struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Coverity Security Research Laboratory (JIRA)" <j...@apache.org>
Subject [jira] [Created] (WW-4171) getText methods are not documented as evaluating OGNL
Date Mon, 05 Aug 2013 17:48:50 GMT
Coverity Security Research Laboratory created WW-4171:
---------------------------------------------------------

             Summary: getText methods are not documented as evaluating OGNL
                 Key: WW-4171
                 URL: https://issues.apache.org/jira/browse/WW-4171
             Project: Struts 2
          Issue Type: Bug
          Components: Documentation
    Affects Versions: 2.3.15.1
            Reporter: Coverity Security Research Laboratory


The methods below evaluate OGNL as their first parameter. However they are not documented
as evaluating OGNL. We have observed this occurring in one project and are contacting the
affected vendors.

com.opensymphony.xwork2.TextProviderSupport.getText(String, String[])
com.opensymphony.xwork2.TextProviderSupport.getText(String, List<?>)
com.opensymphony.xwork2.TextProviderSupport.getText(String)

These methods are then used by ActionSupport (via its getText methods). None of these methods
are documented as evaluating OGNL either.

This issue is recommending that all of these methods are documented as evaluating OGNL since
this may come as a surprise to some developers.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message