You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@struts.apache.org by "Anonymous (JIRA)" <ji...@apache.org> on 2007/08/05 18:45:38 UTC

[jira] Updated: (WW-410) ActionTag is dangerous

     [ https://issues.apache.org/struts/browse/WW-410?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]


    Status: Resolved  (was: Closed)

> ActionTag is dangerous
> ----------------------
>
>                 Key: WW-410
>                 URL: https://issues.apache.org/struts/browse/WW-410
>             Project: Struts 2
>          Issue Type: Improvement
>          Components: Views
>    Affects Versions: WW 2.0-beta2
>            Reporter: Richard HALLIER
>            Assignee: Patrick Lightbody
>             Fix For: WW 2.0
>
>
> I'm a lazy boy, so I paste my email.
> Just an additional remark, what would be the the default behavior : including or not the current context ?. I'd expect to have not the current context, it's a safer behavior.
> Richard HALLIER.
> --------------------------------------------------------------------
> I've created a component that renders a configurable tabs bar.
> >#bodytag(Action "name='tabs'" "id=tabs")
> >	#param("tabsId" "$tabsId")
> >	#param("activeTab" "$activeTab")
> >#end
> >
> >#bodytag(Push "value=#tabs")
> ><div class="tabs" align="left">
> > <table cellpadding="3" cellspacing="0" border="0">
> > <tr>
> >	#foreach($tabItem in $tabs)
> >		#if($tabItem.selected)
> >			<th title="$!tabItem.title">$tabItem.label</th>
> >		#else
> >			<td title="$!tabItem.title"><a
> href="#bodytag(URL
> "value='$tabItem.url'") #if($tabItem.paramName)
> #param>>("$tabItem.paramName" "$paramValue") #end 	#end
> ">$tabItem.label</td>
> >		#end
> >	#end
> >  </tr>
> > </table>
> ></div>
> >#end
> I call it from a velicity view
> >	#bodytag(Component "template=tabs.vm")
> >		#param( "tabsId" "issue")
> >		#param( "activeTab" "owner")
> >		#param( "paramValue" "id" true)
> >	#end
> >	#bodytag(Form ...)
> >		#tag(Hidden "name='id'" "value=id")
> >	...
> >	#end
> Everything is ok. Except one thing. I put this component at the top of a
> form and here is the chronology that leads to the problem :
> 1/ I'm creating a new entity (hidden field id=null) by fulfilling my
> form
> 2/ I submit it
> 3/ ParametersInterceptor populates my action, actually my model class.
> 4/ After validating everything, I store the model class in the db and
> chains
> to the velocity view that shows again the fulfilled form with a message
> "creation successful"
> 5/ In this page, the hidden field id is still null !! Whereas after
> leaving
> the action, everything was ok and the id was generated and stored in the
> db.
> Why?
> Because of the tabs action that is called just before populating the
> form
> and that implicitly calls the ParametersInterceptor (its necessary
> because
> fields from tabs action (tabsId, activeTab) must be populated this way).
> Instead of using a list of two parameters (those from the declared
> #param
> within of the component ->tabsId and activeTab ) to populate the tabs
> action, the ParametersInterceptor uses moreover the input parameters
> from
> the form -> id, name, ...), so the field id of my model class is reset
> to
> null !!!!!
> Ok, that was a tedious example that just illustrates that using
> ActionTag
> can be very vicious. I was very surprised that action tag creates an
> extra
> context with the previous parameters and not only those provided by the
> param directive. Maybe because I'm not a WebWork man, I'm just switching
> from struts to WW2, but I think it can be very dangerous and can raise
> surprising and long-time-to-debug bugs.
> Here is my proposal. Add just a parameter to indicate to include or not
> the
> parameters from the current context, with a default behavior. It's just
> a
> simple swith to add in the createExtraContext() method, to add or not
> the
> ActionContext.getContext().getParameters().
> #bodytag(Action "name='tabs'" "id=tabs" "includeCurrentContext=false")
> //
> Maybe a little bit too long as an attribute name
> 	#param("tabsId" "$tabsId")
> 	#param("activeTab" "$activeTab")
> #end
> What is your feedback, guys ?
> Richard HALLIER
> Chef de projet
> richard.hallier@uniclick.org
> 01.40.12.41.52
> www.uniclick.org
> UNICLICK

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.