struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dave Newton (JIRA)" <>
Subject [jira] Commented: (WW-3129) struts.enable.DynamicMethodInvocation=false still allows to call methods dynamically
Date Sat, 16 May 2009 00:11:42 GMT


Dave Newton commented on WW-3129:

Yeah; that's how the submit button can specify the action to run.

Hmm. Technically it should probably be disallowed (IIRC this is in XW) but it's counter-intuitive
that it'll break the submit button functionality.

> struts.enable.DynamicMethodInvocation=false still allows to call methods dynamically
> ------------------------------------------------------------------------------------
>                 Key: WW-3129
>                 URL:
>             Project: Struts 2
>          Issue Type: Bug
>    Affects Versions: 2.1.6
>            Reporter: fako
> In Struts2 documentation:
> struts.enable.DynamicMethodInvocation:
> ### Set this to false if you wish to disable implicit dynamic method invocation
> ### via the URL request. This includes URLs like foo!bar.action, as well as params
> ### like method:bar (but not action:foo). 
> If i set to false, i still can invoke methods dynamically with method: prefix
> http://localhost:8080/struts/Calculator?method:toString
> Result: No result defined for action testapp.struts.action.CalculatorAction and result
> Invoking http://localhost:8080/struts/Calculator!toString.action works as intended:
> Result: There is no Action mapped for namespace / and action name Calculator!toString

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message