struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Greg Huber (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (WW-4641) CVE-2016-0785
Date Wed, 22 Jun 2016 16:12:57 GMT

    [ https://issues.apache.org/jira/browse/WW-4641?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15344636#comment-15344636
] 

Greg Huber commented on WW-4641:
--------------------------------

https://struts.apache.org/docs/iterator.html

The id attribute is deprecated in Struts 2.1.x, and has been replaced by the var attribute.

<s:iterator value="beanList" id="bean">
      <s:textfield name="beanList(%{bean.id}).name" />
</s:iterator>

use:

<s:iterator value="beanList" var="bean">
      <s:textfield name="beanList(%{bean.id}).name" />
</s:iterator>

> CVE-2016-0785
> -------------
>
>                 Key: WW-4641
>                 URL: https://issues.apache.org/jira/browse/WW-4641
>             Project: Struts 2
>          Issue Type: New Feature
>          Components: Expression Language
>    Affects Versions: 2.3.20
>         Environment:  apache tomcat 6.0.27
>            Reporter: Samba
>            Assignee: Lukasz Lenart
>              Labels: features
>             Fix For: 2.3.30
>
>   Original Estimate: 168h
>  Remaining Estimate: 168h
>
> Hi Team,
> http://struts.apache.org/docs/s2-029.html
> please suggest the replacement code for %{..} for the latest version of the struts 2.3.28
> Thanks
> Sambasiva Rao



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message