struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Al Sutton ...@funkyandroid.com>
Subject 2.1.4 Quality - XWork/OGNL issue
Date Tue, 30 Dec 2008 09:12:39 GMT
The previous problems are fixed, but there looks like there might be a 
potential issue with XWork and/or OGNL....

I use displaytag and when paging through the URL is something like;

http://localhost/AndroidPhoneApplications/subs/?d-16387-p=3

When paging through with 2.1.4 I get an exception from XWork/OGNL which 
says;

ognl.InappropriateExpressionException: Inappropriate OGNL expression: (d 
- 16387) - p

I don't get this with 2.1.2, so is attempts to evaluate GET parameter 
names a new thing with 2.1.4?

imho Xwork/OGNL shouldn't be evaluating either the name or the value of 
a POST or GET parameter because they are user submitted and there maybe 
something which the application needs to process but is in an form that 
OGNL "changes", and hence a lot of confusion could be caused.

Al.

P.S. I don't know if it's happening with POST parameters as well.

-- 
======
Funky Android Limited is registered in England & Wales with the 
company number  6741909. The registered head office is Kemp House, 
152-160 City Road, London,  EC1V 2NX, UK. 

The views expressed in this email are those of the author and not 
necessarily those of Funky Android Limited, it's associates, or it's 
subsidiaries.


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org


Mime
View raw message