Modified: websites/production/struts/content/docs/security-bulletins.html
==============================================================================
--- websites/production/struts/content/docs/security-bulletins.html (original)
+++ websites/production/struts/content/docs/security-bulletins.html Fri Dec 2
07:17:46 2016
@@ -126,7 +126,7 @@ under the License.
<div class="pagecontent">
<div class="wiki-content">
<div id="ConfluenceContent"><p>The following security bulletins
are available:</p>
-<ul class="childpages-macro"><li><a shape="rect" href="s2-001.html">S2-001</a>
— <span class="smalltext">Remote code exploit on form validation
error</span></li><li><a shape="rect" href="s2-002.html">S2-002</a> —
<span class="smalltext">Cross site scripting (XSS) vulnerability on
<s:url> and <s:a> tags</span></li><li><a shape="rect"
href="s2-003.html">S2-003</a> — <span class="smalltext">XWork
ParameterInterceptors bypass allows OGNL statement execution</span></li><li><a
shape="rect" href="s2-004.html">S2-004</a> — <span
class="smalltext">Directory traversal vulnerability while serving static
content</span></li><li><a shape="rect" href="s2-005.html">S2-005</a> —
<span class="smalltext">XWork ParameterInterceptors bypass allows remote
command execution</span></li><li><a shape="rect" href="s2-006.html">S2-006</a>
— <span class="smalltext">Multiple Cross-Site Scripting (XSS) in XWork
generated error pages</span></li><li><a shape="rect" hr
ef="s2-007.html">S2-007</a> — <span class="smalltext">User input is
evaluated as an OGNL expression when there's a conversion
error</span></li><li><a shape="rect" href="s2-008.html">S2-008</a> —
<span class="smalltext">Multiple critical vulnerabilities in
Struts2</span></li><li><a shape="rect" href="s2-009.html">S2-009</a> —
<span class="smalltext">ParameterInterceptor vulnerability allows remote
command execution</span></li><li><a shape="rect" href="s2-010.html">S2-010</a>
— <span class="smalltext">When using Struts 2 token mechanism for CSRF
protection, token check may be bypassed by misusing known session
attributes</span></li><li><a shape="rect" href="s2-011.html">S2-011</a> —
<span class="smalltext">Long request parameter names might significantly
promote the effectiveness of DOS attacks</span></li><li><a shape="rect"
href="s2-012.html">S2-012</a> — <span class="smalltext">Showcase app
vulnerability allows remote command execution</span></li>
<li><a shape="rect" href="s2-013.html">S2-013</a> — <span
class="smalltext">A vulnerability, present in the includeParams attribute of
the URL and Anchor Tag, allows remote command execution</span></li><li><a
shape="rect" href="s2-014.html">S2-014</a> — <span class="smalltext">A
vulnerability introduced by forcing parameter inclusion in the URL and Anchor
Tag allows remote command execution, session access and manipulation and XSS
attacks</span></li><li><a shape="rect" href="s2-015.html">S2-015</a> —
<span class="smalltext">A vulnerability introduced by wildcard matching
mechanism or double evaluation of OGNL Expression allows remote command
execution.</span></li><li><a shape="rect" href="s2-016.html">S2-016</a> —
<span class="smalltext">A vulnerability introduced by manipulating parameters
prefixed with "action:"/"redirect:"/"redirectAction:" allows remote command
execution</span></li><li><a shape="rect" href="s2-017.html">S2-017</a> —
<span class="sma
lltext">A vulnerability introduced by manipulating parameters prefixed with
"redirect:"/"redirectAction:" allows for open redirects</span></li><li><a
shape="rect" href="s2-018.html">S2-018</a> — <span
class="smalltext">Broken Access Control Vulnerability in Apache
Struts2</span></li><li><a shape="rect" href="s2-019.html">S2-019</a> —
<span class="smalltext">Dynamic Method Invocation disabled by
default</span></li><li><a shape="rect" href="s2-020.html">S2-020</a> —
<span class="smalltext">Upgrade Commons FileUpload to version 1.3.1 (avoids DoS
attacks) and adds 'class' to exclude params in ParametersInterceptor (avoid
ClassLoader manipulation)</span></li><li><a shape="rect"
href="s2-021.html">S2-021</a> — <span class="smalltext">Improves excluded
params in ParametersInterceptor and CookieInterceptor to avoid ClassLoader
manipulation</span></li><li><a shape="rect" href="s2-022.html">S2-022</a>
— <span class="smalltext">Extends excluded params in CookieInt
erceptor to avoid manipulation of Struts' internals</span></li><li><a
shape="rect" href="s2-023.html">S2-023</a> — <span
class="smalltext">Generated value of token can be predictable</span></li><li><a
shape="rect" href="s2-024.html">S2-024</a> — <span
class="smalltext">Wrong excludeParams overrides those defined in
DefaultExcludedPatternsChecker</span></li><li><a shape="rect"
href="s2-025.html">S2-025</a> — <span class="smalltext">Cross-Site
Scripting Vulnerability in Debug Mode and in exposed JSP
files</span></li><li><a shape="rect" href="s2-026.html">S2-026</a> —
<span class="smalltext">Special top object can be used to access Struts'
internals</span></li><li><a shape="rect" href="s2-027.html">S2-027</a> —
<span class="smalltext">TextParseUtil.translateVariables does not filter
malicious OGNL expressions</span></li><li><a shape="rect"
href="s2-028.html">S2-028</a> — <span class="smalltext">Use of a JRE with
broken URLDecoder implementation may l
ead to XSS vulnerability in Struts 2 based web applications.</span></li><li><a
shape="rect" href="s2-029.html">S2-029</a> — <span
class="smalltext">Forced double OGNL evaluation, when evaluated on raw user
input in tag attributes, may lead to remote code execution.</span></li><li><a
shape="rect" href="s2-030.html">S2-030</a> — <span
class="smalltext">Possible XSS vulnerability in
I18NInterceptor</span></li><li><a shape="rect" href="s2-031.html">S2-031</a>
— <span class="smalltext">XSLTResult can be used to parse arbitrary
stylesheet</span></li><li><a shape="rect" href="s2-032.html">S2-032</a> —
<span class="smalltext">Remote Code Execution can be performed via method:
prefix when Dynamic Method Invocation is enabled.</span></li><li><a
shape="rect" href="s2-033.html">S2-033</a> — <span
class="smalltext">Remote Code Execution can be performed when using REST Plugin
with ! operator when Dynamic Method Invocation is enabled.</span></li><li><a
shape="rect" h
ref="s2-034.html">S2-034</a> — <span class="smalltext">OGNL cache
poisoning can lead to DoS vulnerability</span></li><li><a shape="rect"
href="s2-035.html">S2-035</a> — <span class="smalltext">Action name clean
up is error prone</span></li><li><a shape="rect" href="s2-036.html">S2-036</a>
— <span class="smalltext">Forced double OGNL evaluation, when evaluated
on raw user input in tag attributes, may lead to remote code execution (similar
to S2-029)</span></li><li><a shape="rect" href="s2-037.html">S2-037</a> —
<span class="smalltext">Remote Code Execution can be performed when using REST
Plugin.</span></li><li><a shape="rect" href="s2-038.html">S2-038</a> —
<span class="smalltext">It is possible to bypass token validation and perform a
CSRF attack</span></li><li><a shape="rect" href="s2-039.html">S2-039</a>
— <span class="smalltext">Getter as action method leads to security
bypass</span></li><li><a shape="rect" href="s2-040.html">S2-040</a> —
; <span class="smalltext">Input validation bypass using existing default
action method.</span></li><li><a shape="rect" href="s2-041.html">S2-041</a>
— <span class="smalltext">Possible DoS attack when using
URLValidator</span></li><li><a shape="rect" href="s2-042.html">S2-042</a>
— <span class="smalltext">Possible path traversal in the Convention
plugin</span></li><li><a shape="rect" href="s2-043.html">S2-043</a> —
<span class="smalltext">Using the Config Browser plugin in
production</span></li></ul></div>
+<ul class="childpages-macro"><li><a shape="rect" href="s2-001.html">S2-001</a>
— <span class="smalltext">Remote code exploit on form validation
error</span></li><li><a shape="rect" href="s2-002.html">S2-002</a> —
<span class="smalltext">Cross site scripting (XSS) vulnerability on
<s:url> and <s:a> tags</span></li><li><a shape="rect"
href="s2-003.html">S2-003</a> — <span class="smalltext">XWork
ParameterInterceptors bypass allows OGNL statement execution</span></li><li><a
shape="rect" href="s2-004.html">S2-004</a> — <span
class="smalltext">Directory traversal vulnerability while serving static
content</span></li><li><a shape="rect" href="s2-005.html">S2-005</a> —
<span class="smalltext">XWork ParameterInterceptors bypass allows remote
command execution</span></li><li><a shape="rect" href="s2-006.html">S2-006</a>
— <span class="smalltext">Multiple Cross-Site Scripting (XSS) in XWork
generated error pages</span></li><li><a shape="rect" hr
ef="s2-007.html">S2-007</a> — <span class="smalltext">User input is
evaluated as an OGNL expression when there's a conversion
error</span></li><li><a shape="rect" href="s2-008.html">S2-008</a> —
<span class="smalltext">Multiple critical vulnerabilities in
Struts2</span></li><li><a shape="rect" href="s2-009.html">S2-009</a> —
<span class="smalltext">ParameterInterceptor vulnerability allows remote
command execution</span></li><li><a shape="rect" href="s2-010.html">S2-010</a>
— <span class="smalltext">When using Struts 2 token mechanism for CSRF
protection, token check may be bypassed by misusing known session
attributes</span></li><li><a shape="rect" href="s2-011.html">S2-011</a> —
<span class="smalltext">Long request parameter names might significantly
promote the effectiveness of DOS attacks</span></li><li><a shape="rect"
href="s2-012.html">S2-012</a> — <span class="smalltext">Showcase app
vulnerability allows remote command execution</span></li>
<li><a shape="rect" href="s2-013.html">S2-013</a> — <span
class="smalltext">A vulnerability, present in the includeParams attribute of
the URL and Anchor Tag, allows remote command execution</span></li><li><a
shape="rect" href="s2-014.html">S2-014</a> — <span class="smalltext">A
vulnerability introduced by forcing parameter inclusion in the URL and Anchor
Tag allows remote command execution, session access and manipulation and XSS
attacks</span></li><li><a shape="rect" href="s2-015.html">S2-015</a> —
<span class="smalltext">A vulnerability introduced by wildcard matching
mechanism or double evaluation of OGNL Expression allows remote command
execution.</span></li><li><a shape="rect" href="s2-016.html">S2-016</a> —
<span class="smalltext">A vulnerability introduced by manipulating parameters
prefixed with "action:"/"redirect:"/"redirectAction:" allows remote command
execution</span></li><li><a shape="rect" href="s2-017.html">S2-017</a> —
<span class="sma
lltext">A vulnerability introduced by manipulating parameters prefixed with
"redirect:"/"redirectAction:" allows for open redirects</span></li><li><a
shape="rect" href="s2-018.html">S2-018</a> — <span
class="smalltext">Broken Access Control Vulnerability in Apache
Struts2</span></li><li><a shape="rect" href="s2-019.html">S2-019</a> —
<span class="smalltext">Dynamic Method Invocation disabled by
default</span></li><li><a shape="rect" href="s2-020.html">S2-020</a> —
<span class="smalltext">Upgrade Commons FileUpload to version 1.3.1 (avoids DoS
attacks) and adds 'class' to exclude params in ParametersInterceptor (avoid
ClassLoader manipulation)</span></li><li><a shape="rect"
href="s2-021.html">S2-021</a> — <span class="smalltext">Improves excluded
params in ParametersInterceptor and CookieInterceptor to avoid ClassLoader
manipulation</span></li><li><a shape="rect" href="s2-022.html">S2-022</a>
— <span class="smalltext">Extends excluded params in CookieInt
erceptor to avoid manipulation of Struts' internals</span></li><li><a
shape="rect" href="s2-023.html">S2-023</a> — <span
class="smalltext">Generated value of token can be predictable</span></li><li><a
shape="rect" href="s2-024.html">S2-024</a> — <span
class="smalltext">Wrong excludeParams overrides those defined in
DefaultExcludedPatternsChecker</span></li><li><a shape="rect"
href="s2-025.html">S2-025</a> — <span class="smalltext">Cross-Site
Scripting Vulnerability in Debug Mode and in exposed JSP
files</span></li><li><a shape="rect" href="s2-026.html">S2-026</a> —
<span class="smalltext">Special top object can be used to access Struts'
internals</span></li><li><a shape="rect" href="s2-027.html">S2-027</a> —
<span class="smalltext">TextParseUtil.translateVariables does not filter
malicious OGNL expressions</span></li><li><a shape="rect"
href="s2-028.html">S2-028</a> — <span class="smalltext">Use of a JRE with
broken URLDecoder implementation may l
ead to XSS vulnerability in Struts 2 based web applications.</span></li><li><a
shape="rect" href="s2-029.html">S2-029</a> — <span
class="smalltext">Forced double OGNL evaluation, when evaluated on raw user
input in tag attributes, may lead to remote code execution.</span></li><li><a
shape="rect" href="s2-030.html">S2-030</a> — <span
class="smalltext">Possible XSS vulnerability in
I18NInterceptor</span></li><li><a shape="rect" href="s2-031.html">S2-031</a>
— <span class="smalltext">XSLTResult can be used to parse arbitrary
stylesheet</span></li><li><a shape="rect" href="s2-032.html">S2-032</a> —
<span class="smalltext">Remote Code Execution can be performed via method:
prefix when Dynamic Method Invocation is enabled.</span></li><li><a
shape="rect" href="s2-033.html">S2-033</a> — <span
class="smalltext">Remote Code Execution can be performed when using REST Plugin
with ! operator when Dynamic Method Invocation is enabled.</span></li><li><a
shape="rect" h
ref="s2-034.html">S2-034</a> — <span class="smalltext">OGNL cache
poisoning can lead to DoS vulnerability</span></li><li><a shape="rect"
href="s2-035.html">S2-035</a> — <span class="smalltext">Action name clean
up is error prone</span></li><li><a shape="rect" href="s2-036.html">S2-036</a>
— <span class="smalltext">Forced double OGNL evaluation, when evaluated
on raw user input in tag attributes, may lead to remote code execution (similar
to S2-029)</span></li><li><a shape="rect" href="s2-037.html">S2-037</a> —
<span class="smalltext">Remote Code Execution can be performed when using REST
Plugin.</span></li><li><a shape="rect" href="s2-038.html">S2-038</a> —
<span class="smalltext">It is possible to bypass token validation and perform a
CSRF attack</span></li><li><a shape="rect" href="s2-039.html">S2-039</a>
— <span class="smalltext">Getter as action method leads to security
bypass</span></li><li><a shape="rect" href="s2-040.html">S2-040</a> —
; <span class="smalltext">Input validation bypass using existing default
action method.</span></li><li><a shape="rect" href="s2-041.html">S2-041</a>
— <span class="smalltext">Possible DoS attack when using
URLValidator</span></li><li><a shape="rect" href="s2-042.html">S2-042</a>
— <span class="smalltext">Possible path traversal in the Convention
plugin</span></li><li><a shape="rect" href="s2-043.html">S2-043</a> —
<span class="smalltext">Using the Config Browser plugin in
production</span></li><li><a shape="rect" href="s2-044.html">S2-044</a> —
<span class="smalltext">Possible DoS attack when using
URLValidator</span></li></ul></div>
</div>
<div class="tabletitle">
@@ -141,6 +141,9 @@ under the License.
<span class="smalltext">(Apache Struts 2
Documentation)</span>
<br>
$page.link($child)
+ <span class="smalltext">(Apache Struts 2
Documentation)</span>
+ <br>
+ $page.link($child)
<span class="smalltext">(Apache Struts 2
Documentation)</span>
<br>
$page.link($child)
Modified: websites/production/struts/content/docs/security.html
==============================================================================
--- websites/production/struts/content/docs/security.html (original)
+++ websites/production/struts/content/docs/security.html Fri Dec 2 07:17:46
2016
@@ -139,13 +139,13 @@ under the License.
<div class="pagecontent">
<div class="wiki-content">
<div id="ConfluenceContent"><p><style type="text/css">/*<![CDATA[*/
-div.rbtoc1466227216669 {padding: 0px;}
-div.rbtoc1466227216669 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1466227216669 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1480662013471 {padding: 0px;}
+div.rbtoc1480662013471 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1480662013471 li {margin-left: 0px;padding-left: 0px;}
-/*]]>*/</style></p><div class="toc-macro rbtoc1466227216669">
+/*]]>*/</style></p><div class="toc-macro rbtoc1480662013471">
<ul class="toc-indentation"><li><a shape="rect"
href="#Security-Securitytips">Security tips</a>
-<ul class="toc-indentation"><li><a shape="rect"
href="#Security-RestrictaccesstotheConfigBrowser">Restrict access to the Config
Browser</a></li><li><a shape="rect"
href="#Security-Don'tmixdifferentaccesslevelsinthesamenamespace">Don't mix
different access levels in the same namespace</a></li><li><a shape="rect"
href="#Security-NeverexposeJSPfilesdirectly">Never expose JSP files
directly</a></li><li><a shape="rect" href="#Security-DisabledevMode">Disable
devMode</a></li><li><a shape="rect" href="#Security-Reducelogginglevel">Reduce
logging level</a></li><li><a shape="rect" href="#Security-UseUTF-8encoding">Use
UTF-8 encoding</a></li><li><a shape="rect"
href="#Security-Donotdefinedsetterswhennotneeded">Do not defined setters when
not needed</a></li></ul>
+<ul class="toc-indentation"><li><a shape="rect"
href="#Security-RestrictaccesstotheConfigBrowser">Restrict access to the Config
Browser</a></li><li><a shape="rect"
href="#Security-Don'tmixdifferentaccesslevelsinthesamenamespace">Don't mix
different access levels in the same namespace</a></li><li><a shape="rect"
href="#Security-NeverexposeJSPfilesdirectly">Never expose JSP files
directly</a></li><li><a shape="rect" href="#Security-DisabledevMode">Disable
devMode</a></li><li><a shape="rect" href="#Security-Reducelogginglevel">Reduce
logging level</a></li><li><a shape="rect" href="#Security-UseUTF-8encoding">Use
UTF-8 encoding</a></li><li><a shape="rect"
href="#Security-Donotdefinedsetterswhennotneeded">Do not defined setters when
not needed</a></li><li><a shape="rect"
href="#Security-Donotuseincomingvaluesasaninputforlocalisationlogic">Do not use
incoming values as an input for localisation logic</a></li></ul>
</li><li><a shape="rect" href="#Security-Internalsecuritymechanism">Internal
security mechanism</a>
<ul class="toc-indentation"><li><a shape="rect"
href="#Security-Accessingstaticmethods">Accessing static methods</a></li><li><a
shape="rect" href="#Security-OGNLisusedtocallaction'smethods">OGNL is used to
call action's methods</a></li><li><a shape="rect"
href="#Security-Accepted/Excludedpatterns">Accepted / Excluded
patterns</a></li><li><a shape="rect"
href="#Security-StrictMethodInvocation">Strict Method Invocation</a></li></ul>
</li></ul>
@@ -195,7 +195,12 @@ div.rbtoc1466227216669 li {margin-left:
</Configuration></pre>
</div></div><h4 id="Security-UseUTF-8encoding">Use UTF-8
encoding</h4><p>Always use <code>UTF-8</code> encoding when building an
application with the Apache Struts 2, when using JSPs please add the following
header to each JSP file</p><div class="code panel pdl" style="border-width:
1px;"><div class="codeContent panelContent pdl">
<pre class="brush: xml; gutter: false; theme: Default"
style="font-size:12px;"><%@ page contentType="text/html; charset=UTF-8"
%></pre>
-</div></div><h4 id="Security-Donotdefinedsetterswhennotneeded">Do not defined
setters when not needed</h4><p>You should carefully design your actions without
exposing anything via setters and getters, thus can leads to potential security
vulnerabilities. Any action's setter can be used to set incoming untrusted
user's value which can contain suspicious expression. Some
Struts <code>Result</code>s automatically populate params based on values
in <code>ValueStack</code> (action in most cases is the root) which means
incoming value will be evaluated as an expression during this process.</p><h3
id="Security-Internalsecuritymechanism">Internal security mechanism</h3><p>The
Apache Struts 2 contains internal security manager which blocks access to
particular classes and Java packages - it's a OGNL-wide mechanism which means
it affects any aspect of the framework ie. incoming parameters, expressions
used in JSPs, etc.</p><p>There are three options that can be used to configure
exc
luded packages and classes:</p><ul style="list-style-type:
square;"><li><code>struts.excludedClasses</code> - comma-separated list of
excluded classes</li><li><code>struts.excludedPackageNamePatterns</code> -
patterns used to exclude packages based on RegEx - this option is slower than
simple string comparison but it's more
flexible</li><li><code>struts.excludedPackageNames</code> - comma-separated
list of excluded packages, it is used with simple string comparison
via <code>startWith</code> and <code>equals</code></li></ul><p>The
defaults are as follow:</p><div class="code panel pdl" style="border-width:
1px;"><div class="codeContent panelContent pdl">
+</div></div><h4 id="Security-Donotdefinedsetterswhennotneeded">Do not defined
setters when not needed</h4><p>You should carefully design your actions without
exposing anything via setters and getters, thus can leads to potential security
vulnerabilities. Any action's setter can be used to set incoming untrusted
user's value which can contain suspicious expression. Some
Struts <code>Result</code>s automatically populate params based on values
in <code>ValueStack</code> (action in most cases is the root) which means
incoming value will be evaluated as an expression during this process.</p><h4
id="Security-Donotuseincomingvaluesasaninputforlocalisationlogic">Do not use
incoming values as an input for localisation
logic</h4><p>All <code>TextProvider</code>'s
<code>getText(...) </code>methods (e.g in <code>ActionSupport</code>)
performs evaluation of parameters included in a message to properly localize
the text. This means using incoming request parameters with&
#160;<code>getText(...)</code> methods is potentially dangerous and should be
avoided. Se example below, assuming that an action implements getter and setter
for property <code>message</code>, the below code allows inject an OGNL
expression:</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;">public String execute() throws Exception {
+ setMessage(getText(getMessage()));
+ return SUCCESS;
+}</pre>
+</div></div><p>Never use value of incoming request parameter as part of your
localisation logic.</p><h3 id="Security-Internalsecuritymechanism">Internal
security mechanism</h3><p>The Apache Struts 2 contains internal security
manager which blocks access to particular classes and Java packages - it's a
OGNL-wide mechanism which means it affects any aspect of the framework ie.
incoming parameters, expressions used in JSPs, etc.</p><p>There are three
options that can be used to configure excluded packages and classes:</p><ul
style="list-style-type: square;"><li><code>struts.excludedClasses</code> -
comma-separated list of excluded
classes</li><li><code>struts.excludedPackageNamePatterns</code> - patterns used
to exclude packages based on RegEx - this option is slower than simple string
comparison but it's more
flexible</li><li><code>struts.excludedPackageNames</code> - comma-separated
list of excluded packages, it is used with simple string comparison
via <code>startWith</code> an
d <code>equals</code></li></ul><p>The defaults are as follow:</p><div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
<pre class="brush: xml; gutter: false; theme: Default"
style="font-size:12px;"><constant name="struts.excludedClasses"
value="com.opensymphony.xwork2.ActionContext" />
Modified:
websites/production/struts/content/docs/servlet-config-interceptor.html
==============================================================================
--- websites/production/struts/content/docs/servlet-config-interceptor.html
(original)
+++ websites/production/struts/content/docs/servlet-config-interceptor.html Fri
Dec 2 07:17:46 2016
@@ -147,7 +147,7 @@ implements ParameterAware then the actio
servlet context, the session, etc. Interfaces that it supports are:
</p>
-<p></p><ul></ul><p></p><ul><li>ServletContextAware</li></ul><p></p><ul><li>ServletRequestAware</li></ul><p></p><ul><li>ServletResponseAware</li></ul><p></p><ul><li>ParameterAware</li></ul><p></p><ul><li>RequestAware</li></ul><p></p><ul><li>SessionAware</li></ul><p></p><ul><li>ApplicationAware</li></ul><p></p><ul><li>PrincipalAware</li></ul><p></p>
+<p></p><ul></ul><p></p><ul><li>ServletContextAware</li></ul><p></p><ul><li>ServletRequestAware</li></ul><p></p><ul><li>ServletResponseAware</li></ul><p></p><ul><li>ParameterAware
- deprecated since 2.5.4, please use
HttpParametersAware</li></ul><p></p><ul><li>HttpParametersAware</li></ul><p></p><ul><li>RequestAware</li></ul><p></p><ul><li>SessionAware</li></ul><p></p><ul><li>ApplicationAware</li></ul><p></p><ul><li>PrincipalAware</li></ul><p></p>
<h2 id="ServletConfigInterceptor-Parameters">Parameters</h2>
Modified: websites/production/struts/content/docs/set.html
==============================================================================
--- websites/production/struts/content/docs/set.html (original)
+++ websites/production/struts/content/docs/set.html Fri Dec 2 07:17:46 2016
@@ -150,7 +150,7 @@ readability improvement).</p>
which the body evaluates is set as value for the scoped variable.</p>
<p></p><p>The scopes available are as follows:</p>
-<ul><li>application - the value will be set in application scope according to
servlet spec. using the name as its key</li><li>session - the value will be set
in session scope according to servlet spec. using the name as key
</li><li>request - the value will be set in request scope according to servlet
spec. using the name as key </li><li>page - the value will be set in page scope
according to servlet sepc. using the name as key</li><li>action - the value
will be set in the request scope and Struts' action context using the name as
key</li></ul>
+<ul><li>application - the value will be set in application scope according to
servlet spec. using the name as its key</li><li>session - the value will be set
in session scope according to servlet spec. using the name as key
</li><li>request - the value will be set in request scope according to servlet
spec. using the name as key </li><li>page - the value will be set in page scope
according to servlet spec. using the name as key</li><li>action - the value
will be set in the request scope and Struts' action context using the name as
key</li></ul>
<p></p><p>
NOTE:<br clear="none">
Modified: websites/production/struts/content/docs/struts-defaultxml.html
==============================================================================
--- websites/production/struts/content/docs/struts-defaultxml.html (original)
+++ websites/production/struts/content/docs/struts-defaultxml.html Fri Dec 2
07:17:46 2016
@@ -294,6 +294,8 @@ under the License.
<bean type="ognl.PropertyAccessor"
name="java.util.Map"
class="com.opensymphony.xwork2.ognl.accessor.XWorkMapPropertyAccessor"
/>
<bean type="ognl.PropertyAccessor"
name="java.util.Collection"
class="com.opensymphony.xwork2.ognl.accessor.XWorkCollectionPropertyAccessor"
/>
<bean type="ognl.PropertyAccessor"
name="com.opensymphony.xwork2.ognl.ObjectProxy"
class="com.opensymphony.xwork2.ognl.accessor.ObjectProxyPropertyAccessor"
/>
+ <bean type="ognl.PropertyAccessor"
name="org.apache.struts2.dispatcher.HttpParameters"
class="com.opensymphony.xwork2.ognl.accessor.HttpParametersPropertyAccessor"
/>
+ <bean type="ognl.PropertyAccessor"
name="org.apache.struts2.dispatcher.Parameter"
class="com.opensymphony.xwork2.ognl.accessor.ParameterPropertyAccessor"
/>
<bean type="ognl.MethodAccessor"
name="java.lang.Object"
class="com.opensymphony.xwork2.ognl.accessor.XWorkMethodAccessor"
/>
<bean type="ognl.MethodAccessor"
name="com.opensymphony.xwork2.util.CompoundRoot"
class="com.opensymphony.xwork2.ognl.accessor.CompoundRootAccessor"
/>
@@ -315,6 +317,8 @@ under the License.
<bean
type="com.opensymphony.xwork2.security.ExcludedPatternsChecker"
name="struts"
class="com.opensymphony.xwork2.security.DefaultExcludedPatternsChecker"
scope="prototype" />
<bean
type="com.opensymphony.xwork2.security.AcceptedPatternsChecker"
name="struts"
class="com.opensymphony.xwork2.security.DefaultAcceptedPatternsChecker"
scope="prototype" />
+ <bean
type="com.opensymphony.xwork2.config.providers.ValueSubstitutor"
class="com.opensymphony.xwork2.config.providers.EnvsValueSubstitutor"
scope="singleton"/>
+
<package name="struts-default" abstract="true"
strict-method-invocation="true">
<result-types>
<result-type name="chain"
class="com.opensymphony.xwork2.ActionChainResult"/>
@@ -343,7 +347,7 @@ under the License.
<interceptor name="execAndWait"
class="org.apache.struts2.interceptor.ExecuteAndWaitInterceptor"/>
<interceptor name="exception"
class="com.opensymphony.xwork2.interceptor.ExceptionMappingInterceptor"/>
<interceptor name="fileUpload"
class="org.apache.struts2.interceptor.FileUploadInterceptor"/>
- <interceptor name="i18n"
class="com.opensymphony.xwork2.interceptor.I18nInterceptor"/>
+ <interceptor name="i18n"
class="org.apache.struts2.interceptor.I18nInterceptor"/>
<interceptor name="logger"
class="com.opensymphony.xwork2.interceptor.LoggingInterceptor"/>
<interceptor name="modelDriven"
class="com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor"/>
<interceptor name="scopedModelDriven"
class="com.opensymphony.xwork2.interceptor.ScopedModelDrivenInterceptor"/>
Modified: websites/production/struts/content/docs/template-loading.html
==============================================================================
--- websites/production/struts/content/docs/template-loading.html (original)
+++ websites/production/struts/content/docs/template-loading.html Fri Dec 2
07:17:46 2016
@@ -125,45 +125,14 @@ under the License.
<div class="pagecontent">
<div class="wiki-content">
- <div id="ConfluenceContent"><p>Templates are loaded first by
searching the application and then by searching the classpath. If a template
needs to be overridden, an edited copy can be placed in the application, so
that is found first.</p>
-
-<div class="confluence-information-macro
confluence-information-macro-information"><p class="title">One for all</p><span
class="aui-icon aui-icon-small aui-iconfont-info
confluence-information-macro-icon"></span><div
class="confluence-information-macro-body">
-<p>FreeMarker is the default templating engine. The FreeMarker templates are
used regardless of what format the view may use. Internally, the JSP, FTL,
Velocity tags are all rendered using FreeMarker. </p></div></div>
-
-<h2 id="TemplateLoading-TemplateandThemes">Template and Themes</h2>
-
-<p>Templates are loaded based the template directory and theme name (see <a
shape="rect" href="selecting-themes.html">Selecting Themes</a>). The template
directory is defined by the <code>struts.ui.templateDir</code> property in <a
shape="rect" href="strutsproperties.html">struts.properties</a> (defaults to
<code>template</code>). If a tag is using the <code>xhtml</code> theme, the
following two locations will be searched (in this order):</p>
-
-<div class="table-wrap"><table class="confluenceTable"><tbody><tr><th
colspan="1" rowspan="1" class="confluenceTh"><p> In the application
</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>
<code>/template/xhtml/template.ftl</code> </p></td></tr><tr><th colspan="1"
rowspan="1" class="confluenceTh"><p> In the classpath </p></th><td
colspan="1" rowspan="1" class="confluenceTd"><p>
<code>/template/xhtml/template.ftl</code> </p></td></tr></tbody></table></div>
-
-
-<p><img class="emoticon emoticon-warning"
src="https://cwiki.apache.org/confluence/s/en_GB/5982/f2b47fb3d636c8bc9fd0b11c0ec6d0ae18646be7.1/_/images/icons/emoticons/warning.png";
data-emoticon-name="warning" alt="(warning)"> For performance reasons, you may
want to prefer the first location, although the second one is more flexible.
See <a shape="rect" href="performance-tuning.html">Performance Tuning</a> for a
discussion on this topic.</p>
-
-<h2 id="TemplateLoading-OverridingTemplates">Overriding Templates</h2>
-
-<p>The default templates provided in the <code>struts-core.jar</code> should
suit the needs of many applications. However, if a template needs to be
modified, it's easy to plug in a new version. Extract the template you need to
change from the <code>struts-core.jar</code>, make the modifications, and save
the updated copy to <code>/template/$theme/$template.ftl</code>. If you are
using the xhmtl theme and need to change how the select tags render, edit that
template and save it to <code>/template/xhtml/select.ftl</code>.</p>
-
-<p><img class="emoticon emoticon-warning"
src="https://cwiki.apache.org/confluence/s/en_GB/5982/f2b47fb3d636c8bc9fd0b11c0ec6d0ae18646be7.1/_/images/icons/emoticons/warning.png";
data-emoticon-name="warning" alt="(warning)"> It is easier and better to edit
and override an existing template than provide a new one of your own.</p>
-
-<h2 id="TemplateLoading-AlteringTemplateLoadingBehaviour">Altering Template
Loading Behaviour</h2>
-
-<p>It is possible to load template from other locations, like the file system
or a URL. Loading templates from alternate locations can be useful not only for
tags, but for custom results. For details, see the <a shape="rect"
href="freemarker.html">FreeMarker</a> documentation and consult the section on
extending the FreeMarkerManager.</p>
-
-<h2 id="TemplateLoading-AlternativeTemplateEngines">Alternative Template
Engines</h2>
-
-<p>The framework provides for template rendering engines other than
FreeMarker. (Though, there is rarely a need to use another system!)</p>
-
-<div class="confluence-information-macro
confluence-information-macro-warning"><p class="title">Don't try this at
home!</p><span class="aui-icon aui-icon-small aui-iconfont-error
confluence-information-macro-icon"></span><div
class="confluence-information-macro-body"><p>Alternative template engines are
best left to advanced users with special needs!</p></div></div>
-
-<p>The framework supports three template engines, which can be controlled by
the <code>struts.ui.templateSuffix</code> in <a shape="rect"
href="strutsproperties.html">struts.properties</a>.</p>
-
-<div class="table-wrap"><table class="confluenceTable"><tbody><tr><th
colspan="1" rowspan="1" class="confluenceTh"><p> ftl (default) </p></th><td
colspan="1" rowspan="1" class="confluenceTd"><p> <a shape="rect"
href="freemarker.html">FreeMarker</a>-based template engine
</p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p> vm
</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p> <a
shape="rect" href="velocity.html">Velocity</a>-based template engine
</p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p> jsp
</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p> <a
shape="rect" href="jsp.html">JSP</a>-based template engine
</p></td></tr></tbody></table></div>
-
-
-<p>The only set of templates and themes provided in the distribution is for
FreeMarker. In order to use another template engine, you must provide your own
template and theme for that engine. </p>
-
-<div class="confluence-information-macro confluence-information-macro-tip"><p
class="title">Stay the course</p><span class="aui-icon aui-icon-small
aui-iconfont-approve confluence-information-macro-icon"></span><div
class="confluence-information-macro-body">
-<p>Don't feel that you need to rewrite the templates to match your view
format. If you need to customize the template, try copying and modifying the
FreeMarker template first. Most changes should be obvious.</p></div></div></div>
+ <div id="ConfluenceContent"><p><style type="text/css">/*<![CDATA[*/
+div.rbtoc1480661603920 {padding: 0px;}
+div.rbtoc1480661603920 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1480661603920 li {margin-left: 0px;padding-left: 0px;}
+
+/*]]>*/</style></p><div class="toc-macro rbtoc1480661603920">
+<ul class="toc-indentation"><li><a shape="rect"
href="#TemplateLoading-TemplateandThemes">Template and Themes</a></li><li><a
shape="rect" href="#TemplateLoading-OverridingTemplates">Overriding
Templates</a></li><li><a shape="rect"
href="#TemplateLoading-AlteringTemplateLoadingBehaviour">Altering Template
Loading Behaviour</a></li><li><a shape="rect"
href="#TemplateLoading-AlternativeTemplateEngines">Alternative Template
Engines</a></li></ul>
+</div><p>Templates are loaded first by searching the application and then by
searching the classpath. If a template needs to be overridden, an edited copy
can be placed in the application, so that is found first.</p><div
class="confluence-information-macro
confluence-information-macro-information"><p class="title">One for all</p><span
class="aui-icon aui-icon-small aui-iconfont-info
confluence-information-macro-icon"></span><div
class="confluence-information-macro-body"><p>FreeMarker is the default
templating engine. The FreeMarker templates are used regardless of what format
the view may use. Internally, the JSP, FTL, Velocity tags are all rendered
using FreeMarker.</p></div></div><h2
id="TemplateLoading-TemplateandThemes">Template and Themes</h2><p>Templates are
loaded based the template directory and theme name (see <a shape="rect"
href="selecting-themes.html">Selecting Themes</a>). The template directory is
defined by the <code>struts.ui.templateDir</code> property in <a shape="
rect" href="strutsproperties.html">struts.properties</a> (defaults to
<code>template</code>). If a tag is using the <code>xhtml</code> theme, the
following two locations will be searched (in this order):</p><div
class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1"
rowspan="1" class="confluenceTh"><p>In the application</p></th><td colspan="1"
rowspan="1"
class="confluenceTd"><p><code>/template/xhtml/template.ftl</code></p></td></tr><tr><th
colspan="1" rowspan="1" class="confluenceTh"><p>In the classpath</p></th><td
colspan="1" rowspan="1"
class="confluenceTd"><p><code>/template/xhtml/template.ftl</code></p></td></tr></tbody></table></div><p><img
class="emoticon emoticon-warning"
src="https://cwiki.apache.org/confluence/s/en_GB/5982/f2b47fb3d636c8bc9fd0b11c0ec6d0ae18646be7.1/_/images/icons/emoticons/warning.png";
data-emoticon-name="warning" alt="(warning)"> For performance reasons, you may
want to prefer the first location, although the second one is more flexi
ble. See <a shape="rect" href="performance-tuning.html">Performance Tuning</a>
for a discussion on this topic.</p><h2
id="TemplateLoading-OverridingTemplates">Overriding Templates</h2><p>The
default templates provided in the <code>struts-core.jar</code> should suit the
needs of many applications. However, if a template needs to be modified, it's
easy to plug in a new version. Extract the template you need to change from the
<code>struts-core.jar</code>, make the modifications, and save the updated copy
to <code>/template/$theme/$template.ftl</code>. If you are using the xhmtl
theme and need to change how the select tags render, edit that template and
save it to <code>/template/xhtml/select.ftl</code>.</p><p><img class="emoticon
emoticon-warning"
src="https://cwiki.apache.org/confluence/s/en_GB/5982/f2b47fb3d636c8bc9fd0b11c0ec6d0ae18646be7.1/_/images/icons/emoticons/warning.png";
data-emoticon-name="warning" alt="(warning)"> It is easier and better to edit
and override an existing tem
plate than provide a new one of your own.</p><h2
id="TemplateLoading-AlteringTemplateLoadingBehaviour">Altering Template Loading
Behaviour</h2><p>It is possible to load template from other locations, like the
file system or a URL. Loading templates from alternate locations can be useful
not only for tags, but for custom results. For details, see the <a shape="rect"
href="freemarker.html">FreeMarker</a> documentation and consult the section on
extending the FreeMarkerManager.</p><h2
id="TemplateLoading-AlternativeTemplateEngines">Alternative Template
Engines</h2><p>The framework provides for template rendering engines other than
FreeMarker. (Though, there is rarely a need to use another system!)</p><div
class="confluence-information-macro confluence-information-macro-warning"><p
class="title">Don't try this at home!</p><span class="aui-icon aui-icon-small
aui-iconfont-error confluence-information-macro-icon"></span><div
class="confluence-information-macro-body"><p>Alternative templat
e engines are best left to advanced users with special
needs!</p></div></div><p>The framework supports three template engines, which
can be controlled by the <code>struts.ui.templateSuffix</code> in <a
shape="rect" href="strutsproperties.html">struts.properties</a>.</p><div
class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1"
rowspan="1" class="confluenceTh"><p>ftl (default)</p></th><td colspan="1"
rowspan="1" class="confluenceTd"><p><a shape="rect"
href="freemarker.html">FreeMarker</a>-based template
engine</p></td></tr><tr><th colspan="1" rowspan="1"
class="confluenceTh"><p>vm</p></th><td colspan="1" rowspan="1"
class="confluenceTd"><p><a shape="rect" href="velocity.html">Velocity</a>-based
template engine</p></td></tr><tr><th colspan="1" rowspan="1"
class="confluenceTh"><p>jsp</p></th><td colspan="1" rowspan="1"
class="confluenceTd"><p><a shape="rect" href="jsp.html">JSP</a>-based template
engine</p></td></tr></tbody></table></div><p>The only set of templa
tes and themes provided in the distribution is for FreeMarker. In order to use
another template engine, you must provide your own template and theme for that
engine.</p><div class="confluence-information-macro
confluence-information-macro-tip"><p class="title">Stay the course</p><span
class="aui-icon aui-icon-small aui-iconfont-approve
confluence-information-macro-icon"></span><div
class="confluence-information-macro-body"><p>Don't feel that you need to
rewrite the templates to match your view format. If you need to customize the
template, try copying and modifying the FreeMarker template first. Most changes
should be obvious.</p></div></div></div>
</div>
Modified: websites/production/struts/content/docs/testing-actions.html
==============================================================================
--- websites/production/struts/content/docs/testing-actions.html (original)
+++ websites/production/struts/content/docs/testing-actions.html Fri Dec 2
07:17:46 2016
@@ -138,14 +138,8 @@ under the License.
<div class="pagecontent">
<div class="wiki-content">
- <div id="ConfluenceContent"><p>The recommended way to test actions
is to instantiate the action classes and test them. The <a shape="rect"
href="junit-plugin.html">JUnit Plugin</a> supports testing actions within a
Struts invocation, meaning that a full request is simulated, and the output of
the action can be tested. </p>
-
-<h3 id="TestingActions-Strutsactions(withoutSpring)">Struts actions (without
Spring)</h3>
-<p>To test actions that do not use Spring, extend <code>StrutsTestCase</code>.
The following example shows different ways of testing an action:<br
clear="none">
-Mapping:</p>
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
-<pre class="brush: xml; gutter: false; theme: Default" style="font-size:12px;">
-<struts>
+ <div id="ConfluenceContent"><p>The recommended way to test actions
is to instantiate the action classes and test them. The <a shape="rect"
href="junit-plugin.html">JUnit Plugin</a> supports testing actions within a
Struts invocation, meaning that a full request is simulated, and the output of
the action can be tested.</p><h3
id="TestingActions-Strutsactions(withoutSpring)">Struts actions (without
Spring)</h3><p>To test actions that do not use Spring, extend
<code>StrutsTestCase</code>. The following example shows different ways of
testing an action:<br clear="none"> Mapping:</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeContent panelContent pdl">
+<pre class="brush: xml; gutter: false; theme: Default"
style="font-size:12px;"><struts>
<constant name="struts.objectFactory" value="spring"/>
<package name="test" namespace="/test" extends="struts-default">
<action name="testAction" class="org.apache.struts2.TestAction">
@@ -154,11 +148,8 @@ Mapping:</p>
</package>
</struts>
</pre>
-</div></div>
-<p>Action:</p>
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
-<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;">
-public class TestAction extends ActionSupport {
+</div></div><p>Action:</p><div class="code panel pdl" style="border-width:
1px;"><div class="codeContent panelContent pdl">
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;">public class TestAction extends ActionSupport {
private String name;
public String getName() {
@@ -170,11 +161,8 @@ public class TestAction extends ActionSu
}
}
</pre>
-</div></div>
-<p>JUnit:</p>
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
-<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;">
-package org.apache.struts2;
+</div></div><p>JUnit:</p><div class="code panel pdl" style="border-width:
1px;"><div class="codeContent panelContent pdl">
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;">package org.apache.struts2;
import org.apache.struts2.dispatcher.mapper.ActionMapping;
@@ -222,34 +210,14 @@ public class StrutsTestCaseTest extends
}
}
</pre>
-</div></div>
-
-<h3 id="TestingActions-Thetemplate">The template</h3>
-<p>If you use JSPs as the template engine you won't be able to test the action
output outside the container. The <a shape="rect"
href="embedded-jsp-plugin.html">Embedded JSP Plugin</a> can be used to overcome
this limitation and be able to use JSPs from the classpath and outside the
container.</p>
-
-<p>There are several utility methods and mock objects defined in
StrutsTestCase which can be used to facilitate the testing:<br clear="none">
-Methods:</p>
-<div class="table-wrap"><table class="confluenceTable"><tbody><tr><th
colspan="1" rowspan="1" class="confluenceTh"><p>Method Name</p></th><th
colspan="1" rowspan="1"
class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p>executeAction(String)</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>Pass the url for the action,
and it will return the output of the action. This output <strong>is
not</strong> the action result, like "success", but what would be written to
the result stream. To use this the actions must be using a result type that can
be read from the classpath, like FreeMarker, velocity, etc (if you are using
the experimental Embedded JSP Plugin, you can use JSPs
also)</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>getActionProxy(String)</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>Builds an action proxy that can be used to
invoke an action, by calling <code>execute()</code> on th
e returned proxy object. The return value of <code>execute()</code> is the
action result, like "success"</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>getActionMapping(String)</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>Gets an <code>ActionMapping</code> for the
url</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>injectStrutsDependencies(object)</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>Injects Struts dependencies
into an object (dependencies are marked with
<code>Inject</code>)</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>findValueAfterExecute(String)</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>Finds an object in the value stack, after
an action has been executed</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>applyAdditionalParams(ActionContext)</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>Can be overwritten in subclass
to provid
e additional params and settings used during action
invocation</p></td></tr></tbody></table></div>
-
-
-<div class="table-wrap"><table class="confluenceTable"><tbody><tr><th
colspan="1" rowspan="1" class="confluenceTh"><p>Field</p></th><th colspan="1"
rowspan="1" class="confluenceTh"><p>Description</p></th></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p>MockHttpServletRequest
request</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>The request
that will be passed to Struts. Make sure to set parameters in this object
before calling methods like <code>getActionProxy</code></p></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p>MockHttpServletResponse
response</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>The
response object passed to Struts, you can use this class to test the output,
response headers, etc</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>MockServletContext servletContext</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>The servlet context object
passed to Struts</p></td></tr></tbody></tabl
e></div>
-
-
-<h3 id="TestingActions-StrutsActionsusingSpring">Struts Actions using
Spring</h3>
-<p>Make sure to add a dependency to the <a shape="rect"
href="spring-plugin.html">Spring Plugin</a> to your <code>pom.xml</code>:</p>
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
-<pre class="brush: xml; gutter: false; theme: Default" style="font-size:12px;">
-<dependency>
+</div></div><h3 id="TestingActions-Thetemplate">The template</h3><p>If you use
JSPs as the template engine you won't be able to test the action output outside
the container. The <a shape="rect" href="embedded-jsp-plugin.html">Embedded JSP
Plugin</a> can be used to overcome this limitation and be able to use JSPs from
the classpath and outside the container.</p><p>There are several utility
methods and mock objects defined in StrutsTestCase which can be used to
facilitate the testing:<br clear="none"> Methods:</p><div
class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1"
rowspan="1" class="confluenceTh"><p>Method Name</p></th><th colspan="1"
rowspan="1" class="confluenceTh"><p>Description</p></th></tr><tr><td
colspan="1" rowspan="1"
class="confluenceTd"><p>executeAction(String)</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>Pass the url for the action, and it will
return the output of the action. This output <strong>is not</strong> the action
result
, like "success", but what would be written to the result stream. To use this
the actions must be using a result type that can be read from the classpath,
like FreeMarker, velocity, etc (if you are using the experimental Embedded JSP
Plugin, you can use JSPs also)</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>getActionProxy(String)</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>Builds an action proxy that can be used to
invoke an action, by calling <code>execute()</code> on the returned proxy
object. The return value of <code>execute()</code> is the action result, like
"success"</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>getActionMapping(String)</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>Gets an <code>ActionMapping</code> for the
url</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>injectStrutsDependencies(object)</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>Injects Stru
ts dependencies into an object (dependencies are marked with
<code>Inject</code>)</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>findValueAfterExecute(String)</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>Finds an object in the value stack, after
an action has been executed</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>applyAdditionalParams(ActionContext)</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>Can be overwritten in subclass
to provide additional params and settings used during action
invocation</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd">createAction(Class)</td><td colspan="1" rowspan="1"
class="confluenceTd">Can be used to instantiate an action which requires
framework's dependencies to be injected (e.g. extending
<code>ActionSupport</code> requires inject some internal
dependencies)</td></tr></tbody></table></div><div class="table-wrap"><table
class="confluenceTable"><tbody><tr><t
h colspan="1" rowspan="1" class="confluenceTh"><p>Field</p></th><th
colspan="1" rowspan="1"
class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p>MockHttpServletRequest request</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>The request that will be passed
to Struts. Make sure to set parameters in this object before calling methods
like <code>getActionProxy</code></p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>MockHttpServletResponse response</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>The response object passed to
Struts, you can use this class to test the output, response headers,
etc</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>MockServletContext servletContext</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>The servlet context object
passed to Struts</p></td></tr></tbody></table></div><h3
id="TestingActions-StrutsActionsusingSpring">Struts Acti
ons using Spring</h3><p>Make sure to add a dependency to the <a shape="rect"
href="spring-plugin.html">Spring Plugin</a> to your
<code>pom.xml</code>:</p><div class="code panel pdl" style="border-width:
1px;"><div class="codeContent panelContent pdl">
+<pre class="brush: xml; gutter: false; theme: Default"
style="font-size:12px;"><dependency>
<groupId>org.apache.struts</groupId>
<artifactId>struts2-spring-plugin</artifactId>
<version>STRUTS_VERSION</version>
</dependency>
</pre>
-</div></div>
-
-<p>If you use Spring as the object factory, the
<code>StrutsSpringTestCase</code> class can be used to write your JUnits. This
class extends <code>StrutsTestCase</code> and has a
<code>applicationContext</code> field of type <code>ApplicationContext</code>.
</p>
-
-<p>The Spring context is loaded from "classpath*:applicationContext.xml" by
default. To provide a different location, overwrite
<code>getContextLocations</code>. </p></div>
+</div></div><p>If you use Spring as the object factory, the
<code>StrutsSpringTestCase</code> class can be used to write your JUnits. This
class extends <code>StrutsTestCase</code> and has a
<code>applicationContext</code> field of type
<code>ApplicationContext</code>.</p><p>The Spring context is loaded from
"classpath*:applicationContext.xml" by default. To provide a different
location, overwrite <code>getContextLocations</code>.</p></div>
</div>
Modified: websites/production/struts/content/docs/text.html
==============================================================================
--- websites/production/struts/content/docs/text.html (original)
+++ websites/production/struts/content/docs/text.html Fri Dec 2 07:17:46 2016
@@ -156,7 +156,7 @@ extension.
<p></p><p>
If the named message is not found in a property file, then the body of the
-tag will be used as default message. If no body is used, then the stack will
+tag will be used as default message. If no body is used, then the stack can
be searched, and if a value is returned, it will written to the output.
If no value is found on the stack, the key of the message will be written out.
</p>
@@ -165,7 +165,7 @@ If no value is found on the stack, the k
<h2 id="text-Parameters">Parameters</h2>
-<p><table width="100%"><tr><td colspan="6" rowspan="1"><h4>Dynamic Attributes
Allowed:</h4> false</td></tr><tr><td colspan="6"
rowspan="1"> </td></tr><tr><th align="left" colspan="1" rowspan="1"
valign="top"><h4>Name</h4></th><th align="left" colspan="1" rowspan="1"
valign="top"><h4>Required</h4></th><th align="left" colspan="1" rowspan="1"
valign="top"><h4>Default</h4></th><th align="left" colspan="1" rowspan="1"
valign="top"><h4>Evaluated</h4></th><th align="left" colspan="1" rowspan="1"
valign="top"><h4>Type</h4></th><th align="left" colspan="1" rowspan="1"
valign="top"><h4>Description</h4></th></tr><tr><td align="left" colspan="1"
rowspan="1" valign="top">name</td><td align="left" colspan="1" rowspan="1"
valign="top"><strong>true</strong></td><td align="left" colspan="1" rowspan="1"
valign="top"></td><td align="left" colspan="1" rowspan="1"
valign="top">false</td><td align="left" colspan="1" rowspan="1"
valign="top">String</td><td align="left" colspan="1" rowspan="1" valign
="top">Name of resource property to fetch</td></tr><tr><td align="left"
colspan="1" rowspan="1" valign="top">searchValueStack</td><td align="left"
colspan="1" rowspan="1" valign="top">false</td><td align="left" colspan="1"
rowspan="1" valign="top">true</td><td align="left" colspan="1" rowspan="1"
valign="top">false</td><td align="left" colspan="1" rowspan="1"
valign="top">Boolean</td><td align="left" colspan="1" rowspan="1"
valign="top">Search the stack if property is not found on
resources</td></tr><tr><td align="left" colspan="1" rowspan="1"
valign="top">var</td><td align="left" colspan="1" rowspan="1"
valign="top">false</td><td align="left" colspan="1" rowspan="1"
valign="top"></td><td align="left" colspan="1" rowspan="1"
valign="top">false</td><td align="left" colspan="1" rowspan="1"
valign="top">String</td><td align="left" colspan="1" rowspan="1"
valign="top">Name used to reference the value pushed into the Value
Stack</td></tr></table></p>
+<p><table width="100%"><tr><td colspan="6" rowspan="1"><h4>Dynamic Attributes
Allowed:</h4> false</td></tr><tr><td colspan="6"
rowspan="1"> </td></tr><tr><th align="left" colspan="1" rowspan="1"
valign="top"><h4>Name</h4></th><th align="left" colspan="1" rowspan="1"
valign="top"><h4>Required</h4></th><th align="left" colspan="1" rowspan="1"
valign="top"><h4>Default</h4></th><th align="left" colspan="1" rowspan="1"
valign="top"><h4>Evaluated</h4></th><th align="left" colspan="1" rowspan="1"
valign="top"><h4>Type</h4></th><th align="left" colspan="1" rowspan="1"
valign="top"><h4>Description</h4></th></tr><tr><td align="left" colspan="1"
rowspan="1" valign="top">name</td><td align="left" colspan="1" rowspan="1"
valign="top"><strong>true</strong></td><td align="left" colspan="1" rowspan="1"
valign="top"></td><td align="left" colspan="1" rowspan="1"
valign="top">false</td><td align="left" colspan="1" rowspan="1"
valign="top">String</td><td align="left" colspan="1" rowspan="1" valign
="top">Name of resource property to fetch</td></tr><tr><td align="left"
colspan="1" rowspan="1" valign="top">searchValueStack</td><td align="left"
colspan="1" rowspan="1" valign="top">false</td><td align="left" colspan="1"
rowspan="1" valign="top">false</td><td align="left" colspan="1" rowspan="1"
valign="top">false</td><td align="left" colspan="1" rowspan="1"
valign="top">Boolean</td><td align="left" colspan="1" rowspan="1"
valign="top">Search the stack if property is not found on
resources</td></tr><tr><td align="left" colspan="1" rowspan="1"
valign="top">var</td><td align="left" colspan="1" rowspan="1"
valign="top">false</td><td align="left" colspan="1" rowspan="1"
valign="top"></td><td align="left" colspan="1" rowspan="1"
valign="top">false</td><td align="left" colspan="1" rowspan="1"
valign="top">String</td><td align="left" colspan="1" rowspan="1"
valign="top">Name used to reference the value pushed into the Value
Stack</td></tr></table></p>
<h2 id="text-Examples">Examples</h2>
Modified: websites/production/struts/content/docs/tiles-plugin.html
==============================================================================
--- websites/production/struts/content/docs/tiles-plugin.html (original)
+++ websites/production/struts/content/docs/tiles-plugin.html Fri Dec 2
07:17:46 2016
@@ -139,11 +139,11 @@ under the License.
<div class="pagecontent">
<div class="wiki-content">
<div id="ConfluenceContent"><p><style type="text/css">/*<![CDATA[*/
-div.rbtoc1476770248680 {padding: 0px;}
-div.rbtoc1476770248680 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1476770248680 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1480661954732 {padding: 0px;}
+div.rbtoc1480661954732 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1480661954732 li {margin-left: 0px;padding-left: 0px;}
-/*]]>*/</style></p><div class="toc-macro rbtoc1476770248680">
+/*]]>*/</style></p><div class="toc-macro rbtoc1480661954732">
<ul class="toc-indentation"><li><a shape="rect"
href="#TilesPlugin-Features">Features</a></li><li><a shape="rect"
href="#TilesPlugin-Usage">Usage</a>
<ul class="toc-indentation"><li><a shape="rect"
href="#TilesPlugin-AccessingStrutsattributes">Accessing Struts
attributes</a></li><li><a shape="rect"
href="#TilesPlugin-I18N">I18N</a></li></ul>
</li><li><a shape="rect" href="#TilesPlugin-Example">Example</a></li><li><a
shape="rect" href="#TilesPlugin-Settings">Settings</a></li><li><a shape="rect"
href="#TilesPlugin-Installation">Installation</a></li></ul>
Modified: websites/production/struts/content/docs/type-conversion.html
==============================================================================
--- websites/production/struts/content/docs/type-conversion.html (original)
+++ websites/production/struts/content/docs/type-conversion.html Fri Dec 2
07:17:46 2016
@@ -141,11 +141,11 @@ under the License.
<div id="ConfluenceContent"><p>Routine type conversion in the
framework is transparent. Generally, all you need to do is ensure that HTML
inputs have names that can be used in <a shape="rect" href="ognl.html">OGNL</a>
expressions. (HTML inputs are form elements and other GET/POST parameters.)</p>
<style type="text/css">/*<![CDATA[*/
-div.rbtoc1464698191529 {padding: 0px;}
-div.rbtoc1464698191529 ul {list-style: none;margin-left: 0px;}
-div.rbtoc1464698191529 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1480661791861 {padding: 0px;}
+div.rbtoc1480661791861 ul {list-style: none;margin-left: 0px;}
+div.rbtoc1480661791861 li {margin-left: 0px;padding-left: 0px;}
-/*]]>*/</style><div class="toc-macro rbtoc1464698191529">
+/*]]>*/</style><div class="toc-macro rbtoc1480661791861">
<ul class="toc-indentation"><li><span class="TOCOutline">1</span> <a
shape="rect" href="#TypeConversion-BuiltinTypeConversionSupport">Built in Type
Conversion Support</a></li><li><span class="TOCOutline">2</span> <a
shape="rect" href="#TypeConversion-RelationshiptoParameterNames">Relationship
to Parameter Names</a></li><li><span class="TOCOutline">3</span> <a
shape="rect" href="#TypeConversion-CreatingaTypeConverter">Creating a Type
Converter</a></li><li><span class="TOCOutline">4</span> <a shape="rect"
href="#TypeConversion-ApplyingaTypeConvertertoanAction">Applying a Type
Converter to an Action</a></li><li><span class="TOCOutline">5</span> <a
shape="rect"
href="#TypeConversion-ApplyingaTypeConvertertoabeanormodel">Applying a Type
Converter to a bean or model</a></li><li><span class="TOCOutline">6</span> <a
shape="rect"
href="#TypeConversion-ApplyingaTypeConverterforanapplication">Applying a Type
Converter for an application</a></li><li><span class="TOCOutline">7</span> <a
shape="r
ect" href="#TypeConversion-ASimpleExample">A Simple Example</a></li><li><span
class="TOCOutline">8</span> <a shape="rect"
href="#TypeConversion-AdvancedTypeConversion">Advanced Type Conversion</a>
<ul class="toc-indentation"><li><span class="TOCOutline">8.1</span> <a
shape="rect" href="#TypeConversion-NullPropertyHandling">Null Property
Handling</a></li><li><span class="TOCOutline">8.2</span> <a shape="rect"
href="#TypeConversion-CollectionandMapSupport">Collection and Map Support</a>
<ul class="toc-indentation"><li><span class="TOCOutline">8.2.1</span> <a
shape="rect"
href="#TypeConversion-Indexingacollectionbyapropertyofthatcollection">Indexing
a collection by a property of that collection</a></li></ul>
Modified: websites/production/struts/content/docs/updownselect.html
==============================================================================
--- websites/production/struts/content/docs/updownselect.html (original)
+++ websites/production/struts/content/docs/updownselect.html Fri Dec 2
07:17:46 2016
@@ -142,7 +142,7 @@ under the License.
<div class="confluence-information-macro confluence-information-macro-note"><p
class="title">Important</p><span class="aui-icon aui-icon-small
aui-iconfont-warning confluence-information-macro-icon"></span><div
class="confluence-information-macro-body">
<p></p><p>
Note that the listkey and listvalue attribute will default to "key" and "value"
-respectively only when the list attribute is evaluated to a Map or its
decendant.
+respectively only when the list attribute is evaluated to a Map or its
descendant.
Everything else will result in listkey and listvalue to be null and not used.
</p></div></div>
Modified: websites/production/struts/content/docs/validation.html
==============================================================================
--- websites/production/struts/content/docs/validation.html (original)
+++ websites/production/struts/content/docs/validation.html Fri Dec 2 07:17:46
2016
@@ -139,11 +139,11 @@ under the License.
<div class="pagecontent">
<div class="wiki-content">
<div id="ConfluenceContent"><p>Struts 2 validation is configured
via XML or annotations. Manual validation in the action is also possible, and
may be combined with XML and annotation-driven validation.</p><p>Validation
also depends on both the <code>validation</code> and <code>workflow</code>
interceptors (both are included in the default interceptor stack). The
<code>validation</code> interceptor does the validation itself and creates a
list of field-specific errors. The <code>workflow</code> interceptor checks for
the presence of validation errors: if any are found, it returns the "input"
result (by default), taking the user back to the form which contained the
validation errors.</p><p>If we're using the default settings <em>and</em> our
action doesn't have an "input" result defined <em>and</em> there are validation
(or, incidentally, type conversion) errors, we'll get an error message back
telling us there's no "input" result defined for the action.</p><p><strong>CONT
ENTS</strong></p><p><style type="text/css">/*<![CDATA[*/
-div.rbtoc1464698322819 {padding: 0px;}
-div.rbtoc1464698322819 ul {list-style: none;margin-left: 0px;}
-div.rbtoc1464698322819 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1480661925380 {padding: 0px;}
+div.rbtoc1480661925380 ul {list-style: none;margin-left: 0px;}
+div.rbtoc1480661925380 li {margin-left: 0px;padding-left: 0px;}
-/*]]>*/</style></p><div class="toc-macro rbtoc1464698322819">
+/*]]>*/</style></p><div class="toc-macro rbtoc1480661925380">
<ul class="toc-indentation"><li><span class="TOCOutline">1</span> <a
shape="rect" href="#Validation-UsingAnnotations">Using
Annotations</a></li><li><span class="TOCOutline">2</span> <a shape="rect"
href="#Validation-BeanValidation">Bean Validation</a></li><li><span
class="TOCOutline">3</span> <a shape="rect"
href="#Validation-Examples">Examples</a></li><li><span
class="TOCOutline">4</span> <a shape="rect"
href="#Validation-BundledValidators">Bundled Validators</a></li><li><span
class="TOCOutline">5</span> <a shape="rect"
href="#Validation-RegisteringValidators">Registering
Validators</a></li><li><span class="TOCOutline">6</span> <a shape="rect"
href="#Validation-TurningonValidation">Turning on Validation</a></li><li><span
class="TOCOutline">7</span> <a shape="rect"
href="#Validation-ValidatorScopes">Validator Scopes</a>
<ul class="toc-indentation"><li><span class="TOCOutline">7.1</span> <a
shape="rect" href="#Validation-Notes">Notes</a></li></ul>
</li><li><span class="TOCOutline">8</span> <a shape="rect"
href="#Validation-DefiningValidationRules">Defining Validation
Rules</a></li><li><span class="TOCOutline">9</span> <a shape="rect"
href="#Validation-LocalizingandParameterizingMessages">Localizing and
Parameterizing Messages</a></li><li><span class="TOCOutline">10</span> <a
shape="rect" href="#Validation-ValidatorFlavor">Validator
Flavor</a></li><li><span class="TOCOutline">11</span> <a shape="rect"
href="#Validation-Non-FieldValidatorVsField-Validatorvalidatortypes">Non-Field
Validator Vs Field-Validator</a></li><li><span class="TOCOutline">12</span> <a
shape="rect" href="#Validation-Short-CircuitingValidator">Short-Circuiting
Validator</a></li><li><span class="TOCOutline">13</span> <a shape="rect"
href="#Validation-HowValidatorsofanActionareFound">How Validators of an Action
are Found</a></li><li><span class="TOCOutline">14</span> <a shape="rect"
href="#Validation-Writingcustomvalidators">Writing custom validators</a></li>
<li><span class="TOCOutline">15</span> <a shape="rect"
href="#Validation-Resources">Resources</a></li><li><span
class="TOCOutline">16</span> <a shape="rect" href="#Validation-Next:">Next:
Localization</a></li></ul>
Modified: websites/production/struts/content/docs/version-notes-2331.html
==============================================================================
--- websites/production/struts/content/docs/version-notes-2331.html (original)
+++ websites/production/struts/content/docs/version-notes-2331.html Fri Dec 2
07:17:46 2016
@@ -155,7 +155,7 @@ under the License.
<url>https://repository.apache.org/content/groups/staging/</url>
</repository>
</repositories></pre>
-</div></div><h2 id="VersionNotes2.3.31-InternalChanges">Internal
Changes</h2><ul><li><img class="emoticon emoticon-warning"
src="https://cwiki.apache.org/confluence/s/en_GB/5982/f2b47fb3d636c8bc9fd0b11c0ec6d0ae18646be7.1/_/images/icons/emoticons/warning.png";
data-emoticon-name="warning" alt="(warning)"> Possible path traversal in
the Convention plugin <a shape="rect"
href="s2-042.html">S2-042</a></li><li><img class="emoticon emoticon-warning"
src="https://cwiki.apache.org/confluence/s/en_GB/5982/f2b47fb3d636c8bc9fd0b11c0ec6d0ae18646be7.1/_/images/icons/emoticons/warning.png";
data-emoticon-name="warning" alt="(warning)"> Using the Config Browser
plugin in production <a shape="rect"
href="s2-043.html">S2-043</a></li></ul><p> </p><div
class="confluence-information-macro confluence-information-macro-note"><span
class="aui-icon aui-icon-small aui-iconfont-warning
confluence-information-macro-icon"></span><div
class="confluence-information-macro-body"><p>This rele
ase contains fixes related to <a shape="rect" href="s2-042.html">S2-042</a>
and <a shape="rect" href="s2-043.html">S2-043</a> security bulletins, please
read them carefully!</p></div></div><h3
id="VersionNotes2.3.31-Issues">Issues</h3><h4
id="VersionNotes2.3.31-Bug">Bug</h4><ul><li>[<a shape="rect"
class="external-link"
href="https://issues.apache.org/jira/browse/WW-4601";>WW-4601</a>] - webconsole
can always be accessed</li><li>[<a shape="rect" class="external-link"
href="https://issues.apache.org/jira/browse/WW-4628";>WW-4628</a>] - Space
character and includeParams</li><li>[<a shape="rect" class="external-link"
href="https://issues.apache.org/jira/browse/WW-4659";>WW-4659</a>] - Exception
starting filter struts2 java.lang.IncompatibleClassChangeError: Implementing
class</li><li>[<a shape="rect" class="external-link"
href="https://issues.apache.org/jira/browse/WW-4663";>WW-4663</a>] -
NullPointerException when displaying a form without action
attribute</li><li>[<a shape="rect" class="
external-link"
href="https://issues.apache.org/jira/browse/WW-4667";>WW-4667</a>] -
ParametersInterceptor excludeParams only applies to first instance of params
interceptor in paramsPrepareParamsStack</li><li>[<a shape="rect"
class="external-link"
href="https://issues.apache.org/jira/browse/WW-4669";>WW-4669</a>] - Struts
2.5.1 gives errors on unexpected action names</li><li>[<a shape="rect"
class="external-link"
href="https://issues.apache.org/jira/browse/WW-4675";>WW-4675</a>] - Select box
does not pre-select chosen values</li></ul><h4
id="VersionNotes2.3.31-Improvement">Improvement</h4><ul><li>[<a shape="rect"
class="external-link"
href="https://issues.apache.org/jira/browse/WW-4674";>WW-4674</a>] -
StrutsPrepareAndExecuteFilter should check for response commited
status</li><li>[<a shape="rect" class="external-link"
href="https://issues.apache.org/jira/browse/WW-4685";>WW-4685</a>] - Allow
directly accessing I18N keys from Tiles defintions</li></ul><h3
id="VersionNotes2.3.31-IssueDeta
il">Issue Detail</h3><ul><li><a shape="rect" class="external-link"
href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311041&version=12337872";>JIRA
Release Notes 2.3.31</a></li></ul><h3 id="VersionNotes2.3.31-IssueList">Issue
List</h3><ul><li><a shape="rect" class="external-link"
href="https://issues.apache.org/jira/issues/?filter=12338537";>Struts 2.3.30
DONE</a></li><li><a shape="rect" class="external-link"
href="https://issues.apache.org/jira/issues/?filter=12318399";>Struts 2.3.x
TODO</a></li></ul><h3 id="VersionNotes2.3.31-Otherresources">Other
resources</h3><ul><li><a shape="rect" class="external-link"
href="http://www.mail-archive.com/commits%40struts.apache.org/";
rel="nofollow">Commit Logs</a></li><li><a shape="rect" class="external-link"
href="https://git-wip-us.apache.org/repos/asf?p=struts.git;a=tree;h=refs/heads/develop;hb=develop";>Source
Code Repository</a></li></ul><div><span style="font-size: 24.0px;line-height:
30.0px;"><br clear="none"></span
></div><div><span style="font-size: 24.0px;line-height:
>30.0px;background-color: rgb(245,245,245);"><br
>clear="none"></span></div></div>
+</div></div><h2 id="VersionNotes2.3.31-InternalChanges">Internal
Changes</h2><ul><li><img class="emoticon emoticon-warning"
src="https://cwiki.apache.org/confluence/s/en_GB/5982/f2b47fb3d636c8bc9fd0b11c0ec6d0ae18646be7.1/_/images/icons/emoticons/warning.png";
data-emoticon-name="warning" alt="(warning)"> Possible path traversal in
the Convention plugin <a shape="rect"
href="s2-042.html">S2-042</a></li><li><img class="emoticon emoticon-warning"
src="https://cwiki.apache.org/confluence/s/en_GB/5982/f2b47fb3d636c8bc9fd0b11c0ec6d0ae18646be7.1/_/images/icons/emoticons/warning.png";
data-emoticon-name="warning" alt="(warning)"> Using the Config Browser
plugin in production <a shape="rect"
href="s2-043.html">S2-043</a></li></ul><p> </p><div
class="confluence-information-macro confluence-information-macro-note"><span
class="aui-icon aui-icon-small aui-iconfont-warning
confluence-information-macro-icon"></span><div
class="confluence-information-macro-body"><p>This rele
ase contains fixes related to <a shape="rect" href="s2-042.html">S2-042</a>
and <a shape="rect" href="s2-043.html">S2-043</a> security bulletins, please
read them carefully!</p></div></div><h3
id="VersionNotes2.3.31-Issues">Issues</h3><h4
id="VersionNotes2.3.31-Bug">Bug</h4><ul><li>[<a shape="rect"
class="external-link"
href="https://issues.apache.org/jira/browse/WW-4601";>WW-4601</a>] - webconsole
can always be accessed</li><li>[<a shape="rect" class="external-link"
href="https://issues.apache.org/jira/browse/WW-4628";>WW-4628</a>] - Space
character and includeParams</li><li>[<a shape="rect" class="external-link"
href="https://issues.apache.org/jira/browse/WW-4659";>WW-4659</a>] - Exception
starting filter struts2 java.lang.IncompatibleClassChangeError: Implementing
class</li><li>[<a shape="rect" class="external-link"
href="https://issues.apache.org/jira/browse/WW-4663";>WW-4663</a>] -
NullPointerException when displaying a form without action
attribute</li><li>[<a shape="rect" class="
external-link"
href="https://issues.apache.org/jira/browse/WW-4667";>WW-4667</a>] -
ParametersInterceptor excludeParams only applies to first instance of params
interceptor in paramsPrepareParamsStack</li><li>[<a shape="rect"
class="external-link"
href="https://issues.apache.org/jira/browse/WW-4669";>WW-4669</a>] - Struts
2.5.1 gives errors on unexpected action names</li><li>[<a shape="rect"
class="external-link"
href="https://issues.apache.org/jira/browse/WW-4675";>WW-4675</a>] - Select box
does not pre-select chosen values</li></ul><h4
id="VersionNotes2.3.31-Improvement">Improvement</h4><ul><li>[<a shape="rect"
class="external-link"
href="https://issues.apache.org/jira/browse/WW-4674";>WW-4674</a>] -
StrutsPrepareAndExecuteFilter should check for response commited
status</li><li>[<a shape="rect" class="external-link"
href="https://issues.apache.org/jira/browse/WW-4685";>WW-4685</a>] - Allow
directly accessing I18N keys from Tiles defintions</li></ul><h3
id="VersionNotes2.3.31-IssueDeta
il">Issue Detail</h3><ul><li><a shape="rect" class="external-link"
href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311041&version=12337872";>JIRA
Release Notes 2.3.31</a></li></ul><h3 id="VersionNotes2.3.31-IssueList">Issue
List</h3><ul><li><a shape="rect" class="external-link"
href="https://issues.apache.org/jira/issues/?filter=12338537";>Struts 2.3.31
DONE</a></li><li><a shape="rect" class="external-link"
href="https://issues.apache.org/jira/issues/?filter=12318399";>Struts 2.3.x
TODO</a></li></ul><h3 id="VersionNotes2.3.31-Otherresources">Other
resources</h3><ul><li><a shape="rect" class="external-link"
href="http://www.mail-archive.com/commits%40struts.apache.org/";
rel="nofollow">Commit Logs</a></li><li><a shape="rect" class="external-link"
href="https://git-wip-us.apache.org/repos/asf?p=struts.git;a=tree;h=refs/heads/develop;hb=develop";>Source
Code Repository</a></li></ul><div><span style="font-size: 24.0px;line-height:
30.0px;"><br clear="none"></span
></div><div><span style="font-size: 24.0px;line-height:
>30.0px;background-color: rgb(245,245,245);"><br
>clear="none"></span></div></div>
</div>
![https://cwiki.apache.org/confluence/s/en_GB/5982/f2b47fb3d636c8bc9fd0b11c0ec6d0ae18646be7.1/_/images/icons/emoticons/warning.png"](https://cwiki.apache.org/confluence/s/en_GB/5982/f2b47fb3d636c8bc9fd0b11c0ec6d0ae18646be7.1/_/images/icons/emoticons/warning.png"){kind=link}