You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@struts.apache.org by bu...@apache.org on 2002/11/23 16:44:54 UTC
DO NOT REPLY [Bug 14800] New: -
Fix initialization bug and add size parameter to form-property
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=14800>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=14800
Fix initialization bug and add size parameter to form-property
Summary: Fix initialization bug and add size parameter to form-
property
Product: Struts
Version: Nightly Build
Platform: Other
OS/Version: Other
Status: NEW
Severity: Critical
Priority: Other
Component: Standard Actions
AssignedTo: struts-dev@jakarta.apache.org
ReportedBy: turner@blackbear.com
The logic for getting an initial value for a form-property was flawed, in this
sense: If the initial value was a array, the initial() call would clone the
array but not the values in the array, meaning that all copies of the form
that used this property would share the same objects. This is a MAJOR
security hole, as it means that people can end up seeing other people's credit
card numbers, etc.
I've changed it to always compute the initial value again, rather than trying
to cache it. I've also removed the now-unused "initialized" property.
This patch also adds a form-property parameter called size. If it is
specified, the type must specify an array. It causes the property value to be
initialized to an array of the appropriate size, with newly instantiated
copies of the appropriate object type.
The addition of "size" has been "Official Approved by Craig", for what that's
worth, in that we talked about it at ApacheCon and he agreed it should be
added.
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>