Re: getOutputStream() has already been called for this response
Hi, I am also facing the same problem while trying to download to excel. Plz let me know what code u have added to solve this problem -- View this message in context: http://struts.1045723.n5.nabble.com/Cannot-forward-after-response-has-been-committed-tp5710573p5711663.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Cannot forward after response has been committed...
Hi S S, i am solved this problem by changeing return stream .hope this helps to you File file=null; file = new File(path); return FileStreamInfo object instead of ResourceStreamInfo and pass content type and File class object. return new FileStreamInfo(contentType, file); -- View this message in context: http://struts.1045723.n5.nabble.com/Cannot-forward-after-response-has-been-committed-tp5710573p5711664.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Java security issue vs. struts?
Thank you Chris. Moreover, if I call jfreechart to generate reports through
web applications, it will not be affected, I believe?
As long as you do not use Applets to output JFreechart data you should
be fine (saying: if you generate images with JFreechart)
(1) My jsp:
img src=jfreechart_reportProcessReport.action
(2) struts.xml
action name=jfreechart_reportProcessReport method=jfreechart_report
class=ProcessReport
result name=success type=chart
param name=chartchart/param
param name=width1000/param
param name=height500/param
/result
/action
(3) My struts java action class (server side):
do:
ChartFactory.createBarChart3D(){... ...}
As a result, due to (1) ~(3) I am safe I believe.
Thanks a lot for all your comments!
Emi
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
Re: Java security issue vs. struts?
Hello Martin,
I did not find bug report under struts JIRA related to jfreechart.
More details about how I use jfreechart:
(1) jsp img src=.action
(2) JAVA Action class, generated jsp
(3) struts.xml specify img size
Hope this info will help others have the same concern :-)
Bon week-end!
Emi
On 01/16/2013 05:39 PM, Martin Gainty wrote:
Hi Chris This issue came up on another apache users list I believe there was
open access issue to Remote Context Object by OGNL
(but i think Lukasz or Dave addressed the issue)..emi..did you see this in
Struts Jira? Bon chance,
Martin
__
Note de déni et de confidentialitéCe message est confidentiel et peut être
privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec
bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non
autorisée ou la copie de ceci est interdite. Ce message sert à l'information
seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant
donné que les email peuvent facilement être sujets à la manipulation, nous ne
pouvons accepter aucune responsabilité pour le contenu fourni.
Original Message
Subject: Re: Java security issue vs. struts?
Date: Fri, 18 Jan 2013 12:00:31 -0500
From: Emi Lu em...@encs.concordia.ca
Reply-To: em...@encs.concordia.ca
To: Christian Grobmeier grobme...@gmail.com
CC: Struts Users Mailing List user@struts.apache.org, Chris Pratt
thechrispr...@gmail.com
Thank you Chris. Moreover, if I call jfreechart to generate reports through
web applications, it will not be affected, I believe?
As long as you do not use Applets to output JFreechart data you should
be fine (saying: if you generate images with JFreechart)
(1) My jsp:
img src=jfreechart_reportProcessReport.action
(2) struts.xml
action name=jfreechart_reportProcessReport method=jfreechart_report
class=ProcessReport
result name=success type=chart
param name=chartchart/param
param name=width1000/param
param name=height500/param
/result
/action
(3) My struts java action class (server side):
do:
ChartFactory.createBarChart3D(){... ...}
As a result, due to (1) ~(3) I am safe I believe.
Thanks a lot for all your comments!
Emi
mailto:user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
mailto:user-h...@struts.apache.org
--
Emi Lu, ENCS, Concordia University, Montreal H3G 1M8
em...@encs.concordia.ca+1 514 848-2424 x5884
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
--
Emi Lu, ENCS, Concordia University, Montreal H3G 1M8
em...@encs.concordia.ca+1 514 848-2424 x5884
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
[S1] Validator does not respect locale when validating double value?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
All,
I'm running Struts 1.3.10 (with commons-validator 1.3.1), and I'm
trying to validate (and subsequently parse) a floating-point value as
a double.
My validator configuration looks like this (I apologize for it's
potential unreadability):
field property=maxAgeMonths
page=3
depends=required,maxlength,double,doubleRange
arg position=1 name=maxlength key=${var:maxlength}
resource=false /
varvar-namemaxlength/var-namevar-value8/var-value/var
varvar-namemin/var-namevar-value-10.0/var-value/var
varvar-namemax/var-namevar-value11.99/var-value/var
msg name=doubleRange bundle=Staff key=error.age-out-of-range /
/field
In my session, the value of org.apache.struts.action.LOCALE is es,
so Spanish. My UI is coming-up in Spanish, too.
When I try to submit 3,77 as the max age, I get a message that the
field value is not a valid double.
If I change the value to 3.77, I get no errors, and of course my
code (somewhat) correctly parses the value to 377 months because, in
Spanish, the period means a grouping separator and not a decimal point.
I have not altered the standard definition of the double validator:
I'm using whatever comes in
/org/apache/struts/validator/validator-rules.xml.
Before I go digging-through the code Struts/commons-validator to find
out exactly what might be wrong, can anyone give me any suggestions at
to what I might be missing?
Thanks,
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEAREIAAYFAlD5ji0ACgkQ9CaO5/Lv0PAMmACfWNa2HW7HZbcZpttLjNzHfZXk
R8cAn1+cSyS2l85kXndju57zz037OBmE
=Kpsg
-END PGP SIGNATURE-
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
Re: [S1] Validator does not respect locale when validating double value?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, On 1/18/13 1:02 PM, Christopher Schultz wrote: Before I go digging-through the code Struts/commons-validator to find out exactly what might be wrong, can anyone give me any suggestions at to what I might be missing? Actually, it didn't take a lot of digging: http://svn.apache.org/viewvc/struts/struts1/tags/STRUTS_1_3_10/core/src/main/java/org/apache/struts/validator/FieldChecks.java?view=markup The method validateDouble() totally ignores the user's Locale and calls commons-validator's formatDouble(String) method instead of the formatDouble(String,Locale) method. The same seems to be true for all the validate[NumberType] methods and validate[NumberType]Range methods. This seems to be an i18n bug to me. Am I missing something? Thanks, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEAREIAAYFAlD5mq4ACgkQ9CaO5/Lv0PC8eACeLQwIIKTeKRovTsVjQL5J0Xzk VygAoJUjB9SIHmSjI3PuYIw5kJhbQjc3 =REQ5 -END PGP SIGNATURE- - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: [S1] Validator does not respect locale when validating double value?
2013/1/18 Christopher Schultz ch...@christopherschultz.net: The method validateDouble() totally ignores the user's Locale and calls commons-validator's formatDouble(String) method instead of the formatDouble(String,Locale) method. The same seems to be true for all the validate[NumberType] methods and validate[NumberType]Range methods. This seems to be an i18n bug to me. Am I missing something? Looks like... Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: [S1] Validator does not respect locale when validating double value?
Łucaz, On Jan 18, 2013, at 16:00, Lukasz Lenart lukaszlen...@apache.org wrote: 2013/1/18 Christopher Schultz ch...@christopherschultz.net: The method validateDouble() totally ignores the user's Locale and calls commons-validator's formatDouble(String) method instead of the formatDouble(String,Locale) method. The same seems to be true for all the validate[NumberType] methods and validate[NumberType]Range methods. This seems to be an i18n bug to me. Am I missing something? Looks like... Thanks for the sanity check. It's a simple patch, one that I am more than willing to provide. Honestly, I'm shocked that struts 1, which is at least 10 years old, still has a glaring internationalization bug like this. -chris - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: [S1] Validator does not respect locale when validating double value?
2013/1/18 Christopher Schultz ch...@christopherschultz.net: Honestly, I'm shocked that struts 1, which is at least 10 years old, still has a glaring internationalization bug like this. It isn't actively developed any more, that's the problem :-) Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: [S1] Validator does not respect locale when validating double value?
-chris -- Christopher Schultz Chief Technology Officer, Total Child Health Inc. Technical Director, Center for Promotion of Child Development through Primary Care tel: +1.410.807.4500 x20 tel: +1.888.4CHADIS (+1.888.424.2347) email: cschu...@chadis.com On Jan 18, 2013, at 16:38, Lukasz Lenart lukaszlen...@apache.org wrote: 2013/1/18 Christopher Schultz ch...@christopherschultz.net: Honestly, I'm shocked that struts 1, which is at least 10 years old, still has a glaring internationalization bug like this. It isn't actively developed any more, that's the problem :-) Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: [S1] Validator does not respect locale when validating double value?
-chris -- Christopher Schultz Chief Technology Officer, Total Child Health Inc. Technical Director, Center for Promotion of Child Development through Primary Care tel: +1.410.807.4500 x20 tel: +1.888.4CHADIS (+1.888.424.2347) email: cschu...@chadis.com On Jan 18, 2013, at 16:38, Lukasz Lenart lukaszlen...@apache.org wrote: 2013/1/18 Christopher Schultz ch...@christopherschultz.net: Honestly, I'm shocked that struts 1, which is at least 10 years old, still has a glaring internationalization bug like this. It isn't actively developed any more, that's the problem :-) Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: [S1] Validator does not respect locale when validating double value?
Łucaz, On Jan 18, 2013, at 16:38, Lukasz Lenart lukaszlen...@apache.org wrote: 2013/1/18 Christopher Schultz ch...@christopherschultz.net: Honestly, I'm shocked that struts 1, which is at least 10 years old, still has a glaring internationalization bug like this. It isn't actively developed any more, that's the problem :-) I *did* know that, but I figured it would have been fixed while ago :-) I've got an old web app that has used S1 for years, so that's why I'm using it. Don't worry, I'm not trying to launch a brand-new project using struts one. -chris - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: [S1] Validator does not respect locale when validating double value?
2013/1/18 Christopher Schultz ch...@christopherschultz.net: I've got an old web app that has used S1 for years, so that's why I'm using it. Don't worry, I'm not trying to launch a brand-new project using struts one. :D Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
RE: Java security issue vs. struts?
1)The open access created via OGNL expression request to Context is a minor
breach..contact Dave or Lukasz for solution
(at least one of them will plug the hole)
2)If you're a security guy (or gal) start subscribing to CVE bulletins
Oracle *usually* addresses these issues right away and you can read about the
latest vulnerability and ways to mitigate the breach
at
http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html
Bon Chance,Martin Date: Fri, 18 Jan 2013 12:21:28 -0500
From: em...@encs.concordia.ca
To: user@struts.apache.org
CC: mgai...@hotmail.com; thechrispr...@gmail.com
Subject: Re: Java security issue vs. struts?
Hello Martin,
I did not find bug report under struts JIRA related to jfreechart.
More details about how I use jfreechart:
(1) jsp img src=.action
(2) JAVA Action class, generated jsp
(3) struts.xml specify img size
Hope this info will help others have the same concern :-)
Bon week-end!
Emi
On 01/16/2013 05:39 PM, Martin Gainty wrote:
Hi Chris This issue came up on another apache users list I believe there
was open access issue to Remote Context Object by OGNL
(but i think Lukasz or Dave addressed the issue)..emi..did you see this in
Struts Jira? Bon chance,
Martin
__
Note de déni et de confidentialitéCe message est confidentiel et peut être
privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons
avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle
diffusion non autorisée ou la copie de ceci est interdite. Ce message sert
à l'information seulement et n'aura pas n'importe quel effet légalement
obligatoire. Étant donné que les email peuvent facilement être sujets à la
manipulation, nous ne pouvons accepter aucune responsabilité pour le
contenu fourni.
Original Message
Subject: Re: Java security issue vs. struts?
Date: Fri, 18 Jan 2013 12:00:31 -0500
From: Emi Lu em...@encs.concordia.ca
Reply-To: em...@encs.concordia.ca
To: Christian Grobmeier grobme...@gmail.com
CC: Struts Users Mailing List user@struts.apache.org, Chris Pratt
thechrispr...@gmail.com
Thank you Chris. Moreover, if I call jfreechart to generate reports through
web applications, it will not be affected, I believe?
As long as you do not use Applets to output JFreechart data you should
be fine (saying: if you generate images with JFreechart)
(1) My jsp:
img src=jfreechart_reportProcessReport.action
(2) struts.xml
action name=jfreechart_reportProcessReport method=jfreechart_report
class=ProcessReport
result name=success type=chart
param name=chartchart/param
param name=width1000/param
param name=height500/param
/result
/action
(3) My struts java action class (server side):
do:
ChartFactory.createBarChart3D(){... ...}
As a result, due to (1) ~(3) I am safe I believe.
Thanks a lot for all your comments!
Emi
mailto:user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
mailto:user-h...@struts.apache.org
--
Emi Lu, ENCS, Concordia University, Montreal H3G 1M8
em...@encs.concordia.ca+1 514 848-2424 x5884
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
--
Emi Lu, ENCS, Concordia University, Montreal H3G 1M8
em...@encs.concordia.ca+1 514 848-2424 x5884
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
