struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lukasz Lenart <lukaszlen...@apache.org>
Subject Re: Localised text tag
Date Wed, 08 May 2013 05:51:17 GMT
Hi,

Yeah, it looks like a double evaluation which is a bug probably


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/


2013/5/8 Dale Newfield <dale@newfield.org>:
> It seems like an evaluation of a value, which could be bad, in fact a large security
hole.  What if that value were "System.exit()"? (I forget my ognl...I think you need fully
qualified path and a hash or at or something to call static methods, but you get the point.)
>
> -Dale
>
>
> On May 7, 2013, at 11:10 PM, Zoran Avtarovski <zoran@sparecreative.com> wrote:
>
>> I have a small issue that I'm trying to resolve and I was hoping the someone
>> might have come across it earlier.
>>
>> I'll try to explain as best I can:
>> I have a number of objects on the value stack:
>> 1. pojo  - a java object with a string attribute called key which links to a
>> DB based localised text value
>> 2. movement ­ another java object with a string attribute called strength
>> To display the localised text associated with the pojo key I use the
>> following tag
>>
>> <s:text name="%{pojo.key}" />
>>
>> The problem is that if the key value clashes with another item on the value
>> stack I don't get the string value.
>> For example if the key value on pojo is "movement.strength" and the strength
>> value for movement is "weak" I don't get the expected results. Instead of
>> getting the localised text with key "movement.strength" I get the localised
>> text with key "weak". I tried setting the searchValueStack property to false
>> but it made no change.
>>
>> I'd appreciate any help.
>>
>> Z.
>>
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message