struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Greg Huber (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (WW-4641) CVE-2016-0785
Date Thu, 23 Jun 2016 07:11:16 GMT

    [ https://issues.apache.org/jira/browse/WW-4641?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15345939#comment-15345939
] 

Greg Huber edited comment on WW-4641 at 6/23/16 7:10 AM:
---------------------------------------------------------

If %{bean.id} is not referring to id="bean" of the iterator, rather the page bean, them I
am incorrect as have not understood the issue.

{code:xml}
<s:iterator value="beanList" id="bean">
<s:textfield name="beanList(%/{bean.id/}).name" />
{code}
this works for me:
{code:xml}
<s:iterator var="bean" value="eventList">
<s:hidden name="eventList(%{#bean.sequence/}).sequence" value="%{#bean.sequence}" />
{code}


was (Author: gregh99):
If %{bean.id} is not referring to id="bean" of the iterator, rather the page bean, them I
am incorrect as have not understood the issue.

{code:xml}
<s:iterator value="beanList" id="bean">
<s:textfield name="beanList(%/{bean.id/}).name" />
{code}
this works for me:
{code:xml}
<s:iterator var="bean" value="eventList">
<s:hidden name="eventList(%/{#bean.sequence/}).sequence" value="%{#bean.sequence}" />
{code}

> CVE-2016-0785
> -------------
>
>                 Key: WW-4641
>                 URL: https://issues.apache.org/jira/browse/WW-4641
>             Project: Struts 2
>          Issue Type: New Feature
>          Components: Expression Language
>    Affects Versions: 2.3.20
>         Environment:  apache tomcat 6.0.27
>            Reporter: Samba
>            Assignee: Lukasz Lenart
>              Labels: features
>             Fix For: 2.3.30
>
>   Original Estimate: 168h
>  Remaining Estimate: 168h
>
> Hi Team,
> http://struts.apache.org/docs/s2-029.html
> please suggest the replacement code for %{..} for the latest version of the struts 2.3.28
> Thanks
> Sambasiva Rao



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message