You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@struts.apache.org by Greg Huber <gr...@gmail.com> on 2023/04/01 10:43:01 UTC
looking at roller upgrade again
Maybe a user question (sorry)
Using action like this : action="%{#mainAction}!saveDraft"/> struts
seems to get the "id" wrong? ...but the "name" correct.
eg:
<s:set var="mainAction">entryEdit</s:set>
<s:submit cssClass="btn btn-warning"
value="%{getText('weblogEdit.save')}"
action="%{#mainAction}!saveDraft"/>
renders:
<input type="submit" value="Save as Draft"
id="entry____mainAction__saveDraft" name="action:entryAdd!saveDraft"
class="btn btn-warning">
Should be
<input type="submit" value="Save as Draft" id="entry_entryAdd_saveDraft"
name="action:entryAdd!saveDraft" class="btn btn-warning">
#####
If I try it on my app it does the same thing
<form name="myConfig" id="myConfig" action="/app/myConfig.action"
method="post">
<s:set var="myConfigzzzzz" value="'myConfig'" />
<s:submit value="%{getText('button.save')}" action="%{myConfigz}!save"
accesskey="s" />
</form>
renders:
<input name="action:myConfig!save" type="submit" value="Save"
id="myConfig___myConfigzzzzz__save" accesskey="s">
should be
<input name="action:myConfig!save" type="submit" value="Save"
id="myConfig_myConfig_save" accesskey="s">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Re: looking at roller upgrade again
Posted by Yasser Zamani <ya...@apache.org>.
On 4/3/2023 11:18 AM, Lukasz Lenart wrote:
> The change has been introduced here [1] and the problem is that it
> replaces any non-alphanumeric character with "_". Also it works on an
> unevaluated version of the "name" attribute (in case if the "id"
> attribute is not defined). I think this is a bug and I'm not sure why
> the "escape" method has been changed in case of fixing double
> evaluations (its main purpose was JavaScript-friendliness)
>
> [1] https://github.com/apache/struts/pull/496/files#diff-cfe644a2b24b492d6835fa1f38e7a770dad354b286cbe6b056a5fe7e80e669caR897
BTW the root problem looks like is that the id is generated before name
evaluation, so mentioned PR above looks unrelated.
Regards.
>
>
> Regards
> --
> Łukasz
> + 48 606 323 122 http://www.lenart.org.pl/
>
> sob., 1 kwi 2023 o 12:43 Greg Huber <gr...@gmail.com> napisał(a):
>>
>> Maybe a user question (sorry)
>>
>> Using action like this : action="%{#mainAction}!saveDraft"/> struts
>> seems to get the "id" wrong? ...but the "name" correct.
>>
>> eg:
>>
>> <s:set var="mainAction">entryEdit</s:set>
>>
>> <s:submit cssClass="btn btn-warning"
>> value="%{getText('weblogEdit.save')}"
>> action="%{#mainAction}!saveDraft"/>
>>
>> renders:
>>
>> <input type="submit" value="Save as Draft"
>> id="entry____mainAction__saveDraft" name="action:entryAdd!saveDraft"
>> class="btn btn-warning">
>>
>>
>> Should be
>>
>> <input type="submit" value="Save as Draft" id="entry_entryAdd_saveDraft"
>> name="action:entryAdd!saveDraft" class="btn btn-warning">
>>
>>
>> #####
>>
>> If I try it on my app it does the same thing
>>
>> <form name="myConfig" id="myConfig" action="/app/myConfig.action"
>> method="post">
>>
>> <s:set var="myConfigzzzzz" value="'myConfig'" />
>> <s:submit value="%{getText('button.save')}" action="%{myConfigz}!save"
>> accesskey="s" />
>>
>> </form>
>>
>> renders:
>>
>> <input name="action:myConfig!save" type="submit" value="Save"
>> id="myConfig___myConfigzzzzz__save" accesskey="s">
>>
>>
>> should be
>>
>> <input name="action:myConfig!save" type="submit" value="Save"
>> id="myConfig_myConfig_save" accesskey="s">
>>
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
>> For additional commands, e-mail: dev-help@struts.apache.org
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
> For additional commands, e-mail: dev-help@struts.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Re: looking at roller upgrade again
Posted by Lukasz Lenart <lu...@apache.org>.
śr., 19 kwi 2023 o 09:37 Greg Huber <gr...@gmail.com> napisał(a):
>
> > hack to satisfy Roller requirements
>
> Well I don't think its a hack, to have the variable name as part of the
> id does not seem correct to me
>
> eg
> <form id="entry">
> <s:set var="tmp">entryEdit</s:set>
> <s:submit action="%{#tmp}!saveDraft"/>
> </form>
>
> ie the name would be :
>
> entry___tmp__saveDraft
>
> vs
>
> entry_entryEdit_saveDraft
but this is what my PR is doing right now, so I assume it is ok?
Regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Re: looking at roller upgrade again
Posted by Greg Huber <gr...@gmail.com>.
> hack to satisfy Roller requirements
Well I don't think its a hack, to have the variable name as part of the
id does not seem correct to me
eg
<form id="entry">
<s:set var="tmp">entryEdit</s:set>
<s:submit action="%{#tmp}!saveDraft"/>
</form>
ie the name would be :
entry___tmp__saveDraft
vs
entry_entryEdit_saveDraft
>calculate ID based on action
>AND method at the same time, is that correct?
yes, other tags must be doing this already?
On 19/04/2023 08:25, Lukasz Lenart wrote:
> śr., 19 kwi 2023 o 09:19 Greg Huber <gr...@gmail.com> napisał(a):
>> clickById("entry_%{#mainAction}!publish")
>>
>> This patch fixes the format by calculating the action first:
>>
>> https://github.com/apache/struts/commit/d7cf72c92eb84437eb9794b56c2525b389cf7900
> This is really a hack to satisfy Roller requirements, but looks like
> this clearly explains the expectations: calculate ID based on action
> AND method at the same time, is that correct?
>
>
> Regards
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Re: action="%{tmp}" on other tags
Posted by Lukasz Lenart <lu...@apache.org>.
śr., 19 kwi 2023 o 09:55 Greg Huber <gr...@gmail.com> napisał(a):
>
> The form tag
>
> <s:set var="tmp" value="'edit!save'" />
> <s:form action="%{tmp}">
>
> does this :
>
> <form name="edit" id="edit" action="/my/edit!save.action" method="post">
Not sure if I understood, this what you expect? And on which version
you have been testing this?
Regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
action="%{tmp}" on other tags
Posted by Greg Huber <gr...@gmail.com>.
The form tag
<s:set var="tmp" value="'edit!save'" />
<s:form action="%{tmp}">
does this :
<form name="edit" id="edit" action="/my/edit!save.action" method="post">
On 19/04/2023 08:25, Lukasz Lenart wrote:
> śr., 19 kwi 2023 o 09:19 Greg Huber <gr...@gmail.com> napisał(a):
>> clickById("entry_%{#mainAction}!publish")
>>
>> This patch fixes the format by calculating the action first:
>>
>> https://github.com/apache/struts/commit/d7cf72c92eb84437eb9794b56c2525b389cf7900
> This is really a hack to satisfy Roller requirements, but looks like
> this clearly explains the expectations: calculate ID based on action
> AND method at the same time, is that correct?
>
>
> Regards
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Re: looking at roller upgrade again
Posted by Lukasz Lenart <lu...@apache.org>.
śr., 19 kwi 2023 o 09:19 Greg Huber <gr...@gmail.com> napisał(a):
> clickById("entry_%{#mainAction}!publish")
>
> This patch fixes the format by calculating the action first:
>
> https://github.com/apache/struts/commit/d7cf72c92eb84437eb9794b56c2525b389cf7900
This is really a hack to satisfy Roller requirements, but looks like
this clearly explains the expectations: calculate ID based on action
AND method at the same time, is that correct?
Regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Re: looking at roller upgrade again
Posted by Greg Huber <gr...@gmail.com>.
>@Greg Huber is the current approach ok?
>https://github.com/apache/struts/pull/678
This works but not really related to this formatting issue.
As there is nothing wrong with Struts, it never formatted it correctly in the first place, which can be seen from the test clickById :
clickById("entry_%{#mainAction}!publish")
This patch fixes the format by calculating the action first:
https://github.com/apache/struts/commit/d7cf72c92eb84437eb9794b56c2525b389cf7900
Maybe there is another approach that other tags use? I will have another look.
On 19/04/2023 07:51, Lukasz Lenart wrote:
> I'm sorry Yasser if you took this personally - escape logic has
> changed and on first thought that was the cause. After investigating
> the thing deeper I found it isn't just this but also missing support
> for evaluation of ID which bases on action or method.
>
> Previously ID was evaluated on set (in the setter) to overcome some
> problems, yet it was too early and I have changed this logic sometime
> ago, yet still this affected only tags with ID defined.
>
> @Greg Huber is the current approach ok?
> https://github.com/apache/struts/pull/678
>
>
> Cheers
> --
> Łukasz
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
> For additional commands, e-mail: dev-help@struts.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Re: looking at roller upgrade again
Posted by Lukasz Lenart <lu...@apache.org>.
I'm sorry Yasser if you took this personally - escape logic has
changed and on first thought that was the cause. After investigating
the thing deeper I found it isn't just this but also missing support
for evaluation of ID which bases on action or method.
Previously ID was evaluated on set (in the setter) to overcome some
problems, yet it was too early and I have changed this logic sometime
ago, yet still this affected only tags with ID defined.
@Greg Huber is the current approach ok?
https://github.com/apache/struts/pull/678
Cheers
--
Łukasz
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Re: looking at roller upgrade again
Posted by Yasser Zamani <ya...@apache.org>.
Thank you Greg for your confirmation!
So it's not a error or bug or wrong. Struts internal mechanism has been changed owing to security reasons. Please update the app accordingly and replace the id. Or better, find and click on it in some other way than id, to be completely independent from Struts internal behavior.
Best,
Yasser.
________________________________________
From: Greg Huber <gr...@gmail.com>
Sent: Saturday, April 15, 2023 3:08 PM
To: dev@struts.apache.org
Subject: Re: looking at roller upgrade again
I think it was always wrong as the test is checking for :
entry_%{#mainAction}!publish
clickById("entry_%{#mainAction}!publish")
On 14/04/2023 19:17, Yasser Zamani wrote:
> Thank you for the explanation Greg. Yes I agree that previously it was
> looking better. Currently am wondering how previous Struts was
> generating the id from an evaluated name! Because as you see below,
> Struts is and was keeping name property unchanged via introducing a
> local var named name:
>
> String name = findString(this.name); // previous version
> String translatedName = findString(this.name); // current version
>
> You see. I just renamed local var name to translatedName to not
> confuse name with this.name. So am wondering how _tmp_id =
> ...escape(name)...; uses an evaluated name in previous versions!
>
> Regards.
>
> On 4/12/2023 7:13 PM, Greg Huber wrote:
>> There is nothing wrong with struts.
>>
>> There is a selenium test in roller that checks on the id
>>
>> clickById("entry_%{#mainAction}!publish");
>>
>> it now has:
>> entry____mainAction__publish
>>
>> ie it escapes %{#}! with spaces.
>>
>> To match other tags, it should evaluate %{#mainAction}
>>
>> ie using the form below:
>>
>> <form id="entry">
>> <s:set var="mainAction">entryEdit</s:set>
>> <s:submit action="%{#mainAction}!saveDraft"/>
>> </form>
>>
>> entry_entryEdit_publish
>>
>> Whether this is is needed or not is debatable, although it looks better.
>>
>> But, it is just as easy to change the test to be:
>> entry____mainAction__publish.
>>
>>
>> On Wed, 12 Apr 2023 at 14:27, Yasser Zamani <ya...@apache.org>
>> wrote:
>>
>>> Sorry I didn't get what the problem exactly is.
>>>
>>> 1. Was your app depended to Struts internal behavior of id generation
>>> and so your app is broken now?
>>>
>>> 2. Or no, Struts itself is broken now by my change?
>>>
>>>
>>> On 4/11/2023 10:16 AM, Greg Huber wrote:
>>>> More housekeeping, the id on the form tag never supported %{..} on the
>>>> action attribute. ie action="%{#mainAction}!saveDraft"
>>>>
>>>> On 10/04/2023 20:37, Yasser Zamani wrote:
>>>>> Hi there, please see inline...
>>>>>
>>>>> On 4/3/2023 11:18 AM, Lukasz Lenart wrote:
>>>>>> The change has been introduced here [1] and the problem is that it
>>>>>> replaces any non-alphanumeric character with "_". Also it works
>>>>>> on an
>>>>>> unevaluated version of the "name" attribute (in case if the "id"
>>>>>> attribute is not defined). I think this is a bug and I'm not sure
>>>>>> why
>>>>>> the "escape" method has been changed in case of fixing double
>>>>>> evaluations (its main purpose was JavaScript-friendliness)
>>>>>
>>>>> Because it was also reported in same report by our last security
>>>>> report. It's required and is a common practice to avoid XSS.
>>>>>
>>>>> If some plugin has a problem with it, then it also need to be fixed
>>>>> (i.e. replace any non-alpha with _) because it's only for Struts
>>>>> internal usage and users shouldn't depend on Struts internal
>>>>> behavior.
>>>>>
>>>>> Best Regards,
>>>>> Yasser
>>>>>
>>>>>>
>>>>>> [1]
>>>>>>
>>> https://github.com/apache/struts/pull/496/files#diff-cfe644a2b24b492d6835fa1f38e7a770dad354b286cbe6b056a5fe7e80e669caR897
>>>
>>>>>>
>>>>>>
>>>>>> Regards
>>>>>> --
>>>>>> Łukasz
>>>>>> + 48 606 323 122 http://www.lenart.org.pl/
>>>>>>
>>>>>> sob., 1 kwi 2023 o 12:43 Greg Huber <gr...@gmail.com>
>>>>>> napisał(a):
>>>>>>>
>>>>>>> Maybe a user question (sorry)
>>>>>>>
>>>>>>> Using action like this : action="%{#mainAction}!saveDraft"/> struts
>>>>>>> seems to get the "id" wrong? ...but the "name" correct.
>>>>>>>
>>>>>>> eg:
>>>>>>>
>>>>>>> <s:set var="mainAction">entryEdit</s:set>
>>>>>>>
>>>>>>> <s:submit cssClass="btn btn-warning"
>>>>>>> value="%{getText('weblogEdit.save')}"
>>>>>>> action="%{#mainAction}!saveDraft"/>
>>>>>>>
>>>>>>> renders:
>>>>>>>
>>>>>>> <input type="submit" value="Save as Draft"
>>>>>>> id="entry____mainAction__saveDraft"
>>>>>>> name="action:entryAdd!saveDraft"
>>>>>>> class="btn btn-warning">
>>>>>>>
>>>>>>>
>>>>>>> Should be
>>>>>>>
>>>>>>> <input type="submit" value="Save as Draft"
>>>>>>> id="entry_entryAdd_saveDraft"
>>>>>>> name="action:entryAdd!saveDraft" class="btn btn-warning">
>>>>>>>
>>>>>>>
>>>>>>> #####
>>>>>>>
>>>>>>> If I try it on my app it does the same thing
>>>>>>>
>>>>>>> <form name="myConfig" id="myConfig" action="/app/myConfig.action"
>>>>>>> method="post">
>>>>>>>
>>>>>>> <s:set var="myConfigzzzzz" value="'myConfig'" />
>>>>>>> <s:submit value="%{getText('button.save')}"
>>>>>>> action="%{myConfigz}!save"
>>>>>>> accesskey="s" />
>>>>>>>
>>>>>>> </form>
>>>>>>>
>>>>>>> renders:
>>>>>>>
>>>>>>> <input name="action:myConfig!save" type="submit" value="Save"
>>>>>>> id="myConfig___myConfigzzzzz__save" accesskey="s">
>>>>>>>
>>>>>>>
>>>>>>> should be
>>>>>>>
>>>>>>> <input name="action:myConfig!save" type="submit" value="Save"
>>>>>>> id="myConfig_myConfig_save" accesskey="s">
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> ---------------------------------------------------------------------
>>>>>>>
>>>>>>> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
>>>>>>> For additional commands, e-mail: dev-help@struts.apache.org
>>>>>>>
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>>
>>>>>> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
>>>>>> For additional commands, e-mail: dev-help@struts.apache.org
>>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
>>>>> For additional commands, e-mail: dev-help@struts.apache.org
>>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
>>>> For additional commands, e-mail: dev-help@struts.apache.org
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
>>> For additional commands, e-mail: dev-help@struts.apache.org
>>>
>>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
> For additional commands, e-mail: dev-help@struts.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Re: looking at roller upgrade again
Posted by Greg Huber <gr...@gmail.com>.
I think it was always wrong as the test is checking for :
entry_%{#mainAction}!publish
clickById("entry_%{#mainAction}!publish")
On 14/04/2023 19:17, Yasser Zamani wrote:
> Thank you for the explanation Greg. Yes I agree that previously it was
> looking better. Currently am wondering how previous Struts was
> generating the id from an evaluated name! Because as you see below,
> Struts is and was keeping name property unchanged via introducing a
> local var named name:
>
> String name = findString(this.name); // previous version
> String translatedName = findString(this.name); // current version
>
> You see. I just renamed local var name to translatedName to not
> confuse name with this.name. So am wondering how _tmp_id =
> ...escape(name)...; uses an evaluated name in previous versions!
>
> Regards.
>
> On 4/12/2023 7:13 PM, Greg Huber wrote:
>> There is nothing wrong with struts.
>>
>> There is a selenium test in roller that checks on the id
>>
>> clickById("entry_%{#mainAction}!publish");
>>
>> it now has:
>> entry____mainAction__publish
>>
>> ie it escapes %{#}! with spaces.
>>
>> To match other tags, it should evaluate %{#mainAction}
>>
>> ie using the form below:
>>
>> <form id="entry">
>> <s:set var="mainAction">entryEdit</s:set>
>> <s:submit action="%{#mainAction}!saveDraft"/>
>> </form>
>>
>> entry_entryEdit_publish
>>
>> Whether this is is needed or not is debatable, although it looks better.
>>
>> But, it is just as easy to change the test to be:
>> entry____mainAction__publish.
>>
>>
>> On Wed, 12 Apr 2023 at 14:27, Yasser Zamani <ya...@apache.org>
>> wrote:
>>
>>> Sorry I didn't get what the problem exactly is.
>>>
>>> 1. Was your app depended to Struts internal behavior of id generation
>>> and so your app is broken now?
>>>
>>> 2. Or no, Struts itself is broken now by my change?
>>>
>>>
>>> On 4/11/2023 10:16 AM, Greg Huber wrote:
>>>> More housekeeping, the id on the form tag never supported %{..} on the
>>>> action attribute. ie action="%{#mainAction}!saveDraft"
>>>>
>>>> On 10/04/2023 20:37, Yasser Zamani wrote:
>>>>> Hi there, please see inline...
>>>>>
>>>>> On 4/3/2023 11:18 AM, Lukasz Lenart wrote:
>>>>>> The change has been introduced here [1] and the problem is that it
>>>>>> replaces any non-alphanumeric character with "_". Also it works
>>>>>> on an
>>>>>> unevaluated version of the "name" attribute (in case if the "id"
>>>>>> attribute is not defined). I think this is a bug and I'm not sure
>>>>>> why
>>>>>> the "escape" method has been changed in case of fixing double
>>>>>> evaluations (its main purpose was JavaScript-friendliness)
>>>>>
>>>>> Because it was also reported in same report by our last security
>>>>> report. It's required and is a common practice to avoid XSS.
>>>>>
>>>>> If some plugin has a problem with it, then it also need to be fixed
>>>>> (i.e. replace any non-alpha with _) because it's only for Struts
>>>>> internal usage and users shouldn't depend on Struts internal
>>>>> behavior.
>>>>>
>>>>> Best Regards,
>>>>> Yasser
>>>>>
>>>>>>
>>>>>> [1]
>>>>>>
>>> https://github.com/apache/struts/pull/496/files#diff-cfe644a2b24b492d6835fa1f38e7a770dad354b286cbe6b056a5fe7e80e669caR897
>>>
>>>>>>
>>>>>>
>>>>>> Regards
>>>>>> --
>>>>>> Łukasz
>>>>>> + 48 606 323 122 http://www.lenart.org.pl/
>>>>>>
>>>>>> sob., 1 kwi 2023 o 12:43 Greg Huber <gr...@gmail.com>
>>>>>> napisał(a):
>>>>>>>
>>>>>>> Maybe a user question (sorry)
>>>>>>>
>>>>>>> Using action like this : action="%{#mainAction}!saveDraft"/> struts
>>>>>>> seems to get the "id" wrong? ...but the "name" correct.
>>>>>>>
>>>>>>> eg:
>>>>>>>
>>>>>>> <s:set var="mainAction">entryEdit</s:set>
>>>>>>>
>>>>>>> <s:submit cssClass="btn btn-warning"
>>>>>>> value="%{getText('weblogEdit.save')}"
>>>>>>> action="%{#mainAction}!saveDraft"/>
>>>>>>>
>>>>>>> renders:
>>>>>>>
>>>>>>> <input type="submit" value="Save as Draft"
>>>>>>> id="entry____mainAction__saveDraft"
>>>>>>> name="action:entryAdd!saveDraft"
>>>>>>> class="btn btn-warning">
>>>>>>>
>>>>>>>
>>>>>>> Should be
>>>>>>>
>>>>>>> <input type="submit" value="Save as Draft"
>>>>>>> id="entry_entryAdd_saveDraft"
>>>>>>> name="action:entryAdd!saveDraft" class="btn btn-warning">
>>>>>>>
>>>>>>>
>>>>>>> #####
>>>>>>>
>>>>>>> If I try it on my app it does the same thing
>>>>>>>
>>>>>>> <form name="myConfig" id="myConfig" action="/app/myConfig.action"
>>>>>>> method="post">
>>>>>>>
>>>>>>> <s:set var="myConfigzzzzz" value="'myConfig'" />
>>>>>>> <s:submit value="%{getText('button.save')}"
>>>>>>> action="%{myConfigz}!save"
>>>>>>> accesskey="s" />
>>>>>>>
>>>>>>> </form>
>>>>>>>
>>>>>>> renders:
>>>>>>>
>>>>>>> <input name="action:myConfig!save" type="submit" value="Save"
>>>>>>> id="myConfig___myConfigzzzzz__save" accesskey="s">
>>>>>>>
>>>>>>>
>>>>>>> should be
>>>>>>>
>>>>>>> <input name="action:myConfig!save" type="submit" value="Save"
>>>>>>> id="myConfig_myConfig_save" accesskey="s">
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> ---------------------------------------------------------------------
>>>>>>>
>>>>>>> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
>>>>>>> For additional commands, e-mail: dev-help@struts.apache.org
>>>>>>>
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>>
>>>>>> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
>>>>>> For additional commands, e-mail: dev-help@struts.apache.org
>>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
>>>>> For additional commands, e-mail: dev-help@struts.apache.org
>>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
>>>> For additional commands, e-mail: dev-help@struts.apache.org
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
>>> For additional commands, e-mail: dev-help@struts.apache.org
>>>
>>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
> For additional commands, e-mail: dev-help@struts.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Re: looking at roller upgrade again
Posted by Yasser Zamani <ya...@apache.org>.
Thank you for the explanation Greg. Yes I agree that previously it was
looking better. Currently am wondering how previous Struts was
generating the id from an evaluated name! Because as you see below,
Struts is and was keeping name property unchanged via introducing a
local var named name:
String name = findString(this.name); // previous version
String translatedName = findString(this.name); // current version
You see. I just renamed local var name to translatedName to not confuse
name with this.name. So am wondering how _tmp_id = ...escape(name)...;
uses an evaluated name in previous versions!
Regards.
On 4/12/2023 7:13 PM, Greg Huber wrote:
> There is nothing wrong with struts.
>
> There is a selenium test in roller that checks on the id
>
> clickById("entry_%{#mainAction}!publish");
>
> it now has:
> entry____mainAction__publish
>
> ie it escapes %{#}! with spaces.
>
> To match other tags, it should evaluate %{#mainAction}
>
> ie using the form below:
>
> <form id="entry">
> <s:set var="mainAction">entryEdit</s:set>
> <s:submit action="%{#mainAction}!saveDraft"/>
> </form>
>
> entry_entryEdit_publish
>
> Whether this is is needed or not is debatable, although it looks better.
>
> But, it is just as easy to change the test to be:
> entry____mainAction__publish.
>
>
> On Wed, 12 Apr 2023 at 14:27, Yasser Zamani <ya...@apache.org> wrote:
>
>> Sorry I didn't get what the problem exactly is.
>>
>> 1. Was your app depended to Struts internal behavior of id generation
>> and so your app is broken now?
>>
>> 2. Or no, Struts itself is broken now by my change?
>>
>>
>> On 4/11/2023 10:16 AM, Greg Huber wrote:
>>> More housekeeping, the id on the form tag never supported %{..} on the
>>> action attribute. ie action="%{#mainAction}!saveDraft"
>>>
>>> On 10/04/2023 20:37, Yasser Zamani wrote:
>>>> Hi there, please see inline...
>>>>
>>>> On 4/3/2023 11:18 AM, Lukasz Lenart wrote:
>>>>> The change has been introduced here [1] and the problem is that it
>>>>> replaces any non-alphanumeric character with "_". Also it works on an
>>>>> unevaluated version of the "name" attribute (in case if the "id"
>>>>> attribute is not defined). I think this is a bug and I'm not sure why
>>>>> the "escape" method has been changed in case of fixing double
>>>>> evaluations (its main purpose was JavaScript-friendliness)
>>>>
>>>> Because it was also reported in same report by our last security
>>>> report. It's required and is a common practice to avoid XSS.
>>>>
>>>> If some plugin has a problem with it, then it also need to be fixed
>>>> (i.e. replace any non-alpha with _) because it's only for Struts
>>>> internal usage and users shouldn't depend on Struts internal behavior.
>>>>
>>>> Best Regards,
>>>> Yasser
>>>>
>>>>>
>>>>> [1]
>>>>>
>> https://github.com/apache/struts/pull/496/files#diff-cfe644a2b24b492d6835fa1f38e7a770dad354b286cbe6b056a5fe7e80e669caR897
>>>>>
>>>>>
>>>>> Regards
>>>>> --
>>>>> Łukasz
>>>>> + 48 606 323 122 http://www.lenart.org.pl/
>>>>>
>>>>> sob., 1 kwi 2023 o 12:43 Greg Huber <gr...@gmail.com> napisał(a):
>>>>>>
>>>>>> Maybe a user question (sorry)
>>>>>>
>>>>>> Using action like this : action="%{#mainAction}!saveDraft"/> struts
>>>>>> seems to get the "id" wrong? ...but the "name" correct.
>>>>>>
>>>>>> eg:
>>>>>>
>>>>>> <s:set var="mainAction">entryEdit</s:set>
>>>>>>
>>>>>> <s:submit cssClass="btn btn-warning"
>>>>>> value="%{getText('weblogEdit.save')}"
>>>>>> action="%{#mainAction}!saveDraft"/>
>>>>>>
>>>>>> renders:
>>>>>>
>>>>>> <input type="submit" value="Save as Draft"
>>>>>> id="entry____mainAction__saveDraft" name="action:entryAdd!saveDraft"
>>>>>> class="btn btn-warning">
>>>>>>
>>>>>>
>>>>>> Should be
>>>>>>
>>>>>> <input type="submit" value="Save as Draft"
>>>>>> id="entry_entryAdd_saveDraft"
>>>>>> name="action:entryAdd!saveDraft" class="btn btn-warning">
>>>>>>
>>>>>>
>>>>>> #####
>>>>>>
>>>>>> If I try it on my app it does the same thing
>>>>>>
>>>>>> <form name="myConfig" id="myConfig" action="/app/myConfig.action"
>>>>>> method="post">
>>>>>>
>>>>>> <s:set var="myConfigzzzzz" value="'myConfig'" />
>>>>>> <s:submit value="%{getText('button.save')}" action="%{myConfigz}!save"
>>>>>> accesskey="s" />
>>>>>>
>>>>>> </form>
>>>>>>
>>>>>> renders:
>>>>>>
>>>>>> <input name="action:myConfig!save" type="submit" value="Save"
>>>>>> id="myConfig___myConfigzzzzz__save" accesskey="s">
>>>>>>
>>>>>>
>>>>>> should be
>>>>>>
>>>>>> <input name="action:myConfig!save" type="submit" value="Save"
>>>>>> id="myConfig_myConfig_save" accesskey="s">
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
>>>>>> For additional commands, e-mail: dev-help@struts.apache.org
>>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
>>>>> For additional commands, e-mail: dev-help@struts.apache.org
>>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
>>>> For additional commands, e-mail: dev-help@struts.apache.org
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
>>> For additional commands, e-mail: dev-help@struts.apache.org
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
>> For additional commands, e-mail: dev-help@struts.apache.org
>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Re: looking at roller upgrade again
Posted by Greg Huber <gr...@gmail.com>.
There is nothing wrong with struts.
There is a selenium test in roller that checks on the id
clickById("entry_%{#mainAction}!publish");
it now has:
entry____mainAction__publish
ie it escapes %{#}! with spaces.
To match other tags, it should evaluate %{#mainAction}
ie using the form below:
<form id="entry">
<s:set var="mainAction">entryEdit</s:set>
<s:submit action="%{#mainAction}!saveDraft"/>
</form>
entry_entryEdit_publish
Whether this is is needed or not is debatable, although it looks better.
But, it is just as easy to change the test to be:
entry____mainAction__publish.
On Wed, 12 Apr 2023 at 14:27, Yasser Zamani <ya...@apache.org> wrote:
> Sorry I didn't get what the problem exactly is.
>
> 1. Was your app depended to Struts internal behavior of id generation
> and so your app is broken now?
>
> 2. Or no, Struts itself is broken now by my change?
>
>
> On 4/11/2023 10:16 AM, Greg Huber wrote:
> > More housekeeping, the id on the form tag never supported %{..} on the
> > action attribute. ie action="%{#mainAction}!saveDraft"
> >
> > On 10/04/2023 20:37, Yasser Zamani wrote:
> >> Hi there, please see inline...
> >>
> >> On 4/3/2023 11:18 AM, Lukasz Lenart wrote:
> >>> The change has been introduced here [1] and the problem is that it
> >>> replaces any non-alphanumeric character with "_". Also it works on an
> >>> unevaluated version of the "name" attribute (in case if the "id"
> >>> attribute is not defined). I think this is a bug and I'm not sure why
> >>> the "escape" method has been changed in case of fixing double
> >>> evaluations (its main purpose was JavaScript-friendliness)
> >>
> >> Because it was also reported in same report by our last security
> >> report. It's required and is a common practice to avoid XSS.
> >>
> >> If some plugin has a problem with it, then it also need to be fixed
> >> (i.e. replace any non-alpha with _) because it's only for Struts
> >> internal usage and users shouldn't depend on Struts internal behavior.
> >>
> >> Best Regards,
> >> Yasser
> >>
> >>>
> >>> [1]
> >>>
> https://github.com/apache/struts/pull/496/files#diff-cfe644a2b24b492d6835fa1f38e7a770dad354b286cbe6b056a5fe7e80e669caR897
> >>>
> >>>
> >>> Regards
> >>> --
> >>> Łukasz
> >>> + 48 606 323 122 http://www.lenart.org.pl/
> >>>
> >>> sob., 1 kwi 2023 o 12:43 Greg Huber <gr...@gmail.com> napisał(a):
> >>>>
> >>>> Maybe a user question (sorry)
> >>>>
> >>>> Using action like this : action="%{#mainAction}!saveDraft"/> struts
> >>>> seems to get the "id" wrong? ...but the "name" correct.
> >>>>
> >>>> eg:
> >>>>
> >>>> <s:set var="mainAction">entryEdit</s:set>
> >>>>
> >>>> <s:submit cssClass="btn btn-warning"
> >>>> value="%{getText('weblogEdit.save')}"
> >>>> action="%{#mainAction}!saveDraft"/>
> >>>>
> >>>> renders:
> >>>>
> >>>> <input type="submit" value="Save as Draft"
> >>>> id="entry____mainAction__saveDraft" name="action:entryAdd!saveDraft"
> >>>> class="btn btn-warning">
> >>>>
> >>>>
> >>>> Should be
> >>>>
> >>>> <input type="submit" value="Save as Draft"
> >>>> id="entry_entryAdd_saveDraft"
> >>>> name="action:entryAdd!saveDraft" class="btn btn-warning">
> >>>>
> >>>>
> >>>> #####
> >>>>
> >>>> If I try it on my app it does the same thing
> >>>>
> >>>> <form name="myConfig" id="myConfig" action="/app/myConfig.action"
> >>>> method="post">
> >>>>
> >>>> <s:set var="myConfigzzzzz" value="'myConfig'" />
> >>>> <s:submit value="%{getText('button.save')}" action="%{myConfigz}!save"
> >>>> accesskey="s" />
> >>>>
> >>>> </form>
> >>>>
> >>>> renders:
> >>>>
> >>>> <input name="action:myConfig!save" type="submit" value="Save"
> >>>> id="myConfig___myConfigzzzzz__save" accesskey="s">
> >>>>
> >>>>
> >>>> should be
> >>>>
> >>>> <input name="action:myConfig!save" type="submit" value="Save"
> >>>> id="myConfig_myConfig_save" accesskey="s">
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>> ---------------------------------------------------------------------
> >>>> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
> >>>> For additional commands, e-mail: dev-help@struts.apache.org
> >>>>
> >>>
> >>> ---------------------------------------------------------------------
> >>> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
> >>> For additional commands, e-mail: dev-help@struts.apache.org
> >>>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
> >> For additional commands, e-mail: dev-help@struts.apache.org
> >>
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
> > For additional commands, e-mail: dev-help@struts.apache.org
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
> For additional commands, e-mail: dev-help@struts.apache.org
>
>
Re: looking at roller upgrade again
Posted by Yasser Zamani <ya...@apache.org>.
Sorry I didn't get what the problem exactly is.
1. Was your app depended to Struts internal behavior of id generation
and so your app is broken now?
2. Or no, Struts itself is broken now by my change?
On 4/11/2023 10:16 AM, Greg Huber wrote:
> More housekeeping, the id on the form tag never supported %{..} on the
> action attribute. ie action="%{#mainAction}!saveDraft"
>
> On 10/04/2023 20:37, Yasser Zamani wrote:
>> Hi there, please see inline...
>>
>> On 4/3/2023 11:18 AM, Lukasz Lenart wrote:
>>> The change has been introduced here [1] and the problem is that it
>>> replaces any non-alphanumeric character with "_". Also it works on an
>>> unevaluated version of the "name" attribute (in case if the "id"
>>> attribute is not defined). I think this is a bug and I'm not sure why
>>> the "escape" method has been changed in case of fixing double
>>> evaluations (its main purpose was JavaScript-friendliness)
>>
>> Because it was also reported in same report by our last security
>> report. It's required and is a common practice to avoid XSS.
>>
>> If some plugin has a problem with it, then it also need to be fixed
>> (i.e. replace any non-alpha with _) because it's only for Struts
>> internal usage and users shouldn't depend on Struts internal behavior.
>>
>> Best Regards,
>> Yasser
>>
>>>
>>> [1]
>>> https://github.com/apache/struts/pull/496/files#diff-cfe644a2b24b492d6835fa1f38e7a770dad354b286cbe6b056a5fe7e80e669caR897
>>>
>>>
>>> Regards
>>> --
>>> Łukasz
>>> + 48 606 323 122 http://www.lenart.org.pl/
>>>
>>> sob., 1 kwi 2023 o 12:43 Greg Huber <gr...@gmail.com> napisał(a):
>>>>
>>>> Maybe a user question (sorry)
>>>>
>>>> Using action like this : action="%{#mainAction}!saveDraft"/> struts
>>>> seems to get the "id" wrong? ...but the "name" correct.
>>>>
>>>> eg:
>>>>
>>>> <s:set var="mainAction">entryEdit</s:set>
>>>>
>>>> <s:submit cssClass="btn btn-warning"
>>>> value="%{getText('weblogEdit.save')}"
>>>> action="%{#mainAction}!saveDraft"/>
>>>>
>>>> renders:
>>>>
>>>> <input type="submit" value="Save as Draft"
>>>> id="entry____mainAction__saveDraft" name="action:entryAdd!saveDraft"
>>>> class="btn btn-warning">
>>>>
>>>>
>>>> Should be
>>>>
>>>> <input type="submit" value="Save as Draft"
>>>> id="entry_entryAdd_saveDraft"
>>>> name="action:entryAdd!saveDraft" class="btn btn-warning">
>>>>
>>>>
>>>> #####
>>>>
>>>> If I try it on my app it does the same thing
>>>>
>>>> <form name="myConfig" id="myConfig" action="/app/myConfig.action"
>>>> method="post">
>>>>
>>>> <s:set var="myConfigzzzzz" value="'myConfig'" />
>>>> <s:submit value="%{getText('button.save')}" action="%{myConfigz}!save"
>>>> accesskey="s" />
>>>>
>>>> </form>
>>>>
>>>> renders:
>>>>
>>>> <input name="action:myConfig!save" type="submit" value="Save"
>>>> id="myConfig___myConfigzzzzz__save" accesskey="s">
>>>>
>>>>
>>>> should be
>>>>
>>>> <input name="action:myConfig!save" type="submit" value="Save"
>>>> id="myConfig_myConfig_save" accesskey="s">
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
>>>> For additional commands, e-mail: dev-help@struts.apache.org
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
>>> For additional commands, e-mail: dev-help@struts.apache.org
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
>> For additional commands, e-mail: dev-help@struts.apache.org
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
> For additional commands, e-mail: dev-help@struts.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Re: looking at roller upgrade again
Posted by Greg Huber <gr...@gmail.com>.
More housekeeping, the id on the form tag never supported %{..} on the
action attribute. ie action="%{#mainAction}!saveDraft"
On 10/04/2023 20:37, Yasser Zamani wrote:
> Hi there, please see inline...
>
> On 4/3/2023 11:18 AM, Lukasz Lenart wrote:
>> The change has been introduced here [1] and the problem is that it
>> replaces any non-alphanumeric character with "_". Also it works on an
>> unevaluated version of the "name" attribute (in case if the "id"
>> attribute is not defined). I think this is a bug and I'm not sure why
>> the "escape" method has been changed in case of fixing double
>> evaluations (its main purpose was JavaScript-friendliness)
>
> Because it was also reported in same report by our last security
> report. It's required and is a common practice to avoid XSS.
>
> If some plugin has a problem with it, then it also need to be fixed
> (i.e. replace any non-alpha with _) because it's only for Struts
> internal usage and users shouldn't depend on Struts internal behavior.
>
> Best Regards,
> Yasser
>
>>
>> [1]
>> https://github.com/apache/struts/pull/496/files#diff-cfe644a2b24b492d6835fa1f38e7a770dad354b286cbe6b056a5fe7e80e669caR897
>>
>>
>> Regards
>> --
>> Łukasz
>> + 48 606 323 122 http://www.lenart.org.pl/
>>
>> sob., 1 kwi 2023 o 12:43 Greg Huber <gr...@gmail.com> napisał(a):
>>>
>>> Maybe a user question (sorry)
>>>
>>> Using action like this : action="%{#mainAction}!saveDraft"/> struts
>>> seems to get the "id" wrong? ...but the "name" correct.
>>>
>>> eg:
>>>
>>> <s:set var="mainAction">entryEdit</s:set>
>>>
>>> <s:submit cssClass="btn btn-warning"
>>> value="%{getText('weblogEdit.save')}"
>>> action="%{#mainAction}!saveDraft"/>
>>>
>>> renders:
>>>
>>> <input type="submit" value="Save as Draft"
>>> id="entry____mainAction__saveDraft" name="action:entryAdd!saveDraft"
>>> class="btn btn-warning">
>>>
>>>
>>> Should be
>>>
>>> <input type="submit" value="Save as Draft"
>>> id="entry_entryAdd_saveDraft"
>>> name="action:entryAdd!saveDraft" class="btn btn-warning">
>>>
>>>
>>> #####
>>>
>>> If I try it on my app it does the same thing
>>>
>>> <form name="myConfig" id="myConfig" action="/app/myConfig.action"
>>> method="post">
>>>
>>> <s:set var="myConfigzzzzz" value="'myConfig'" />
>>> <s:submit value="%{getText('button.save')}" action="%{myConfigz}!save"
>>> accesskey="s" />
>>>
>>> </form>
>>>
>>> renders:
>>>
>>> <input name="action:myConfig!save" type="submit" value="Save"
>>> id="myConfig___myConfigzzzzz__save" accesskey="s">
>>>
>>>
>>> should be
>>>
>>> <input name="action:myConfig!save" type="submit" value="Save"
>>> id="myConfig_myConfig_save" accesskey="s">
>>>
>>>
>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
>>> For additional commands, e-mail: dev-help@struts.apache.org
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
>> For additional commands, e-mail: dev-help@struts.apache.org
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
> For additional commands, e-mail: dev-help@struts.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Re: looking at roller upgrade again
Posted by Yasser Zamani <ya...@apache.org>.
Hi there, please see inline...
On 4/3/2023 11:18 AM, Lukasz Lenart wrote:
> The change has been introduced here [1] and the problem is that it
> replaces any non-alphanumeric character with "_". Also it works on an
> unevaluated version of the "name" attribute (in case if the "id"
> attribute is not defined). I think this is a bug and I'm not sure why
> the "escape" method has been changed in case of fixing double
> evaluations (its main purpose was JavaScript-friendliness)
Because it was also reported in same report by our last security report.
It's required and is a common practice to avoid XSS.
If some plugin has a problem with it, then it also need to be fixed
(i.e. replace any non-alpha with _) because it's only for Struts
internal usage and users shouldn't depend on Struts internal behavior.
Best Regards,
Yasser
>
> [1] https://github.com/apache/struts/pull/496/files#diff-cfe644a2b24b492d6835fa1f38e7a770dad354b286cbe6b056a5fe7e80e669caR897
>
>
> Regards
> --
> Łukasz
> + 48 606 323 122 http://www.lenart.org.pl/
>
> sob., 1 kwi 2023 o 12:43 Greg Huber <gr...@gmail.com> napisał(a):
>>
>> Maybe a user question (sorry)
>>
>> Using action like this : action="%{#mainAction}!saveDraft"/> struts
>> seems to get the "id" wrong? ...but the "name" correct.
>>
>> eg:
>>
>> <s:set var="mainAction">entryEdit</s:set>
>>
>> <s:submit cssClass="btn btn-warning"
>> value="%{getText('weblogEdit.save')}"
>> action="%{#mainAction}!saveDraft"/>
>>
>> renders:
>>
>> <input type="submit" value="Save as Draft"
>> id="entry____mainAction__saveDraft" name="action:entryAdd!saveDraft"
>> class="btn btn-warning">
>>
>>
>> Should be
>>
>> <input type="submit" value="Save as Draft" id="entry_entryAdd_saveDraft"
>> name="action:entryAdd!saveDraft" class="btn btn-warning">
>>
>>
>> #####
>>
>> If I try it on my app it does the same thing
>>
>> <form name="myConfig" id="myConfig" action="/app/myConfig.action"
>> method="post">
>>
>> <s:set var="myConfigzzzzz" value="'myConfig'" />
>> <s:submit value="%{getText('button.save')}" action="%{myConfigz}!save"
>> accesskey="s" />
>>
>> </form>
>>
>> renders:
>>
>> <input name="action:myConfig!save" type="submit" value="Save"
>> id="myConfig___myConfigzzzzz__save" accesskey="s">
>>
>>
>> should be
>>
>> <input name="action:myConfig!save" type="submit" value="Save"
>> id="myConfig_myConfig_save" accesskey="s">
>>
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
>> For additional commands, e-mail: dev-help@struts.apache.org
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
> For additional commands, e-mail: dev-help@struts.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Re: looking at roller upgrade again
Posted by Greg Huber <gr...@gmail.com>.
branch WW-5302-unevaluated-id
Seems the same to me. Note the action has a variable: %{#mainAction}!save
All it seems to be doing is escaping action: %{#mainAction}!save :
%{#mainAction}!save
___mainAction}_save
On 09/04/2023 15:16, Lukasz Lenart wrote:
> niedz., 9 kwi 2023 o 12:20 Greg Huber <gr...@gmail.com> napisał(a):
>> Testing the branch it is still the same?
> Please try now
>
>
> Regards
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Re: looking at roller upgrade again
Posted by Lukasz Lenart <lu...@apache.org>.
pon., 10 kwi 2023 o 09:57 Greg Huber <gr...@gmail.com> napisał(a):
>
> Modified version here
>
> https://github.com/gregh3269/struts/tree/WW-5302-unevaluated-id
>
> <s:form action="myConfig">
>
> <s:set var="mainAction">myConfig</s:set>
> <s:submit value="%{getText('button.save')}"
> action="%{#mainAction}!save" />
> <s:submit value="%{getText('button.save')}" action="%{#mainAction}"
> method="save" />
>
> <input name="action:myConfig!save" type="submit" value="Save"
> id="myConfig_myConfig_save">
I missed that you do not use the "name" attribute but just "action" -
should be good now, thanks for testing this and finding the problem :)
Regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Re: looking at roller upgrade again
Posted by Greg Huber <gr...@gmail.com>.
Modified version here
https://github.com/gregh3269/struts/tree/WW-5302-unevaluated-id
<s:form action="myConfig">
<s:set var="mainAction">myConfig</s:set>
<s:submit value="%{getText('button.save')}"
action="%{#mainAction}!save" />
<s:submit value="%{getText('button.save')}" action="%{#mainAction}"
method="save" />
<input name="action:myConfig!save" type="submit" value="Save"
id="myConfig_myConfig_save">
</s:form>
On 09/04/2023 15:16, Lukasz Lenart wrote:
> niedz., 9 kwi 2023 o 12:20 Greg Huber <gr...@gmail.com> napisał(a):
>> Testing the branch it is still the same?
> Please try now
>
>
> Regards
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Re: looking at roller upgrade again
Posted by Lukasz Lenart <lu...@apache.org>.
niedz., 9 kwi 2023 o 12:20 Greg Huber <gr...@gmail.com> napisał(a):
> Testing the branch it is still the same?
Please try now
Regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Re: looking at roller upgrade again
Posted by Greg Huber <gr...@gmail.com>.
Testing the branch it is still the same?
<s:set var="mainAction">myConfig</s:set>
<s:submit value="%{getText('button.save')}" action="%{#mainAction}!save" />
<input name="action:myConfig!save" type="submit" value="Save"
id="myConfig____mainAction__save" >
What we want is:
<input name="action:myConfig!save" type="submit" value="Save"
id="myConfig_myConfig_save" >
##############
It needs this from previous email
// determine actual action
ActionMapping mapping = new ActionMapping();
mapping.setName(findString(action));
if (method != null) {
mapping.setMethod(findString(method));
}
mapping.setExtension("");
String tmp = actionMapper.getUriFromActionMapping(mapping);
_tmp_id = _tmp_id + escape(tmp);
On 09/04/2023 10:52, Lukasz Lenart wrote:
> PR is ready
> https://github.com/apache/struts/pull/678
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
> For additional commands, e-mail: dev-help@struts.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Re: looking at roller upgrade again
Posted by Lukasz Lenart <lu...@apache.org>.
PR is ready
https://github.com/apache/struts/pull/678
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Re: looking at roller upgrade again
Posted by Lukasz Lenart <lu...@apache.org>.
niedz., 9 kwi 2023 o 10:07 Greg Huber <gr...@gmail.com> napisał(a):
>
> > <input type="submit" value="Save" id="entryEdit_saveDraft" name="entryEdit!saveDraft"/>
>
> I guess what we want.
Great, thanks for reporting this issue :)
https://issues.apache.org/jira/browse/WW-5302
Regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Re: looking at roller upgrade again
Posted by Greg Huber <gr...@gmail.com>.
> <input type="submit" value="Save" id="entryEdit_saveDraft" name="entryEdit!saveDraft"/>
I guess what we want.
###
In the FormButton populateComponentHtmlId(Form form) it evaluates the action based on the text rather than the "actual" action. If the action is determined from the mapping it renders correctly. See "// determine actual action" in code below
<s:set var="mainAction">entryEdit</s:set>
<s:submit value="Save as Draft" action="%{#mainAction}!saveDraft"/>
renders:
<input type="submit" value="Save as Draft" id="entry____mainAction__saveDraft" name="action:entryAdd!saveDraft">
#####
org.apache.struts2.components.FormButton
protected void populateComponentHtmlId(Form form) {
String _tmp_id = "";
if (id != null) {
// this check is needed for backwards compatibility with 2.1.x
_tmp_id = findString(id);
} else {
if (form != null && form.getParameters().get("id") != null) {
_tmp_id = _tmp_id + form.getParameters().get("id").toString() + "_";
}
if (name != null) {
_tmp_id = _tmp_id + escape(name);
} else if (action != null || method != null) {
if (action != null) {
//_tmp_id = _tmp_id + escape(tmp);
// determine actual action
ActionMapping mapping = new ActionMapping();
mapping.setName(findString(action));
if (method != null) {
mapping.setMethod(findString(method));
}
mapping.setExtension("");
String tmp = actionMapper.getUriFromActionMapping(mapping);
_tmp_id = _tmp_id + escape(tmp);
}
//if (method != null) {
// _tmp_id = _tmp_id + "_" + escape(method);
//}
} else {
// if form is null, this component is used, without a form, i guess
// there's not much we could do then.
if (form != null) {
_tmp_id = _tmp_id + form.getSequence();
}
}
}
addParameter("id", _tmp_id);
addParameter("escapedId", escape(_tmp_id));
}
On 08/04/2023 20:00, Lukasz Lenart wrote:
> What about such an approach?
>
> <input type="submit" value="Save" id="entryEdit_saveDraft"
> name="entryEdit!saveDraft"/>
>
> The ID is generated based on the evaluated version of the name attribute.
>
>
> Regards
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Re: looking at roller upgrade again
Posted by Lukasz Lenart <lu...@apache.org>.
What about such an approach?
<input type="submit" value="Save" id="entryEdit_saveDraft"
name="entryEdit!saveDraft"/>
The ID is generated based on the evaluated version of the name attribute.
Regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Re: looking at roller upgrade again
Posted by Lukasz Lenart <lu...@apache.org>.
pon., 3 kwi 2023 o 10:26 Greg Huber <gr...@gmail.com> napisał(a):
>
> Thanks.
>
> There is a selenium test in roller that checks on the id
>
> clickById("entry_%{#mainAction}!publish");
>
> it now has:
>
> entry____mainAction__publish"
>
> I guess its a matter of modifying the test, as %{ characters etc may not
> be desirable the id field?
Let me rethink this as we can solve this by using the final "name"
attribute instead of unevaluated a "name" property. I already tested
it locally
Regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Re: looking at roller upgrade again
Posted by Greg Huber <gr...@gmail.com>.
Thanks.
There is a selenium test in roller that checks on the id
clickById("entry_%{#mainAction}!publish");
it now has:
entry____mainAction__publish"
I guess its a matter of modifying the test, as %{ characters etc may not
be desirable the id field?
On 03/04/2023 08:48, Lukasz Lenart wrote:
> The change has been introduced here [1] and the problem is that it
> replaces any non-alphanumeric character with "_". Also it works on an
> unevaluated version of the "name" attribute (in case if the "id"
> attribute is not defined). I think this is a bug and I'm not sure why
> the "escape" method has been changed in case of fixing double
> evaluations (its main purpose was JavaScript-friendliness)
>
> [1] https://github.com/apache/struts/pull/496/files#diff-cfe644a2b24b492d6835fa1f38e7a770dad354b286cbe6b056a5fe7e80e669caR897
>
>
> Regards
> --
> Łukasz
> + 48 606 323 122 http://www.lenart.org.pl/
>
> sob., 1 kwi 2023 o 12:43 Greg Huber <gr...@gmail.com> napisał(a):
>> Maybe a user question (sorry)
>>
>> Using action like this : action="%{#mainAction}!saveDraft"/> struts
>> seems to get the "id" wrong? ...but the "name" correct.
>>
>> eg:
>>
>> <s:set var="mainAction">entryEdit</s:set>
>>
>> <s:submit cssClass="btn btn-warning"
>> value="%{getText('weblogEdit.save')}"
>> action="%{#mainAction}!saveDraft"/>
>>
>> renders:
>>
>> <input type="submit" value="Save as Draft"
>> id="entry____mainAction__saveDraft" name="action:entryAdd!saveDraft"
>> class="btn btn-warning">
>>
>>
>> Should be
>>
>> <input type="submit" value="Save as Draft" id="entry_entryAdd_saveDraft"
>> name="action:entryAdd!saveDraft" class="btn btn-warning">
>>
>>
>> #####
>>
>> If I try it on my app it does the same thing
>>
>> <form name="myConfig" id="myConfig" action="/app/myConfig.action"
>> method="post">
>>
>> <s:set var="myConfigzzzzz" value="'myConfig'" />
>> <s:submit value="%{getText('button.save')}" action="%{myConfigz}!save"
>> accesskey="s" />
>>
>> </form>
>>
>> renders:
>>
>> <input name="action:myConfig!save" type="submit" value="Save"
>> id="myConfig___myConfigzzzzz__save" accesskey="s">
>>
>>
>> should be
>>
>> <input name="action:myConfig!save" type="submit" value="Save"
>> id="myConfig_myConfig_save" accesskey="s">
>>
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
>> For additional commands, e-mail: dev-help@struts.apache.org
>>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
> For additional commands, e-mail: dev-help@struts.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Re: looking at roller upgrade again
Posted by Lukasz Lenart <lu...@apache.org>.
The change has been introduced here [1] and the problem is that it
replaces any non-alphanumeric character with "_". Also it works on an
unevaluated version of the "name" attribute (in case if the "id"
attribute is not defined). I think this is a bug and I'm not sure why
the "escape" method has been changed in case of fixing double
evaluations (its main purpose was JavaScript-friendliness)
[1] https://github.com/apache/struts/pull/496/files#diff-cfe644a2b24b492d6835fa1f38e7a770dad354b286cbe6b056a5fe7e80e669caR897
Regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/
sob., 1 kwi 2023 o 12:43 Greg Huber <gr...@gmail.com> napisał(a):
>
> Maybe a user question (sorry)
>
> Using action like this : action="%{#mainAction}!saveDraft"/> struts
> seems to get the "id" wrong? ...but the "name" correct.
>
> eg:
>
> <s:set var="mainAction">entryEdit</s:set>
>
> <s:submit cssClass="btn btn-warning"
> value="%{getText('weblogEdit.save')}"
> action="%{#mainAction}!saveDraft"/>
>
> renders:
>
> <input type="submit" value="Save as Draft"
> id="entry____mainAction__saveDraft" name="action:entryAdd!saveDraft"
> class="btn btn-warning">
>
>
> Should be
>
> <input type="submit" value="Save as Draft" id="entry_entryAdd_saveDraft"
> name="action:entryAdd!saveDraft" class="btn btn-warning">
>
>
> #####
>
> If I try it on my app it does the same thing
>
> <form name="myConfig" id="myConfig" action="/app/myConfig.action"
> method="post">
>
> <s:set var="myConfigzzzzz" value="'myConfig'" />
> <s:submit value="%{getText('button.save')}" action="%{myConfigz}!save"
> accesskey="s" />
>
> </form>
>
> renders:
>
> <input name="action:myConfig!save" type="submit" value="Save"
> id="myConfig___myConfigzzzzz__save" accesskey="s">
>
>
> should be
>
> <input name="action:myConfig!save" type="submit" value="Save"
> id="myConfig_myConfig_save" accesskey="s">
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
> For additional commands, e-mail: dev-help@struts.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org