenience :( However I think you basically should be able to fix it with a global 'regular expression' find&replace. With a RegEx find all selectors and then .replaceAll("[^a-zA-Z0-9_]", "_"); > HTML tag's ID attribute's value output by struts is different between > struts2.5.26 and struts2.5.30. > > > Key: WW-5183 > URL: https://issues.apache.org/jira/browse/WW-5183 > Project: Struts 2 > Issue Type: Bug >Affects Versions: 2.5.30 >Reporter: takehiro.hidaka >Assignee: Yasser Zamani >Priority: Critical > > Hi! > I love struts. > And I updated from 2.5.26 to 2.5.30 to use the latest version. > And I noticed that the content generated by HTML is different. > Specifically, the code and output are as follows. > Hello.jsp > {code:java} > <%@ page language="java" contentType="text/html; charset=UTF-8" > pageEncoding="UTF-8"%> > <%@ taglib prefix="s" uri="/struts-tags"%> > > > > > Struts2 > > > > > > > > {code} > struts2.5.26 output > {code:java} > > > > Struts2 > > > method="post"> > value of the automatically generated ID here is different. —> > > > > {code} > struts2.5.30 output > {code:java} > > > > Struts2 > > > method="post"> > value of the automatically generated ID here is different. —> > > > > {code} > Previously, the ID value was generated by inheriting the action name. > However, in 2.5.30, the hyphen is changed to an underscore and output. > My project uses the jQuery selector. Therefore, accepting this 'struts' > change would require changes to all selectors, which is very costly. > Is this the correct change? Or is it a bug? > Thank you! -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Resolved] (WW-5183) HTML tag's ID attribute's value output by struts is different between struts2.5.26 and struts2.5.30.
[ https://issues.apache.org/jira/browse/WW-5183?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yasser Zamani resolved WW-5183. --- Resolution: Not A Bug > HTML tag's ID attribute's value output by struts is different between > struts2.5.26 and struts2.5.30. > > > Key: WW-5183 > URL: https://issues.apache.org/jira/browse/WW-5183 > Project: Struts 2 > Issue Type: Bug >Affects Versions: 2.5.30 >Reporter: takehiro.hidaka >Assignee: Yasser Zamani >Priority: Critical > > Hi! > I love struts. > And I updated from 2.5.26 to 2.5.30 to use the latest version. > And I noticed that the content generated by HTML is different. > Specifically, the code and output are as follows. > Hello.jsp > {code:java} > <%@ page language="java" contentType="text/html; charset=UTF-8" > pageEncoding="UTF-8"%> > <%@ taglib prefix="s" uri="/struts-tags"%> > > > > > Struts2 > > > > > > > > {code} > struts2.5.26 output > {code:java} > > > > Struts2 > > > method="post"> > value of the automatically generated ID here is different. —> > > > > {code} > struts2.5.30 output > {code:java} > > > > Struts2 > > > method="post"> > value of the automatically generated ID here is different. —> > > > > {code} > Previously, the ID value was generated by inheriting the action name. > However, in 2.5.30, the hyphen is changed to an underscore and output. > My project uses the jQuery selector. Therefore, accepting this 'struts' > change would require changes to all selectors, which is very costly. > Is this the correct change? Or is it a bug? > Thank you! -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Commented] (WW-5183) HTML tag's ID attribute's value output by struts is different between struts2.5.26 and struts2.5.30.
[ https://issues.apache.org/jira/browse/WW-5183?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17544933#comment-17544933 ] Yasser Zamani commented on WW-5183: --- Hi [~takehiro.hidaka] , Thanks for the kind reaching out :) No it's not a bug. It's an improvement to protect user's apps against XSS when potentially, as a mistake, developer uses not trusted (validated) user input as e.g. action name etc. So an attacker could exploit XSS via posting JS scripts as e.g. action name etc. Because Struts uses 'id' a lot internally to generate required JS scripts, so an attacker could inject its own JS scripts. Please see [https://github.com/apache/struts/pull/496/files] and search for phrase 'escape'. Credits to Chris McCown [https://cwiki.apache.org/confluence/display/WW/S2-062] BTW please note that basically you shouldn't depend on Struts internal behavior :) > HTML tag's ID attribute's value output by struts is different between > struts2.5.26 and struts2.5.30. > > > Key: WW-5183 > URL: https://issues.apache.org/jira/browse/WW-5183 > Project: Struts 2 > Issue Type: Bug >Affects Versions: 2.5.30 >Reporter: takehiro.hidaka >Assignee: Yasser Zamani >Priority: Critical > > Hi! > I love struts. > And I updated from 2.5.26 to 2.5.30 to use the latest version. > And I noticed that the content generated by HTML is different. > Specifically, the code and output are as follows. > Hello.jsp > {code:java} > <%@ page language="java" contentType="text/html; charset=UTF-8" > pageEncoding="UTF-8"%> > <%@ taglib prefix="s" uri="/struts-tags"%> > > > > > Struts2 > > > > > > > > {code} > struts2.5.26 output > {code:java} > > > > Struts2 > > > method="post"> > value of the automatically generated ID here is different. —> > > > > {code} > struts2.5.30 output > {code:java} > > > > Struts2 > > > method="post"> > value of the automatically generated ID here is different. —> > > > > {code} > Previously, the ID value was generated by inheriting the action name. > However, in 2.5.30, the hyphen is changed to an underscore and output. > My project uses the jQuery selector. Therefore, accepting this 'struts' > change would require changes to all selectors, which is very costly. > Is this the correct change? Or is it a bug? > Thank you! -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Assigned] (WW-5183) HTML tag's ID attribute's value output by struts is different between struts2.5.26 and struts2.5.30.
[ https://issues.apache.org/jira/browse/WW-5183?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yasser Zamani reassigned WW-5183: - Assignee: Yasser Zamani > HTML tag's ID attribute's value output by struts is different between > struts2.5.26 and struts2.5.30. > > > Key: WW-5183 > URL: https://issues.apache.org/jira/browse/WW-5183 > Project: Struts 2 > Issue Type: Bug >Affects Versions: 2.5.30 >Reporter: takehiro.hidaka >Assignee: Yasser Zamani >Priority: Critical > > Hi! > I love struts. > And I updated from 2.5.26 to 2.5.30 to use the latest version. > And I noticed that the content generated by HTML is different. > Specifically, the code and output are as follows. > Hello.jsp > {code:java} > <%@ page language="java" contentType="text/html; charset=UTF-8" > pageEncoding="UTF-8"%> > <%@ taglib prefix="s" uri="/struts-tags"%> > > > > > Struts2 > > > > > > > > {code} > struts2.5.26 output > {code:java} > > > > Struts2 > > > method="post"> > value of the automatically generated ID here is different. —> > > > > {code} > struts2.5.30 output > {code:java} > > > > Struts2 > > > method="post"> > value of the automatically generated ID here is different. —> > > > > {code} > Previously, the ID value was generated by inheriting the action name. > However, in 2.5.30, the hyphen is changed to an underscore and output. > My project uses the jQuery selector. Therefore, accepting this 'struts' > change would require changes to all selectors, which is very costly. > Is this the correct change? Or is it a bug? > Thank you! -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Commented] (WW-5178) Freemarker Template Error when migrating Struts2-Core from 2.5.29 to 2.5.30
[ https://issues.apache.org/jira/browse/WW-5178?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17529285#comment-17529285 ] Yasser Zamani commented on WW-5178: --- [~NathanHertner] fortunately it's not a bug I think. I'm almost sure this is your checkbox tag situation: Its value attribute isn't set. So Struts uses its name attribute and evaluates it against value stack to find a boolean value (to find out if it's checked or not). But its name attribute is already an expression and is already evaluated. I've prevented it from reevaluation in Struts 2.5.30 due to security reasons. That being said it doesn't reevaluate and returns already evaluated value which is a string not a boolean, and why you get that error - previously you didn't use to get that error because Struts used to evaluate it twice which wasn't good according to security guides so I've prevented it in 2.5.30. Thanks! Nice to know that it works as expected and reveals vulnerable injection points in user apps :) > Freemarker Template Error when migrating Struts2-Core from 2.5.29 to 2.5.30 > --- > > Key: WW-5178 > URL: https://issues.apache.org/jira/browse/WW-5178 > Project: Struts 2 > Issue Type: Bug > Components: Core >Affects Versions: 2.5.30 >Reporter: Nathan Hertner >Assignee: Yasser Zamani >Priority: Major > Fix For: 2.5.31 > > > Originally, we were attempting to migrate our Struts2-Core from version > 2.5.26 to 2.5.30 to bring in the security improvements to OGNL double eval. > It was after this that we noticed a strange Freemarker error appearing that > did not previously. After doing some checks, we've isolated the exact version > that breaks for us. Struts 2.5.29 is working, but with the migration to > 2.5.30 we get the following error appearing for the checkbox.ftl template > file: > {code:java} > ERROR - 2022-04-20 13:28:32,366 [qtp1459672753-1897 ] freemarker.runtime - > Error executing FreeMarker template > FreeMarker template error: > For "&&" right-hand operand: Expected a boolean, but this has evaluated to a > string+extended_hash (String wrapped into f.e.b.StringModel): > ==> parameters.nameValue [in template "template/simple/checkbox.ftl" at line > 22, column 32] > > FTL stack trace ("~" means nesting-related): > - Failed at: #if parameters.nameValue?? && paramet... [in template > "template/simple/checkbox.ftl" at line 22, column 1] > > Java stack trace (for programmers): > > freemarker.core.NonBooleanException: [... Exception message was already > printed; see it above ...] > at freemarker.core.Expression.modelToBoolean(Expression.java:179) > at freemarker.core.Expression.evalToBoolean(Expression.java:162) > at freemarker.core.Expression.evalToBoolean(Expression.java:147) > at freemarker.core.AndExpression.evalToBoolean(AndExpression.java:36) > at freemarker.core.ConditionalBlock.accept(ConditionalBlock.java:48) > at freemarker.core.Environment.visit(Environment.java:330) > at freemarker.core.Environment.visit(Environment.java:336) > at freemarker.core.Environment.process(Environment.java:309) > at freemarker.template.Template.process(Template.java:384) > at > org.apache.struts2.components.template.FreemarkerTemplateEngine.renderTemplate(FreemarkerTemplateEngine.java:154) > at org.apache.struts2.components.UIBean.mergeTemplate(UIBean.java:580) > at org.apache.struts2.components.UIBean.end(UIBean.java:539) > at > org.apache.struts2.views.jsp.ComponentTagSupport.doEndTag(ComponentTagSupport.java:39) > at > org.apache.jsp.setup.services.service_005fparameter_jsp._jspx_meth_s_005fcheckbox_005f4(service_005fparameter_jsp.java:5843) > at > org.apache.jsp.setup.services.service_005fparameter_jsp._jspx_meth_s_005fif_005f20(service_005fparameter_jsp.java:5784) > at > org.apache.jsp.setup.services.service_005fparameter_jsp._jspx_meth_s_005felse_005f4(service_005fparameter_jsp.java:5737) > at > org.apache.jsp.setup.services.service_005fparameter_jsp._jspx_meth_s_005fif_005f18(service_005fparameter_jsp.java:5598) > at > org.apache.jsp.setup.services.service_005fparameter_jsp._jspx_meth_s_005fif_005f3(service_005fparameter_jsp.java:1115) > at > org.apache.jsp.setup.services.service_005fparameter_jsp._jspx_meth_s_005fiterator_005f0(service_005fparameter_jsp.java:930) > at > org.apache.jsp.setup.services.service_005fparameter_jsp._jspService(service_005fparameter_jsp.java:235) > at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) > at > org.apache.jasper.s
[jira] [Commented] (WW-5178) Freemarker Template Error when migrating Struts2-Core from 2.5.29 to 2.5.30
[ https://issues.apache.org/jira/browse/WW-5178?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17529224#comment-17529224 ] Yasser Zamani commented on WW-5178: --- Meanwhile I also am investigating what the problem could be. Sorry for the inconvenience. If it works in 2.5.29 and not in 2.5.30 then likely it's related to my changes. I'm wondering how however! Thanks for reporting [~NathanHertner] ! > Freemarker Template Error when migrating Struts2-Core from 2.5.29 to 2.5.30 > --- > > Key: WW-5178 > URL: https://issues.apache.org/jira/browse/WW-5178 > Project: Struts 2 > Issue Type: Bug > Components: Core >Affects Versions: 2.5.30 >Reporter: Nathan Hertner >Assignee: Yasser Zamani >Priority: Major > Fix For: 2.5.31 > > > Originally, we were attempting to migrate our Struts2-Core from version > 2.5.26 to 2.5.30 to bring in the security improvements to OGNL double eval. > It was after this that we noticed a strange Freemarker error appearing that > did not previously. After doing some checks, we've isolated the exact version > that breaks for us. Struts 2.5.29 is working, but with the migration to > 2.5.30 we get the following error appearing for the checkbox.ftl template > file: > {code:java} > ERROR - 2022-04-20 13:28:32,366 [qtp1459672753-1897 ] freemarker.runtime - > Error executing FreeMarker template > FreeMarker template error: > For "&&" right-hand operand: Expected a boolean, but this has evaluated to a > string+extended_hash (String wrapped into f.e.b.StringModel): > ==> parameters.nameValue [in template "template/simple/checkbox.ftl" at line > 22, column 32] > > FTL stack trace ("~" means nesting-related): > - Failed at: #if parameters.nameValue?? && paramet... [in template > "template/simple/checkbox.ftl" at line 22, column 1] > > Java stack trace (for programmers): > > freemarker.core.NonBooleanException: [... Exception message was already > printed; see it above ...] > at freemarker.core.Expression.modelToBoolean(Expression.java:179) > at freemarker.core.Expression.evalToBoolean(Expression.java:162) > at freemarker.core.Expression.evalToBoolean(Expression.java:147) > at freemarker.core.AndExpression.evalToBoolean(AndExpression.java:36) > at freemarker.core.ConditionalBlock.accept(ConditionalBlock.java:48) > at freemarker.core.Environment.visit(Environment.java:330) > at freemarker.core.Environment.visit(Environment.java:336) > at freemarker.core.Environment.process(Environment.java:309) > at freemarker.template.Template.process(Template.java:384) > at > org.apache.struts2.components.template.FreemarkerTemplateEngine.renderTemplate(FreemarkerTemplateEngine.java:154) > at org.apache.struts2.components.UIBean.mergeTemplate(UIBean.java:580) > at org.apache.struts2.components.UIBean.end(UIBean.java:539) > at > org.apache.struts2.views.jsp.ComponentTagSupport.doEndTag(ComponentTagSupport.java:39) > at > org.apache.jsp.setup.services.service_005fparameter_jsp._jspx_meth_s_005fcheckbox_005f4(service_005fparameter_jsp.java:5843) > at > org.apache.jsp.setup.services.service_005fparameter_jsp._jspx_meth_s_005fif_005f20(service_005fparameter_jsp.java:5784) > at > org.apache.jsp.setup.services.service_005fparameter_jsp._jspx_meth_s_005felse_005f4(service_005fparameter_jsp.java:5737) > at > org.apache.jsp.setup.services.service_005fparameter_jsp._jspx_meth_s_005fif_005f18(service_005fparameter_jsp.java:5598) > at > org.apache.jsp.setup.services.service_005fparameter_jsp._jspx_meth_s_005fif_005f3(service_005fparameter_jsp.java:1115) > at > org.apache.jsp.setup.services.service_005fparameter_jsp._jspx_meth_s_005fiterator_005f0(service_005fparameter_jsp.java:930) > at > org.apache.jsp.setup.services.service_005fparameter_jsp._jspService(service_005fparameter_jsp.java:235) > at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) > at > org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:465) > at > org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:383) > at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:331) > at > org.eclipse.jetty.jsp.JettyJspServlet.service(JettyJspServlet.java:106) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) > at > org.eclipse.jetty.servlet.ServletHolder$NotAsync.service(ServletHolder.java:1459) > at > org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:799) > at > org.
[jira] [Assigned] (WW-5178) Freemarker Template Error when migrating Struts2-Core from 2.5.29 to 2.5.30
[ https://issues.apache.org/jira/browse/WW-5178?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yasser Zamani reassigned WW-5178: - Assignee: Yasser Zamani > Freemarker Template Error when migrating Struts2-Core from 2.5.29 to 2.5.30 > --- > > Key: WW-5178 > URL: https://issues.apache.org/jira/browse/WW-5178 > Project: Struts 2 > Issue Type: Bug > Components: Core >Affects Versions: 2.5.30 >Reporter: Nathan Hertner >Assignee: Yasser Zamani >Priority: Major > Fix For: 2.5.31 > > > Originally, we were attempting to migrate our Struts2-Core from version > 2.5.26 to 2.5.30 to bring in the security improvements to OGNL double eval. > It was after this that we noticed a strange Freemarker error appearing that > did not previously. After doing some checks, we've isolated the exact version > that breaks for us. Struts 2.5.29 is working, but with the migration to > 2.5.30 we get the following error appearing for the checkbox.ftl template > file: > {code:java} > ERROR - 2022-04-20 13:28:32,366 [qtp1459672753-1897 ] freemarker.runtime - > Error executing FreeMarker template > FreeMarker template error: > For "&&" right-hand operand: Expected a boolean, but this has evaluated to a > string+extended_hash (String wrapped into f.e.b.StringModel): > ==> parameters.nameValue [in template "template/simple/checkbox.ftl" at line > 22, column 32] > > FTL stack trace ("~" means nesting-related): > - Failed at: #if parameters.nameValue?? && paramet... [in template > "template/simple/checkbox.ftl" at line 22, column 1] > > Java stack trace (for programmers): > > freemarker.core.NonBooleanException: [... Exception message was already > printed; see it above ...] > at freemarker.core.Expression.modelToBoolean(Expression.java:179) > at freemarker.core.Expression.evalToBoolean(Expression.java:162) > at freemarker.core.Expression.evalToBoolean(Expression.java:147) > at freemarker.core.AndExpression.evalToBoolean(AndExpression.java:36) > at freemarker.core.ConditionalBlock.accept(ConditionalBlock.java:48) > at freemarker.core.Environment.visit(Environment.java:330) > at freemarker.core.Environment.visit(Environment.java:336) > at freemarker.core.Environment.process(Environment.java:309) > at freemarker.template.Template.process(Template.java:384) > at > org.apache.struts2.components.template.FreemarkerTemplateEngine.renderTemplate(FreemarkerTemplateEngine.java:154) > at org.apache.struts2.components.UIBean.mergeTemplate(UIBean.java:580) > at org.apache.struts2.components.UIBean.end(UIBean.java:539) > at > org.apache.struts2.views.jsp.ComponentTagSupport.doEndTag(ComponentTagSupport.java:39) > at > org.apache.jsp.setup.services.service_005fparameter_jsp._jspx_meth_s_005fcheckbox_005f4(service_005fparameter_jsp.java:5843) > at > org.apache.jsp.setup.services.service_005fparameter_jsp._jspx_meth_s_005fif_005f20(service_005fparameter_jsp.java:5784) > at > org.apache.jsp.setup.services.service_005fparameter_jsp._jspx_meth_s_005felse_005f4(service_005fparameter_jsp.java:5737) > at > org.apache.jsp.setup.services.service_005fparameter_jsp._jspx_meth_s_005fif_005f18(service_005fparameter_jsp.java:5598) > at > org.apache.jsp.setup.services.service_005fparameter_jsp._jspx_meth_s_005fif_005f3(service_005fparameter_jsp.java:1115) > at > org.apache.jsp.setup.services.service_005fparameter_jsp._jspx_meth_s_005fiterator_005f0(service_005fparameter_jsp.java:930) > at > org.apache.jsp.setup.services.service_005fparameter_jsp._jspService(service_005fparameter_jsp.java:235) > at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) > at > org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:465) > at > org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:383) > at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:331) > at > org.eclipse.jetty.jsp.JettyJspServlet.service(JettyJspServlet.java:106) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) > at > org.eclipse.jetty.servlet.ServletHolder$NotAsync.service(ServletHolder.java:1459) > at > org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:799) > at > org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1631) > at > org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:548) > at > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:14
[jira] [Resolved] (WW-5149) labelposition and 2.5.27
[ https://issues.apache.org/jira/browse/WW-5149?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yasser Zamani resolved WW-5149. --- Assignee: Lukasz Lenart Resolution: Fixed PR got merged, thank you all [~asachs] and [~lukaszlenart]! > labelposition and 2.5.27 > > > Key: WW-5149 > URL: https://issues.apache.org/jira/browse/WW-5149 > Project: Struts 2 > Issue Type: Bug > Components: Core Tags, Plugin - Tiles >Affects Versions: 2.5.27 >Reporter: Andreas Sachs >Assignee: Lukasz Lenart >Priority: Major > Fix For: 2.5.28 > > Time Spent: 1h 20m > Remaining Estimate: 0h > > Hello, > according to WW-5132 labelposition should be deprecated. But i get an error. > > With 2.5.26: > checkbox with unknown attribute: ignored > checkbox with labelposition: ok > checkbox with labelPosition: ignored > > With 2.5.27: > checkbox with unknown attribute: ignored > checkbox with labelposition: JasperException > checkbox with labelPosition: ok > > org.apache.jasper.JasperException: (Zeile: [13], Spalte: [4]) Keine > Setter Methode für das Attribut [labelposition] gefunden. > (Setter not found) > > I'm using tiles. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Assigned] (WW-5136) Make class attribute deprecated
[ https://issues.apache.org/jira/browse/WW-5136?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yasser Zamani reassigned WW-5136: - Assignee: Lukasz Lenart > Make class attribute deprecated > --- > > Key: WW-5136 > URL: https://issues.apache.org/jira/browse/WW-5136 > Project: Struts 2 > Issue Type: Improvement > Components: Core Results >Reporter: Lukasz Lenart >Assignee: Lukasz Lenart >Priority: Minor > Fix For: 2.5.27, 2.6 > > Time Spent: 1h 20m > Remaining Estimate: 0h > > Instead using {{class}} attribute please use {{cssClass}} which is available > for a while, the {{class}} attribute will be removed in Struts > [2.6.1|https://issues.apache.org/jira/browse/WW-5137] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (WW-5130) ID param not being set
[ https://issues.apache.org/jira/browse/WW-5130?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yasser Zamani resolved WW-5130. --- Resolution: Not A Problem > ID param not being set > -- > > Key: WW-5130 > URL: https://issues.apache.org/jira/browse/WW-5130 > Project: Struts 2 > Issue Type: Bug > Components: Core Tags > Environment: Here you have a repo that reproduce this: > [https://github.com/dfliess/struts2-tagpooling-bug] >Reporter: Diego Alejandro Fliess >Priority: Major > > Id parameter is ignored when set by struts2 param tag. > > {code:xml} > > Title works > > > > Title is working but id is'nt > > {code} -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (WW-5130) ID param not being set
[ https://issues.apache.org/jira/browse/WW-5130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17353838#comment-17353838 ] Yasser Zamani commented on WW-5130: --- I think it's known and expected [1]. In your case, Struts tries to evaluate NOT_WORKING_ID against value stack and finds nothing. To avoid evaluation as Object as per [1] please try: {code:java} SHOULD_WORKING_ID {code} Please reopen if not so [1] https://struts.apache.org/tag-developers/param-tag.html > ID param not being set > -- > > Key: WW-5130 > URL: https://issues.apache.org/jira/browse/WW-5130 > Project: Struts 2 > Issue Type: Bug > Components: Core Tags > Environment: Here you have a repo that reproduce this: > [https://github.com/dfliess/struts2-tagpooling-bug] >Reporter: Diego Alejandro Fliess >Priority: Major > > Id parameter is ignored when set by struts2 param tag. > > {code:xml} > > Title works > > > > Title is working but id is'nt > > {code} -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (WW-5128) Invalid HTTP status code - 14
[ https://issues.apache.org/jira/browse/WW-5128?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17341491#comment-17341491 ] Yasser Zamani commented on WW-5128: --- Do you maybe sometimes have a Spring bean named {{*_+status+_*}} in the context? -albeit it's a stupid question but is my best guess in the first place. > Invalid HTTP status code - 14 > - > > Key: WW-5128 > URL: https://issues.apache.org/jira/browse/WW-5128 > Project: Struts 2 > Issue Type: Bug > Environment: RHEL 7.9, JBoss EAP 7.1.6, Open JDK 1.8.0.201 >Reporter: Joe Schmidt >Priority: Major > Fix For: 2.5.22 > > Attachments: http14.log > > > I have an application that is returning an HTTP status code of 14 instead of > 200 in some cases. It happens for one specific URL in the application. It > is not consistent between servers. The same ear file and even the same app > server can be copied to a different host and work correctly. > So far using Byteman I'm seeing that: > # 14 is passed to the org.apache.struts2.result.HttpHeaderResult construtor. > # When com.opensymphony.xwork2.DefaultActionInvocation.createResult() is > entered the value of DefaultActionInvocation.getResultCode() is "success", > which I beleive is correct. > Attached is a partial stack trace at that point. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (WW-5127) Response 404 when migration to Struts 2.5 in Xamarin
[ https://issues.apache.org/jira/browse/WW-5127?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17340755#comment-17340755 ] Yasser Zamani commented on WW-5127: --- Yes there're a lot of changes. Have you considered https://cwiki.apache.org/confluence/display/WW/Struts+2.3+to+2.5+migration ? > Response 404 when migration to Struts 2.5 in Xamarin > > > Key: WW-5127 > URL: https://issues.apache.org/jira/browse/WW-5127 > Project: Struts 2 > Issue Type: Bug >Affects Versions: 2.5.25, 2.5.26 > Environment: *Current version* > org.apache.struts:struts2-core:2.5.26 > org.apache.struts:struts2-jfreechart-plugin:2.5.26 > org.apache.struts:struts2-json-plugin:2.5.26 > org.apache.struts:struts2-junit-plugin:2.5.26 > org.apache.struts:struts2-tiles-plugin:2.5.26 > *Previous version* > org.apache.struts:struts2-core:2.3.34 > org.apache.struts:struts2-jfreechart-plugin:2.3.34 > org.apache.struts:struts2-json-plugin:2.3.34 > org.apache.struts:struts2-junit-plugin:2.3.34 > org.apache.struts:struts2-tiles-plugin:2.3.34 >Reporter: icecanh >Priority: Major > > I am using Struts2 as 1 server API and Xamarin as a Client. > I have the function of uploading files. > I used HTTPClient.PostAsync to request the server. > At version 2.3.34, it completes the upload and response 200. > But after migration struts from 2.3.34 to 2.5.26, I get a 404 response when > sending a request to the server API. > I think the response 404 is because it cannot map to the action. > Has there been a change in version 2.5.26 that affects the action mapping? > This problem also occurs in version 2.5.25. > Thank you for reading and if possible please help. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (WW-5126) inconsistancy between Model Driven and Model Driven Interceptor documentations
[ https://issues.apache.org/jira/browse/WW-5126?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yasser Zamani resolved WW-5126. --- Resolution: Fixed PR got merged. Thank you [~pduroux]! > inconsistancy between Model Driven and Model Driven Interceptor documentations > -- > > Key: WW-5126 > URL: https://issues.apache.org/jira/browse/WW-5126 > Project: Struts 2 > Issue Type: Improvement >Reporter: Patrice DUROUX >Assignee: Yasser Zamani >Priority: Minor > Fix For: 2.6 > > Time Spent: 2h 20m > Remaining Estimate: 0h > > Hi, > > The Model Driven documentation says: > If an action class implements the interface > {{com.opensymphony.xwork2.ModelDriven}} then it needs to return an object > from the {{getModel()}} method. Struts will then populate the fields of this > object with the request parameters, and *this object will be placed on top of > the stack once the action is executed*. Validation will also be performed on > this model object, instead of the action. Please read about > [VisitorFieldValidator > Annotation|https://github.com/apache/struts-site/blob/master/source/core-developers/visitor-field-validator-annotation.html] > which can help you validate model's fields. > where as the Model Driven Interceptor documentation says: > h2. Parameters > * {{refreshModelBeforeResult}} - *set to true if you want the model to be > refreshed on the value stack after action execution and before result > execution*. The setting is useful if you want to change the model instance > during the action execution phase, like when loading it from the data layer. > This will result in {{getModel()}} being called at least twice. > > Looking into the code shows that the default parameter value is false. > Moreover the interceptor refresh process is based on call to the {{equals}} > method and this method may have been redefined, in a JPA context for > instance. The replacement is then not systematic and may not be done. > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (WW-5125) forbidden name attribute values (size, clone...?) in using the default theme
[ https://issues.apache.org/jira/browse/WW-5125?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yasser Zamani resolved WW-5125. --- Resolution: Fixed PRs got merged. Thank you [~pduroux]! > forbidden name attribute values (size, clone...?) in using the > default theme > -- > > Key: WW-5125 > URL: https://issues.apache.org/jira/browse/WW-5125 > Project: Struts 2 > Issue Type: Bug >Affects Versions: 2.5.26 >Reporter: Patrice DUROUX >Assignee: Yasser Zamani >Priority: Minor > Fix For: 2.5.27, 2.6 > > Time Spent: 1h 40m > Remaining Estimate: 0h > > Hi, > It is easy to reproduce running an (empty) action resulting a simple JSP page > like this: > {code:java} > <%@ taglib prefix="s" uri="/struts-tags"%> > > > > > > Struts bug2 > > > > {code} > The first textfield is rendered but the second throws an exception like: > {code:java} > SEVERE: Error executing FreeMarker template > FreeMarker template error: > Getting the number of items or listing the items is not supported on this > method+sequence (wrapper: f.e.b.SimpleMethodModel) value, because this value > wraps the following Java method, not a real listable value: public > java.lang.Object java.util.HashMap.clone() > Tip: Maybe you should to call this method first and then do something with > its return value. > > Tip: obj.someMethod(i) and obj.someMethod[i] does the same for this method, > hence it's a "+sequence". > > FTL stack trace ("~" means nesting-related): > - Failed at: #list fieldErrors[parameters.name] as... [in template > "template/~~~xhtml/controlheader-core.ftl" at line 28, column 1] > - Reached through: #include "/${parameters.templateDir}/... [in > template "template/~~~xhtml/controlheader.ftl" at line 21, column 1] > - Reached through: #include "/${parameters.templateDir}/... [in > template "template/xhtml/text.ftl" at line 21, column 1] > Java stack trace (for programmers): > > freemarker.core._TemplateModelException: [... Exception message was already > printed; see it above ...] > at > freemarker.ext.beans.SimpleMethodModel.size(SimpleMethodModel.java:95) > at > freemarker.core.IteratorBlock$IterationContext.executedNestedContentForCollOrSeqListing(IteratorBlock.java:312) > at > freemarker.core.IteratorBlock$IterationContext.executeNestedContent(IteratorBlock.java:271) > at > freemarker.core.IteratorBlock$IterationContext.accept(IteratorBlock.java:244) > at freemarker.core.Environment.visitIteratorBlock(Environment.java:644) > at > freemarker.core.IteratorBlock.acceptWithResult(IteratorBlock.java:108) > at freemarker.core.IteratorBlock.accept(IteratorBlock.java:94) > at freemarker.core.Environment.visit(Environment.java:334) > at freemarker.core.Environment.visit(Environment.java:340) > at freemarker.core.Environment.visit(Environment.java:340) > at freemarker.core.Environment.visit(Environment.java:340) > at freemarker.core.Environment.include(Environment.java:2925) > at freemarker.core.Include.accept(Include.java:171) > at freemarker.core.Environment.visit(Environment.java:334) > at freemarker.core.Environment.visit(Environment.java:340) > at freemarker.core.Environment.include(Environment.java:2925) > at freemarker.core.Include.accept(Include.java:171) > at freemarker.core.Environment.visit(Environment.java:334) > at freemarker.core.Environment.visit(Environment.java:340) > at freemarker.core.Environment.process(Environment.java:313) > at freemarker.template.Template.process(Template.java:383) > at > org.apache.struts2.components.template.FreemarkerTemplateEngine.renderTemplate(FreemarkerTemplateEngine.java:149) > at org.apache.struts2.components.UIBean.mergeTemplate(UIBean.java:580) > at org.apache.struts2.components.UIBean.end(UIBean.java:536) > at > org.apache.struts2.views.jsp.ComponentTagSupport.doEndTag(ComponentTagSupport.java:39) > at > org.apache.jsp.WEB_002dINF.bug2_jsp._jspx_meth_s_005ftextfield_005f1(bug2_jsp.java:201) > at org.apache.jsp.WEB_002dINF.bug2_jsp._jspService(bug2_jsp.java:139) > at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:71) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:733) > at > org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:467) > at > org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:378) > at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:326) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:733) > at > org.apache.catalina.core.ApplicationFilterChain.internalDo
[jira] [Updated] (WW-5126) inconsistancy between Model Driven and Model Driven Interceptor documentations
[ https://issues.apache.org/jira/browse/WW-5126?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yasser Zamani updated WW-5126: -- Fix Version/s: (was: 2.5.27) > inconsistancy between Model Driven and Model Driven Interceptor documentations > -- > > Key: WW-5126 > URL: https://issues.apache.org/jira/browse/WW-5126 > Project: Struts 2 > Issue Type: Improvement >Reporter: Patrice DUROUX >Assignee: Yasser Zamani >Priority: Minor > Fix For: 2.6 > > Time Spent: 1h 40m > Remaining Estimate: 0h > > Hi, > > The Model Driven documentation says: > If an action class implements the interface > {{com.opensymphony.xwork2.ModelDriven}} then it needs to return an object > from the {{getModel()}} method. Struts will then populate the fields of this > object with the request parameters, and *this object will be placed on top of > the stack once the action is executed*. Validation will also be performed on > this model object, instead of the action. Please read about > [VisitorFieldValidator > Annotation|https://github.com/apache/struts-site/blob/master/source/core-developers/visitor-field-validator-annotation.html] > which can help you validate model's fields. > where as the Model Driven Interceptor documentation says: > h2. Parameters > * {{refreshModelBeforeResult}} - *set to true if you want the model to be > refreshed on the value stack after action execution and before result > execution*. The setting is useful if you want to change the model instance > during the action execution phase, like when loading it from the data layer. > This will result in {{getModel()}} being called at least twice. > > Looking into the code shows that the default parameter value is false. > Moreover the interceptor refresh process is based on call to the {{equals}} > method and this method may have been redefined, in a JPA context for > instance. The replacement is then not systematic and may not be done. > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (WW-5115) Reduce logging for DMI excluded parameters
[ https://issues.apache.org/jira/browse/WW-5115?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17334769#comment-17334769 ] Yasser Zamani commented on WW-5115: --- {quote}action:myEdit!save will never match the pattern, so it logs it regardless.{quote} So totally confused I am. You say that we log when it doesn't match exclude pattern. Could you please point out where? When something doesn't match exclude pattern then we should be happy and don't log anything!! {quote}When DMI is on it does not add the pattern, so it starts logging it{quote} Yes it must not add the pattern because when DMI is on we don't want exclude e.g. {{action:myEdit!save}}. So it won't match exclude pattern and we won't log anything as I described above. I don't understand you say "..., so it starts logging it". Could you please illustrate where we log a NOT MATCHED exclude pattern? > Reduce logging for DMI excluded parameters > --- > > Key: WW-5115 > URL: https://issues.apache.org/jira/browse/WW-5115 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Affects Versions: 2.5.25 >Reporter: Greg Huber >Priority: Minor > Fix For: 2.5.27, 2.6 > > Time Spent: 1h 20m > Remaining Estimate: 0h > > There are unnecessary log warning when DMI is enabled, from the > ParametersInterceptor. > WARN com.opensymphony.xwork2.interceptor.ParametersInterceptor > ParametersInterceptor:isAccepted - Parameter [action:myAction!save] didn't > match accepted pattern > [[\w+((\.\w+)|(\[\d+])|(\(\d+\))|(\['(\w|[\u4e00-\u9fa5])+'])|(\('(\w|[\u4e00-\u9fa5])+'\)))*]]! > See Accepted / Excluded patterns at > https://struts.apache.org/security/#accepted--excluded-patterns > eg the property 'action:myAction!save' should not be considered as a > bean/property parameter, as its used as part of DMI to submit the form. > Any property which matches the DMI method invocation "^(action|method):.*" > needs to be silently ignored and not logged in devMode=true. > DMI_AWARE_ACCEPTED_PATTERNS can also be dropped from > DefaultAcceptedPatternsChecker as the DMI action|method would never be a form > property. > public static final String[] DMI_AWARE_ACCEPTED_PATTERNS = { > > "\\w+([:]?\\w+)?((\\.\\w+)|(\\[\\d+])|(\\(\\d+\\))|(\\['(\\w|[\\u4e00-\\u9fa5])+'])|(\\('(\\w|[\\u4e00-\\u9fa5])+'\\)))*([!]?\\w+)?" > }; -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (WW-5115) Reduce logging for DMI excluded parameters
[ https://issues.apache.org/jira/browse/WW-5115?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17331908#comment-17331908 ] Yasser Zamani commented on WW-5115: --- {quote}otherwise it logs it in isExcluded(String){quote} It logs only when it matches exclude pattern but as far as I see, {{action:myAction!save}} shouldn't match exclude patterns, does it? Furthermore please note that in this ticket's description, you've mentioned {{Parameter [action:myAction!save] didn't match accepted pattern [[\w+((\.\w}} log which isn't related to exclude pattern at all. And it reveals that DMI isn't enabled at all there, as I said earlier. Could you please check if you see [this log here at this link|https://github.com/apache/struts/blob/8a26c0d753c3a94d9e5e774c5109f59a5e3d79d6/core/src/main/java/com/opensymphony/xwork2/security/DefaultAcceptedPatternsChecker.java#L57] emerges in your output at all in DEBUG level? > Reduce logging for DMI excluded parameters > --- > > Key: WW-5115 > URL: https://issues.apache.org/jira/browse/WW-5115 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Affects Versions: 2.5.25 >Reporter: Greg Huber >Priority: Minor > Fix For: 2.5.27, 2.6 > > Time Spent: 1h 20m > Remaining Estimate: 0h > > There are unnecessary log warning when DMI is enabled, from the > ParametersInterceptor. > WARN com.opensymphony.xwork2.interceptor.ParametersInterceptor > ParametersInterceptor:isAccepted - Parameter [action:myAction!save] didn't > match accepted pattern > [[\w+((\.\w+)|(\[\d+])|(\(\d+\))|(\['(\w|[\u4e00-\u9fa5])+'])|(\('(\w|[\u4e00-\u9fa5])+'\)))*]]! > See Accepted / Excluded patterns at > https://struts.apache.org/security/#accepted--excluded-patterns > eg the property 'action:myAction!save' should not be considered as a > bean/property parameter, as its used as part of DMI to submit the form. > Any property which matches the DMI method invocation "^(action|method):.*" > needs to be silently ignored and not logged in devMode=true. > DMI_AWARE_ACCEPTED_PATTERNS can also be dropped from > DefaultAcceptedPatternsChecker as the DMI action|method would never be a form > property. > public static final String[] DMI_AWARE_ACCEPTED_PATTERNS = { > > "\\w+([:]?\\w+)?((\\.\\w+)|(\\[\\d+])|(\\(\\d+\\))|(\\['(\\w|[\\u4e00-\\u9fa5])+'])|(\\('(\\w|[\\u4e00-\\u9fa5])+'\\)))*([!]?\\w+)?" > }; -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (WW-5125) forbidden name attribute values (size, clone...?) in using the default theme
[ https://issues.apache.org/jira/browse/WW-5125?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yasser Zamani updated WW-5125: -- Issue Type: Bug (was: Improvement) > forbidden name attribute values (size, clone...?) in using the > default theme > -- > > Key: WW-5125 > URL: https://issues.apache.org/jira/browse/WW-5125 > Project: Struts 2 > Issue Type: Bug >Affects Versions: 2.5.26 >Reporter: Patrice DUROUX >Assignee: Yasser Zamani >Priority: Minor > Fix For: 2.5.27, 2.6 > > Time Spent: 20m > Remaining Estimate: 0h > > Hi, > It is easy to reproduce running an (empty) action resulting a simple JSP page > like this: > {code:java} > <%@ taglib prefix="s" uri="/struts-tags"%> > > > > > > Struts bug2 > > > > {code} > The first textfield is rendered but the second throws an exception like: > {code:java} > SEVERE: Error executing FreeMarker template > FreeMarker template error: > Getting the number of items or listing the items is not supported on this > method+sequence (wrapper: f.e.b.SimpleMethodModel) value, because this value > wraps the following Java method, not a real listable value: public > java.lang.Object java.util.HashMap.clone() > Tip: Maybe you should to call this method first and then do something with > its return value. > > Tip: obj.someMethod(i) and obj.someMethod[i] does the same for this method, > hence it's a "+sequence". > > FTL stack trace ("~" means nesting-related): > - Failed at: #list fieldErrors[parameters.name] as... [in template > "template/~~~xhtml/controlheader-core.ftl" at line 28, column 1] > - Reached through: #include "/${parameters.templateDir}/... [in > template "template/~~~xhtml/controlheader.ftl" at line 21, column 1] > - Reached through: #include "/${parameters.templateDir}/... [in > template "template/xhtml/text.ftl" at line 21, column 1] > Java stack trace (for programmers): > > freemarker.core._TemplateModelException: [... Exception message was already > printed; see it above ...] > at > freemarker.ext.beans.SimpleMethodModel.size(SimpleMethodModel.java:95) > at > freemarker.core.IteratorBlock$IterationContext.executedNestedContentForCollOrSeqListing(IteratorBlock.java:312) > at > freemarker.core.IteratorBlock$IterationContext.executeNestedContent(IteratorBlock.java:271) > at > freemarker.core.IteratorBlock$IterationContext.accept(IteratorBlock.java:244) > at freemarker.core.Environment.visitIteratorBlock(Environment.java:644) > at > freemarker.core.IteratorBlock.acceptWithResult(IteratorBlock.java:108) > at freemarker.core.IteratorBlock.accept(IteratorBlock.java:94) > at freemarker.core.Environment.visit(Environment.java:334) > at freemarker.core.Environment.visit(Environment.java:340) > at freemarker.core.Environment.visit(Environment.java:340) > at freemarker.core.Environment.visit(Environment.java:340) > at freemarker.core.Environment.include(Environment.java:2925) > at freemarker.core.Include.accept(Include.java:171) > at freemarker.core.Environment.visit(Environment.java:334) > at freemarker.core.Environment.visit(Environment.java:340) > at freemarker.core.Environment.include(Environment.java:2925) > at freemarker.core.Include.accept(Include.java:171) > at freemarker.core.Environment.visit(Environment.java:334) > at freemarker.core.Environment.visit(Environment.java:340) > at freemarker.core.Environment.process(Environment.java:313) > at freemarker.template.Template.process(Template.java:383) > at > org.apache.struts2.components.template.FreemarkerTemplateEngine.renderTemplate(FreemarkerTemplateEngine.java:149) > at org.apache.struts2.components.UIBean.mergeTemplate(UIBean.java:580) > at org.apache.struts2.components.UIBean.end(UIBean.java:536) > at > org.apache.struts2.views.jsp.ComponentTagSupport.doEndTag(ComponentTagSupport.java:39) > at > org.apache.jsp.WEB_002dINF.bug2_jsp._jspx_meth_s_005ftextfield_005f1(bug2_jsp.java:201) > at org.apache.jsp.WEB_002dINF.bug2_jsp._jspService(bug2_jsp.java:139) > at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:71) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:733) > at > org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:467) > at > org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:378) > at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:326) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:733) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterCh
[jira] [Assigned] (WW-5126) inconsistancy between Model Driven and Model Driven Interceptor documentations
[ https://issues.apache.org/jira/browse/WW-5126?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yasser Zamani reassigned WW-5126: - Assignee: Yasser Zamani > inconsistancy between Model Driven and Model Driven Interceptor documentations > -- > > Key: WW-5126 > URL: https://issues.apache.org/jira/browse/WW-5126 > Project: Struts 2 > Issue Type: Improvement >Reporter: Patrice DUROUX >Assignee: Yasser Zamani >Priority: Minor > Fix For: 2.5.27, 2.6 > > > Hi, > > The Model Driven documentation says: > If an action class implements the interface > {{com.opensymphony.xwork2.ModelDriven}} then it needs to return an object > from the {{getModel()}} method. Struts will then populate the fields of this > object with the request parameters, and *this object will be placed on top of > the stack once the action is executed*. Validation will also be performed on > this model object, instead of the action. Please read about > [VisitorFieldValidator > Annotation|https://github.com/apache/struts-site/blob/master/source/core-developers/visitor-field-validator-annotation.html] > which can help you validate model's fields. > where as the Model Driven Interceptor documentation says: > h2. Parameters > * {{refreshModelBeforeResult}} - *set to true if you want the model to be > refreshed on the value stack after action execution and before result > execution*. The setting is useful if you want to change the model instance > during the action execution phase, like when loading it from the data layer. > This will result in {{getModel()}} being called at least twice. > > Looking into the code shows that the default parameter value is false. > Moreover the interceptor refresh process is based on call to the {{equals}} > method and this method may have been redefined, in a JPA context for > instance. The replacement is then not systematic and may not be done. > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (WW-5115) Reduce logging for DMI excluded parameters
[ https://issues.apache.org/jira/browse/WW-5115?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17331505#comment-17331505 ] Yasser Zamani commented on WW-5115: --- Sorry don't get it. As far as I see when DMI is enabled then it should accept {{action:myAction!save}} as per [DefaultAcceptedPatternsChecker.java#L57|https://github.com/apache/struts/blob/8a26c0d753c3a94d9e5e774c5109f59a5e3d79d6/core/src/main/java/com/opensymphony/xwork2/security/DefaultAcceptedPatternsChecker.java#L57] and consequently shouldn't log anything, or am I missing something? Or do you mean that the pattern is wrong that don't accept {{*action:myAction!save}}? If so then it's an another issue I think. > Reduce logging for DMI excluded parameters > --- > > Key: WW-5115 > URL: https://issues.apache.org/jira/browse/WW-5115 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Affects Versions: 2.5.25 >Reporter: Greg Huber >Priority: Minor > Fix For: 2.5.27, 2.6 > > Time Spent: 1h 20m > Remaining Estimate: 0h > > There are unnecessary log warning when DMI is enabled, from the > ParametersInterceptor. > WARN com.opensymphony.xwork2.interceptor.ParametersInterceptor > ParametersInterceptor:isAccepted - Parameter [action:myAction!save] didn't > match accepted pattern > [[\w+((\.\w+)|(\[\d+])|(\(\d+\))|(\['(\w|[\u4e00-\u9fa5])+'])|(\('(\w|[\u4e00-\u9fa5])+'\)))*]]! > See Accepted / Excluded patterns at > https://struts.apache.org/security/#accepted--excluded-patterns > eg the property 'action:myAction!save' should not be considered as a > bean/property parameter, as its used as part of DMI to submit the form. > Any property which matches the DMI method invocation "^(action|method):.*" > needs to be silently ignored and not logged in devMode=true. > DMI_AWARE_ACCEPTED_PATTERNS can also be dropped from > DefaultAcceptedPatternsChecker as the DMI action|method would never be a form > property. > public static final String[] DMI_AWARE_ACCEPTED_PATTERNS = { > > "\\w+([:]?\\w+)?((\\.\\w+)|(\\[\\d+])|(\\(\\d+\\))|(\\['(\\w|[\\u4e00-\\u9fa5])+'])|(\\('(\\w|[\\u4e00-\\u9fa5])+'\\)))*([!]?\\w+)?" > }; -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (WW-5125) forbidden name attribute values (size, clone...?) in using the default theme
[ https://issues.apache.org/jira/browse/WW-5125?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yasser Zamani updated WW-5125: -- Fix Version/s: 2.5.27 > forbidden name attribute values (size, clone...?) in using the > default theme > -- > > Key: WW-5125 > URL: https://issues.apache.org/jira/browse/WW-5125 > Project: Struts 2 > Issue Type: Improvement >Affects Versions: 2.5.26 >Reporter: Patrice DUROUX >Assignee: Yasser Zamani >Priority: Minor > Fix For: 2.5.27, 2.6 > > Time Spent: 10m > Remaining Estimate: 0h > > Hi, > It is easy to reproduce running an (empty) action resulting a simple JSP page > like this: > {code:java} > <%@ taglib prefix="s" uri="/struts-tags"%> > > > > > > Struts bug2 > > > > {code} > The first textfield is rendered but the second throws an exception like: > {code:java} > SEVERE: Error executing FreeMarker template > FreeMarker template error: > Getting the number of items or listing the items is not supported on this > method+sequence (wrapper: f.e.b.SimpleMethodModel) value, because this value > wraps the following Java method, not a real listable value: public > java.lang.Object java.util.HashMap.clone() > Tip: Maybe you should to call this method first and then do something with > its return value. > > Tip: obj.someMethod(i) and obj.someMethod[i] does the same for this method, > hence it's a "+sequence". > > FTL stack trace ("~" means nesting-related): > - Failed at: #list fieldErrors[parameters.name] as... [in template > "template/~~~xhtml/controlheader-core.ftl" at line 28, column 1] > - Reached through: #include "/${parameters.templateDir}/... [in > template "template/~~~xhtml/controlheader.ftl" at line 21, column 1] > - Reached through: #include "/${parameters.templateDir}/... [in > template "template/xhtml/text.ftl" at line 21, column 1] > Java stack trace (for programmers): > > freemarker.core._TemplateModelException: [... Exception message was already > printed; see it above ...] > at > freemarker.ext.beans.SimpleMethodModel.size(SimpleMethodModel.java:95) > at > freemarker.core.IteratorBlock$IterationContext.executedNestedContentForCollOrSeqListing(IteratorBlock.java:312) > at > freemarker.core.IteratorBlock$IterationContext.executeNestedContent(IteratorBlock.java:271) > at > freemarker.core.IteratorBlock$IterationContext.accept(IteratorBlock.java:244) > at freemarker.core.Environment.visitIteratorBlock(Environment.java:644) > at > freemarker.core.IteratorBlock.acceptWithResult(IteratorBlock.java:108) > at freemarker.core.IteratorBlock.accept(IteratorBlock.java:94) > at freemarker.core.Environment.visit(Environment.java:334) > at freemarker.core.Environment.visit(Environment.java:340) > at freemarker.core.Environment.visit(Environment.java:340) > at freemarker.core.Environment.visit(Environment.java:340) > at freemarker.core.Environment.include(Environment.java:2925) > at freemarker.core.Include.accept(Include.java:171) > at freemarker.core.Environment.visit(Environment.java:334) > at freemarker.core.Environment.visit(Environment.java:340) > at freemarker.core.Environment.include(Environment.java:2925) > at freemarker.core.Include.accept(Include.java:171) > at freemarker.core.Environment.visit(Environment.java:334) > at freemarker.core.Environment.visit(Environment.java:340) > at freemarker.core.Environment.process(Environment.java:313) > at freemarker.template.Template.process(Template.java:383) > at > org.apache.struts2.components.template.FreemarkerTemplateEngine.renderTemplate(FreemarkerTemplateEngine.java:149) > at org.apache.struts2.components.UIBean.mergeTemplate(UIBean.java:580) > at org.apache.struts2.components.UIBean.end(UIBean.java:536) > at > org.apache.struts2.views.jsp.ComponentTagSupport.doEndTag(ComponentTagSupport.java:39) > at > org.apache.jsp.WEB_002dINF.bug2_jsp._jspx_meth_s_005ftextfield_005f1(bug2_jsp.java:201) > at org.apache.jsp.WEB_002dINF.bug2_jsp._jspService(bug2_jsp.java:139) > at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:71) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:733) > at > org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:467) > at > org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:378) > at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:326) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:733) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.ja
[jira] [Assigned] (WW-5125) forbidden name attribute values (size, clone...?) in using the default theme
[ https://issues.apache.org/jira/browse/WW-5125?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yasser Zamani reassigned WW-5125: - Assignee: Yasser Zamani > forbidden name attribute values (size, clone...?) in using the > default theme > -- > > Key: WW-5125 > URL: https://issues.apache.org/jira/browse/WW-5125 > Project: Struts 2 > Issue Type: Improvement >Affects Versions: 2.5.26 >Reporter: Patrice DUROUX >Assignee: Yasser Zamani >Priority: Minor > Fix For: 2.6 > > > Hi, > It is easy to reproduce running an (empty) action resulting a simple JSP page > like this: > {code:java} > <%@ taglib prefix="s" uri="/struts-tags"%> > > > > > > Struts bug2 > > > > {code} > The first textfield is rendered but the second throws an exception like: > {code:java} > SEVERE: Error executing FreeMarker template > FreeMarker template error: > Getting the number of items or listing the items is not supported on this > method+sequence (wrapper: f.e.b.SimpleMethodModel) value, because this value > wraps the following Java method, not a real listable value: public > java.lang.Object java.util.HashMap.clone() > Tip: Maybe you should to call this method first and then do something with > its return value. > > Tip: obj.someMethod(i) and obj.someMethod[i] does the same for this method, > hence it's a "+sequence". > > FTL stack trace ("~" means nesting-related): > - Failed at: #list fieldErrors[parameters.name] as... [in template > "template/~~~xhtml/controlheader-core.ftl" at line 28, column 1] > - Reached through: #include "/${parameters.templateDir}/... [in > template "template/~~~xhtml/controlheader.ftl" at line 21, column 1] > - Reached through: #include "/${parameters.templateDir}/... [in > template "template/xhtml/text.ftl" at line 21, column 1] > Java stack trace (for programmers): > > freemarker.core._TemplateModelException: [... Exception message was already > printed; see it above ...] > at > freemarker.ext.beans.SimpleMethodModel.size(SimpleMethodModel.java:95) > at > freemarker.core.IteratorBlock$IterationContext.executedNestedContentForCollOrSeqListing(IteratorBlock.java:312) > at > freemarker.core.IteratorBlock$IterationContext.executeNestedContent(IteratorBlock.java:271) > at > freemarker.core.IteratorBlock$IterationContext.accept(IteratorBlock.java:244) > at freemarker.core.Environment.visitIteratorBlock(Environment.java:644) > at > freemarker.core.IteratorBlock.acceptWithResult(IteratorBlock.java:108) > at freemarker.core.IteratorBlock.accept(IteratorBlock.java:94) > at freemarker.core.Environment.visit(Environment.java:334) > at freemarker.core.Environment.visit(Environment.java:340) > at freemarker.core.Environment.visit(Environment.java:340) > at freemarker.core.Environment.visit(Environment.java:340) > at freemarker.core.Environment.include(Environment.java:2925) > at freemarker.core.Include.accept(Include.java:171) > at freemarker.core.Environment.visit(Environment.java:334) > at freemarker.core.Environment.visit(Environment.java:340) > at freemarker.core.Environment.include(Environment.java:2925) > at freemarker.core.Include.accept(Include.java:171) > at freemarker.core.Environment.visit(Environment.java:334) > at freemarker.core.Environment.visit(Environment.java:340) > at freemarker.core.Environment.process(Environment.java:313) > at freemarker.template.Template.process(Template.java:383) > at > org.apache.struts2.components.template.FreemarkerTemplateEngine.renderTemplate(FreemarkerTemplateEngine.java:149) > at org.apache.struts2.components.UIBean.mergeTemplate(UIBean.java:580) > at org.apache.struts2.components.UIBean.end(UIBean.java:536) > at > org.apache.struts2.views.jsp.ComponentTagSupport.doEndTag(ComponentTagSupport.java:39) > at > org.apache.jsp.WEB_002dINF.bug2_jsp._jspx_meth_s_005ftextfield_005f1(bug2_jsp.java:201) > at org.apache.jsp.WEB_002dINF.bug2_jsp._jspService(bug2_jsp.java:139) > at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:71) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:733) > at > org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:467) > at > org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:378) > at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:326) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:733) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227) > at > org.apache.catalina.core.Appli
[jira] [Updated] (WW-5125) forbidden name attribute values (size, clone...?) in using the default theme
[ https://issues.apache.org/jira/browse/WW-5125?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yasser Zamani updated WW-5125: -- Priority: Minor (was: Major) > forbidden name attribute values (size, clone...?) in using the > default theme > -- > > Key: WW-5125 > URL: https://issues.apache.org/jira/browse/WW-5125 > Project: Struts 2 > Issue Type: Improvement >Affects Versions: 2.5.26 >Reporter: Patrice DUROUX >Priority: Minor > Fix For: 2.6 > > > Hi, > It is easy to reproduce running an (empty) action resulting a simple JSP page > like this: > {code:java} > <%@ taglib prefix="s" uri="/struts-tags"%> > > > > > > Struts bug2 > > > > {code} > The first textfield is rendered but the second throws an exception like: > {code:java} > SEVERE: Error executing FreeMarker template > FreeMarker template error: > Getting the number of items or listing the items is not supported on this > method+sequence (wrapper: f.e.b.SimpleMethodModel) value, because this value > wraps the following Java method, not a real listable value: public > java.lang.Object java.util.HashMap.clone() > Tip: Maybe you should to call this method first and then do something with > its return value. > > Tip: obj.someMethod(i) and obj.someMethod[i] does the same for this method, > hence it's a "+sequence". > > FTL stack trace ("~" means nesting-related): > - Failed at: #list fieldErrors[parameters.name] as... [in template > "template/~~~xhtml/controlheader-core.ftl" at line 28, column 1] > - Reached through: #include "/${parameters.templateDir}/... [in > template "template/~~~xhtml/controlheader.ftl" at line 21, column 1] > - Reached through: #include "/${parameters.templateDir}/... [in > template "template/xhtml/text.ftl" at line 21, column 1] > Java stack trace (for programmers): > > freemarker.core._TemplateModelException: [... Exception message was already > printed; see it above ...] > at > freemarker.ext.beans.SimpleMethodModel.size(SimpleMethodModel.java:95) > at > freemarker.core.IteratorBlock$IterationContext.executedNestedContentForCollOrSeqListing(IteratorBlock.java:312) > at > freemarker.core.IteratorBlock$IterationContext.executeNestedContent(IteratorBlock.java:271) > at > freemarker.core.IteratorBlock$IterationContext.accept(IteratorBlock.java:244) > at freemarker.core.Environment.visitIteratorBlock(Environment.java:644) > at > freemarker.core.IteratorBlock.acceptWithResult(IteratorBlock.java:108) > at freemarker.core.IteratorBlock.accept(IteratorBlock.java:94) > at freemarker.core.Environment.visit(Environment.java:334) > at freemarker.core.Environment.visit(Environment.java:340) > at freemarker.core.Environment.visit(Environment.java:340) > at freemarker.core.Environment.visit(Environment.java:340) > at freemarker.core.Environment.include(Environment.java:2925) > at freemarker.core.Include.accept(Include.java:171) > at freemarker.core.Environment.visit(Environment.java:334) > at freemarker.core.Environment.visit(Environment.java:340) > at freemarker.core.Environment.include(Environment.java:2925) > at freemarker.core.Include.accept(Include.java:171) > at freemarker.core.Environment.visit(Environment.java:334) > at freemarker.core.Environment.visit(Environment.java:340) > at freemarker.core.Environment.process(Environment.java:313) > at freemarker.template.Template.process(Template.java:383) > at > org.apache.struts2.components.template.FreemarkerTemplateEngine.renderTemplate(FreemarkerTemplateEngine.java:149) > at org.apache.struts2.components.UIBean.mergeTemplate(UIBean.java:580) > at org.apache.struts2.components.UIBean.end(UIBean.java:536) > at > org.apache.struts2.views.jsp.ComponentTagSupport.doEndTag(ComponentTagSupport.java:39) > at > org.apache.jsp.WEB_002dINF.bug2_jsp._jspx_meth_s_005ftextfield_005f1(bug2_jsp.java:201) > at org.apache.jsp.WEB_002dINF.bug2_jsp._jspService(bug2_jsp.java:139) > at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:71) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:733) > at > org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:467) > at > org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:378) > at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:326) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:733) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(Application
[jira] [Updated] (WW-5125) forbidden name attribute values (size, clone...?) in using the default theme
[ https://issues.apache.org/jira/browse/WW-5125?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yasser Zamani updated WW-5125: -- Issue Type: Improvement (was: Bug) > forbidden name attribute values (size, clone...?) in using the > default theme > -- > > Key: WW-5125 > URL: https://issues.apache.org/jira/browse/WW-5125 > Project: Struts 2 > Issue Type: Improvement >Affects Versions: 2.5.26 >Reporter: Patrice DUROUX >Priority: Major > Fix For: 2.6 > > > Hi, > It is easy to reproduce running an (empty) action resulting a simple JSP page > like this: > {code:java} > <%@ taglib prefix="s" uri="/struts-tags"%> > > > > > > Struts bug2 > > > > {code} > The first textfield is rendered but the second throws an exception like: > {code:java} > SEVERE: Error executing FreeMarker template > FreeMarker template error: > Getting the number of items or listing the items is not supported on this > method+sequence (wrapper: f.e.b.SimpleMethodModel) value, because this value > wraps the following Java method, not a real listable value: public > java.lang.Object java.util.HashMap.clone() > Tip: Maybe you should to call this method first and then do something with > its return value. > > Tip: obj.someMethod(i) and obj.someMethod[i] does the same for this method, > hence it's a "+sequence". > > FTL stack trace ("~" means nesting-related): > - Failed at: #list fieldErrors[parameters.name] as... [in template > "template/~~~xhtml/controlheader-core.ftl" at line 28, column 1] > - Reached through: #include "/${parameters.templateDir}/... [in > template "template/~~~xhtml/controlheader.ftl" at line 21, column 1] > - Reached through: #include "/${parameters.templateDir}/... [in > template "template/xhtml/text.ftl" at line 21, column 1] > Java stack trace (for programmers): > > freemarker.core._TemplateModelException: [... Exception message was already > printed; see it above ...] > at > freemarker.ext.beans.SimpleMethodModel.size(SimpleMethodModel.java:95) > at > freemarker.core.IteratorBlock$IterationContext.executedNestedContentForCollOrSeqListing(IteratorBlock.java:312) > at > freemarker.core.IteratorBlock$IterationContext.executeNestedContent(IteratorBlock.java:271) > at > freemarker.core.IteratorBlock$IterationContext.accept(IteratorBlock.java:244) > at freemarker.core.Environment.visitIteratorBlock(Environment.java:644) > at > freemarker.core.IteratorBlock.acceptWithResult(IteratorBlock.java:108) > at freemarker.core.IteratorBlock.accept(IteratorBlock.java:94) > at freemarker.core.Environment.visit(Environment.java:334) > at freemarker.core.Environment.visit(Environment.java:340) > at freemarker.core.Environment.visit(Environment.java:340) > at freemarker.core.Environment.visit(Environment.java:340) > at freemarker.core.Environment.include(Environment.java:2925) > at freemarker.core.Include.accept(Include.java:171) > at freemarker.core.Environment.visit(Environment.java:334) > at freemarker.core.Environment.visit(Environment.java:340) > at freemarker.core.Environment.include(Environment.java:2925) > at freemarker.core.Include.accept(Include.java:171) > at freemarker.core.Environment.visit(Environment.java:334) > at freemarker.core.Environment.visit(Environment.java:340) > at freemarker.core.Environment.process(Environment.java:313) > at freemarker.template.Template.process(Template.java:383) > at > org.apache.struts2.components.template.FreemarkerTemplateEngine.renderTemplate(FreemarkerTemplateEngine.java:149) > at org.apache.struts2.components.UIBean.mergeTemplate(UIBean.java:580) > at org.apache.struts2.components.UIBean.end(UIBean.java:536) > at > org.apache.struts2.views.jsp.ComponentTagSupport.doEndTag(ComponentTagSupport.java:39) > at > org.apache.jsp.WEB_002dINF.bug2_jsp._jspx_meth_s_005ftextfield_005f1(bug2_jsp.java:201) > at org.apache.jsp.WEB_002dINF.bug2_jsp._jspService(bug2_jsp.java:139) > at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:71) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:733) > at > org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:467) > at > org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:378) > at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:326) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:733) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(Appli
[jira] [Commented] (WW-5125) forbidden name attribute values (size, clone...?) in using the default theme
[ https://issues.apache.org/jira/browse/WW-5125?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17330470#comment-17330470 ] Yasser Zamani commented on WW-5125: --- I quickly checked extending {{DefaultObjectWrapper}} instead of {{BeansWrapper}} but many tests start to fail so obviously any fix isn't backward compatible. So I removed {{2.5.27}} fix version, fine? > forbidden name attribute values (size, clone...?) in using the > default theme > -- > > Key: WW-5125 > URL: https://issues.apache.org/jira/browse/WW-5125 > Project: Struts 2 > Issue Type: Bug >Affects Versions: 2.5.26 >Reporter: Patrice DUROUX >Priority: Major > Fix For: 2.6 > > > Hi, > It is easy to reproduce running an (empty) action resulting a simple JSP page > like this: > {code:java} > <%@ taglib prefix="s" uri="/struts-tags"%> > > > > > > Struts bug2 > > > > {code} > The first textfield is rendered but the second throws an exception like: > {code:java} > SEVERE: Error executing FreeMarker template > FreeMarker template error: > Getting the number of items or listing the items is not supported on this > method+sequence (wrapper: f.e.b.SimpleMethodModel) value, because this value > wraps the following Java method, not a real listable value: public > java.lang.Object java.util.HashMap.clone() > Tip: Maybe you should to call this method first and then do something with > its return value. > > Tip: obj.someMethod(i) and obj.someMethod[i] does the same for this method, > hence it's a "+sequence". > > FTL stack trace ("~" means nesting-related): > - Failed at: #list fieldErrors[parameters.name] as... [in template > "template/~~~xhtml/controlheader-core.ftl" at line 28, column 1] > - Reached through: #include "/${parameters.templateDir}/... [in > template "template/~~~xhtml/controlheader.ftl" at line 21, column 1] > - Reached through: #include "/${parameters.templateDir}/... [in > template "template/xhtml/text.ftl" at line 21, column 1] > Java stack trace (for programmers): > > freemarker.core._TemplateModelException: [... Exception message was already > printed; see it above ...] > at > freemarker.ext.beans.SimpleMethodModel.size(SimpleMethodModel.java:95) > at > freemarker.core.IteratorBlock$IterationContext.executedNestedContentForCollOrSeqListing(IteratorBlock.java:312) > at > freemarker.core.IteratorBlock$IterationContext.executeNestedContent(IteratorBlock.java:271) > at > freemarker.core.IteratorBlock$IterationContext.accept(IteratorBlock.java:244) > at freemarker.core.Environment.visitIteratorBlock(Environment.java:644) > at > freemarker.core.IteratorBlock.acceptWithResult(IteratorBlock.java:108) > at freemarker.core.IteratorBlock.accept(IteratorBlock.java:94) > at freemarker.core.Environment.visit(Environment.java:334) > at freemarker.core.Environment.visit(Environment.java:340) > at freemarker.core.Environment.visit(Environment.java:340) > at freemarker.core.Environment.visit(Environment.java:340) > at freemarker.core.Environment.include(Environment.java:2925) > at freemarker.core.Include.accept(Include.java:171) > at freemarker.core.Environment.visit(Environment.java:334) > at freemarker.core.Environment.visit(Environment.java:340) > at freemarker.core.Environment.include(Environment.java:2925) > at freemarker.core.Include.accept(Include.java:171) > at freemarker.core.Environment.visit(Environment.java:334) > at freemarker.core.Environment.visit(Environment.java:340) > at freemarker.core.Environment.process(Environment.java:313) > at freemarker.template.Template.process(Template.java:383) > at > org.apache.struts2.components.template.FreemarkerTemplateEngine.renderTemplate(FreemarkerTemplateEngine.java:149) > at org.apache.struts2.components.UIBean.mergeTemplate(UIBean.java:580) > at org.apache.struts2.components.UIBean.end(UIBean.java:536) > at > org.apache.struts2.views.jsp.ComponentTagSupport.doEndTag(ComponentTagSupport.java:39) > at > org.apache.jsp.WEB_002dINF.bug2_jsp._jspx_meth_s_005ftextfield_005f1(bug2_jsp.java:201) > at org.apache.jsp.WEB_002dINF.bug2_jsp._jspService(bug2_jsp.java:139) > at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:71) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:733) > at > org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:467) > at > org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:378) > at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:326) > at javax.servlet.http.HttpServlet.serv
[jira] [Updated] (WW-5125) forbidden name attribute values (size, clone...?) in using the default theme
[ https://issues.apache.org/jira/browse/WW-5125?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yasser Zamani updated WW-5125: -- Fix Version/s: (was: 2.5.27) > forbidden name attribute values (size, clone...?) in using the > default theme > -- > > Key: WW-5125 > URL: https://issues.apache.org/jira/browse/WW-5125 > Project: Struts 2 > Issue Type: Bug >Affects Versions: 2.5.26 >Reporter: Patrice DUROUX >Priority: Major > Fix For: 2.6 > > > Hi, > It is easy to reproduce running an (empty) action resulting a simple JSP page > like this: > {code:java} > <%@ taglib prefix="s" uri="/struts-tags"%> > > > > > > Struts bug2 > > > > {code} > The first textfield is rendered but the second throws an exception like: > {code:java} > SEVERE: Error executing FreeMarker template > FreeMarker template error: > Getting the number of items or listing the items is not supported on this > method+sequence (wrapper: f.e.b.SimpleMethodModel) value, because this value > wraps the following Java method, not a real listable value: public > java.lang.Object java.util.HashMap.clone() > Tip: Maybe you should to call this method first and then do something with > its return value. > > Tip: obj.someMethod(i) and obj.someMethod[i] does the same for this method, > hence it's a "+sequence". > > FTL stack trace ("~" means nesting-related): > - Failed at: #list fieldErrors[parameters.name] as... [in template > "template/~~~xhtml/controlheader-core.ftl" at line 28, column 1] > - Reached through: #include "/${parameters.templateDir}/... [in > template "template/~~~xhtml/controlheader.ftl" at line 21, column 1] > - Reached through: #include "/${parameters.templateDir}/... [in > template "template/xhtml/text.ftl" at line 21, column 1] > Java stack trace (for programmers): > > freemarker.core._TemplateModelException: [... Exception message was already > printed; see it above ...] > at > freemarker.ext.beans.SimpleMethodModel.size(SimpleMethodModel.java:95) > at > freemarker.core.IteratorBlock$IterationContext.executedNestedContentForCollOrSeqListing(IteratorBlock.java:312) > at > freemarker.core.IteratorBlock$IterationContext.executeNestedContent(IteratorBlock.java:271) > at > freemarker.core.IteratorBlock$IterationContext.accept(IteratorBlock.java:244) > at freemarker.core.Environment.visitIteratorBlock(Environment.java:644) > at > freemarker.core.IteratorBlock.acceptWithResult(IteratorBlock.java:108) > at freemarker.core.IteratorBlock.accept(IteratorBlock.java:94) > at freemarker.core.Environment.visit(Environment.java:334) > at freemarker.core.Environment.visit(Environment.java:340) > at freemarker.core.Environment.visit(Environment.java:340) > at freemarker.core.Environment.visit(Environment.java:340) > at freemarker.core.Environment.include(Environment.java:2925) > at freemarker.core.Include.accept(Include.java:171) > at freemarker.core.Environment.visit(Environment.java:334) > at freemarker.core.Environment.visit(Environment.java:340) > at freemarker.core.Environment.include(Environment.java:2925) > at freemarker.core.Include.accept(Include.java:171) > at freemarker.core.Environment.visit(Environment.java:334) > at freemarker.core.Environment.visit(Environment.java:340) > at freemarker.core.Environment.process(Environment.java:313) > at freemarker.template.Template.process(Template.java:383) > at > org.apache.struts2.components.template.FreemarkerTemplateEngine.renderTemplate(FreemarkerTemplateEngine.java:149) > at org.apache.struts2.components.UIBean.mergeTemplate(UIBean.java:580) > at org.apache.struts2.components.UIBean.end(UIBean.java:536) > at > org.apache.struts2.views.jsp.ComponentTagSupport.doEndTag(ComponentTagSupport.java:39) > at > org.apache.jsp.WEB_002dINF.bug2_jsp._jspx_meth_s_005ftextfield_005f1(bug2_jsp.java:201) > at org.apache.jsp.WEB_002dINF.bug2_jsp._jspService(bug2_jsp.java:139) > at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:71) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:733) > at > org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:467) > at > org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:378) > at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:326) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:733) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilte
[jira] [Comment Edited] (WW-5115) Reduce logging for DMI excluded parameters
[ https://issues.apache.org/jira/browse/WW-5115?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17330352#comment-17330352 ] Yasser Zamani edited comment on WW-5115 at 4/23/21, 9:56 AM: - I think your DMI isn't enabled at all because I see that {{DefaultAcceptedPatternsChecker}} {{setAcceptedPatterns(DMI_AWARE_ACCEPTED_PATTERNS)}} when DMI is enabled but in same time I see that in this ticket description, the logged accepted pattern isn't {{DMI_AWARE_ACCEPTED_PATTERNS}}. It is {{ACCEPTED_PATTERNS}} which starts with {{\w+((\.}}, provided {{DMI_AWARE_ACCEPTED_PATTERNS}} starts with {{\w+([:]}}. Otherwise (if it's enabled really) it should work as per tested [testDmiIsEnabled|https://github.com/apache/struts/blob/09f969a9bebe31370df64702a61420f14ead6271/core/src/test/java/com/opensymphony/xwork2/security/DefaultAcceptedPatternsCheckerTest.java#L205]. was (Author: yasser.zamani): I think your DMI isn't enabled at all because I see that {{DefaultAcceptedPatternsChecker}} {{setAcceptedPatterns(DMI_AWARE_ACCEPTED_PATTERNS)}} when DMI is enabled but in same time I see that in this ticket description, the logged accepted pattern isn't {{DMI_AWARE_ACCEPTED_PATTERNS}}. It is {{ACCEPTED_PATTERNS}} which starts with {{\w+((\.}}, provided {{DMI_AWARE_ACCEPTED_PATTERNS}} starts with {{\w+([:]}}. > Reduce logging for DMI excluded parameters > --- > > Key: WW-5115 > URL: https://issues.apache.org/jira/browse/WW-5115 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Affects Versions: 2.5.25 >Reporter: Greg Huber >Priority: Minor > Fix For: 2.5.27, 2.6 > > Time Spent: 1h > Remaining Estimate: 0h > > There are unnecessary log warning when DMI is enabled, from the > ParametersInterceptor. > WARN com.opensymphony.xwork2.interceptor.ParametersInterceptor > ParametersInterceptor:isAccepted - Parameter [action:myAction!save] didn't > match accepted pattern > [[\w+((\.\w+)|(\[\d+])|(\(\d+\))|(\['(\w|[\u4e00-\u9fa5])+'])|(\('(\w|[\u4e00-\u9fa5])+'\)))*]]! > See Accepted / Excluded patterns at > https://struts.apache.org/security/#accepted--excluded-patterns > eg the property 'action:myAction!save' should not be considered as a > bean/property parameter, as its used as part of DMI to submit the form. > Any property which matches the DMI method invocation "^(action|method):.*" > needs to be silently ignored and not logged in devMode=true. > DMI_AWARE_ACCEPTED_PATTERNS can also be dropped from > DefaultAcceptedPatternsChecker as the DMI action|method would never be a form > property. > public static final String[] DMI_AWARE_ACCEPTED_PATTERNS = { > > "\\w+([:]?\\w+)?((\\.\\w+)|(\\[\\d+])|(\\(\\d+\\))|(\\['(\\w|[\\u4e00-\\u9fa5])+'])|(\\('(\\w|[\\u4e00-\\u9fa5])+'\\)))*([!]?\\w+)?" > }; -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (WW-5115) Reduce logging for DMI excluded parameters
[ https://issues.apache.org/jira/browse/WW-5115?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17330352#comment-17330352 ] Yasser Zamani commented on WW-5115: --- I think your DMI isn't enabled at all because I see that {{DefaultAcceptedPatternsChecker}} {{setAcceptedPatterns(DMI_AWARE_ACCEPTED_PATTERNS)}} when DMI is enabled but in same time I see that in this ticket description, the logged accepted pattern isn't {{DMI_AWARE_ACCEPTED_PATTERNS}}. It is {{ACCEPTED_PATTERNS}} which starts with {{\w+((\.}}, provided {{DMI_AWARE_ACCEPTED_PATTERNS}} starts with {{\w+([:]}}. > Reduce logging for DMI excluded parameters > --- > > Key: WW-5115 > URL: https://issues.apache.org/jira/browse/WW-5115 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Affects Versions: 2.5.25 >Reporter: Greg Huber >Priority: Minor > Fix For: 2.5.27, 2.6 > > Time Spent: 1h > Remaining Estimate: 0h > > There are unnecessary log warning when DMI is enabled, from the > ParametersInterceptor. > WARN com.opensymphony.xwork2.interceptor.ParametersInterceptor > ParametersInterceptor:isAccepted - Parameter [action:myAction!save] didn't > match accepted pattern > [[\w+((\.\w+)|(\[\d+])|(\(\d+\))|(\['(\w|[\u4e00-\u9fa5])+'])|(\('(\w|[\u4e00-\u9fa5])+'\)))*]]! > See Accepted / Excluded patterns at > https://struts.apache.org/security/#accepted--excluded-patterns > eg the property 'action:myAction!save' should not be considered as a > bean/property parameter, as its used as part of DMI to submit the form. > Any property which matches the DMI method invocation "^(action|method):.*" > needs to be silently ignored and not logged in devMode=true. > DMI_AWARE_ACCEPTED_PATTERNS can also be dropped from > DefaultAcceptedPatternsChecker as the DMI action|method would never be a form > property. > public static final String[] DMI_AWARE_ACCEPTED_PATTERNS = { > > "\\w+([:]?\\w+)?((\\.\\w+)|(\\[\\d+])|(\\(\\d+\\))|(\\['(\\w|[\\u4e00-\\u9fa5])+'])|(\\('(\\w|[\\u4e00-\\u9fa5])+'\\)))*([!]?\\w+)?" > }; -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (WW-5126) inconsistancy between Model Driven and Model Driven Interceptor documentations
[ https://issues.apache.org/jira/browse/WW-5126?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yasser Zamani updated WW-5126: -- Fix Version/s: 2.6 2.5.27 > inconsistancy between Model Driven and Model Driven Interceptor documentations > -- > > Key: WW-5126 > URL: https://issues.apache.org/jira/browse/WW-5126 > Project: Struts 2 > Issue Type: Improvement >Reporter: Patrice DUROUX >Priority: Minor > Fix For: 2.5.27, 2.6 > > > Hi, > > The Model Driven documentation says: > If an action class implements the interface > {{com.opensymphony.xwork2.ModelDriven}} then it needs to return an object > from the {{getModel()}} method. Struts will then populate the fields of this > object with the request parameters, and *this object will be placed on top of > the stack once the action is executed*. Validation will also be performed on > this model object, instead of the action. Please read about > [VisitorFieldValidator > Annotation|https://github.com/apache/struts-site/blob/master/source/core-developers/visitor-field-validator-annotation.html] > which can help you validate model's fields. > where as the Model Driven Interceptor documentation says: > h2. Parameters > * {{refreshModelBeforeResult}} - *set to true if you want the model to be > refreshed on the value stack after action execution and before result > execution*. The setting is useful if you want to change the model instance > during the action execution phase, like when loading it from the data layer. > This will result in {{getModel()}} being called at least twice. > > Looking into the code shows that the default parameter value is false. > Moreover the interceptor refresh process is based on call to the {{equals}} > method and this method may have been redefined, in a JPA context for > instance. The replacement is then not systematic and may not be done. > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (WW-5126) inconsistancy between Model Driven and Model Driven Interceptor documentations
[ https://issues.apache.org/jira/browse/WW-5126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17329388#comment-17329388 ] Yasser Zamani commented on WW-5126: --- I think documents are correct. Model will be on top of the stack regardless of the {{refreshModelBeforeResult}} value. Regarding second portion thanks good catch! I think so. I personally think we should use {{==}} i.e. reference equality in this specific case instead. But could you please illustrate a valid case that epitomizes that we must change to {{==}}? Thanks! > inconsistancy between Model Driven and Model Driven Interceptor documentations > -- > > Key: WW-5126 > URL: https://issues.apache.org/jira/browse/WW-5126 > Project: Struts 2 > Issue Type: Improvement >Reporter: Patrice DUROUX >Priority: Minor > > Hi, > > The Model Driven documentation says: > If an action class implements the interface > {{com.opensymphony.xwork2.ModelDriven}} then it needs to return an object > from the {{getModel()}} method. Struts will then populate the fields of this > object with the request parameters, and *this object will be placed on top of > the stack once the action is executed*. Validation will also be performed on > this model object, instead of the action. Please read about > [VisitorFieldValidator > Annotation|https://github.com/apache/struts-site/blob/master/source/core-developers/visitor-field-validator-annotation.html] > which can help you validate model's fields. > where as the Model Driven Interceptor documentation says: > h2. Parameters > * {{refreshModelBeforeResult}} - *set to true if you want the model to be > refreshed on the value stack after action execution and before result > execution*. The setting is useful if you want to change the model instance > during the action execution phase, like when loading it from the data layer. > This will result in {{getModel()}} being called at least twice. > > Looking into the code shows that the default parameter value is false. > Moreover the interceptor refresh process is based on call to the {{equals}} > method and this method may have been redefined, in a JPA context for > instance. The replacement is then not systematic and may not be done. > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (WW-5125) forbidden name attribute values (size, clone...?) in using the default theme
[ https://issues.apache.org/jira/browse/WW-5125?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17329350#comment-17329350 ] Yasser Zamani commented on WW-5125: --- Thanks very good catch! Looks like we must try if [faq_simple_map|https://freemarker.apache.org/docs/app_faq.html#faq_simple_map] is applicable with backward compatibility. That being said it's a Freemarker behavior: "When I list the contents of a map (a hash) with {{?keys}}/{{?values}}, I get the {{java.util.Map}} methods mixed with the real map entries. Of course, I only want to get the map entries." from mentioned link above. > forbidden name attribute values (size, clone...?) in using the > default theme > -- > > Key: WW-5125 > URL: https://issues.apache.org/jira/browse/WW-5125 > Project: Struts 2 > Issue Type: Bug >Affects Versions: 2.5.26 >Reporter: Patrice DUROUX >Priority: Major > Fix For: 2.5.27, 2.6 > > > Hi, > It is easy to reproduce running an (empty) action resulting a simple JSP page > like this: > {code:java} > <%@ taglib prefix="s" uri="/struts-tags"%> > > > > > > Struts bug2 > > > > {code} > The first textfield is rendered but the second throws an exception like: > {code:java} > SEVERE: Error executing FreeMarker template > FreeMarker template error: > Getting the number of items or listing the items is not supported on this > method+sequence (wrapper: f.e.b.SimpleMethodModel) value, because this value > wraps the following Java method, not a real listable value: public > java.lang.Object java.util.HashMap.clone() > Tip: Maybe you should to call this method first and then do something with > its return value. > > Tip: obj.someMethod(i) and obj.someMethod[i] does the same for this method, > hence it's a "+sequence". > > FTL stack trace ("~" means nesting-related): > - Failed at: #list fieldErrors[parameters.name] as... [in template > "template/~~~xhtml/controlheader-core.ftl" at line 28, column 1] > - Reached through: #include "/${parameters.templateDir}/... [in > template "template/~~~xhtml/controlheader.ftl" at line 21, column 1] > - Reached through: #include "/${parameters.templateDir}/... [in > template "template/xhtml/text.ftl" at line 21, column 1] > Java stack trace (for programmers): > > freemarker.core._TemplateModelException: [... Exception message was already > printed; see it above ...] > at > freemarker.ext.beans.SimpleMethodModel.size(SimpleMethodModel.java:95) > at > freemarker.core.IteratorBlock$IterationContext.executedNestedContentForCollOrSeqListing(IteratorBlock.java:312) > at > freemarker.core.IteratorBlock$IterationContext.executeNestedContent(IteratorBlock.java:271) > at > freemarker.core.IteratorBlock$IterationContext.accept(IteratorBlock.java:244) > at freemarker.core.Environment.visitIteratorBlock(Environment.java:644) > at > freemarker.core.IteratorBlock.acceptWithResult(IteratorBlock.java:108) > at freemarker.core.IteratorBlock.accept(IteratorBlock.java:94) > at freemarker.core.Environment.visit(Environment.java:334) > at freemarker.core.Environment.visit(Environment.java:340) > at freemarker.core.Environment.visit(Environment.java:340) > at freemarker.core.Environment.visit(Environment.java:340) > at freemarker.core.Environment.include(Environment.java:2925) > at freemarker.core.Include.accept(Include.java:171) > at freemarker.core.Environment.visit(Environment.java:334) > at freemarker.core.Environment.visit(Environment.java:340) > at freemarker.core.Environment.include(Environment.java:2925) > at freemarker.core.Include.accept(Include.java:171) > at freemarker.core.Environment.visit(Environment.java:334) > at freemarker.core.Environment.visit(Environment.java:340) > at freemarker.core.Environment.process(Environment.java:313) > at freemarker.template.Template.process(Template.java:383) > at > org.apache.struts2.components.template.FreemarkerTemplateEngine.renderTemplate(FreemarkerTemplateEngine.java:149) > at org.apache.struts2.components.UIBean.mergeTemplate(UIBean.java:580) > at org.apache.struts2.components.UIBean.end(UIBean.java:536) > at > org.apache.struts2.views.jsp.ComponentTagSupport.doEndTag(ComponentTagSupport.java:39) > at > org.apache.jsp.WEB_002dINF.bug2_jsp._jspx_meth_s_005ftextfield_005f1(bug2_jsp.java:201) > at org.apache.jsp.WEB_002dINF.bug2_jsp._jspService(bug2_jsp.java:139) > at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:71) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:733) > at > org.apache.jasper.servlet.JspServletWrapper.ser
[jira] [Updated] (WW-5125) forbidden name attribute values (size, clone...?) in using the default theme
[ https://issues.apache.org/jira/browse/WW-5125?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yasser Zamani updated WW-5125: -- Fix Version/s: 2.6 2.5.27 > forbidden name attribute values (size, clone...?) in using the > default theme > -- > > Key: WW-5125 > URL: https://issues.apache.org/jira/browse/WW-5125 > Project: Struts 2 > Issue Type: Bug >Affects Versions: 2.5.26 >Reporter: Patrice DUROUX >Priority: Major > Fix For: 2.5.27, 2.6 > > > Hi, > It is easy to reproduce running an (empty) action resulting a simple JSP page > like this: > {code:java} > <%@ taglib prefix="s" uri="/struts-tags"%> > > > > > > Struts bug2 > > > > {code} > The first textfield is rendered but the second throws an exception like: > {code:java} > SEVERE: Error executing FreeMarker template > FreeMarker template error: > Getting the number of items or listing the items is not supported on this > method+sequence (wrapper: f.e.b.SimpleMethodModel) value, because this value > wraps the following Java method, not a real listable value: public > java.lang.Object java.util.HashMap.clone() > Tip: Maybe you should to call this method first and then do something with > its return value. > > Tip: obj.someMethod(i) and obj.someMethod[i] does the same for this method, > hence it's a "+sequence". > > FTL stack trace ("~" means nesting-related): > - Failed at: #list fieldErrors[parameters.name] as... [in template > "template/~~~xhtml/controlheader-core.ftl" at line 28, column 1] > - Reached through: #include "/${parameters.templateDir}/... [in > template "template/~~~xhtml/controlheader.ftl" at line 21, column 1] > - Reached through: #include "/${parameters.templateDir}/... [in > template "template/xhtml/text.ftl" at line 21, column 1] > Java stack trace (for programmers): > > freemarker.core._TemplateModelException: [... Exception message was already > printed; see it above ...] > at > freemarker.ext.beans.SimpleMethodModel.size(SimpleMethodModel.java:95) > at > freemarker.core.IteratorBlock$IterationContext.executedNestedContentForCollOrSeqListing(IteratorBlock.java:312) > at > freemarker.core.IteratorBlock$IterationContext.executeNestedContent(IteratorBlock.java:271) > at > freemarker.core.IteratorBlock$IterationContext.accept(IteratorBlock.java:244) > at freemarker.core.Environment.visitIteratorBlock(Environment.java:644) > at > freemarker.core.IteratorBlock.acceptWithResult(IteratorBlock.java:108) > at freemarker.core.IteratorBlock.accept(IteratorBlock.java:94) > at freemarker.core.Environment.visit(Environment.java:334) > at freemarker.core.Environment.visit(Environment.java:340) > at freemarker.core.Environment.visit(Environment.java:340) > at freemarker.core.Environment.visit(Environment.java:340) > at freemarker.core.Environment.include(Environment.java:2925) > at freemarker.core.Include.accept(Include.java:171) > at freemarker.core.Environment.visit(Environment.java:334) > at freemarker.core.Environment.visit(Environment.java:340) > at freemarker.core.Environment.include(Environment.java:2925) > at freemarker.core.Include.accept(Include.java:171) > at freemarker.core.Environment.visit(Environment.java:334) > at freemarker.core.Environment.visit(Environment.java:340) > at freemarker.core.Environment.process(Environment.java:313) > at freemarker.template.Template.process(Template.java:383) > at > org.apache.struts2.components.template.FreemarkerTemplateEngine.renderTemplate(FreemarkerTemplateEngine.java:149) > at org.apache.struts2.components.UIBean.mergeTemplate(UIBean.java:580) > at org.apache.struts2.components.UIBean.end(UIBean.java:536) > at > org.apache.struts2.views.jsp.ComponentTagSupport.doEndTag(ComponentTagSupport.java:39) > at > org.apache.jsp.WEB_002dINF.bug2_jsp._jspx_meth_s_005ftextfield_005f1(bug2_jsp.java:201) > at org.apache.jsp.WEB_002dINF.bug2_jsp._jspService(bug2_jsp.java:139) > at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:71) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:733) > at > org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:467) > at > org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:378) > at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:326) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:733) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227) > at > org.apache.catalina.core.ApplicationFilterChain.doFil
[jira] [Resolved] (WW-5117) %{id} evaluates different for data-* and value attribute
[ https://issues.apache.org/jira/browse/WW-5117?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yasser Zamani resolved WW-5117. --- Assignee: Lukasz Lenart Resolution: Fixed PRs got merged, thanks a lot! > %{id} evaluates different for data-* and value attribute > > > Key: WW-5117 > URL: https://issues.apache.org/jira/browse/WW-5117 > Project: Struts 2 > Issue Type: Bug >Affects Versions: 2.5.26 >Reporter: Jonas Marczona >Assignee: Lukasz Lenart >Priority: Major > Fix For: 2.5.27, 2.6 > > Time Spent: 4h 10m > Remaining Estimate: 0h > > {{%\{id\}}} evaluates for "data-*" attributes in a different way than for the > "value" attribute. > in a very simple context where I have only one getter: > {code} > public Long getId() { >return 27357L; > } > {code} > The following two usages of "id" in one tag in a jsp evaluates in different > ways: > JSP: > {noformat} > <%@ taglib prefix="s" uri="/struts-tags"%> > > > {noformat} > Result: > {noformat} > data-wuffmiauww="einszwei"> > > {noformat} > I expect the Id of my getter - for both cases. > The value for {{data-wuffmiauww}} is wrong. > With struts2 version 2.5.20 the result was correct: > {noformat} > data-wuffmiauww="27357"> > > {noformat} -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (WW-5121) Contention when injecting Scope.SINGLETON instances
[ https://issues.apache.org/jira/browse/WW-5121?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yasser Zamani resolved WW-5121. --- Resolution: Fixed PRs got merged. Thanks a lot! > Contention when injecting Scope.SINGLETON instances > --- > > Key: WW-5121 > URL: https://issues.apache.org/jira/browse/WW-5121 > Project: Struts 2 > Issue Type: Bug > Components: Core >Affects Versions: 2.5.20 >Reporter: Pascal Davoust >Priority: Major > Fix For: 2.5.27, 2.6 > > Attachments: image-2021-03-22-09-13-03-703.png > > Time Spent: 1h 40m > Remaining Estimate: 0h > > The container injection (DI) mechanism shows high contention when injecting > {{Scope.SINGLETON}} instances under high stress load in an enterprise > application using Struts 2.5.20. > The symptom is that UI response times vary from a few dozens of milliseconds > up to a full second without any obvious reason. > Profiling the app while under load stress using > [https://github.com/jvm-profiling-tools/async-profiler] (using the {{lock}} > mode and {{--reverse}} option to aggregate on the various contention code > locations) shows the following picture: > !image-2021-03-22-09-13-03-703.png|width=975,height=117! > Analyzing the code path shows the highly contended code: > {code:java} > SINGLETON { > @Override > InternalFactory scopeFactory(Class type, String > name, final InternalFactory factory) { > return new InternalFactory() { > T instance; > public T create(InternalContext context) { > synchronized (context.getContainer()) { > if (instance == null) { > instance = > InitializableFactory.wrapIfNeeded(factory).create(context); > } > return instance; > } > } > ... > },{code} > The fully {{synchronised}} section for accessing the singleton instance is > the core issue here. > > Using the double-null-check-on-volatile pattern (which I dislike but is > reliable since Java 1.5 with the {{volatile}} keyword) entirely removes the > contention issue and response times become much more stable. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (WW-5114) Drop deprecated constant "struts.localeProvider"
[ https://issues.apache.org/jira/browse/WW-5114?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yasser Zamani resolved WW-5114. --- Resolution: Fixed PR got merged, thanks! > Drop deprecated constant "struts.localeProvider" > > > Key: WW-5114 > URL: https://issues.apache.org/jira/browse/WW-5114 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Reporter: Lukasz Lenart >Assignee: Lukasz Lenart >Priority: Trivial > Fix For: 2.6 > > > The constant is not used anymore and it was replaced by > {{struts.localeProviderFactory}} defined in > {{StrutsConstants#STRUTS_LOCALE_PROVIDER_FACTORY}} -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (WW-5113) Drop deprecated constant "struts.xworkTextProvider"
[ https://issues.apache.org/jira/browse/WW-5113?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yasser Zamani resolved WW-5113. --- Resolution: Fixed PR got merged, thanks! > Drop deprecated constant "struts.xworkTextProvider" > --- > > Key: WW-5113 > URL: https://issues.apache.org/jira/browse/WW-5113 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Reporter: Lukasz Lenart >Assignee: Lukasz Lenart >Priority: Trivial > Fix For: 2.6 > > Time Spent: 50m > Remaining Estimate: 0h > > This constant was already replaced by {{struts.textProvider}} defined in > {{StrutsConstants#STRUTS_TEXT_PROVIDER}} -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (WW-3730) action tag accepts only String arrays as parameters
[ https://issues.apache.org/jira/browse/WW-3730?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yasser Zamani resolved WW-3730. --- Assignee: Lukasz Lenart Resolution: Fixed PR got merged, thanks!! > action tag accepts only String arrays as parameters > --- > > Key: WW-3730 > URL: https://issues.apache.org/jira/browse/WW-3730 > Project: Struts 2 > Issue Type: Bug > Components: Plugin - Tags >Affects Versions: 2.2.3.1, 2.3.1, 2.3.1.1, 2.3.20 >Reporter: Pavel Kazlou >Assignee: Lukasz Lenart >Priority: Major > Fix For: 2.6 > > Time Spent: 1h > Remaining Estimate: 0h > > {{org.apache.struts2.components.Component}} accepts arbitrary objects as > parameters: > {code} > public Map getParameters() { > return parameters; > } > ... > public void addParameter(String key, Object value) { > if (key != null) { > Map params = getParameters(); > if (value == null) { > params.remove(key); > } else { > params.put(key, value); > } > } > } > {code} > But {{org.apache.struts2.components.ActionComponent}} explicitly casts all > his parameters to {{String[]}}: > {code} > protected Map createParametersForContext() { > Map parentParams = null; > if (!ignoreContextParams) { > parentParams = new > ActionContext(getStack().getContext()).getParameters(); > } > Map newParams = (parentParams != null) > ? new HashMap(parentParams) > : new HashMap(); > if (parameters != null) { > Map params = new HashMap(); > for (Iterator i = parameters.entrySet().iterator(); i.hasNext(); > ) { > Map.Entry entry = (Map.Entry) i.next(); > String key = (String) entry.getKey(); > Object val = entry.getValue(); > if (val.getClass().isArray() && String.class == > val.getClass().getComponentType()) { > params.put(key, (String[])val); > } else { > params.put(key, new String[]{val.toString()}); > } > } > newParams.putAll(params); > } > return newParams; > } > {code} > So I can't pass arbitrary objects directly to action using syntax: > {code} > value="customObject"/> > {code} > without conversion customObject->String->customObject. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (WW-5098) Upgrade ASM to version 9.0
[ https://issues.apache.org/jira/browse/WW-5098?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yasser Zamani resolved WW-5098. --- Resolution: Fixed thanks! > Upgrade ASM to version 9.0 > -- > > Key: WW-5098 > URL: https://issues.apache.org/jira/browse/WW-5098 > Project: Struts 2 > Issue Type: Dependency > Components: Core >Reporter: Sebastian Peters >Priority: Trivial > Fix For: 2.6 > > Time Spent: 20m > Remaining Estimate: 0h > > with JDK 16 support (sealed classes) according to > https://asm.ow2.io/versions.html -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (WW-5087) AliasInterceptor doesn't properly handle Parameter.Empty
[ https://issues.apache.org/jira/browse/WW-5087?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17197764#comment-17197764 ] Yasser Zamani commented on WW-5087: --- My pleasure :) thanks for your support! > AliasInterceptor doesn't properly handle Parameter.Empty > > > Key: WW-5087 > URL: https://issues.apache.org/jira/browse/WW-5087 > Project: Struts 2 > Issue Type: Bug > Components: Core Interceptors >Affects Versions: 2.5.22 >Reporter: Brian Lenz >Assignee: Yasser Zamani >Priority: Major > Fix For: 2.5.25, 2.6 > > Time Spent: 1h > Remaining Estimate: 0h > > As I reported on the mailing list, there is a bug with {{AliasInterceptor}} > not handling the {{Parameter.Empty}} that is returned from > {{HttpParameters.get()}}. Since {{HttpParameters.get()}} always returns a > non-null value, the {{Evaluated}} object is treated as always being defined, > which results in the empty value being set incorrectly on the stack. > The bug was originally introduced here: > https://github.com/apache/struts/commit/787f2f96eb9f1bb3c8012ab42aa222ae6286a91a#diff-b7b7c87c1012088e79dcc5a7bd9e8127R168 > The fix is easy; this code: > {code:java} > // workaround > HttpParameters contextParameters = ActionContext.getContext().getParameters(); > if (null != contextParameters) { > value = new Evaluated(contextParameters.get(name)); > }{code} > needs to be updated to: > {code:java} > // workaround > HttpParameters contextParameters = ActionContext.getContext().getParameters(); > if (null != contextParameters) { > Parameter param = contextParameters.get(name); > value = new Evaluated(param.isDefined() ? param : null); > } {code} > This way, it ensures the {{Evaluated}} value is only defined when appropriate. > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Assigned] (WW-5087) AliasInterceptor doesn't properly handle Parameter.Empty
[ https://issues.apache.org/jira/browse/WW-5087?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yasser Zamani reassigned WW-5087: - Assignee: Yasser Zamani > AliasInterceptor doesn't properly handle Parameter.Empty > > > Key: WW-5087 > URL: https://issues.apache.org/jira/browse/WW-5087 > Project: Struts 2 > Issue Type: Bug > Components: Core Interceptors >Affects Versions: 2.5.22 >Reporter: Brian Lenz >Assignee: Yasser Zamani >Priority: Major > Fix For: 2.5.24, 2.6 > > > As I reported on the mailing list, there is a bug with {{AliasInterceptor}} > not handling the {{Parameter.Empty}} that is returned from > {{HttpParameters.get()}}. Since {{HttpParameters.get()}} always returns a > non-null value, the {{Evaluated}} object is treated as always being defined, > which results in the empty value being set incorrectly on the stack. > The bug was originally introduced here: > https://github.com/apache/struts/commit/787f2f96eb9f1bb3c8012ab42aa222ae6286a91a#diff-b7b7c87c1012088e79dcc5a7bd9e8127R168 > The fix is easy; this code: > {code:java} > // workaround > HttpParameters contextParameters = ActionContext.getContext().getParameters(); > if (null != contextParameters) { > value = new Evaluated(contextParameters.get(name)); > }{code} > needs to be updated to: > {code:java} > // workaround > HttpParameters contextParameters = ActionContext.getContext().getParameters(); > if (null != contextParameters) { > Parameter param = contextParameters.get(name); > value = new Evaluated(param.isDefined() ? param : null); > } {code} > This way, it ensures the {{Evaluated}} value is only defined when appropriate. > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (WW-5087) AliasInterceptor doesn't properly handle Parameter.Empty
[ https://issues.apache.org/jira/browse/WW-5087?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yasser Zamani updated WW-5087: -- Fix Version/s: 2.5.24 > AliasInterceptor doesn't properly handle Parameter.Empty > > > Key: WW-5087 > URL: https://issues.apache.org/jira/browse/WW-5087 > Project: Struts 2 > Issue Type: Bug > Components: Core Interceptors >Affects Versions: 2.5.22 >Reporter: Brian Lenz >Priority: Major > Fix For: 2.5.24, 2.6 > > > As I reported on the mailing list, there is a bug with {{AliasInterceptor}} > not handling the {{Parameter.Empty}} that is returned from > {{HttpParameters.get()}}. Since {{HttpParameters.get()}} always returns a > non-null value, the {{Evaluated}} object is treated as always being defined, > which results in the empty value being set incorrectly on the stack. > The bug was originally introduced here: > https://github.com/apache/struts/commit/787f2f96eb9f1bb3c8012ab42aa222ae6286a91a#diff-b7b7c87c1012088e79dcc5a7bd9e8127R168 > The fix is easy; this code: > {code:java} > // workaround > HttpParameters contextParameters = ActionContext.getContext().getParameters(); > if (null != contextParameters) { > value = new Evaluated(contextParameters.get(name)); > }{code} > needs to be updated to: > {code:java} > // workaround > HttpParameters contextParameters = ActionContext.getContext().getParameters(); > if (null != contextParameters) { > Parameter param = contextParameters.get(name); > value = new Evaluated(param.isDefined() ? param : null); > } {code} > This way, it ensures the {{Evaluated}} value is only defined when appropriate. > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (WW-5087) AliasInterceptor doesn't properly handle Parameter.Empty
[ https://issues.apache.org/jira/browse/WW-5087?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yasser Zamani updated WW-5087: -- Fix Version/s: 2.6 > AliasInterceptor doesn't properly handle Parameter.Empty > > > Key: WW-5087 > URL: https://issues.apache.org/jira/browse/WW-5087 > Project: Struts 2 > Issue Type: Bug > Components: Core Interceptors >Affects Versions: 2.5.22 >Reporter: Brian Lenz >Priority: Major > Fix For: 2.6 > > > As I reported on the mailing list, there is a bug with {{AliasInterceptor}} > not handling the {{Parameter.Empty}} that is returned from > {{HttpParameters.get()}}. Since {{HttpParameters.get()}} always returns a > non-null value, the {{Evaluated}} object is treated as always being defined, > which results in the empty value being set incorrectly on the stack. > The bug was originally introduced here: > https://github.com/apache/struts/commit/787f2f96eb9f1bb3c8012ab42aa222ae6286a91a#diff-b7b7c87c1012088e79dcc5a7bd9e8127R168 > The fix is easy; this code: > {code:java} > // workaround > HttpParameters contextParameters = ActionContext.getContext().getParameters(); > if (null != contextParameters) { > value = new Evaluated(contextParameters.get(name)); > }{code} > needs to be updated to: > {code:java} > // workaround > HttpParameters contextParameters = ActionContext.getContext().getParameters(); > if (null != contextParameters) { > Parameter param = contextParameters.get(name); > value = new Evaluated(param.isDefined() ? param : null); > } {code} > This way, it ensures the {{Evaluated}} value is only defined when appropriate. > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (WW-5075) Upgrade OSGi to the latest version
[ https://issues.apache.org/jira/browse/WW-5075?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17152781#comment-17152781 ] Yasser Zamani commented on WW-5075: --- Ah sorry missed that, great work James (y) unfortunately can't help owing to lack of my knowledge in osgi :( > Upgrade OSGi to the latest version > -- > > Key: WW-5075 > URL: https://issues.apache.org/jira/browse/WW-5075 > Project: Struts 2 > Issue Type: Dependency > Components: Plugin - OSGi >Reporter: Lukasz Lenart >Priority: Major > Fix For: 2.6 > > > Currently the OSGi plugin is using > {code:xml} > > org.osgi > org.osgi.core > 4.3.1 > > {code} > but there is a new version 6.0.0 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (WW-5075) Upgrade OSGi to the latest version
[ https://issues.apache.org/jira/browse/WW-5075?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17151510#comment-17151510 ] Yasser Zamani commented on WW-5075: --- I remember we were discussing to remove osgi, don't we? > Upgrade OSGi to the latest version > -- > > Key: WW-5075 > URL: https://issues.apache.org/jira/browse/WW-5075 > Project: Struts 2 > Issue Type: Dependency > Components: Plugin - OSGi >Reporter: Lukasz Lenart >Priority: Major > Fix For: 2.6 > > > Currently the OSGi plugin is using > {code:xml} > > org.osgi > org.osgi.core > 4.3.1 > > {code} > but there is a new version 6.0.0 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (WW-5031) OGNL: An illegal reflective access operation has occurred
[ https://issues.apache.org/jira/browse/WW-5031?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16941857#comment-16941857 ] Yasser Zamani commented on WW-5031: --- Oops! It wasn't related to OGNL 3.1.23 – my local .m2 folder wasn't consistent with maven online public repository! After cleaning .m2 folder, I realized that OGNL 3.1.25 will fix this issue. > OGNL: An illegal reflective access operation has occurred > - > > Key: WW-5031 > URL: https://issues.apache.org/jira/browse/WW-5031 > Project: Struts 2 > Issue Type: Bug > Components: Core >Affects Versions: 2.5.20 > Environment: Java 11 / Linux / test environment on eclipse / Tomcat > 8.5 >Reporter: Markus Fischer >Priority: Minor > Fix For: 2.5.21, 2.6 > > > Running Struts on Java 11 gives a new warning about illegal reflection, not > present on Java 8: > WARNING: An illegal reflective access operation has occurred > WARNING: Illegal reflective access by ognl.OgnlRuntime > ([file:/.../workspace/.../.metadata/.plugins/org.eclipse.wst.server.core/tmp0/wtpwebapps/.../WEB-INF/lib/ognl-3.1.21.jar|file:///.../workspace/SC/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/wtpwebapps/.../WEB-INF/lib/ognl-3.1.21.jar]) > to method java.util.HashMap$Node.getKey() > WARNING: Please consider reporting this to the maintainers of > ognl.OgnlRuntime > WARNING: Use --illegal-access=warn to enable warnings of further illegal > reflective access operations > WARNING: All illegal access operations will be denied in a future release > The warning appears after using the following tag in a JSP (name of > properties changed): > > The corresponding Action contains: > private Map items = new LinkedHashMap<>(); > > > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (WW-5031) OGNL: An illegal reflective access operation has occurred
[ https://issues.apache.org/jira/browse/WW-5031?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16941826#comment-16941826 ] Yasser Zamani commented on WW-5031: --- I'm not sure how but I see OGNL 3.1.23 has already fixed this issue since [https://github.com/jkuhnert/ognl/pull/70] merged and imported into Struts! Thanks [~JCjA492kH6347Vb10Ja53] :) > OGNL: An illegal reflective access operation has occurred > - > > Key: WW-5031 > URL: https://issues.apache.org/jira/browse/WW-5031 > Project: Struts 2 > Issue Type: Bug > Components: Core >Affects Versions: 2.5.20 > Environment: Java 11 / Linux / test environment on eclipse / Tomcat > 8.5 >Reporter: Markus Fischer >Priority: Minor > Fix For: 2.5.21, 2.6 > > > Running Struts on Java 11 gives a new warning about illegal reflection, not > present on Java 8: > WARNING: An illegal reflective access operation has occurred > WARNING: Illegal reflective access by ognl.OgnlRuntime > ([file:/.../workspace/.../.metadata/.plugins/org.eclipse.wst.server.core/tmp0/wtpwebapps/.../WEB-INF/lib/ognl-3.1.21.jar|file:///.../workspace/SC/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/wtpwebapps/.../WEB-INF/lib/ognl-3.1.21.jar]) > to method java.util.HashMap$Node.getKey() > WARNING: Please consider reporting this to the maintainers of > ognl.OgnlRuntime > WARNING: Use --illegal-access=warn to enable warnings of further illegal > reflective access operations > WARNING: All illegal access operations will be denied in a future release > The warning appears after using the following tag in a JSP (name of > properties changed): > > The corresponding Action contains: > private Map items = new LinkedHashMap<>(); > > > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (WW-5041) Upgrade to OGNL 3.1.26 and adapt to its new features
[ https://issues.apache.org/jira/browse/WW-5041?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yasser Zamani updated WW-5041: -- Summary: Upgrade to OGNL 3.1.26 and adapt to its new features (was: Upgrade to OGNL 3.1.26 and adapt to it's new features) > Upgrade to OGNL 3.1.26 and adapt to its new features > > > Key: WW-5041 > URL: https://issues.apache.org/jira/browse/WW-5041 > Project: Struts 2 > Issue Type: Dependency >Reporter: Yasser Zamani >Assignee: Yasser Zamani >Priority: Major > Fix For: 2.5.21, 2.6 > > > We're required to adapt and use OGNL new features (security manager and > expression max length) for next release version. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (WW-5041) Upgrade to OGNL 3.1.26 and adapt to it's new features
Yasser Zamani created WW-5041: - Summary: Upgrade to OGNL 3.1.26 and adapt to it's new features Key: WW-5041 URL: https://issues.apache.org/jira/browse/WW-5041 Project: Struts 2 Issue Type: Dependency Reporter: Yasser Zamani Assignee: Yasser Zamani Fix For: 2.5.21, 2.6 We're required to adapt and use OGNL new features (security manager and expression max length) for next release version. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (WW-5038) Upgrade jackson-databind to version 2.9.9.3
[ https://issues.apache.org/jira/browse/WW-5038?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yasser Zamani resolved WW-5038. --- Assignee: Lukasz Lenart Resolution: Fixed PR got merged, cherry picked into 2.5 and successfully built to both. Thanks! > Upgrade jackson-databind to version 2.9.9.3 > --- > > Key: WW-5038 > URL: https://issues.apache.org/jira/browse/WW-5038 > Project: Struts 2 > Issue Type: Dependency > Components: Plugin - REST >Reporter: Lukasz Lenart >Assignee: Lukasz Lenart >Priority: Minor > Fix For: 2.5.21, 2.6 > > > One or more dependencies were identified with known vulnerabilities in Struts > 2 REST Plugin: > jackson-databind-2.9.8.jar (cpe:/a:fasterxml:jackson:2.9.8, > cpe:/a:fasterxml:jackson-databind:2.9.8, > com.fasterxml.jackson.core:jackson-databind:2.9.8) : CVE-2019-14379, > CVE-2019-12814, CVE-2019-14439, CVE-2019-12086, CVE-2019-12384 -- This message was sent by Atlassian Jira (v8.3.2#803003)
[jira] [Resolved] (WW-5035) Provide mechanism to clear OgnlUtil caches
[ https://issues.apache.org/jira/browse/WW-5035?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yasser Zamani resolved WW-5035. --- Resolution: Fixed PR got merged, cherry picked into 2.6 and successfully built to both. Thanks! > Provide mechanism to clear OgnlUtil caches > -- > > Key: WW-5035 > URL: https://issues.apache.org/jira/browse/WW-5035 > Project: Struts 2 > Issue Type: Improvement > Components: Core > Environment: All >Reporter: James Chaplin >Priority: Minor > Labels: pull-request-available > Fix For: 2.5.21, 2.6 > > > Hello Apache Struts Team. > This Jira proposes to provide some cache-clearing methods for the OgnlUtil > class, as well as methods to check the current cache element count. > These methods will allow applications to clear the OgnlUtil expression cache > and BeanInfo cache when necessary (using application-specific usage profile). > Currently the only OgnlUtil cache control available to applications is to > enable/disable the OgnlUtil expressionCache > ({{struts.ognl.enableExpressionCache flag}}). > Using the new methods applications that have resource (memory) leak issues > with the caches may be able to use the caches to gain some performance > benefits, while periodically clearing them to recover memory resources. > Application developers can determine how frequently (e.g. hourly, daily) such > cache clearing is needed. -- This message was sent by Atlassian Jira (v8.3.2#803003)
[jira] [Resolved] (WW-4999) Can't get OgnlValueStack log even if enable logMissingProperties
[ https://issues.apache.org/jira/browse/WW-4999?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yasser Zamani resolved WW-4999. --- Resolution: Fixed Fixed and integrated into 2.5 and 2.6 branches. Thanks for report! > Can't get OgnlValueStack log even if enable logMissingProperties > > > Key: WW-4999 > URL: https://issues.apache.org/jira/browse/WW-4999 > Project: Struts 2 > Issue Type: Bug > Components: Value Stack >Affects Versions: 2.5.17 >Reporter: Quincy Qu >Assignee: Yasser Zamani >Priority: Major > Fix For: 2.5.21, 2.6 > > > I'm in devMode, enabled logMissingProperties and expect to see missing > property warning in the log. I was surprised that I can't get the missing > property log even if logMissingProperties is set true. The application run > smoothly and skip the missing property - as expected though. > In another run, I enabled both logMissingProperties and > throwExceptionOnFailure. This time the application crash at the missing > property and I can get both logs and exception. > After I dive deeper using debugger, I convince myself the config is good, > since devMode and logMissingProperties are true at runtime in OgnlValueStack. > I was confused, why we can't get missing property log without throwing > OgnlException? > Are we able to enter handleOgnlException(String expr, boolean > throwExceptionOnFailure, OgnlException e) at all if throwExceptionOnFailure > is false, in which my expected log is written? -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Assigned] (WW-4999) Can't get OgnlValueStack log even if enable logMissingProperties
[ https://issues.apache.org/jira/browse/WW-4999?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yasser Zamani reassigned WW-4999: - Assignee: Yasser Zamani > Can't get OgnlValueStack log even if enable logMissingProperties > > > Key: WW-4999 > URL: https://issues.apache.org/jira/browse/WW-4999 > Project: Struts 2 > Issue Type: Bug > Components: Value Stack >Affects Versions: 2.5.17 >Reporter: Quincy Qu >Assignee: Yasser Zamani >Priority: Major > Fix For: 2.5.21, 2.6 > > > I'm in devMode, enabled logMissingProperties and expect to see missing > property warning in the log. I was surprised that I can't get the missing > property log even if logMissingProperties is set true. The application run > smoothly and skip the missing property - as expected though. > In another run, I enabled both logMissingProperties and > throwExceptionOnFailure. This time the application crash at the missing > property and I can get both logs and exception. > After I dive deeper using debugger, I convince myself the config is good, > since devMode and logMissingProperties are true at runtime in OgnlValueStack. > I was confused, why we can't get missing property log without throwing > OgnlException? > Are we able to enter handleOgnlException(String expr, boolean > throwExceptionOnFailure, OgnlException e) at all if throwExceptionOnFailure > is false, in which my expected log is written? -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (WW-5032) Struts 2 Junit Plugin is not working with Zulu JDK11
[ https://issues.apache.org/jira/browse/WW-5032?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16850824#comment-16850824 ] Yasser Zamani commented on WW-5032: --- Despite the problem of struts2-junit-plugin package name, those *{{requires}} for tests* in your {{module-info.java}} didn't look nice to me! To run tests of your app you require some APIs, OK, but why you force your module users these *test scope* requirements?! They are internal requirements you need to test your app, once tests ran, your module doesn't need those, right? Please search the web for {{"module info requires junit"}} phrase. > Struts 2 Junit Plugin is not working with Zulu JDK11 > > > Key: WW-5032 > URL: https://issues.apache.org/jira/browse/WW-5032 > Project: Struts 2 > Issue Type: Dependency > Components: Core, Plugin - JUnit >Affects Versions: 2.5.20 > Environment: Zulu JDK 11.0 > Struts 2.5.20 > Struts 2 Junit Plugin V 2.5.20 > Junit 4.12 >Reporter: Kiran Kumar >Priority: Blocker > Fix For: 2.6 > > Attachments: Error.PNG > > > Unable to execute Junit test cases on Struts 2 using JDK 11.0 platform.Please > find the screens shots of the issues we are facing. Would really appreciate > your help with this as we are stuck and unable to move forward and losing > time for a key deliverable.[^Junit_JDK 11.0_Struts 2 _Issue.docx] -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (WW-5032) Struts 2 Junit Plugin is not working with Zulu JDK11
[ https://issues.apache.org/jira/browse/WW-5032?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16850772#comment-16850772 ] Yasser Zamani commented on WW-5032: --- Yes I already tried that but I get a different error! {quote}[INFO] - [ERROR] COMPILATION ERROR : [INFO] - [ERROR] module-info.java:[6,18] module not found: junit [ERROR] module-info.java:[7,21] module not found: org.mockito [ERROR] module-info.java:[8,24] module not found: spring.beans [ERROR] module-info.java:[9,24] module not found: spring.context [ERROR] module-info.java:[10,25] module not found: struts2.core [INFO] 5 errors {quote} On module-info.java opened file, my IDE, IntelliJ, also says: {quote}Module is not in dependencies: ... {quote} > Struts 2 Junit Plugin is not working with Zulu JDK11 > > > Key: WW-5032 > URL: https://issues.apache.org/jira/browse/WW-5032 > Project: Struts 2 > Issue Type: Dependency > Components: Core, Plugin - JUnit >Affects Versions: 2.5.20 > Environment: Zulu JDK 11.0 > Struts 2.5.20 > Struts 2 Junit Plugin V 2.5.20 > Junit 4.12 >Reporter: Kiran Kumar >Priority: Blocker > Fix For: 2.6 > > Attachments: Error.PNG > > > Unable to execute Junit test cases on Struts 2 using JDK 11.0 platform.Please > find the screens shots of the issues we are facing. Would really appreciate > your help with this as we are stuck and unable to move forward and losing > time for a key deliverable.[^Junit_JDK 11.0_Struts 2 _Issue.docx] -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (WW-5032) Struts 2 Junit Plugin is not working with Zulu JDK11
[ https://issues.apache.org/jira/browse/WW-5032?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16850751#comment-16850751 ] Yasser Zamani commented on WW-5032: --- [~kiran] I'm surprised here using Oracle JDK 11 "{{mvn clean test}}" successes and returns {{0}} on your GitHub "{{/Sample-Test/Sample-Junit}}" example! > Struts 2 Junit Plugin is not working with Zulu JDK11 > > > Key: WW-5032 > URL: https://issues.apache.org/jira/browse/WW-5032 > Project: Struts 2 > Issue Type: Dependency > Components: Core, Plugin - JUnit >Affects Versions: 2.5.20 > Environment: Zulu JDK 11.0 > Struts 2.5.20 > Struts 2 Junit Plugin V 2.5.20 > Junit 4.12 >Reporter: Kiran Kumar >Priority: Blocker > Fix For: 2.6 > > Attachments: Error.PNG > > > Unable to execute Junit test cases on Struts 2 using JDK 11.0 platform.Please > find the screens shots of the issues we are facing. Would really appreciate > your help with this as we are stuck and unable to move forward and losing > time for a key deliverable.[^Junit_JDK 11.0_Struts 2 _Issue.docx] -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Comment Edited] (WW-5032) Struts 2 Junit Plugin is not working with Zulu JDK11
[ https://issues.apache.org/jira/browse/WW-5032?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16850606#comment-16850606 ] Yasser Zamani edited comment on WW-5032 at 5/29/19 8:12 AM: [~lukaszlenart] it seems we must refactor {{org.apache.struts2}} package name to {{org.apache.struts2.junit}} in struts2-junit-plugin to fix this issue because it seems JDK9+ doesn't allow split packages across modules (however it's not a split package but is a not good selection for package names in struts2-junit-plugin) but I'm not sure if we can do this in 2.5 , what's your idea? Are 2.5.x users uneasy with such change and refactoring their codes also to match our changes? was (Author: yasser.zamani): [~lukaszlenart] it seems we must refactor {{org.apache.struts2}} package name to {{org.apache.struts2.junit}} to fix this issue because it seems JDK9+ doesn't allow split packages across modules (however it's not a split package but is a not good selection for package names in struts2-junit-plugin) but I'm not sure if we can do this in 2.5 , what's your idea? Are 2.5.x users uneasy with such change and refactoring their codes also to match our changes? > Struts 2 Junit Plugin is not working with Zulu JDK11 > > > Key: WW-5032 > URL: https://issues.apache.org/jira/browse/WW-5032 > Project: Struts 2 > Issue Type: Dependency > Components: Core, Plugin - JUnit >Affects Versions: 2.5.20 > Environment: Zulu JDK 11.0 > Struts 2.5.20 > Struts 2 Junit Plugin V 2.5.20 > Junit 4.12 >Reporter: Kiran Kumar >Priority: Blocker > Fix For: 2.6 > > Attachments: Error.PNG > > > Unable to execute Junit test cases on Struts 2 using JDK 11.0 platform.Please > find the screens shots of the issues we are facing. Would really appreciate > your help with this as we are stuck and unable to move forward and losing > time for a key deliverable.[^Junit_JDK 11.0_Struts 2 _Issue.docx] -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (WW-5032) Struts 2 Junit Plugin is not working with Zulu JDK11
[ https://issues.apache.org/jira/browse/WW-5032?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16850606#comment-16850606 ] Yasser Zamani commented on WW-5032: --- [~lukaszlenart] it seems we must refactor {{org.apache.struts2}} package name to {{org.apache.struts2.junit}} to fix this issue because it seems JDK9+ doesn't allow split packages across modules (however it's not a split package but is a not good selection for package names in struts2-junit-plugin) but I'm not sure if we can do this in 2.5 , what's your idea? Are 2.5.x users uneasy with such change and refactoring their codes also to match our changes? > Struts 2 Junit Plugin is not working with Zulu JDK11 > > > Key: WW-5032 > URL: https://issues.apache.org/jira/browse/WW-5032 > Project: Struts 2 > Issue Type: Dependency > Components: Core, Plugin - JUnit >Affects Versions: 2.5.20 > Environment: Zulu JDK 11.0 > Struts 2.5.20 > Struts 2 Junit Plugin V 2.5.20 > Junit 4.12 >Reporter: Kiran Kumar >Priority: Blocker > Fix For: 2.6 > > Attachments: Error.PNG > > > Unable to execute Junit test cases on Struts 2 using JDK 11.0 platform.Please > find the screens shots of the issues we are facing. Would really appreciate > your help with this as we are stuck and unable to move forward and losing > time for a key deliverable.[^Junit_JDK 11.0_Struts 2 _Issue.docx] -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (WW-5032) Struts 2 Junit Plugin is not working with Zulu JDK11
[ https://issues.apache.org/jira/browse/WW-5032?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yasser Zamani updated WW-5032: -- Fix Version/s: 2.6 > Struts 2 Junit Plugin is not working with Zulu JDK11 > > > Key: WW-5032 > URL: https://issues.apache.org/jira/browse/WW-5032 > Project: Struts 2 > Issue Type: Dependency > Components: Core, Plugin - JUnit >Affects Versions: 2.5.20 > Environment: Zulu JDK 11.0 > Struts 2.5.20 > Struts 2 Junit Plugin V 2.5.20 > Junit 4.12 >Reporter: Kiran Kumar >Priority: Blocker > Fix For: 2.6 > > Attachments: Error.PNG > > > Unable to execute Junit test cases on Struts 2 using JDK 11.0 platform.Please > find the screens shots of the issues we are facing. Would really appreciate > your help with this as we are stuck and unable to move forward and losing > time for a key deliverable.[^Junit_JDK 11.0_Struts 2 _Issue.docx] -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Assigned] (WW-4999) Can't get OgnlValueStack log even if enable logMissingProperties
[ https://issues.apache.org/jira/browse/WW-4999?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yasser Zamani reassigned WW-4999: - Assignee: (was: Yasser Zamani) > Can't get OgnlValueStack log even if enable logMissingProperties > > > Key: WW-4999 > URL: https://issues.apache.org/jira/browse/WW-4999 > Project: Struts 2 > Issue Type: Bug > Components: Value Stack >Affects Versions: 2.5.17 >Reporter: Quincy Qu >Priority: Major > Fix For: 2.5.21, 2.6 > > > I'm in devMode, enabled logMissingProperties and expect to see missing > property warning in the log. I was surprised that I can't get the missing > property log even if logMissingProperties is set true. The application run > smoothly and skip the missing property - as expected though. > In another run, I enabled both logMissingProperties and > throwExceptionOnFailure. This time the application crash at the missing > property and I can get both logs and exception. > After I dive deeper using debugger, I convince myself the config is good, > since devMode and logMissingProperties are true at runtime in OgnlValueStack. > I was confused, why we can't get missing property log without throwing > OgnlException? > Are we able to enter handleOgnlException(String expr, boolean > throwExceptionOnFailure, OgnlException e) at all if throwExceptionOnFailure > is false, in which my expected log is written? -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Assigned] (WW-4999) Can't get OgnlValueStack log even if enable logMissingProperties
[ https://issues.apache.org/jira/browse/WW-4999?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yasser Zamani reassigned WW-4999: - Assignee: Yasser Zamani > Can't get OgnlValueStack log even if enable logMissingProperties > > > Key: WW-4999 > URL: https://issues.apache.org/jira/browse/WW-4999 > Project: Struts 2 > Issue Type: Bug > Components: Value Stack >Affects Versions: 2.5.17 >Reporter: Quincy Qu >Assignee: Yasser Zamani >Priority: Major > Fix For: 2.5.21, 2.6 > > > I'm in devMode, enabled logMissingProperties and expect to see missing > property warning in the log. I was surprised that I can't get the missing > property log even if logMissingProperties is set true. The application run > smoothly and skip the missing property - as expected though. > In another run, I enabled both logMissingProperties and > throwExceptionOnFailure. This time the application crash at the missing > property and I can get both logs and exception. > After I dive deeper using debugger, I convince myself the config is good, > since devMode and logMissingProperties are true at runtime in OgnlValueStack. > I was confused, why we can't get missing property log without throwing > OgnlException? > Are we able to enter handleOgnlException(String expr, boolean > throwExceptionOnFailure, OgnlException e) at all if throwExceptionOnFailure > is false, in which my expected log is written? -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Resolved] (WW-5011) Tiles bug when parsing file:// URLs including # as part of the URL
[ https://issues.apache.org/jira/browse/WW-5011?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yasser Zamani resolved WW-5011. --- Resolution: Fixed Assignee: Yasser Zamani > Tiles bug when parsing file:// URLs including # as part of the URL > -- > > Key: WW-5011 > URL: https://issues.apache.org/jira/browse/WW-5011 > Project: Struts 2 > Issue Type: Bug > Components: Plugin - Tiles >Affects Versions: 2.5.17 >Reporter: Jason Pyeron >Assignee: Yasser Zamani >Priority: Critical > Fix For: 2.5.21, 2.6 > > > This prevents deployment of a tiles application to sub contexts on Tomcat or > anywhere else the exploded war files' paths have certain special characters. > Tiles is in the Attic, it is no longer being maintained. > The Tiles plugin can shadow the particular class file as a workaround. > I will submit a patch. Please advise which branch the patch should be based > on. I need it for 2.5.17. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Resolved] (WW-5027) xerces tries to load resources from the internet
[ https://issues.apache.org/jira/browse/WW-5027?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yasser Zamani resolved WW-5027. --- Resolution: Duplicate I think it's not a Struts problem but looks like some configuration mismatch - simply search web for {{"org.apache.tiles.definition.DefinitionsFactoryException: I/O Error reading definitions."}}; Please re-open if they were not helpful. > xerces tries to load resources from the internet > > > Key: WW-5027 > URL: https://issues.apache.org/jira/browse/WW-5027 > Project: Struts 2 > Issue Type: Bug > Components: Plugin - Tiles >Reporter: Jason Pyeron >Priority: Major > Fix For: 2.5.21, 2.6 > > > xerces tries to load resources from the internet > (struts loaded via Apache Roller) > {noformat} > ==> Elements/logs/elements-stdout.2019-03-28.log <== > 12:50:05.199 [ajp-nio-8009-exec-5] WARN > org.apache.struts2.views.tiles.TilesResult - got TilesException while > checking if definiton exists, ignoring it > org.apache.tiles.definition.DefinitionsFactoryException: I/O Error reading > definitions. > at > org.apache.tiles.definition.digester.DigesterDefinitionsReader.read(DigesterDefinitionsReader.java:331) > ~[tiles-core-3.0.7.jar:3.0.7] > at > org.apache.tiles.definition.dao.BaseLocaleUrlDefinitionDAO.loadDefinitionsFromResource(BaseLocaleUrlDefinitionDAO.java:150) > ~[tiles-core-3.0.7.jar:3.0.7] > at > org.apache.tiles.definition.dao.CachingLocaleUrlDefinitionDAO.loadRawDefinitionsFromResources(CachingLocaleUrlDefinitionDAO.java:239) > ~[tiles-core-3.0.7.jar:3.0.7] > at > org.apache.tiles.definition.dao.CachingLocaleUrlDefinitionDAO.loadRawDefinitionsFromResources(CachingLocaleUrlDefinitionDAO.java:230) > ~[tiles-core-3.0.7.jar:3.0.7] > at > org.apache.tiles.definition.dao.CachingLocaleUrlDefinitionDAO.loadRawDefinitionsFromResources(CachingLocaleUrlDefinitionDAO.java:230) > ~[tiles-core-3.0.7.jar:3.0.7] > at > org.apache.tiles.definition.dao.CachingLocaleUrlDefinitionDAO.loadDefinitionsFromResources(CachingLocaleUrlDefinitionDAO.java:208) > ~[tiles-core-3.0.7.jar:3.0.7] > at > org.apache.tiles.definition.dao.CachingLocaleUrlDefinitionDAO.loadDefinitions(CachingLocaleUrlDefinitionDAO.java:197) > ~[tiles-core-3.0.7.jar:3.0.7] > at > org.apache.tiles.definition.dao.ResolvingLocaleUrlDefinitionDAO.loadDefinitions(ResolvingLocaleUrlDefinitionDAO.java:68) > ~[tiles-core-3.0.7.jar:3.0.7] > at > org.apache.tiles.definition.dao.CachingLocaleUrlDefinitionDAO.checkAndloadDefinitions(CachingLocaleUrlDefinitionDAO.java:179) > ~[tiles-core-3.0.7.jar:3.0.7] > at > org.apache.tiles.definition.dao.CachingLocaleUrlDefinitionDAO.getDefinitions(CachingLocaleUrlDefinitionDAO.java:131) > ~[tiles-core-3.0.7.jar:3.0.7] > at > org.apache.tiles.definition.dao.CachingLocaleUrlDefinitionDAO.getDefinition(CachingLocaleUrlDefinitionDAO.java:105) > ~[tiles-core-3.0.7.jar:3.0.7] > at > org.apache.tiles.definition.dao.CachingLocaleUrlDefinitionDAO.getDefinition(CachingLocaleUrlDefinitionDAO.java:49) > ~[tiles-core-3.0.7.jar:3.0.7] > at > org.apache.tiles.definition.UnresolvingLocaleDefinitionsFactory.getDefinition(UnresolvingLocaleDefinitionsFactory.java:89) > ~[tiles-core-3.0.7.jar:3.0.7] > at > org.apache.tiles.impl.BasicTilesContainer.getDefinition(BasicTilesContainer.java:286) > ~[tiles-core-3.0.7.jar:3.0.7] > at > org.apache.tiles.impl.BasicTilesContainer.isValidDefinition(BasicTilesContainer.java:273) > ~[tiles-core-3.0.7.jar:3.0.7] > at > org.apache.tiles.TilesContainerWrapper.isValidDefinition(TilesContainerWrapper.java:88) > ~[tiles-api-3.0.7.jar:3.0.7] > at > org.apache.tiles.impl.mgmt.CachingTilesContainer.isValidDefinition(CachingTilesContainer.java:100) > ~[tiles-core-3.0.7.jar:3.0.7] > at > org.apache.struts2.views.tiles.TilesResult.doExecute(TilesResult.java:136) > [struts2-tiles-plugin-2.5.17.jar:2.5.17] > at > org.apache.struts2.result.StrutsResultSupport.execute(StrutsResultSupport.java:206) > [struts2-core-2.5.17.jar:2.5.17] > at > com.opensymphony.xwork2.DefaultActionInvocation.executeResult(DefaultActionInvocation.java:375) > [struts2-core-2.5.17.jar:2.5.17] > at > com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:279) > [struts2-core-2.5.17.jar:2.5.17] > at > com.opensymphony.xwork2.interceptor.DefaultWorkflowInterceptor.doIntercept(DefaultWorkflowInterceptor.java:179) > [struts2-core-2.5.17.jar:2.5.17] > at > com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:99) > [struts2-core-2.5.17.jar:2.5.17] > at > com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249) > [struts2-core-2.5.17.jar:2.5.17] > at > com.opensymphony.xwork2.validator.ValidationInterceptor.doIntercept(Valida
[jira] [Commented] (WW-5031) OGNL: An illegal reflective access operation has occurred
[ https://issues.apache.org/jira/browse/WW-5031?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16848139#comment-16848139 ] Yasser Zamani commented on WW-5031: --- Thanks [~flyingfischer] for reporting this issue! Yes it seems those logs are at Struts and OGNL side rather than your app - I ran Struts tests with {{--illegal-access=deny}} and there are 13 failures and 17 errors (almost all of them are with tags e.g. {{select}} tag). We should fix them when we found some time or when we upgraded to a JDK version that doesn't allow it any more. P.S. {{--illegal-access=debug}} is also interesting: This mode is identical to warn except that both a warning message and a stack trace are issued for each illegal reflective-access operation. > OGNL: An illegal reflective access operation has occurred > - > > Key: WW-5031 > URL: https://issues.apache.org/jira/browse/WW-5031 > Project: Struts 2 > Issue Type: Bug > Components: Core >Affects Versions: 2.5.20 > Environment: Java 11 / Linux / test environment on eclipse / Tomcat > 8.5 >Reporter: Markus Fischer >Priority: Minor > Fix For: 2.5.21, 2.6 > > > Running Struts on Java 11 gives a new warning about illegal reflection, not > present on Java 8: > WARNING: An illegal reflective access operation has occurred > WARNING: Illegal reflective access by ognl.OgnlRuntime > ([file:/.../workspace/.../.metadata/.plugins/org.eclipse.wst.server.core/tmp0/wtpwebapps/.../WEB-INF/lib/ognl-3.1.21.jar|file:///.../workspace/SC/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/wtpwebapps/.../WEB-INF/lib/ognl-3.1.21.jar]) > to method java.util.HashMap$Node.getKey() > WARNING: Please consider reporting this to the maintainers of > ognl.OgnlRuntime > WARNING: Use --illegal-access=warn to enable warnings of further illegal > reflective access operations > WARNING: All illegal access operations will be denied in a future release > The warning appears after using the following tag in a JSP (name of > properties changed): > > The corresponding Action contains: > private Map items = new LinkedHashMap<>(); > > > > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (WW-5031) OGNL: An illegal reflective access operation has occurred
[ https://issues.apache.org/jira/browse/WW-5031?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16846578#comment-16846578 ] Yasser Zamani commented on WW-5031: --- {{--illegal-access=deny}} is a great idea to find in which line OGNL tries an illegal access then fixing it (y) Could you please set Struts {{devMode}} to true and increase log4j log level to {{DEBUG}} and see if any error starts to be thrown? thanks in advance! P.S. Same report at [User mail list|https://lists.apache.org/thread.html/f9bdcf39b3014363f71f1ecff565931e857f946f8627589e95a8a693@%3Cuser.struts.apache.org%3E] > OGNL: An illegal reflective access operation has occurred > - > > Key: WW-5031 > URL: https://issues.apache.org/jira/browse/WW-5031 > Project: Struts 2 > Issue Type: Bug > Components: Core >Affects Versions: 2.5.20 > Environment: Java 11 / Linux / test environment on eclipse / Tomcat > 8.5 >Reporter: Markus Fischer >Priority: Minor > Fix For: 2.5.21, 2.6 > > > Running Struts on Java 11 gives a new warning about illegal reflection, not > present on Java 8: > WARNING: An illegal reflective access operation has occurred > WARNING: Illegal reflective access by ognl.OgnlRuntime > ([file:/.../workspace/.../.metadata/.plugins/org.eclipse.wst.server.core/tmp0/wtpwebapps/.../WEB-INF/lib/ognl-3.1.21.jar|file:///.../workspace/SC/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/wtpwebapps/.../WEB-INF/lib/ognl-3.1.21.jar]) > to method java.util.HashMap$Node.getKey() > WARNING: Please consider reporting this to the maintainers of > ognl.OgnlRuntime > WARNING: Use --illegal-access=warn to enable warnings of further illegal > reflective access operations > WARNING: All illegal access operations will be denied in a future release > The warning appears after using the following tag in a JSP (name of > properties changed): > > The corresponding Action contains: > private Map items = new LinkedHashMap<>(); > > > > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Resolved] (WW-4958) File upload fails from certain clients
[ https://issues.apache.org/jira/browse/WW-4958?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yasser Zamani resolved WW-4958. --- Resolution: Fixed Assignee: Lukasz Lenart PRs got merged and imported to other branch. Thanks! > File upload fails from certain clients > -- > > Key: WW-4958 > URL: https://issues.apache.org/jira/browse/WW-4958 > Project: Struts 2 > Issue Type: Bug > Components: Dispatch Filter >Affects Versions: 2.5.17 >Reporter: Tamás Faragó >Assignee: Lukasz Lenart >Priority: Major > Fix For: 2.5.21, 2.6 > > > 2.5.11 added more validation on whether to accept file uploads. Previously > there was only a check if the HTTP header contained "multipart/form-data", > now there is the following regex in Dispatcher::isMultipartRequest. > > {quote}public static final String MULTIPART_FORM_DATA_REGEX = > "^multipart/form-data(; > boundary=[0-9a-zA-Z'()+_,\\-./:=?]\{1,70})?(;charset=[a-zA-Z\\-0-9]\{3,14})?";{quote} > > This is too restrictive, apache http client for example adds a white space > between the semicolon and "charset" and thus all file uploads are failing > unless this regex is overwritten in the config. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (WW-4958) File upload fails from certain clients
[ https://issues.apache.org/jira/browse/WW-4958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16823782#comment-16823782 ] Yasser Zamani commented on WW-4958: --- Yes I think - I'll after HUDSON approval :) > File upload fails from certain clients > -- > > Key: WW-4958 > URL: https://issues.apache.org/jira/browse/WW-4958 > Project: Struts 2 > Issue Type: Bug > Components: Dispatch Filter >Affects Versions: 2.5.17 >Reporter: Tamás Faragó >Priority: Major > Fix For: 2.5.21, 2.6 > > > 2.5.11 added more validation on whether to accept file uploads. Previously > there was only a check if the HTTP header contained "multipart/form-data", > now there is the following regex in Dispatcher::isMultipartRequest. > > {quote}public static final String MULTIPART_FORM_DATA_REGEX = > "^multipart/form-data(; > boundary=[0-9a-zA-Z'()+_,\\-./:=?]\{1,70})?(;charset=[a-zA-Z\\-0-9]\{3,14})?";{quote} > > This is too restrictive, apache http client for example adds a white space > between the semicolon and "charset" and thus all file uploads are failing > unless this regex is overwritten in the config. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Resolved] (WW-5029) The content allowed-methods tag of the XML configuration is sometimes truncated
[ https://issues.apache.org/jira/browse/WW-5029?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yasser Zamani resolved WW-5029. --- Resolution: Fixed PR got merged and cherry picked, thanks a lot! > The content allowed-methods tag of the XML configuration is sometimes > truncated > --- > > Key: WW-5029 > URL: https://issues.apache.org/jira/browse/WW-5029 > Project: Struts 2 > Issue Type: Bug > Components: XML Configuration >Affects Versions: 2.5.18 >Reporter: Maxime Clement >Priority: Major > Fix For: 2.5.21, 2.6 > > > Under WebSphere 8.5, the SAX parser sometimes create multiple text elements > to represent the value of the "allowed-methods" tag found in the struts.xml > configuration file. This happens when the text is read in chunks as stated > here: > [https://docs.oracle.com/javase/8/docs/api/org/xml/sax/ContentHandler.html#characters-char:A-int-int-]. > This case is not handled in class XmlConfigurationProvider, which only reads > the first child of the org.w3c.dom.Node returned by the parser (see > [https://github.com/apache/struts/blob/struts-2-5-x/core/src/main/java/com/opensymphony/xwork2/config/providers/XmlConfigurationProvider.java#L879]). > > This means that with this configuration: > {code:java} > method1,method2 > {code} > The node instance almost always contains a single child [ "method1,method2" > ], but randomly the node instance can contain two children: [ "method1,me", > "thod2" ]. As only the first child is considered, the retrieved text is > truncated and the configuration doesn't work. > > It happens randomly and cannot be reproduced easily, but we can see in the > XmlConfigurationProvider class that this case has been taken into account for > the "result" tag: > {code:java} > something > {code} > See: > [https://github.com/apache/struts/blob/struts-2-5-x/core/src/main/java/com/opensymphony/xwork2/config/providers/XmlConfigurationProvider.java#L767] > where all node children of type Node.TEXT_NODE are concatenated to retrieve > the text value, so even if the SAX parser returns multiple chunks, the word > is correctly reconstructed. > > As a workaround I created a custom configuration provider that overrides > StrutsXmlConfigurationProvider and redefines the method "buildAllowedMethods" > in order to parse all children of the node object, as done in method > "buildResults". Note that the same problem applies for > "global-allowed-methods" as the XmlConfigurationProvider also considers the > first child only. > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Resolved] (WW-5028) Dispatcher prints stacktraces directly to the console
[ https://issues.apache.org/jira/browse/WW-5028?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yasser Zamani resolved WW-5028. --- Resolution: Fixed PR got merged and cherry picked, thanks! > Dispatcher prints stacktraces directly to the console > - > > Key: WW-5028 > URL: https://issues.apache.org/jira/browse/WW-5028 > Project: Struts 2 > Issue Type: Bug > Components: Dispatch Filter >Affects Versions: 2.5.18 >Reporter: Stuart Harper >Priority: Minor > Fix For: 2.5.21, 2.6 > > > After upgrading from Struts 2.3.x to 2.5.x we noticed a stack trace in our > logs which was not previously present. The error is actually quite minor and > doesn't impact any functionality, the problem is we have no ability to > control its presence in our logs do the way the Dispatcher.java prints > directly to the console. > This can be seen in class org.apache.struts2.dispatcher.Dispatcher around > line 586 > Only after the error is printed is a check made on whether to handle it. The > exception is then rethrown. > I think it would make more sense to use the logging framework to log > exceptions or otherwise give us some control over whether this appears. As it > is it's impossible to turn it off. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Comment Edited] (WW-5011) Tiles bug when parsing file:// URLs including # as part of the URL
[ https://issues.apache.org/jira/browse/WW-5011?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16817305#comment-16817305 ] Yasser Zamani edited comment on WW-5011 at 4/14/19 1:06 PM: [~jpyeron] there are no code style file yet unfortunately but please see also [Coding Conventions and Guidelines|https://struts.apache.org/release-guidelines.html#coding-conventions-and-guidelines] but if you have no time could you please just share your *final working* patch in any way you can (online public link, attach here or Pull Request on github)? more eyes on your code has also benefits there in your side :) thanks for your report and support! was (Author: yasser.zamani): [~jpyeron] there are no code style file yet unfortunately but please see also [Coding Conventions and Guidelines|https://struts.apache.org/release-guidelines.html#coding-conventions-and-guidelines] but if you have no time could you please just share your *final working* working patch in any way you can (online public link, attach here or Pull Request on github)? more eyes on your code has also benefits there in your side :) thanks for your report and support! > Tiles bug when parsing file:// URLs including # as part of the URL > -- > > Key: WW-5011 > URL: https://issues.apache.org/jira/browse/WW-5011 > Project: Struts 2 > Issue Type: Bug > Components: Plugin - Tiles >Affects Versions: 2.5.17 >Reporter: Jason Pyeron >Priority: Critical > Fix For: 2.5.21, 2.6 > > > This prevents deployment of a tiles application to sub contexts on Tomcat or > anywhere else the exploded war files' paths have certain special characters. > Tiles is in the Attic, it is no longer being maintained. > The Tiles plugin can shadow the particular class file as a workaround. > I will submit a patch. Please advise which branch the patch should be based > on. I need it for 2.5.17. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Comment Edited] (WW-5011) Tiles bug when parsing file:// URLs including # as part of the URL
[ https://issues.apache.org/jira/browse/WW-5011?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16817305#comment-16817305 ] Yasser Zamani edited comment on WW-5011 at 4/14/19 1:05 PM: [~jpyeron] there are no code style file yet unfortunately but please see also [Coding Conventions and Guidelines|https://struts.apache.org/release-guidelines.html#coding-conventions-and-guidelines] but if you have no time could you please just share your *final working* working patch in any way you can (online public link, attach here or Pull Request on github)? more eyes on your code has also benefits there in your side :) thanks for your report and support! was (Author: yasser.zamani): [~jpyeron] there are no code style file yet unfortunately but please see also [Coding Conventions and Guidelines|https://struts.apache.org/release-guidelines.html#coding-conventions-and-guidelines] but if you have no time could you please just share your working patch in any way you can (online public link, attach here or Pull Request on github)? more eyes on your code has also benefits there in your side :) thanks for your report and support! > Tiles bug when parsing file:// URLs including # as part of the URL > -- > > Key: WW-5011 > URL: https://issues.apache.org/jira/browse/WW-5011 > Project: Struts 2 > Issue Type: Bug > Components: Plugin - Tiles >Affects Versions: 2.5.17 >Reporter: Jason Pyeron >Priority: Critical > Fix For: 2.5.21, 2.6 > > > This prevents deployment of a tiles application to sub contexts on Tomcat or > anywhere else the exploded war files' paths have certain special characters. > Tiles is in the Attic, it is no longer being maintained. > The Tiles plugin can shadow the particular class file as a workaround. > I will submit a patch. Please advise which branch the patch should be based > on. I need it for 2.5.17. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (WW-5011) Tiles bug when parsing file:// URLs including # as part of the URL
[ https://issues.apache.org/jira/browse/WW-5011?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16817305#comment-16817305 ] Yasser Zamani commented on WW-5011: --- [~jpyeron] there are no code style file yet unfortunately but please see also [Coding Conventions and Guidelines|https://struts.apache.org/release-guidelines.html#coding-conventions-and-guidelines] but if you have no time could you please just share your working patch in any way you can (online public link, attach here or Pull Request on github)? more eyes on your code has also benefits there in your side :) thanks for your report and support! > Tiles bug when parsing file:// URLs including # as part of the URL > -- > > Key: WW-5011 > URL: https://issues.apache.org/jira/browse/WW-5011 > Project: Struts 2 > Issue Type: Bug > Components: Plugin - Tiles >Affects Versions: 2.5.17 >Reporter: Jason Pyeron >Priority: Critical > Fix For: 2.5.21, 2.6 > > > This prevents deployment of a tiles application to sub contexts on Tomcat or > anywhere else the exploded war files' paths have certain special characters. > Tiles is in the Attic, it is no longer being maintained. > The Tiles plugin can shadow the particular class file as a workaround. > I will submit a patch. Please advise which branch the patch should be based > on. I need it for 2.5.17. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (WW-5021) Serve static resources from different namespace
[ https://issues.apache.org/jira/browse/WW-5021?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16775309#comment-16775309 ] Yasser Zamani commented on WW-5021: --- Sorry I didn't get it again. I say, at end, it's clear who has generated the static resource request - if it's {{/struts/domTT.js}} then requester is root app. If it's {{/someApp/struts/domTT.js}} then requester is {{someApp}} app. So you simply can manipulate your load balancer to route them correctly to requester app, right? But if you have divided your apps using Struts packages's namespace i.e. you expect root application to generate {{/someNamespace/struts/domTT.js}} when underlying action is defined in a package with namespace {{someNamespace}} ({{someNamespace}} here is one of your apps mapped to root namespaces) then I think it is very specific not general your need that couldn't being added, and in my opinion is resolvable via a modification to your design i.e. manipulate your load-balancer to route all of them (/struts/) to root app. > Serve static resources from different namespace > --- > > Key: WW-5021 > URL: https://issues.apache.org/jira/browse/WW-5021 > Project: Struts 2 > Issue Type: Task >Affects Versions: 2.5.20 >Reporter: k918912 >Assignee: Lukasz Lenart >Priority: Major > Fix For: 2.6 > > > Is it somehow possible to serve the static Struts files from a different path? > Currently domTT.js is loaded via /struts, but in my environment I would like > to serve it via /test/struts for example. Is there any configuration I'm > missing or is this currently not possible? -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (WW-5021) Serve static resources from different namespace
[ https://issues.apache.org/jira/browse/WW-5021?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16775109#comment-16775109 ] Yasser Zamani commented on WW-5021: --- {quote}I can't route /struts to my application for policy reasons.{quote} You don't want to route {{/struts}} to your application because of policy reasons? Or you can't route {{/struts}} to your application to enforce your policy? Where is this "your application"? {{/struts}} means your root app is Struts and requested it and the root app itself is anticipated to response to it, not any other app. {quote}Because my application tried to load {{/struts/domTT.js}} and obviously my server was throwing 404 for that.{quote} The demand of {{/struts/domTT.js}} means your root app is Struts, isn't it?! If it is, then it should work and {{404}} means another issue that should be investigated. If it isn't, then I think you should investigate who has generated the {{/struts/domTT.js}} (without context path) http request. > Serve static resources from different namespace > --- > > Key: WW-5021 > URL: https://issues.apache.org/jira/browse/WW-5021 > Project: Struts 2 > Issue Type: Task >Affects Versions: 2.5.20 >Reporter: k918912 >Assignee: Lukasz Lenart >Priority: Major > Fix For: 2.6 > > > Is it somehow possible to serve the static Struts files from a different path? > Currently domTT.js is loaded via /struts, but in my environment I would like > to serve it via /test/struts for example. Is there any configuration I'm > missing or is this currently not possible? -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (WW-5021) Serve static resources from different namespace
[ https://issues.apache.org/jira/browse/WW-5021?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16774940#comment-16774940 ] Yasser Zamani commented on WW-5021: --- So no, it doesn't resolve **all** static resources to {{/struts}}, but only the root application's Struts resolve it's static resources to that and it is what logically anticipated. Other context path's application's Struts doesn't resolve their static resources to root, so I think they already target the correct app. Or maybe I didn't understand your design correctly? because I didn't understand what you meant by: bq. Also I can't let my application run under /test, because it has 2 completely different namespaces, e.g. /test/action1 and /test2/action2. > Serve static resources from different namespace > --- > > Key: WW-5021 > URL: https://issues.apache.org/jira/browse/WW-5021 > Project: Struts 2 > Issue Type: Task >Affects Versions: 2.5.20 >Reporter: k918912 >Assignee: Lukasz Lenart >Priority: Major > Fix For: 2.6 > > > Is it somehow possible to serve the static Struts files from a different path? > Currently domTT.js is loaded via /struts, but in my environment I would like > to serve it via /test/struts for example. Is there any configuration I'm > missing or is this currently not possible? -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Resolved] (WW-5004) No more calling of a static variable in Struts 2.8.20 available
[ https://issues.apache.org/jira/browse/WW-5004?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yasser Zamani resolved WW-5004. --- Resolution: Fixed All PRs processed, Thanks! > No more calling of a static variable in Struts 2.8.20 available > --- > > Key: WW-5004 > URL: https://issues.apache.org/jira/browse/WW-5004 > Project: Struts 2 > Issue Type: Bug > Components: Core >Affects Versions: 2.5.20 > Environment: Java 7.1 and JSP Websites >Reporter: Deniz Renkligül >Priority: Critical > Labels: build, features, patch, usability > Fix For: 2.5.21, 2.6 > > > After the update from Struts 2.5.18 to 2.5.20 it is not more possible to call > a java static variable in JSP like > {code:java} > > {code} > Please see for more details the release notes of 2.5.20 > [link > https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.20|https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.20] > and I tried without success the following description assigned above in the > release version notes 2.5.20 with : > {code:java} > > > {code} > https://issues.apache.org/jira/browse/WW-4984 > > Thanks in advance for your support. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Resolved] (WW-5006) NullPointerException in ProxyUtil class when accessing static member
[ https://issues.apache.org/jira/browse/WW-5006?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yasser Zamani resolved WW-5006. --- Resolution: Fixed PR got merged. Thanks! > NullPointerException in ProxyUtil class when accessing static member > > > Key: WW-5006 > URL: https://issues.apache.org/jira/browse/WW-5006 > Project: Struts 2 > Issue Type: Bug > Components: Value Stack >Affects Versions: 2.5.20 >Reporter: Sebastian Götz >Priority: Major > Fix For: 2.5.21, 2.6 > > > In some JSP we access static fields (constants) of an interface. The > interface has scope public and and the fields are public static final. > When accessing the value of such a field the ValueStack throws a > NullPointerException here (com.opensymphony.xwork2.util.ProxyUtil), because > there is actually no object (parameter holds null) when accessing a static > member: > {code:java} > /** > * Check whether the given object is a proxy. > * @param object the object to check > */ > public static boolean isProxy(Object object) { > Class clazz = object.getClass(); > Boolean flag = isProxyCache.get(clazz); > if (flag != null) { > return flag; > } > boolean isProxy = isSpringAopProxy(object); > isProxyCache.put(clazz, isProxy); > return isProxy; > } > {code} > > Support to access static members is switched on via struts constant > {{}} -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (WW-5022) Struts 2.6 escaping behaviour change for s:a (anchor) tag
[ https://issues.apache.org/jira/browse/WW-5022?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16772792#comment-16772792 ] Yasser Zamani commented on WW-5022: --- If we would go with it, then I think let's proceed, fix this and introduce it as soon as possible i.e. 2.6 is a good candidate to break previous major behavior :) To proceed and fix this, we should review all changed files or all {{ftl}} files to see if there are cases that logically their escape behavior needs the ability to be overridden by user. > Struts 2.6 escaping behaviour change for s:a (anchor) tag > - > > Key: WW-5022 > URL: https://issues.apache.org/jira/browse/WW-5022 > Project: Struts 2 > Issue Type: Bug > Components: Core >Affects Versions: 2.6 > Environment: Tomcat 7.0, 8.5 using Java 8 and 11. >Reporter: James Chaplin >Priority: Major > Fix For: 2.6 > > > While interacting with the current 2.6 Showcase application I recently > noticed that+ the "Home" glyph icon was not displaying correctly+. Instead > of the icon, +the page displayed the body content literally in the browser+. > Checking the page source (view source in browser) it turns out the body > content of the tag was HTML-escaped. I double-checked and this does not > happen to Struts 2.5.21 (snapshot) or older 2.6 Showcase apps. > This behaviour might affect other tags, but +it was noticed and confirmed > with "s:a"+ (the JSP anchor tag). > After some digging (using older commits from GitHub and building the 2.6 > Showcase app from them) it appears the automatic body escaping did not occur > prior to January 2nd 2019, but was introduced with one of the multiple > commits applied on January 3rd 2019. > It could be an interaction between earlier mid-December 2018 commits that > changed the Freemarker configuration version in FreemarkerManager > (Configuration.VERSION_2_3_0) to a new one (Configuration.VERSION_2_3_28), > combined with the January 3rd commits. Couldn't find the exact cause, but > perhaps one of the Struts Team might be able to do so. > Given the original/old behaviour +it seems that auto-escaping the tag body > might be a bug+. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (WW-5021) Serve static resources from different namespace
[ https://issues.apache.org/jira/browse/WW-5021?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16772743#comment-16772743 ] Yasser Zamani commented on WW-5021: --- I think your mentioned issue doesn't mean Struts should add the "{{Serve static resources from different namespace}}"'s feature. Struts already must resolve static resources from current context path. i.e. in your example, if your app is on {{/test}}, then Struts must resolve {{<@s.url value="/struts/domTT.js" includeParams="none" encode="false" />}} to {{/test/struts/domTT.js}} (i.e. regarding and honoring current context path). *Doesn't it?* if no, then I think it looks like a bug. > Serve static resources from different namespace > --- > > Key: WW-5021 > URL: https://issues.apache.org/jira/browse/WW-5021 > Project: Struts 2 > Issue Type: Task >Affects Versions: 2.5.20 >Reporter: k918912 >Assignee: Lukasz Lenart >Priority: Major > Fix For: 2.6 > > > Is it somehow possible to serve the static Struts files from a different path? > Currently domTT.js is loaded via /struts, but in my environment I would like > to serve it via /test/struts for example. Is there any configuration I'm > missing or is this currently not possible? -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (WW-5022) Struts 2.6 escaping behaviour change for s:a (anchor) tag
[ https://issues.apache.org/jira/browse/WW-5022?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16772708#comment-16772708 ] Yasser Zamani commented on WW-5022: --- What is the philosophy that auto-escaping is a critical need?! If there aren't, and as it looks like a huge behavioral change, then let disable auto-escaping. I myself, as a user/developer, prefer flexibility against security - I myself should care! > Struts 2.6 escaping behaviour change for s:a (anchor) tag > - > > Key: WW-5022 > URL: https://issues.apache.org/jira/browse/WW-5022 > Project: Struts 2 > Issue Type: Bug > Components: Core >Affects Versions: 2.6 > Environment: Tomcat 7.0, 8.5 using Java 8 and 11. >Reporter: James Chaplin >Priority: Major > Fix For: 2.6 > > > While interacting with the current 2.6 Showcase application I recently > noticed that+ the "Home" glyph icon was not displaying correctly+. Instead > of the icon, +the page displayed the body content literally in the browser+. > Checking the page source (view source in browser) it turns out the body > content of the tag was HTML-escaped. I double-checked and this does not > happen to Struts 2.5.21 (snapshot) or older 2.6 Showcase apps. > This behaviour might affect other tags, but +it was noticed and confirmed > with "s:a"+ (the JSP anchor tag). > After some digging (using older commits from GitHub and building the 2.6 > Showcase app from them) it appears the automatic body escaping did not occur > prior to January 2nd 2019, but was introduced with one of the multiple > commits applied on January 3rd 2019. > It could be an interaction between earlier mid-December 2018 commits that > changed the Freemarker configuration version in FreemarkerManager > (Configuration.VERSION_2_3_0) to a new one (Configuration.VERSION_2_3_28), > combined with the January 3rd commits. Couldn't find the exact cause, but > perhaps one of the Struts Team might be able to do so. > Given the original/old behaviour +it seems that auto-escaping the tag body > might be a bug+. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Resolved] (WW-5012) Make a public state check the first acceptance check in SecurityMemberAccess
[ https://issues.apache.org/jira/browse/WW-5012?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yasser Zamani resolved WW-5012. --- Resolution: Fixed PR got merged, thanks! > Make a public state check the first acceptance check in SecurityMemberAccess > > > Key: WW-5012 > URL: https://issues.apache.org/jira/browse/WW-5012 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Affects Versions: 2.5.20 > Environment: All environments. >Reporter: James Chaplin >Priority: Minor > Labels: performance, security > Fix For: 2.6 > > > During discussion for WW-5004, a recommendation was made by two Apache Struts > Team members to adjust the sequence of calls in the SecurityMemberAccess > module. > The recommendation was to make the member's public state check (e.g. > checkPublicMemberAccess()) the absolute first check made during acceptance > checks). > This improvement would look at implementing this change for the access check > ordering, and any minor enhancements that are applicable to the ordering > change. -- This message was sent by Atlassian JIRA (v7.6.3#76005)