You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@struts.apache.org by "Lukasz Lenart (JIRA)" <ji...@apache.org> on 2016/06/21 10:48:57 UTC
[jira] [Comment Edited] (WW-4641) CVE-2016-0785
[ https://issues.apache.org/jira/browse/WW-4641?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15341537#comment-15341537 ]
Lukasz Lenart edited comment on WW-4641 at 6/21/16 10:48 AM:
-------------------------------------------------------------
Hi,
We are having issues after upgrading to Struts 2.3.29, whereby expressions inside name attributes of tags with {{%\{…\}}} in them would no longer be evaluated to retrieve the value.
For example:
{code:xml}
<s:textfield id="qty%{#entry.entryId}" name="basket.entryList[%{#entry.entryId}].quantity" />
{code}
This boils down to a change in {{org.apache.struts2.components.UIBean#evaluateParams()}}
https://git-wip-us.apache.org/repos/asf?p=struts.git;a=commit;h=88b885339a6cb7e31393cbb723a57ddf8f8b4494
BEFORE
{code:java}
if (this.name != null) {
name = findString(this.name);
addParameter("name", name);
}
{code}
AFTER
{code:java}
if (this.name != null) {
addParameter("name", findString(this.name));
}
{code}
Affected value logic further down
{code:java}
if (value != null) {
addParameter("nameValue", findValue(value, valueClazz));
} else if (name != null) {
String expr = completeExpressionIfAltSyntax(name);
addParameter("nameValue", findValue(expr, valueClazz));
}
{code}
Is this intentionally changed so that the final name would not be evaluated to retrieve the value?
Is it somehow related to https://cwiki.apache.org/confluence/display/WW/S2-036 ?
Thanks,
Martin
was (Author: martin.tsv):
Hi,
We are having issues after upgrading to Struts 2.3.29, whereby expressions inside name attributes of tags with %{…} in them would no longer be evaluated to retrieve the value.
For example:
<s:textfield id="qty%{#entry.entryId}" name="basket.entryList[%{#entry.entryId}].quantity" />
This boils down to a change in org.apache.struts2.components.UIBean#evaluateParams()
https://git-wip-us.apache.org/repos/asf?p=struts.git;a=commit;h=88b885339a6cb7e31393cbb723a57ddf8f8b4494
BEFORE
if (this.name != null) {
name = findString(this.name);
addParameter("name", name);
}
AFTER
if (this.name != null) {
addParameter("name", findString(this.name));
}
Affected value logic further down
if (value != null) {
addParameter("nameValue", findValue(value, valueClazz));
} else if (name != null) {
String expr = completeExpressionIfAltSyntax(name);
addParameter("nameValue", findValue(expr, valueClazz));
}
Is this intentionally changed so that the final name would not be evaluated to retrieve the value?
Is it somehow related to https://cwiki.apache.org/confluence/display/WW/S2-036 ?
Thanks,
Martin
> CVE-2016-0785
> -------------
>
> Key: WW-4641
> URL: https://issues.apache.org/jira/browse/WW-4641
> Project: Struts 2
> Issue Type: New Feature
> Components: Expression Language
> Affects Versions: 2.3.20
> Environment: apache tomcat 6.0.27
> Reporter: Samba
> Assignee: Lukasz Lenart
> Labels: features
> Fix For: 2.3.30
>
> Original Estimate: 168h
> Remaining Estimate: 168h
>
> Hi Team,
> http://struts.apache.org/docs/s2-029.html
> please suggest the replacement code for %{..} for the latest version of the struts 2.3.28
> Thanks
> Sambasiva Rao
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)