struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Piero Sartini <li...@pierosartini.de>
Subject Re: [VOTE] Struts 2.0.10 Quality
Date Sun, 16 Sep 2007 23:34:44 GMT
After looking at the code the problem is within Component.java.

The determineActionURL method has 2 new parameters which were not present in 
2.0.9 and are passed to UrlHelper.java:
boolean forceAddSchemeHostAndPort, boolean escapeAmp

It should be safe to call with 
forceAddSchemeHostAndPort=false, escapeAmp=true 
(That is what UrlHelper.java does when these params are missing ..)

This can be fixed in tabletags quite easy.

Anyway, since 2.0.10 fixes a security issue: Would it be good to have a method 
in Component.java that is compatible with 2.0.9? Maybe tagged as @Deprecated?

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org


Mime
View raw message