Github user asfgit commented on the issue:
https://github.com/apache/struts/pull/125
Can one of the admins verify this patch?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
Github user yasserzamani commented on the issue:
https://github.com/apache/struts/pull/125
@aleksandr-m , not me but my workmate has used it as an ID for each jsp. I
do not know his work details but in general, he then uses this ID to decide
where he should place the result after an
Github user aleksandr-m commented on the issue:
https://github.com/apache/struts/pull/125
Spoted same
`#context['com.opensymphony.xwork2.dispatcher.HttpServletRequest']` expression
[here](https://stackoverflow.com/q/44291034/1700321). @yasserzamani What do you
use it for?
---
If
017-03-24 11:09 GMT+01:00 Lukasz Lenart <lukaszlen...@apache.org>:
>> Hi,
>>
>> I have started working on immutable context, basically there is no way
>> to access #context key anymore, something that was quite often used by
>> hackers.
>>
>> Thi
Github user yasserzamani commented on the issue:
https://github.com/apache/struts/pull/125
Below is my new design which may be helpful as an example for whom is
affected. Those are about access to
`%{#context['com.opensymphony.xwork2.dispatcher.HttpServletRequest'].requestURI}`.
2017-03-24 11:09 GMT+01:00 Lukasz Lenart <lukaszlen...@apache.org>:
> Hi,
>
> I have started working on immutable context, basically there is no way
> to access #context key anymore, something that was quite often used by
> hackers.
>
> This can affect users using #c
Github user cnenning commented on the issue:
https://github.com/apache/struts/pull/125
Sounds like a very good idea! A short check showed that my apps are not
affected ð
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as
Hi,
I have started working on immutable context, basically there is no way
to access #context key anymore, something that was quite often used by
hackers.
This can affect users using #context in their expressions but it works
for 99,99% of others.
https://github.com/apache/struts/pull/125
GitHub user lukaszlenart opened a pull request:
https://github.com/apache/struts/pull/125
Immutable context
WIP
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/lukaszlenart/struts immutable-context
Alternatively you can review
