struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lukasz Lenart (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (WW-4765) Remove all TextParseUtil.translateVariables(message, valueStack) from LocalizedTextUtil
Date Wed, 22 Mar 2017 05:18:42 GMT

    [ https://issues.apache.org/jira/browse/WW-4765?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15935774#comment-15935774
] 

Lukasz Lenart commented on WW-4765:
-----------------------------------

[~quaff] that was a developer's fault :( And to avoid such problems in the future I'm changing
APIs around text translations (i.e. {{TextProvider}}, {{LocalizedTextUtils}}, etc)

> Remove all TextParseUtil.translateVariables(message, valueStack) from LocalizedTextUtil
> ---------------------------------------------------------------------------------------
>
>                 Key: WW-4765
>                 URL: https://issues.apache.org/jira/browse/WW-4765
>             Project: Struts 2
>          Issue Type: Improvement
>          Components: Core
>            Reporter: zhouyanming
>            Priority: Critical
>
> Some messages are origin from client which could be malicious, We must close this door.
recent S2-045 S2-046 was sufferer.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message