You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@struts.apache.org by "Anonymous (JIRA)" <ji...@apache.org> on 2007/08/05 18:45:38 UTC
[jira] Updated: (WW-410) ActionTag is dangerous
[ https://issues.apache.org/struts/browse/WW-410?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Status: Resolved (was: Closed)
> ActionTag is dangerous
> ----------------------
>
> Key: WW-410
> URL: https://issues.apache.org/struts/browse/WW-410
> Project: Struts 2
> Issue Type: Improvement
> Components: Views
> Affects Versions: WW 2.0-beta2
> Reporter: Richard HALLIER
> Assignee: Patrick Lightbody
> Fix For: WW 2.0
>
>
> I'm a lazy boy, so I paste my email.
> Just an additional remark, what would be the the default behavior : including or not the current context ?. I'd expect to have not the current context, it's a safer behavior.
> Richard HALLIER.
> --------------------------------------------------------------------
> I've created a component that renders a configurable tabs bar.
> >#bodytag(Action "name='tabs'" "id=tabs")
> > #param("tabsId" "$tabsId")
> > #param("activeTab" "$activeTab")
> >#end
> >
> >#bodytag(Push "value=#tabs")
> ><div class="tabs" align="left">
> > <table cellpadding="3" cellspacing="0" border="0">
> > <tr>
> > #foreach($tabItem in $tabs)
> > #if($tabItem.selected)
> > <th title="$!tabItem.title">$tabItem.label</th>
> > #else
> > <td title="$!tabItem.title"><a
> href="#bodytag(URL
> "value='$tabItem.url'") #if($tabItem.paramName)
> #param>>("$tabItem.paramName" "$paramValue") #end #end
> ">$tabItem.label</td>
> > #end
> > #end
> > </tr>
> > </table>
> ></div>
> >#end
> I call it from a velicity view
> > #bodytag(Component "template=tabs.vm")
> > #param( "tabsId" "issue")
> > #param( "activeTab" "owner")
> > #param( "paramValue" "id" true)
> > #end
> > #bodytag(Form ...)
> > #tag(Hidden "name='id'" "value=id")
> > ...
> > #end
> Everything is ok. Except one thing. I put this component at the top of a
> form and here is the chronology that leads to the problem :
> 1/ I'm creating a new entity (hidden field id=null) by fulfilling my
> form
> 2/ I submit it
> 3/ ParametersInterceptor populates my action, actually my model class.
> 4/ After validating everything, I store the model class in the db and
> chains
> to the velocity view that shows again the fulfilled form with a message
> "creation successful"
> 5/ In this page, the hidden field id is still null !! Whereas after
> leaving
> the action, everything was ok and the id was generated and stored in the
> db.
> Why?
> Because of the tabs action that is called just before populating the
> form
> and that implicitly calls the ParametersInterceptor (its necessary
> because
> fields from tabs action (tabsId, activeTab) must be populated this way).
> Instead of using a list of two parameters (those from the declared
> #param
> within of the component ->tabsId and activeTab ) to populate the tabs
> action, the ParametersInterceptor uses moreover the input parameters
> from
> the form -> id, name, ...), so the field id of my model class is reset
> to
> null !!!!!
> Ok, that was a tedious example that just illustrates that using
> ActionTag
> can be very vicious. I was very surprised that action tag creates an
> extra
> context with the previous parameters and not only those provided by the
> param directive. Maybe because I'm not a WebWork man, I'm just switching
> from struts to WW2, but I think it can be very dangerous and can raise
> surprising and long-time-to-debug bugs.
> Here is my proposal. Add just a parameter to indicate to include or not
> the
> parameters from the current context, with a default behavior. It's just
> a
> simple swith to add in the createExtraContext() method, to add or not
> the
> ActionContext.getContext().getParameters().
> #bodytag(Action "name='tabs'" "id=tabs" "includeCurrentContext=false")
> //
> Maybe a little bit too long as an attribute name
> #param("tabsId" "$tabsId")
> #param("activeTab" "$activeTab")
> #end
> What is your feedback, guys ?
> Richard HALLIER
> Chef de projet
> richard.hallier@uniclick.org
> 01.40.12.41.52
> www.uniclick.org
> UNICLICK
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.