Rather no or I cannot recall any and it isn't related to OGNL but how S2 is using it.
Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ 2013/5/8 Zoran Avtarovski <zo...@sparecreative.com>: > I'm using struts v2.3.8 and OGNL v3.0.6. > > Is there a property or setting for OGNL to prevent double evaluations? Or > is there a fix in GitHub? > > Z. > > > On 8/05/13 3:51 PM, "Lukasz Lenart" <lukaszlen...@apache.org> wrote: > >>Hi, >> >>Yeah, it looks like a double evaluation which is a bug probably >> >> >>Regards >>-- >>Łukasz >>+ 48 606 323 122 http://www.lenart.org.pl/ >> >> >>2013/5/8 Dale Newfield <d...@newfield.org>: >>> It seems like an evaluation of a value, which could be bad, in fact a >>>large security hole. What if that value were "System.exit()"? (I forget >>>my ognl...I think you need fully qualified path and a hash or at or >>>something to call static methods, but you get the point.) >>> >>> -Dale >>> >>> >>> On May 7, 2013, at 11:10 PM, Zoran Avtarovski <zo...@sparecreative.com> >>>wrote: >>> >>>> I have a small issue that I'm trying to resolve and I was hoping the >>>>someone >>>> might have come across it earlier. >>>> >>>> I'll try to explain as best I can: >>>> I have a number of objects on the value stack: >>>> 1. pojo - a java object with a string attribute called key which >>>>links to a >>>> DB based localised text value >>>> 2. movement another java object with a string attribute called >>>>strength >>>> To display the localised text associated with the pojo key I use the >>>> following tag >>>> >>>> <s:text name="%{pojo.key}" /> >>>> >>>> The problem is that if the key value clashes with another item on the >>>>value >>>> stack I don't get the string value. >>>> For example if the key value on pojo is "movement.strength" and the >>>>strength >>>> value for movement is "weak" I don't get the expected results. Instead >>>>of >>>> getting the localised text with key "movement.strength" I get the >>>>localised >>>> text with key "weak". I tried setting the searchValueStack property to >>>>false >>>> but it made no change. >>>> >>>> I'd appreciate any help. >>>> >>>> Z. >>>> >>>> >>>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org >>> For additional commands, e-mail: user-h...@struts.apache.org >>> >> >>--------------------------------------------------------------------- >>To unsubscribe, e-mail: user-unsubscr...@struts.apache.org >>For additional commands, e-mail: user-h...@struts.apache.org >> > > --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
