You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@struts.apache.org by bu...@apache.org on 2006/01/25 03:36:43 UTC
DO NOT REPLY [Bug 38374] New: - Automatic Validation always bypassed with CANCEL_PROPERTY
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38374>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38374
Summary: Automatic Validation always bypassed with
CANCEL_PROPERTY
Product: Struts
Version: 1.2.8
Platform: Other
OS/Version: other
Status: NEW
Severity: major
Priority: P2
Component: Action
AssignedTo: dev@struts.apache.org
ReportedBy: paul4christ79@yahoo.com
* Issue: addition of a 'org.apache.struts.taglib.html.Constants.CANCEL'
parameter to any request will cause validation to be skipped, but the rest of
the request processing / action invocation cycle to proceed normally
* Consequence: any action which proceeds assuming that validation has completed
successfully and which doesn't explicitly check isCanceled() is proceeding on a
broken assumption.
The discussion of this issue began in the struts-user list:
http://mail-archives.apache.org/mod_mbox/struts-user/200601.mbox/%3c20060121221800.15814.qmail@web32607.mail.mud.yahoo.com%3e
The thread continued in struts-dev list:
http://mail-archives.apache.org/mod_mbox/struts-dev/200601.mbox/%3cdr169r$623$2@sea.gmane.org%3e
Most people have agreed that this is a security-related issue.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
DO NOT REPLY [Bug 38374] - Validation always skipped with Globals.CANCEL_KEY
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38374>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38374
------- Additional Comments From paul4christ79@yahoo.com 2006-02-07 03:15 -------
For the sake of aggregating ideas, I am including a link to the
CancellableFormController class in the Spring Framework. While we did not go
ahead with the idea that the action should implement an specific interface to be
cancellable, if we ever switch our minds, this is a reference:
http://cvs.sourceforge.net/viewcvs.py/springframework/spring/src/org/springframework/web/servlet/mvc/CancellableFormController.java?rev=1.5&view=auto
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
DO NOT REPLY [Bug 38374] - Validation always skipped with Globals.CANCEL_KEY
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38374>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38374
------- Additional Comments From husted@apache.org 2006-01-30 13:57 -------
Just some notes about what else we would have to do
* Patch the taglib-exercises application to demonstrate that the code works,
* Patch the documentation to announce the feature,
* Create and patch the release notes for 1.2.9 (if someone is stepping up to do
a 1.2.9), and stress in the strongest possible terms that people using the
cancel tag will need to update their configurations.
* A companion patch for the current HEAD that also updates the DTD.
-Ted.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
DO NOT REPLY [Bug 38374] - Validation always skipped with Globals.CANCEL_KEY
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38374>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38374
------- Additional Comments From paul4christ79@yahoo.com 2006-02-16 05:04 -------
Ted writes: In Struts Action 1.3.0, the exception handling is done through a
"filter" that always fires (like a finally clause), so the patch is
not necessary.
As part of adding the new cancel handling, we added a new html-cancel
page to "Exercises" that tests and demonstrates the new behavior,
including use of a custom ExceptionHandler. All the other bundled
applications have been updated to set cancellable where needed, and I
confirmed that cancellable did need to be set first. So, not to worry,
the code is good to go!
Paul writes: I'll take your word for it, except I am forced to disagree by
looking at the code. Did you only test 1.3 with the ComposableRequestProcessor?
The original RequestProcessor still has this loophole that needs to be closed.
That's what this patch is for. I don't see any code for a "filter" in 1.3 RP
unless you mistakened this path for the CRP.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Re: DO NOT REPLY [Bug 38374] - Validation always skipped with Globals.CANCEL_KEY
Posted by Paul Benedict <pa...@yahoo.com>.
Ted, you can remove it. Thanks for the heads-up! I didn't know any rule like that existed -- I was just trying to do proper javadoc.... I blame Sun :)
---------------------------------
Brings words and photos together (easily) with
PhotoMail - it's free and works with Yahoo! Mail.
DO NOT REPLY [Bug 38374] - Validation always skipped with Globals.CANCEL_KEY
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38374>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38374
------- Additional Comments From husted@apache.org 2006-02-13 21:28 -------
Paul, I just noticed that the patch for 1.2.9 includes an @author tag. The
Apache Struts Project no longer uses @author tags. Please acknowledge that the
author tag can be removed. Otherwise, we will not be able to accept the patch.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
DO NOT REPLY [Bug 38374] - Validation always skipped with Globals.CANCEL_KEY
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38374>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38374
------- Additional Comments From niallp@apache.org 2006-02-22 06:21 -------
Thanks for the patch - applied to the current trunk (i.e. 1.3.x)
http://svn.apache.org/viewcvs?rev=379686&view=rev
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
DO NOT REPLY [Bug 38374] - Validation always skipped with Globals.CANCEL_KEY
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38374>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38374
------- Additional Comments From husted@apache.org 2006-02-22 14:58 -------
+1 to what Niall said.
In our own example applications, we sometimes use Cancel for navigation with
validate=false. I'm sure other applications do too.
-T.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
DO NOT REPLY [Bug 38374] - Validation always skipped with Globals.CANCEL_KEY
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38374>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38374
------- Additional Comments From paul4christ79@yahoo.com 2006-02-14 04:09 -------
I totally forgot myself that the original RequestProcessor still exists in 1.3
too. Good catch Niall. I'll work on it tonight. Can someone inform me if the RP
in 1.3 is the same code in 1.2 or do I need 2 patches?
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
DO NOT REPLY [Bug 38374] - Validation always skipped with Globals.CANCEL_KEY
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38374>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38374
------- Additional Comments From niallp@apache.org 2006-02-14 21:58 -------
Thanks for the patch, fixed in the 1.2.x branch:
http://svn.apache.org/viewcvs?rev=377805&view=rev
So that just leaves fixing the RequestProcessor in Struts 1.3.x
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
DO NOT REPLY [Bug 38374] - Validation always skipped with Globals.CANCEL_KEY
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38374>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38374
------- Additional Comments From husted@apache.org 2006-02-07 16:29 -------
I think we're coming down the home stretch on the checkstyle issues for 1.3.x.
Then, we can focus on fixing this for 1.3.x, as well as 1.2.x.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Re: DO NOT REPLY [Bug 38374] - Validation always skipped with Globals.CANCEL_KEY
Posted by Paul Benedict <pa...@yahoo.com>.
All, these are the updated patches for 1.2.x. I've tested them and, as far I see, they are good to go. I'll update the 1.3 original RequestProcessor Tuesday' night -- unless someone can do it during the work day (I can't).
---------------------------------
Brings words and photos together (easily) with
PhotoMail - it's free and works with Yahoo! Mail.
DO NOT REPLY [Bug 38374] - Validation always skipped with Globals.CANCEL_KEY
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38374>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38374
paul4christ79@yahoo.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #17524|0 |1
is obsolete| |
------- Additional Comments From paul4christ79@yahoo.com 2006-02-14 05:03 -------
Created an attachment (id=17684)
--> (http://issues.apache.org/bugzilla/attachment.cgi?id=17684&action=view)
InvalidCancelException.java
Updated JavaDoc to match Ted's comments. The docs will generally read the same
between 1.2 and 1.3.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
DO NOT REPLY [Bug 38374] - Validation always skipped with Globals.CANCEL_KEY
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38374>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38374
------- Additional Comments From jmikus@gmail.com 2006-04-06 07:39 -------
(In reply to comment #40)
> I started working on an adapter/Wrapper, since just removing the attribute
> doesn't work in Resin . I need to read up on the Servlet Spec concerning this.
I don't know why it would not work. Have you tried other containers? One thing:
if you have includes (e.g. Tiles), then every included fragment has its own
"local" request values. This, for example, allows to send parameters in
<jsp:param> to a block included with <jsp:include>. So, maybe you are removing
attribute in a request for included fragment. Try this (this particular piece of
code was sent as a patch for JSP Controls project by Danny Lee, but it might
work for you too):
HttpServletRequest tmpRequest = request;
if (request instanceof HttpServletRequestWrapper) {
while (tmpRequest instanceof HttpServletRequestWrapper) {
tmpRequest = (HttpServletRequest) ((HttpServletRequestWrapper)
tmpRequest).getRequest();
}
}
tmpRequest.removeAttribute(Globals.CANCEL_KEY);
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
DO NOT REPLY [Bug 38374] - Validation always skipped with Globals.CANCEL_KEY
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38374>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38374
------- Additional Comments From rleland@apache.org 2006-04-07 20:11 -------
Thanks for the suggestion.
Unfortunately, we are using Resin 2.X and
looking at their source code they don't use
the standard Wrappers.
I do believe that to solve this problem in a Standard container we
would have to dig down into the wrapped response to clear the original
value.
How about we leave this ticket open for a few weeks and if there are
no others that are hitting this problem, then close it since 1.2.X
is in maintence mode.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
DO NOT REPLY [Bug 38374] - Automatic Validation always bypassed with CANCEL_PROPERTY
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38374>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38374
------- Additional Comments From paul4christ79@yahoo.com 2006-01-28 06:54 -------
Created an attachment (id=17524)
--> (http://issues.apache.org/bugzilla/attachment.cgi?id=17524&action=view)
UnsupportedCancellationException.java
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
DO NOT REPLY [Bug 38374] - Automatic Validation always bypassed with CANCEL_PROPERTY
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38374>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38374
paul4christ79@yahoo.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #17498|0 |1
is obsolete| |
------- Additional Comments From paul4christ79@yahoo.com 2006-01-28 06:53 -------
Created an attachment (id=17523)
--> (http://issues.apache.org/bugzilla/attachment.cgi?id=17523&action=view)
Patch for Struts 1.2.x branch
This patch further expands upon the discussion on the boards:
[1] The "validateCancelable" property of the action mapping is renamed to
"cancellable"; but I have left the method to be named getCancellable (not
isCancellable) since the only other boolean property is getValidate (not
isValidate).
[2] An UnsupportedCancellationException is thrown if the action mapping
receives the Globals.CANCEL_KEY but it is not cancellable. This is considered a
programmer error or a hack/spoof.
[3] The UnsupportedCancellationException can be declaratively handled in an
<exception> block. I strongly believe the programmer should be able to
configure behavior based on this error.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
DO NOT REPLY [Bug 38374] - Validation always skipped with Globals.CANCEL_KEY
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38374>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38374
------- Additional Comments From paul4christ79@yahoo.com 2006-02-14 00:20 -------
I acknowledge.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
DO NOT REPLY [Bug 38374] - Validation always skipped with Globals.CANCEL_KEY
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38374>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38374
------- Additional Comments From paul4christ79@yahoo.com 2006-02-14 03:59 -------
Ted, should I modify the 1.2 patch to match the java class names and
documentation that you have chosen?
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
DO NOT REPLY [Bug 38374] - Validation always skipped with Globals.CANCEL_KEY
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38374>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38374
------- Additional Comments From niallp@apache.org 2006-02-22 07:46 -------
(In reply to comment #32)
Can't remember if I expressed an opnion on this before or not (I may have
changed my stance). Anyway the issue at hand is only relvant to people who
have used validate="true". If validate is set to "false", but the CANCEL_KEY
has been submitted then it seems correct to me that the ActionForm.isCancelled
() method return true. Some people choose to handle validattion themselves in
their actions - if they have also used the Cancel logic then this should
continue to work and without the additional burden of having to change their
struts config to set the "cancellable" property, which has no benefit in these
circumstances.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
DO NOT REPLY [Bug 38374] - Validation always skipped with Globals.CANCEL_KEY
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38374>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38374
------- Additional Comments From paul4christ79@yahoo.com 2006-02-15 20:35 -------
I apologize but I don't understand your comment either, Ted. Developers should
still be able to configuire their actions to catch this exception declaratively
and do something with it. Am I missing out on something?
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
DO NOT REPLY [Bug 38374] - Validation always skipped with Globals.CANCEL_KEY
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38374>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38374
niallp@apache.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
------- Additional Comments From niallp@apache.org 2006-03-04 03:21 -------
AFAIK this is all done. Closing as FIXED.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
DO NOT REPLY [Bug 38374] - Automatic Validation always bypassed with CANCEL_PROPERTY
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38374>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38374
paul4christ79@yahoo.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #17497|0 |1
is obsolete| |
------- Additional Comments From paul4christ79@yahoo.com 2006-01-25 03:46 -------
Created an attachment (id=17498)
--> (http://issues.apache.org/bugzilla/attachment.cgi?id=17498&action=view)
Patch for Struts 1.2.x branch
Fix in ActionConfig.toString()
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
DO NOT REPLY [Bug 38374] - Validation always skipped with Globals.CANCEL_KEY
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38374>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38374
------- Additional Comments From husted@apache.org 2006-02-16 12:23 -------
> The original RequestProcessor is just as constrained in 1.3
> by the fact that the process() method only throws IOException
> and ServletException (unless we wanted to wrap the whole contents
> of process() in a try catch).
Yes, you're right. I tested everything with the new ComposableRequestProcessor,
but not with the legacy RequestProcessor. So the legacy RP has not been tested
against the applications at all. I'll update the legacy RP, reconfigure the
applications locally, and run through all the tests again. The RP is the very
core of the framework, and we should not just assume that it still works. I'm
beginning to see supporting the original RP as a problem, since a lot of the
testing is still manual, and now we have to do it all twice -- everytime we
release any of the subprojects! If the new CRP seems to work well in 1.3.0, we
should probably deprecate the legacy RP in 1.3.1, so that it could be removed in
a 1.4 release. I'll also update the checklist to include testing applications
using both versions.
-Ted.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
DO NOT REPLY [Bug 38374] - Validation always skipped with Globals.CANCEL_KEY
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38374>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38374
------- Additional Comments From niallp@apache.org 2006-02-22 07:21 -------
OK slight problem - there was a difference in behaviour between
RequestProcessor (1.2.x and 1.3.x) and ComposableRequestProcessor:
The ComposableRequestProcessor command (AbstractValidateActionForm) only checks
the "cancellable" property if validate is "true".
The RequestProcessor (both 1.2.x and 1.3.x) was checking the "cancellable"
property first, before the validate property (so when validate is either "true"
or "false").
I've updated the RequestProcessor in both the current trunk and 1.2.x branch to
conform to the way the ComposableRequestProcessor is working.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
DO NOT REPLY [Bug 38374] - Validation always skipped with Globals.CANCEL_KEY
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38374>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38374
------- Additional Comments From niallp@apache.org 2006-02-15 20:23 -------
(In reply to comment #21)
> (From update of attachment 17699 [edit])
> Exception handling is not a special case in 1.3.x.
Paul's patch looks good to me. The original RequestProcessor is just as
constrained in 1.3 by the fact that the process() method only throws
IOException and ServletException (unless we wanted to wrap the whole contents
of process() in a try catch).
To be honest I didn't really understand the comment - could you elaborate?
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
DO NOT REPLY [Bug 38374] - Validation always skipped with Globals.CANCEL_KEY
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38374>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38374
husted@apache.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #17699|0 |1
is obsolete| |
------- Additional Comments From husted@apache.org 2006-02-15 20:07 -------
(From update of attachment 17699)
Exception handling is not a special case in 1.3.x.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
DO NOT REPLY [Bug 38374] - Validation always skipped with Globals.CANCEL_KEY
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38374>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38374
------- Additional Comments From husted@apache.org 2006-02-16 14:37 -------
> I'll update the legacy RP
Actually, I'd rather not update the legacy RP to support InvalidCancelException.
If people want access to features new to 1.3, they can use the new RP. I tested
the applications against the legacy RP, and the new behavior degrades
gracefully, which seems sufficient for the 1.3.0 distribution.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
DO NOT REPLY [Bug 38374] - Validation always skipped with Globals.CANCEL_KEY
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38374>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38374
------- Additional Comments From paul4christ79@yahoo.com 2006-02-16 14:57 -------
May I suggest putting a feature in 1.2.9 and then having it gone in 1.3.0 would
not be considered graceful, but a surprise?
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
DO NOT REPLY [Bug 38374] - Validation always skipped with Globals.CANCEL_KEY
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38374>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38374
------- Additional Comments From husted@apache.org 2006-02-14 02:29 -------
Resolved as to 1.3.0 in r377562.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
DO NOT REPLY [Bug 38374] - Validation always skipped with Globals.CANCEL_KEY
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38374>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38374
------- Additional Comments From paul4christ79@yahoo.com 2006-02-22 06:27 -------
I pasted in the wrong quotation. My apologies. Here is the correct one:
"Note that the Opt-In Cancel Handler is available for the Composable Request
Processor only. If you configure your application to use the legacy Request
Processor instead, the Struts 1.2 behavior is observed."
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
DO NOT REPLY [Bug 38374] - Validation always skipped with Globals.CANCEL_KEY
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38374>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38374
paul4christ79@yahoo.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |husted@apache.org
------- Additional Comments From paul4christ79@yahoo.com 2006-01-30 23:58 -------
Nw that UnsupportedCancellationException can be thrown from the Controller, this
also implies the requirement that Struts developers should configure their
application to handle it. Right now it will just bubble to the top if an
<excepion> block does not handle it. Is that okay?
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
DO NOT REPLY [Bug 38374] - Validation always skipped with Globals.CANCEL_KEY
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38374>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38374
------- Additional Comments From paul4christ79@yahoo.com 2006-04-06 05:57 -------
Rob, you have an interesting point, but requests are cancellable, not forwards.
If you no longer want the request to be cancelled, use a redirect per comment
#38 to start a new request. Unless you can make a valid case that forwards are
cancellable, I'd say the behavior, while problematic for your situation, is
semantically correct.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
DO NOT REPLY [Bug 38374] - Automatic Validation always bypassed with CANCEL_PROPERTY
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38374>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38374
------- Additional Comments From paul4christ79@yahoo.com 2006-01-25 03:39 -------
Created an attachment (id=17497)
--> (http://issues.apache.org/bugzilla/attachment.cgi?id=17497&action=view)
Patch for Struts 1.2.x branch
The RequestProcessor will no longer allow the
org.apache.struts.taglib.html.Constants.CANCEL_PROPERTY request parameter to
cancel the action as the default. To enable this feature, add this in the
intended action mapping:
<set-property property="validateCancelable" value="true"/>
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
DO NOT REPLY [Bug 38374] - Validation always skipped with Globals.CANCEL_KEY
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38374>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38374
------- Additional Comments From niallp@apache.org 2006-02-14 04:04 -------
(In reply to comment #13)
> Ted, should I modify the 1.2 patch to match the java class names and
> documentation that you have chosen?
That would be great, I've just thought we also need to fix the
RequestProcessor in Struts 1.3. The ComposableRequestProcessor has been fixed,
but people can still configure struts to use the original version and thats
still vulnerable.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
DO NOT REPLY [Bug 38374] - Validation always skipped with Globals.CANCEL_KEY
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38374>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38374
paul4christ79@yahoo.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|Automatic Validation always |Validation always skipped
|bypassed with |with Globals.CANCEL_KEY
|CANCEL_PROPERTY |
------- Additional Comments From paul4christ79@yahoo.com 2006-01-28 06:58 -------
Renamed summary.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
DO NOT REPLY [Bug 38374] - Validation always skipped with Globals.CANCEL_KEY
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38374>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38374
------- Additional Comments From jmikus@gmail.com 2006-04-06 07:23 -------
(In reply to comment #40)
> I would but we are stashing an error message in the request in response to the
> cancel. We could use the Session for messages but then we would need to clean
> them up.
Starting from Struts 1.2.something (code is marked as 1.2, but for some reason I
remember number 1.2.6) automatically removes messages from session scope after
they are shown.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
DO NOT REPLY [Bug 38374] - Validation always skipped with Globals.CANCEL_KEY
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38374>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38374
------- Additional Comments From paul4christ79@yahoo.com 2006-02-22 06:25 -------
Niall, if 1.2.9 is really coming out (I hope it does), the site needs to be
updated in tandem. It reads:
"In Struts 1.2 and prior, any time the magic token generated by the Cancel tag
is found in the request, validation for the ActionForm is skipped. Accordingly,
in Struts 1.2 and prior, any Action that relies on validation should always
observe the isCancelled method."
http://struts.apache.org/struts-action/userGuide/release-notes.html
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
DO NOT REPLY [Bug 38374] - Validation always skipped with Globals.CANCEL_KEY
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38374>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38374
paul4christ79@yahoo.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #17523|0 |1
is obsolete| |
------- Additional Comments From paul4christ79@yahoo.com 2006-02-14 05:01 -------
Created an attachment (id=17683)
--> (http://issues.apache.org/bugzilla/attachment.cgi?id=17683&action=view)
Patch for Struts 1.2.x branch
Updated JavaDoc to match Ted's comments. The docs will generally read the same
between 1.2 and 1.3.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
DO NOT REPLY [Bug 38374] - Validation always skipped with Globals.CANCEL_KEY
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38374>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38374
------- Additional Comments From wsmoak@apache.org 2006-03-03 06:09 -------
Can this be closed or is there still work to be done?
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
DO NOT REPLY [Bug 38374] - Validation always skipped with Globals.CANCEL_KEY
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38374>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38374
------- Additional Comments From niallp@apache.org 2006-02-14 04:25 -------
Virtually everything has changed because of the jalopy reformatting, so its
unlikely we would be able to use the svn merge. Other than that I suspect the
actual logic is the same - so its probably just a cut and paste job to create
another patch.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
DO NOT REPLY [Bug 38374] - Validation always skipped with Globals.CANCEL_KEY
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38374>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38374
rleland@apache.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|FIXED |
------- Additional Comments From rleland@apache.org 2006-04-05 20:55 -------
Our class SaveAction performs a forward to a EditAction when isCancelled() is
true.
Because the CANCEL_KEY is still in the request
an InvalidCancelException() is thrown before we get to the new EditAction.
It's ugly for EditAction to know who could possibly forward to it,
So placing a
<set-property property="cancellable" value="true"/>
In all the EditActions mappings seems a little confusing and non-intuative,
There needs to be a clean way to cleanup this attribute, and I beleive
it should be the SaveAction() in this case.
One possible changes would be to provide a method similar to isValidToken()
that explicitly clears the CANCEL_KEY attribute
protected boolean isCancelled(HttpServletRequest request, boolean remove) {
boolean cancelled = isCancelled(request);
if (cancelled && remove) {
request.removeAttribute(Globals.CANCEL_KEY);
}
return (cancelled);
}
Another method that is a little more involved would be to add an attribute
in the controller declaration that says to clean up the CANCEL_KEY before
performing a forward.
-Rob
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
DO NOT REPLY [Bug 38374] - Validation always skipped with Globals.CANCEL_KEY
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38374>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38374
------- Additional Comments From paul4christ79@yahoo.com 2006-02-22 07:26 -------
Niall, if I remember correctly, I think I wrote it that way for a reason. The
reason is that if validate=false and the CANCEL_KEY is present, the
ActionForm.isCancelled() method will be returning true. That's invalid logic, in
my opinion.
I understand the reasoning why Ted and you flipped the logic, but now you have
let through this condition which doesn't make any sense.
You could fix this, however, by removing the CANCEL_KEY if validate is false.
What do you think?
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
DO NOT REPLY [Bug 38374] - Validation always skipped with Globals.CANCEL_KEY
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38374>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38374
------- Additional Comments From jmikus@gmail.com 2006-04-05 21:32 -------
(In reply to comment #37)
> Our class SaveAction performs a forward to a EditAction...
I use similar pattern, but I employ redirect, not forward. With new request
everything comes sparkling clean. But this is a religious topic and one has to
use session to save data between requests, or append it as a payload to
redirected URL.
Another religious topic is action chaining smell, but contrary to many, I am not
against it.
> ...when isCancelled() is true.
> Because the CANCEL_KEY is still in the request
> an InvalidCancelException() is thrown before we get to the new EditAction.
> It's ugly for EditAction to know who could possibly forward to it,
> So placing a
> <set-property property="cancellable" value="true"/>
> In all the EditActions mappings seems a little confusing and non-intuative,
I never liked "cancellable" property at the first place because it is intrusive
(I guess I should have voiced my position on this.) Who said that Hollywood
principle is a good thing? If I want to know something I'll ask. If I need
something to be done, I will send a message to the appropriate object (fancy
old-fashioned way to say that I will call a damn method). Hollywood principle
sucks, and this particular incident stresses this out one more time.
> There needs to be a clean way to cleanup this attribute, and I beleive
> it should be the SaveAction() in this case.
>
> One possible changes would be to provide a method similar to isValidToken()
> that explicitly clears the CANCEL_KEY attribute
> protected boolean isCancelled(HttpServletRequest request, boolean remove) {
> boolean cancelled = isCancelled(request);
> if (cancelled && remove) {
> request.removeAttribute(Globals.CANCEL_KEY);
> }
> return (cancelled);
> }
It is a bad practice to have side effects in getters, it is even worse to have
getters that are non-idempotent.
> Another method that is a little more involved would be to add an attribute
> in the controller declaration that says to clean up the CANCEL_KEY before
> performing a forward.
This is better but still a hassle. I don't see how simple
request.removeAttribute(Globals.CANCEL_KEY);
is worse than having another attribute in config file (and another update to
DTD). Struts 1.x is deeply penetrated with references to request/response
objects, so let's not pretend that it is a Servlet API virgin.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
DO NOT REPLY [Bug 38374] - Validation always skipped with Globals.CANCEL_KEY
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38374>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38374
------- Additional Comments From paul4christ79@yahoo.com 2006-02-15 02:17 -------
Created an attachment (id=17699)
--> (http://issues.apache.org/bugzilla/attachment.cgi?id=17699&action=view)
Patch for Struts 1.3.x branch
The patch is for the original RequestProcessor of Struts 1.3.x. I have not
tested it but it is nothing more than a copy+paste of the 1.2.x code in the
appropriate places.
PS: The order of imports you chose for Jalopy is interesting. You're the first
guys who I've ever seen which puts the org.apache.* imports about the java.*
imports. It doesn't matter, but I am just pointing it out. :)
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
DO NOT REPLY [Bug 38374] - Validation always skipped with Globals.CANCEL_KEY
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38374>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38374
------- Additional Comments From rleland@apache.org 2006-04-06 06:41 -------
I would but we are stashing an error message in the request in response to the
cancel. We could use the Session for messages but then we would need to clean
them up. Using the validate = false, would also work in all but one of our use
cases.
I started working on an adapter/Wrapper, since just removing the attribute
doesn't work in Resin . I need to read up on the Servlet Spec concerning this.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org