You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@struts.apache.org by "Takeshi Nakashima (JIRA)" <ji...@apache.org> on 2016/03/24 08:07:25 UTC
[jira] [Commented] (WW-4616) Unable to receive GET parameters with
field name 'cId'
[ https://issues.apache.org/jira/browse/WW-4616?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15209894#comment-15209894 ]
Takeshi Nakashima commented on WW-4616:
---------------------------------------
Lukasz
Thank you very much for the information.
And I'm sorry for taking your time. Now I have found some similar questions on the Internet.
But I still have a question.
Are you sure if the reversion from ognl-3.0.13.jar to the old ognl-3.0.6.jar does not affect the security fix for CVE-2016-0785 ?
I guess only struts2-core-2.3.28.jar and xwork-core-2.3.28.jar are reqiured fix CVE-2016-0785 but I'm not 100% sure about it.
> Unable to receive GET parameters with field name 'cId'
> ------------------------------------------------------
>
> Key: WW-4616
> URL: https://issues.apache.org/jira/browse/WW-4616
> Project: Struts 2
> Issue Type: Bug
> Components: Core Actions
> Affects Versions: 2.3.28
> Environment: CentOS6/Windows7, Oracle Java 1.8.0_74, Tomcat6
> Reporter: Takeshi Nakashima
>
> After I upgraded Struts from 2.3.24.1 to 2.3.28, some action classes got unable to receive some GET parameters.
> The action classes have fields and setter methods like below.
> private int cId;
> public void setCId(int cId) {
> this.cId = cId;
> }
> private int blockId;
> public void setBlockId(int blockId) {
> this.blockId = blockId;
> }
> http://localhost:8080/app/XXX.action?cId=9&blockId=145
> When I send an HTTP request from a link like above, the action class only receive only 'blockId' value.
> cId=0
> num=145
> But if I change the field name 'cId' to 'cid' and the method name 'setCId' to 'setCid', the GET value 9 will be passed to 'cid'.
> cid=9
> num=145
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)