2014-01-29 Manuel López Blasi <lopezbl...@conicet.gov.ar>: > 1) Having the action.prefix enabled there's no intereference in the > securyity fixes introduced in the last versions, it should be all fully > working isn't it? > We have Dynamic Method Invocation disabled.
No, action: prefix can be dangerous but it depends on security model implemented inside actions and application. I cannot share more on public mailing list to not disclose security vulnerability. > 2) Whe a button is clicked so it fires the method specified en the action > attribute of the s:submit tag it seems that it looks for the method > "prepareMethod" where Method is the method i specified, it seems that the > prefix "prepare" is appended. Is there a way to override or disable this > appending? > Same goes for the method validate, it is looking for "prepareValidate" , i > need to get rid of those appendings, since otherwise we would need to make a > huge refactor of > method namings in the project. It is because of prepare interceptor which is included in stack you are using. Basically prepareXXX is called to prepare action for execution of desired method. http://struts.apache.org/release/2.3.x/docs/prepare-interceptor.html Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
