You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Michelle Weeks <mi...@JETISRE.COM> on 2010/09/22 17:20:06 UTC
Struts 2.2.1 Problem
I have just started using Struts 2.2.1, and I have found a bug ... I
have several Hash Maps with a String for the key value. These key
values sometimes contain special characters, including '-, /, \, _' any
Map with a key value containing one of these characters seems to
silently fail to call the set method. Any ideas on a fix??
Re: Struts 2.2.1 Problem
Posted by Lukasz Lenart <lu...@googlemail.com>.
Maybe it's related to that
http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html
I've added some more restrictive rules regarding request's parameters
names. Lot of special characters are disallowed, take a look on line
138
http://svn.apache.org/viewvc/struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java?view=markup
You can always declare yours own by declaring acceptParamNames for
that interceptor.
Regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/
Kapituła Javarsovia 2010 http://javarsovia.pl
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: Struts 2.2.1 Problem
Posted by Dale Newfield <da...@newfield.org>.
On 9/22/10 1:58 PM, Michelle Weeks wrote:
> <input type="text" name="pagesMap['name/name'].key" value="keyValue" />
And is that form submitted with GET or POST?
Are any characters encoded in that submission?
Are you certain that the pagesMap map isn't having .put("name%2fname",
"keyValue") called on it?
-Dale
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
RE: Struts 2.2.1 Problem
Posted by Michelle Weeks <mi...@JETISRE.COM>.
Sorry ... I forgot a big piece, we were running with Struts 2.1.8.1 and
then upgraded to 2.2.1 because of the security fix. All HashMaps were
working correctly before the upgrade.
Loading the HashMaps, with JavaScript, into the DOM like this ...
<input type="text" name="pagesMap['name/name'].key" value="keyValue" />
The actions contain getters and setters for the HashMaps ...
public Map<String, Object> getPagesMap()
{
return this.pagesMap;
}
public void setPagesMap(Map<String, Object> pagesmap)
{
this.pagesMap = pagesmap;
}
And I have the conversion properties in the resources directory.
-----Original Message-----
From: Dave Newton [mailto:davelnewton@gmail.com]
Sent: Wednesday, September 22, 2010 11:10 AM
To: Struts Users Mailing List
Subject: Re: Struts 2.2.1 Problem
On Wed, Sep 22, 2010 at 11:56 AM, Michelle Weeks
<michelle.weeks@jetisre.com
> wrote:
> I guess I'm not sure what exactly you are asking ...
>
When the error happens: the original message just said you had a map
that
set wasn't called on when you had key values containing certain
characters--on its own, it's not really enough to help.
> One of the Hash Maps that is not setting simply has a String key and a
> String value. If I find a key that does not contain a special
> character, the data saves. If one key has a special character the
whole
> Map is not set into the action.
>
Do you mean on the JSP side? Can you show the code that's causing the
problem? It would make it much easier to help.
Dave
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: Struts 2.2.1 Problem
Posted by Dave Newton <da...@gmail.com>.
On Wed, Sep 22, 2010 at 11:56 AM, Michelle Weeks <michelle.weeks@jetisre.com
> wrote:
> I guess I'm not sure what exactly you are asking ...
>
When the error happens: the original message just said you had a map that
set wasn't called on when you had key values containing certain
characters--on its own, it's not really enough to help.
> One of the Hash Maps that is not setting simply has a String key and a
> String value. If I find a key that does not contain a special
> character, the data saves. If one key has a special character the whole
> Map is not set into the action.
>
Do you mean on the JSP side? Can you show the code that's causing the
problem? It would make it much easier to help.
Dave
Re: Struts 2.2.1 Problem
Posted by Dale Newfield <da...@newfield.org>.
On 9/22/10 11:56 AM, Michelle Weeks wrote:
> If one key has a special character the whole Map is not set into the action.
I'm guessing it's an encoding issue. Are these strings encoded in the
resulting html? If the parameters are part of the URL (GET request)
then they'll probably wind up encoded by the browser before they get
sent back, anyway. Trace it through the path outbound from the jsp to
the browser back to the server through the params interceptor and see
where the values are getting encoded and decoded.
-Dale
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
RE: Struts 2.2.1 Problem
Posted by Michelle Weeks <mi...@JETISRE.COM>.
I guess I'm not sure what exactly you are asking ...
My project uses the core Struts components as well as the Struts portlet
components. All of the portlets we are having the issue in are pretty
basic, using just the portletDefaultStack and basicStack interceptors.
One of the Hash Maps that is not setting simply has a String key and a
String value. If I find a key that does not contain a special
character, the data saves. If one key has a special character the whole
Map is not set into the action.
-----Original Message-----
From: Dave Newton [mailto:davelnewton@gmail.com]
Sent: Wednesday, September 22, 2010 10:21 AM
To: Struts Users Mailing List
Subject: Re: Struts 2.2.1 Problem
Under what circumstances?
On Wed, Sep 22, 2010 at 11:20 AM, Michelle Weeks
<michelle.weeks@jetisre.com
> wrote:
> I have just started using Struts 2.2.1, and I have found a bug ... I
> have several Hash Maps with a String for the key value. These key
> values sometimes contain special characters, including '-, /, \, _'
any
> Map with a key value containing one of these characters seems to
> silently fail to call the set method. Any ideas on a fix??
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: Struts 2.2.1 Problem
Posted by Dave Newton <da...@gmail.com>.
Under what circumstances?
On Wed, Sep 22, 2010 at 11:20 AM, Michelle Weeks <michelle.weeks@jetisre.com
> wrote:
> I have just started using Struts 2.2.1, and I have found a bug ... I
> have several Hash Maps with a String for the key value. These key
> values sometimes contain special characters, including '-, /, \, _' any
> Map with a key value containing one of these characters seems to
> silently fail to call the set method. Any ideas on a fix??
>