struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Don Brown (JIRA)" <j...@apache.org>
Subject [jira] Closed: (STR-2742) Validation always skipped with Globals.CANCEL_KEY
Date Tue, 25 Apr 2006 18:46:45 GMT 
     [ http://issues.apache.org/struts/browse/STR-2742?page=all ]
     
Don Brown closed STR-2742:
--------------------------

    Fix Version: 1.2.9
     Resolution: Fixed
      Assign To:     (was: Struts Developer Mailing List)

Closing as it has been several weeks.  If you are still having a problem, please open a new
ticket.

> Validation always skipped with Globals.CANCEL_KEY
> -------------------------------------------------
>
>          Key: STR-2742
>          URL: http://issues.apache.org/struts/browse/STR-2742
>      Project: Struts Action 1
>         Type: Bug

>   Components: Action
>     Versions: 1.2.8
>  Environment: Operating System: other
> Platform: Other
>     Reporter: Paul Benedict
>      Fix For: 1.2.9
>  Attachments: InvalidCancelException.java, UnsupportedCancellationException.java, ValidateCancelable.txt,
ValidateCancelable.txt, cancellable.txt, patch.txt, rp13-patch.txt
>
> * Issue: addition of a 'org.apache.struts.taglib.html.Constants.CANCEL'
> parameter to any request will cause validation to be skipped, but the rest of
> the request processing / action invocation cycle to proceed normally
> * Consequence: any action which proceeds assuming that validation has completed
> successfully and which doesn't explicitly check isCanceled() is proceeding on a
> broken assumption.
> The discussion of this issue began in the struts-user list:
> http://mail-archives.apache.org/mod_mbox/struts-user/200601.mbox/%3c20060121221800.15814.qmail@web32607.mail.mud.yahoo.com%3e
> The thread continued in struts-dev list:
> http://mail-archives.apache.org/mod_mbox/struts-dev/200601.mbox/%3cdr169r$623$2@sea.gmane.org%3e
> Most people have agreed that this is a security-related issue.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/struts/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Mime
View raw message