You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@struts.apache.org by "Lukasz Lenart (JIRA)" <ji...@apache.org> on 2013/08/06 08:26:49 UTC

[jira] [Resolved] (WW-4171) getText methods are not documented as evaluating OGNL

     [ https://issues.apache.org/jira/browse/WW-4171?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Lukasz Lenart resolved WW-4171.
-------------------------------

    Resolution: Fixed
      Assignee: Lukasz Lenart
    
> getText methods are not documented as evaluating OGNL
> -----------------------------------------------------
>
>                 Key: WW-4171
>                 URL: https://issues.apache.org/jira/browse/WW-4171
>             Project: Struts 2
>          Issue Type: Improvement
>          Components: Documentation
>    Affects Versions: 2.3.15.1
>            Reporter: Coverity Security Research Laboratory
>            Assignee: Lukasz Lenart
>            Priority: Minor
>              Labels: security
>             Fix For: 2.3.16
>
>
> The methods below evaluate OGNL as their first parameter. However they are not documented as evaluating OGNL. We have observed this occurring in one project and are contacting the affected vendors.
> com.opensymphony.xwork2.TextProviderSupport.getText(String, String[])
> com.opensymphony.xwork2.TextProviderSupport.getText(String, List<?>)
> com.opensymphony.xwork2.TextProviderSupport.getText(String)
> These methods are then used by ActionSupport (via its getText methods). None of these methods are documented as evaluating OGNL either.
> This issue is recommending that all of these methods are documented as evaluating OGNL since this may come as a surprise to some developers.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira