struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yasser Zamani (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (WW-4966) com.opensymphony.xwork2.ognl.OgnlValueStack findValue doesn't work
Date Thu, 04 Oct 2018 08:22:00 GMT

    [ https://issues.apache.org/jira/browse/WW-4966?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16637927#comment-16637927
] 

Yasser Zamani commented on WW-4966:
-----------------------------------

[~sancho0410], additionally, I think [~lukaszlenart] is right. You can simply use {{s:property}}
and it does it for you itself. For dynamic expression I somehow remember you can use ognl
double evaluation like 
{code:xml}
<s:property value="%{%{myExpression}}" />
{code}
But please consider like your current situation, it's risky and {{myExpression}} must be cleaned
if is dependent to end user input.

> com.opensymphony.xwork2.ognl.OgnlValueStack findValue doesn't work
> ------------------------------------------------------------------
>
>                 Key: WW-4966
>                 URL: https://issues.apache.org/jira/browse/WW-4966
>             Project: Struts 2
>          Issue Type: Bug
>    Affects Versions: 2.3.35
>            Reporter: Guillaume SANCHEZ
>            Priority: Major
>
> Hi,
> since 2.3.35 Struts2 version the "com.opensymphony.xwork2.ognl." is exclude.
> In template some people use OgnlValueStack function like .findValue(String).
> Have U some fix for use this function in .ftl and .jsp ? This class have security breach
?
>  
> Thanks U



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message