You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@struts.apache.org by "Lee Clemens (JIRA)" <ji...@apache.org> on 2009/01/09 03:56:45 UTC
[jira] Closed: (WW-2949) Passing paremeter value from Action to
Action requires a security vulnerability
[ https://issues.apache.org/struts/browse/WW-2949?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Lee Clemens closed WW-2949.
---------------------------
Thank you all for your responses.
> Passing paremeter value from Action to Action requires a security vulnerability
> -------------------------------------------------------------------------------
>
> Key: WW-2949
> URL: https://issues.apache.org/struts/browse/WW-2949
> Project: Struts 2
> Issue Type: Improvement
> Components: Core Actions
> Affects Versions: 2.1.6
> Environment: All
> Reporter: Lee Clemens
> Priority: Minor
>
> To pass parameter value from Action->form->Action, need to use URL parameter or <s:hidden>
> URL can be manipulated manually and hidden form field can be altered via Firefox plugin, etc
> This presents a security issue, since the form's hidden attribute can be manipulated via a Firefox plugin, etc and the URL can be altered directly
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.