struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Zoran Avtarovski <zo...@sparecreative.com>
Subject Re: Localised text tag
Date Wed, 08 May 2013 08:15:13 GMT
I'm using struts v2.3.8 and OGNL v3.0.6.

Is there a property or setting for OGNL to prevent double evaluations? Or
is there a fix in GitHub?

Z.


On 8/05/13 3:51 PM, "Lukasz Lenart" <lukaszlenart@apache.org> wrote:

>Hi,
>
>Yeah, it looks like a double evaluation which is a bug probably
>
>
>Regards
>-- 
>Łukasz
>+ 48 606 323 122 http://www.lenart.org.pl/
>
>
>2013/5/8 Dale Newfield <dale@newfield.org>:
>> It seems like an evaluation of a value, which could be bad, in fact a
>>large security hole.  What if that value were "System.exit()"? (I forget
>>my ognl...I think you need fully qualified path and a hash or at or
>>something to call static methods, but you get the point.)
>>
>> -Dale
>>
>>
>> On May 7, 2013, at 11:10 PM, Zoran Avtarovski <zoran@sparecreative.com>
>>wrote:
>>
>>> I have a small issue that I'm trying to resolve and I was hoping the
>>>someone
>>> might have come across it earlier.
>>>
>>> I'll try to explain as best I can:
>>> I have a number of objects on the value stack:
>>> 1. pojo  - a java object with a string attribute called key which
>>>links to a
>>> DB based localised text value
>>> 2. movement ­ another java object with a string attribute called
>>>strength
>>> To display the localised text associated with the pojo key I use the
>>> following tag
>>>
>>> <s:text name="%{pojo.key}" />
>>>
>>> The problem is that if the key value clashes with another item on the
>>>value
>>> stack I don't get the string value.
>>> For example if the key value on pojo is "movement.strength" and the
>>>strength
>>> value for movement is "weak" I don't get the expected results. Instead
>>>of
>>> getting the localised text with key "movement.strength" I get the
>>>localised
>>> text with key "weak". I tried setting the searchValueStack property to
>>>false
>>> but it made no change.
>>>
>>> I'd appreciate any help.
>>>
>>> Z.
>>>
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>> For additional commands, e-mail: user-help@struts.apache.org
>>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>For additional commands, e-mail: user-help@struts.apache.org
>



---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message