Modified: websites/production/struts/content/docs/security-bulletins.html ============================================================================== --- websites/production/struts/content/docs/security-bulletins.html (original) +++ websites/production/struts/content/docs/security-bulletins.html Fri Dec 2 07:17:46 2016 @@ -126,7 +126,7 @@ under the License. <div class="pagecontent"> <div class="wiki-content"> <div id="ConfluenceContent"><p>The following security bulletins are available:</p> -<ul class="childpages-macro"><li><a shape="rect" href="s2-001.html">S2-001</a> — <span class="smalltext">Remote code exploit on form validation error</span></li><li><a shape="rect" href="s2-002.html">S2-002</a> — <span class="smalltext">Cross site scripting (XSS) vulnerability on <s:url> and <s:a> tags</span></li><li><a shape="rect" href="s2-003.html">S2-003</a> — <span class="smalltext">XWork ParameterInterceptors bypass allows OGNL statement execution</span></li><li><a shape="rect" href="s2-004.html">S2-004</a> — <span class="smalltext">Directory traversal vulnerability while serving static content</span></li><li><a shape="rect" href="s2-005.html">S2-005</a> — <span class="smalltext">XWork ParameterInterceptors bypass allows remote command execution</span></li><li><a shape="rect" href="s2-006.html">S2-006</a> — <span class="smalltext">Multiple Cross-Site Scripting (XSS) in XWork generated error pages</span></li><li><a shape="rect" hr ef="s2-007.html">S2-007</a> — <span class="smalltext">User input is evaluated as an OGNL expression when there's a conversion error</span></li><li><a shape="rect" href="s2-008.html">S2-008</a> — <span class="smalltext">Multiple critical vulnerabilities in Struts2</span></li><li><a shape="rect" href="s2-009.html">S2-009</a> — <span class="smalltext">ParameterInterceptor vulnerability allows remote command execution</span></li><li><a shape="rect" href="s2-010.html">S2-010</a> — <span class="smalltext">When using Struts 2 token mechanism for CSRF protection, token check may be bypassed by misusing known session attributes</span></li><li><a shape="rect" href="s2-011.html">S2-011</a> — <span class="smalltext">Long request parameter names might significantly promote the effectiveness of DOS attacks</span></li><li><a shape="rect" href="s2-012.html">S2-012</a> — <span class="smalltext">Showcase app vulnerability allows remote command execution</span></li> <li><a shape="rect" href="s2-013.html">S2-013</a> — <span class="smalltext">A vulnerability, present in the includeParams attribute of the URL and Anchor Tag, allows remote command execution</span></li><li><a shape="rect" href="s2-014.html">S2-014</a> — <span class="smalltext">A vulnerability introduced by forcing parameter inclusion in the URL and Anchor Tag allows remote command execution, session access and manipulation and XSS attacks</span></li><li><a shape="rect" href="s2-015.html">S2-015</a> — <span class="smalltext">A vulnerability introduced by wildcard matching mechanism or double evaluation of OGNL Expression allows remote command execution.</span></li><li><a shape="rect" href="s2-016.html">S2-016</a> — <span class="smalltext">A vulnerability introduced by manipulating parameters prefixed with "action:"/"redirect:"/"redirectAction:" allows remote command execution</span></li><li><a shape="rect" href="s2-017.html">S2-017</a> — <span class="sma lltext">A vulnerability introduced by manipulating parameters prefixed with "redirect:"/"redirectAction:" allows for open redirects</span></li><li><a shape="rect" href="s2-018.html">S2-018</a> — <span class="smalltext">Broken Access Control Vulnerability in Apache Struts2</span></li><li><a shape="rect" href="s2-019.html">S2-019</a> — <span class="smalltext">Dynamic Method Invocation disabled by default</span></li><li><a shape="rect" href="s2-020.html">S2-020</a> — <span class="smalltext">Upgrade Commons FileUpload to version 1.3.1 (avoids DoS attacks) and adds 'class' to exclude params in ParametersInterceptor (avoid ClassLoader manipulation)</span></li><li><a shape="rect" href="s2-021.html">S2-021</a> — <span class="smalltext">Improves excluded params in ParametersInterceptor and CookieInterceptor to avoid ClassLoader manipulation</span></li><li><a shape="rect" href="s2-022.html">S2-022</a> — <span class="smalltext">Extends excluded params in CookieInt erceptor to avoid manipulation of Struts' internals</span></li><li><a shape="rect" href="s2-023.html">S2-023</a> — <span class="smalltext">Generated value of token can be predictable</span></li><li><a shape="rect" href="s2-024.html">S2-024</a> — <span class="smalltext">Wrong excludeParams overrides those defined in DefaultExcludedPatternsChecker</span></li><li><a shape="rect" href="s2-025.html">S2-025</a> — <span class="smalltext">Cross-Site Scripting Vulnerability in Debug Mode and in exposed JSP files</span></li><li><a shape="rect" href="s2-026.html">S2-026</a> — <span class="smalltext">Special top object can be used to access Struts' internals</span></li><li><a shape="rect" href="s2-027.html">S2-027</a> — <span class="smalltext">TextParseUtil.translateVariables does not filter malicious OGNL expressions</span></li><li><a shape="rect" href="s2-028.html">S2-028</a> — <span class="smalltext">Use of a JRE with broken URLDecoder implementation may l ead to XSS vulnerability in Struts 2 based web applications.</span></li><li><a shape="rect" href="s2-029.html">S2-029</a> — <span class="smalltext">Forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.</span></li><li><a shape="rect" href="s2-030.html">S2-030</a> — <span class="smalltext">Possible XSS vulnerability in I18NInterceptor</span></li><li><a shape="rect" href="s2-031.html">S2-031</a> — <span class="smalltext">XSLTResult can be used to parse arbitrary stylesheet</span></li><li><a shape="rect" href="s2-032.html">S2-032</a> — <span class="smalltext">Remote Code Execution can be performed via method: prefix when Dynamic Method Invocation is enabled.</span></li><li><a shape="rect" href="s2-033.html">S2-033</a> — <span class="smalltext">Remote Code Execution can be performed when using REST Plugin with ! operator when Dynamic Method Invocation is enabled.</span></li><li><a shape="rect" h ref="s2-034.html">S2-034</a> — <span class="smalltext">OGNL cache poisoning can lead to DoS vulnerability</span></li><li><a shape="rect" href="s2-035.html">S2-035</a> — <span class="smalltext">Action name clean up is error prone</span></li><li><a shape="rect" href="s2-036.html">S2-036</a> — <span class="smalltext">Forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution (similar to S2-029)</span></li><li><a shape="rect" href="s2-037.html">S2-037</a> — <span class="smalltext">Remote Code Execution can be performed when using REST Plugin.</span></li><li><a shape="rect" href="s2-038.html">S2-038</a> — <span class="smalltext">It is possible to bypass token validation and perform a CSRF attack</span></li><li><a shape="rect" href="s2-039.html">S2-039</a> — <span class="smalltext">Getter as action method leads to security bypass</span></li><li><a shape="rect" href="s2-040.html">S2-040</a> — ; <span class="smalltext">Input validation bypass using existing default action method.</span></li><li><a shape="rect" href="s2-041.html">S2-041</a> — <span class="smalltext">Possible DoS attack when using URLValidator</span></li><li><a shape="rect" href="s2-042.html">S2-042</a> — <span class="smalltext">Possible path traversal in the Convention plugin</span></li><li><a shape="rect" href="s2-043.html">S2-043</a> — <span class="smalltext">Using the Config Browser plugin in production</span></li></ul></div> +<ul class="childpages-macro"><li><a shape="rect" href="s2-001.html">S2-001</a> — <span class="smalltext">Remote code exploit on form validation error</span></li><li><a shape="rect" href="s2-002.html">S2-002</a> — <span class="smalltext">Cross site scripting (XSS) vulnerability on <s:url> and <s:a> tags</span></li><li><a shape="rect" href="s2-003.html">S2-003</a> — <span class="smalltext">XWork ParameterInterceptors bypass allows OGNL statement execution</span></li><li><a shape="rect" href="s2-004.html">S2-004</a> — <span class="smalltext">Directory traversal vulnerability while serving static content</span></li><li><a shape="rect" href="s2-005.html">S2-005</a> — <span class="smalltext">XWork ParameterInterceptors bypass allows remote command execution</span></li><li><a shape="rect" href="s2-006.html">S2-006</a> — <span class="smalltext">Multiple Cross-Site Scripting (XSS) in XWork generated error pages</span></li><li><a shape="rect" hr ef="s2-007.html">S2-007</a> — <span class="smalltext">User input is evaluated as an OGNL expression when there's a conversion error</span></li><li><a shape="rect" href="s2-008.html">S2-008</a> — <span class="smalltext">Multiple critical vulnerabilities in Struts2</span></li><li><a shape="rect" href="s2-009.html">S2-009</a> — <span class="smalltext">ParameterInterceptor vulnerability allows remote command execution</span></li><li><a shape="rect" href="s2-010.html">S2-010</a> — <span class="smalltext">When using Struts 2 token mechanism for CSRF protection, token check may be bypassed by misusing known session attributes</span></li><li><a shape="rect" href="s2-011.html">S2-011</a> — <span class="smalltext">Long request parameter names might significantly promote the effectiveness of DOS attacks</span></li><li><a shape="rect" href="s2-012.html">S2-012</a> — <span class="smalltext">Showcase app vulnerability allows remote command execution</span></li> <li><a shape="rect" href="s2-013.html">S2-013</a> — <span class="smalltext">A vulnerability, present in the includeParams attribute of the URL and Anchor Tag, allows remote command execution</span></li><li><a shape="rect" href="s2-014.html">S2-014</a> — <span class="smalltext">A vulnerability introduced by forcing parameter inclusion in the URL and Anchor Tag allows remote command execution, session access and manipulation and XSS attacks</span></li><li><a shape="rect" href="s2-015.html">S2-015</a> — <span class="smalltext">A vulnerability introduced by wildcard matching mechanism or double evaluation of OGNL Expression allows remote command execution.</span></li><li><a shape="rect" href="s2-016.html">S2-016</a> — <span class="smalltext">A vulnerability introduced by manipulating parameters prefixed with "action:"/"redirect:"/"redirectAction:" allows remote command execution</span></li><li><a shape="rect" href="s2-017.html">S2-017</a> — <span class="sma lltext">A vulnerability introduced by manipulating parameters prefixed with "redirect:"/"redirectAction:" allows for open redirects</span></li><li><a shape="rect" href="s2-018.html">S2-018</a> — <span class="smalltext">Broken Access Control Vulnerability in Apache Struts2</span></li><li><a shape="rect" href="s2-019.html">S2-019</a> — <span class="smalltext">Dynamic Method Invocation disabled by default</span></li><li><a shape="rect" href="s2-020.html">S2-020</a> — <span class="smalltext">Upgrade Commons FileUpload to version 1.3.1 (avoids DoS attacks) and adds 'class' to exclude params in ParametersInterceptor (avoid ClassLoader manipulation)</span></li><li><a shape="rect" href="s2-021.html">S2-021</a> — <span class="smalltext">Improves excluded params in ParametersInterceptor and CookieInterceptor to avoid ClassLoader manipulation</span></li><li><a shape="rect" href="s2-022.html">S2-022</a> — <span class="smalltext">Extends excluded params in CookieInt erceptor to avoid manipulation of Struts' internals</span></li><li><a shape="rect" href="s2-023.html">S2-023</a> — <span class="smalltext">Generated value of token can be predictable</span></li><li><a shape="rect" href="s2-024.html">S2-024</a> — <span class="smalltext">Wrong excludeParams overrides those defined in DefaultExcludedPatternsChecker</span></li><li><a shape="rect" href="s2-025.html">S2-025</a> — <span class="smalltext">Cross-Site Scripting Vulnerability in Debug Mode and in exposed JSP files</span></li><li><a shape="rect" href="s2-026.html">S2-026</a> — <span class="smalltext">Special top object can be used to access Struts' internals</span></li><li><a shape="rect" href="s2-027.html">S2-027</a> — <span class="smalltext">TextParseUtil.translateVariables does not filter malicious OGNL expressions</span></li><li><a shape="rect" href="s2-028.html">S2-028</a> — <span class="smalltext">Use of a JRE with broken URLDecoder implementation may l ead to XSS vulnerability in Struts 2 based web applications.</span></li><li><a shape="rect" href="s2-029.html">S2-029</a> — <span class="smalltext">Forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.</span></li><li><a shape="rect" href="s2-030.html">S2-030</a> — <span class="smalltext">Possible XSS vulnerability in I18NInterceptor</span></li><li><a shape="rect" href="s2-031.html">S2-031</a> — <span class="smalltext">XSLTResult can be used to parse arbitrary stylesheet</span></li><li><a shape="rect" href="s2-032.html">S2-032</a> — <span class="smalltext">Remote Code Execution can be performed via method: prefix when Dynamic Method Invocation is enabled.</span></li><li><a shape="rect" href="s2-033.html">S2-033</a> — <span class="smalltext">Remote Code Execution can be performed when using REST Plugin with ! operator when Dynamic Method Invocation is enabled.</span></li><li><a shape="rect" h ref="s2-034.html">S2-034</a> — <span class="smalltext">OGNL cache poisoning can lead to DoS vulnerability</span></li><li><a shape="rect" href="s2-035.html">S2-035</a> — <span class="smalltext">Action name clean up is error prone</span></li><li><a shape="rect" href="s2-036.html">S2-036</a> — <span class="smalltext">Forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution (similar to S2-029)</span></li><li><a shape="rect" href="s2-037.html">S2-037</a> — <span class="smalltext">Remote Code Execution can be performed when using REST Plugin.</span></li><li><a shape="rect" href="s2-038.html">S2-038</a> — <span class="smalltext">It is possible to bypass token validation and perform a CSRF attack</span></li><li><a shape="rect" href="s2-039.html">S2-039</a> — <span class="smalltext">Getter as action method leads to security bypass</span></li><li><a shape="rect" href="s2-040.html">S2-040</a> — ; <span class="smalltext">Input validation bypass using existing default action method.</span></li><li><a shape="rect" href="s2-041.html">S2-041</a> — <span class="smalltext">Possible DoS attack when using URLValidator</span></li><li><a shape="rect" href="s2-042.html">S2-042</a> — <span class="smalltext">Possible path traversal in the Convention plugin</span></li><li><a shape="rect" href="s2-043.html">S2-043</a> — <span class="smalltext">Using the Config Browser plugin in production</span></li><li><a shape="rect" href="s2-044.html">S2-044</a> — <span class="smalltext">Possible DoS attack when using URLValidator</span></li></ul></div> </div> <div class="tabletitle"> @@ -141,6 +141,9 @@ under the License. <span class="smalltext">(Apache Struts 2 Documentation)</span> <br> $page.link($child) + <span class="smalltext">(Apache Struts 2 Documentation)</span> + <br> + $page.link($child) <span class="smalltext">(Apache Struts 2 Documentation)</span> <br> $page.link($child)
Modified: websites/production/struts/content/docs/security.html ============================================================================== --- websites/production/struts/content/docs/security.html (original) +++ websites/production/struts/content/docs/security.html Fri Dec 2 07:17:46 2016 @@ -139,13 +139,13 @@ under the License. <div class="pagecontent"> <div class="wiki-content"> <div id="ConfluenceContent"><p><style type="text/css">/*<![CDATA[*/ -div.rbtoc1466227216669 {padding: 0px;} -div.rbtoc1466227216669 ul {list-style: disc;margin-left: 0px;} -div.rbtoc1466227216669 li {margin-left: 0px;padding-left: 0px;} +div.rbtoc1480662013471 {padding: 0px;} +div.rbtoc1480662013471 ul {list-style: disc;margin-left: 0px;} +div.rbtoc1480662013471 li {margin-left: 0px;padding-left: 0px;} -/*]]>*/</style></p><div class="toc-macro rbtoc1466227216669"> +/*]]>*/</style></p><div class="toc-macro rbtoc1480662013471"> <ul class="toc-indentation"><li><a shape="rect" href="#Security-Securitytips">Security tips</a> -<ul class="toc-indentation"><li><a shape="rect" href="#Security-RestrictaccesstotheConfigBrowser">Restrict access to the Config Browser</a></li><li><a shape="rect" href="#Security-Don'tmixdifferentaccesslevelsinthesamenamespace">Don't mix different access levels in the same namespace</a></li><li><a shape="rect" href="#Security-NeverexposeJSPfilesdirectly">Never expose JSP files directly</a></li><li><a shape="rect" href="#Security-DisabledevMode">Disable devMode</a></li><li><a shape="rect" href="#Security-Reducelogginglevel">Reduce logging level</a></li><li><a shape="rect" href="#Security-UseUTF-8encoding">Use UTF-8 encoding</a></li><li><a shape="rect" href="#Security-Donotdefinedsetterswhennotneeded">Do not defined setters when not needed</a></li></ul> +<ul class="toc-indentation"><li><a shape="rect" href="#Security-RestrictaccesstotheConfigBrowser">Restrict access to the Config Browser</a></li><li><a shape="rect" href="#Security-Don'tmixdifferentaccesslevelsinthesamenamespace">Don't mix different access levels in the same namespace</a></li><li><a shape="rect" href="#Security-NeverexposeJSPfilesdirectly">Never expose JSP files directly</a></li><li><a shape="rect" href="#Security-DisabledevMode">Disable devMode</a></li><li><a shape="rect" href="#Security-Reducelogginglevel">Reduce logging level</a></li><li><a shape="rect" href="#Security-UseUTF-8encoding">Use UTF-8 encoding</a></li><li><a shape="rect" href="#Security-Donotdefinedsetterswhennotneeded">Do not defined setters when not needed</a></li><li><a shape="rect" href="#Security-Donotuseincomingvaluesasaninputforlocalisationlogic">Do not use incoming values as an input for localisation logic</a></li></ul> </li><li><a shape="rect" href="#Security-Internalsecuritymechanism">Internal security mechanism</a> <ul class="toc-indentation"><li><a shape="rect" href="#Security-Accessingstaticmethods">Accessing static methods</a></li><li><a shape="rect" href="#Security-OGNLisusedtocallaction'smethods">OGNL is used to call action's methods</a></li><li><a shape="rect" href="#Security-Accepted/Excludedpatterns">Accepted / Excluded patterns</a></li><li><a shape="rect" href="#Security-StrictMethodInvocation">Strict Method Invocation</a></li></ul> </li></ul> @@ -195,7 +195,12 @@ div.rbtoc1466227216669 li {margin-left: </Configuration></pre> </div></div><h4 id="Security-UseUTF-8encoding">Use UTF-8 encoding</h4><p>Always use <code>UTF-8</code> encoding when building an application with the Apache Struts 2, when using JSPs please add the following header to each JSP file</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl"> <pre class="brush: xml; gutter: false; theme: Default" style="font-size:12px;"><%@ page contentType="text/html; charset=UTF-8" %></pre> -</div></div><h4 id="Security-Donotdefinedsetterswhennotneeded">Do not defined setters when not needed</h4><p>You should carefully design your actions without exposing anything via setters and getters, thus can leads to potential security vulnerabilities. Any action's setter can be used to set incoming untrusted user's value which can contain suspicious expression. Some Struts <code>Result</code>s automatically populate params based on values in <code>ValueStack</code> (action in most cases is the root) which means incoming value will be evaluated as an expression during this process.</p><h3 id="Security-Internalsecuritymechanism">Internal security mechanism</h3><p>The Apache Struts 2 contains internal security manager which blocks access to particular classes and Java packages - it's a OGNL-wide mechanism which means it affects any aspect of the framework ie. incoming parameters, expressions used in JSPs, etc.</p><p>There are three options that can be used to configure exc luded packages and classes:</p><ul style="list-style-type: square;"><li><code>struts.excludedClasses</code> - comma-separated list of excluded classes</li><li><code>struts.excludedPackageNamePatterns</code> - patterns used to exclude packages based on RegEx - this option is slower than simple string comparison but it's more flexible</li><li><code>struts.excludedPackageNames</code> - comma-separated list of excluded packages, it is used with simple string comparison via <code>startWith</code> and <code>equals</code></li></ul><p>The defaults are as follow:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl"> +</div></div><h4 id="Security-Donotdefinedsetterswhennotneeded">Do not defined setters when not needed</h4><p>You should carefully design your actions without exposing anything via setters and getters, thus can leads to potential security vulnerabilities. Any action's setter can be used to set incoming untrusted user's value which can contain suspicious expression. Some Struts <code>Result</code>s automatically populate params based on values in <code>ValueStack</code> (action in most cases is the root) which means incoming value will be evaluated as an expression during this process.</p><h4 id="Security-Donotuseincomingvaluesasaninputforlocalisationlogic">Do not use incoming values as an input for localisation logic</h4><p>All <code>TextProvider</code>'s <code>getText(...) </code>methods (e.g in <code>ActionSupport</code>) performs evaluation of parameters included in a message to properly localize the text. This means using incoming request parameters with& #160;<code>getText(...)</code> methods is potentially dangerous and should be avoided. Se example below, assuming that an action implements getter and setter for property <code>message</code>, the below code allows inject an OGNL expression:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl"> +<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">public String execute() throws Exception { + setMessage(getText(getMessage())); + return SUCCESS; +}</pre> +</div></div><p>Never use value of incoming request parameter as part of your localisation logic.</p><h3 id="Security-Internalsecuritymechanism">Internal security mechanism</h3><p>The Apache Struts 2 contains internal security manager which blocks access to particular classes and Java packages - it's a OGNL-wide mechanism which means it affects any aspect of the framework ie. incoming parameters, expressions used in JSPs, etc.</p><p>There are three options that can be used to configure excluded packages and classes:</p><ul style="list-style-type: square;"><li><code>struts.excludedClasses</code> - comma-separated list of excluded classes</li><li><code>struts.excludedPackageNamePatterns</code> - patterns used to exclude packages based on RegEx - this option is slower than simple string comparison but it's more flexible</li><li><code>struts.excludedPackageNames</code> - comma-separated list of excluded packages, it is used with simple string comparison via <code>startWith</code> an d <code>equals</code></li></ul><p>The defaults are as follow:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl"> <pre class="brush: xml; gutter: false; theme: Default" style="font-size:12px;"><constant name="struts.excludedClasses" value="com.opensymphony.xwork2.ActionContext" /> Modified: websites/production/struts/content/docs/servlet-config-interceptor.html ============================================================================== --- websites/production/struts/content/docs/servlet-config-interceptor.html (original) +++ websites/production/struts/content/docs/servlet-config-interceptor.html Fri Dec 2 07:17:46 2016 @@ -147,7 +147,7 @@ implements ParameterAware then the actio servlet context, the session, etc. Interfaces that it supports are: </p> -<p></p><ul></ul><p></p><ul><li>ServletContextAware</li></ul><p></p><ul><li>ServletRequestAware</li></ul><p></p><ul><li>ServletResponseAware</li></ul><p></p><ul><li>ParameterAware</li></ul><p></p><ul><li>RequestAware</li></ul><p></p><ul><li>SessionAware</li></ul><p></p><ul><li>ApplicationAware</li></ul><p></p><ul><li>PrincipalAware</li></ul><p></p> +<p></p><ul></ul><p></p><ul><li>ServletContextAware</li></ul><p></p><ul><li>ServletRequestAware</li></ul><p></p><ul><li>ServletResponseAware</li></ul><p></p><ul><li>ParameterAware - deprecated since 2.5.4, please use HttpParametersAware</li></ul><p></p><ul><li>HttpParametersAware</li></ul><p></p><ul><li>RequestAware</li></ul><p></p><ul><li>SessionAware</li></ul><p></p><ul><li>ApplicationAware</li></ul><p></p><ul><li>PrincipalAware</li></ul><p></p> <h2 id="ServletConfigInterceptor-Parameters">Parameters</h2> Modified: websites/production/struts/content/docs/set.html ============================================================================== --- websites/production/struts/content/docs/set.html (original) +++ websites/production/struts/content/docs/set.html Fri Dec 2 07:17:46 2016 @@ -150,7 +150,7 @@ readability improvement).</p> which the body evaluates is set as value for the scoped variable.</p> <p></p><p>The scopes available are as follows:</p> -<ul><li>application - the value will be set in application scope according to servlet spec. using the name as its key</li><li>session - the value will be set in session scope according to servlet spec. using the name as key </li><li>request - the value will be set in request scope according to servlet spec. using the name as key </li><li>page - the value will be set in page scope according to servlet sepc. using the name as key</li><li>action - the value will be set in the request scope and Struts' action context using the name as key</li></ul> +<ul><li>application - the value will be set in application scope according to servlet spec. using the name as its key</li><li>session - the value will be set in session scope according to servlet spec. using the name as key </li><li>request - the value will be set in request scope according to servlet spec. using the name as key </li><li>page - the value will be set in page scope according to servlet spec. using the name as key</li><li>action - the value will be set in the request scope and Struts' action context using the name as key</li></ul> <p></p><p> NOTE:<br clear="none"> Modified: websites/production/struts/content/docs/struts-defaultxml.html ============================================================================== --- websites/production/struts/content/docs/struts-defaultxml.html (original) +++ websites/production/struts/content/docs/struts-defaultxml.html Fri Dec 2 07:17:46 2016 @@ -294,6 +294,8 @@ under the License. <bean type="ognl.PropertyAccessor" name="java.util.Map" class="com.opensymphony.xwork2.ognl.accessor.XWorkMapPropertyAccessor" /> <bean type="ognl.PropertyAccessor" name="java.util.Collection" class="com.opensymphony.xwork2.ognl.accessor.XWorkCollectionPropertyAccessor" /> <bean type="ognl.PropertyAccessor" name="com.opensymphony.xwork2.ognl.ObjectProxy" class="com.opensymphony.xwork2.ognl.accessor.ObjectProxyPropertyAccessor" /> + <bean type="ognl.PropertyAccessor" name="org.apache.struts2.dispatcher.HttpParameters" class="com.opensymphony.xwork2.ognl.accessor.HttpParametersPropertyAccessor" /> + <bean type="ognl.PropertyAccessor" name="org.apache.struts2.dispatcher.Parameter" class="com.opensymphony.xwork2.ognl.accessor.ParameterPropertyAccessor" /> <bean type="ognl.MethodAccessor" name="java.lang.Object" class="com.opensymphony.xwork2.ognl.accessor.XWorkMethodAccessor" /> <bean type="ognl.MethodAccessor" name="com.opensymphony.xwork2.util.CompoundRoot" class="com.opensymphony.xwork2.ognl.accessor.CompoundRootAccessor" /> @@ -315,6 +317,8 @@ under the License. <bean type="com.opensymphony.xwork2.security.ExcludedPatternsChecker" name="struts" class="com.opensymphony.xwork2.security.DefaultExcludedPatternsChecker" scope="prototype" /> <bean type="com.opensymphony.xwork2.security.AcceptedPatternsChecker" name="struts" class="com.opensymphony.xwork2.security.DefaultAcceptedPatternsChecker" scope="prototype" /> + <bean type="com.opensymphony.xwork2.config.providers.ValueSubstitutor" class="com.opensymphony.xwork2.config.providers.EnvsValueSubstitutor" scope="singleton"/> + <package name="struts-default" abstract="true" strict-method-invocation="true"> <result-types> <result-type name="chain" class="com.opensymphony.xwork2.ActionChainResult"/> @@ -343,7 +347,7 @@ under the License. <interceptor name="execAndWait" class="org.apache.struts2.interceptor.ExecuteAndWaitInterceptor"/> <interceptor name="exception" class="com.opensymphony.xwork2.interceptor.ExceptionMappingInterceptor"/> <interceptor name="fileUpload" class="org.apache.struts2.interceptor.FileUploadInterceptor"/> - <interceptor name="i18n" class="com.opensymphony.xwork2.interceptor.I18nInterceptor"/> + <interceptor name="i18n" class="org.apache.struts2.interceptor.I18nInterceptor"/> <interceptor name="logger" class="com.opensymphony.xwork2.interceptor.LoggingInterceptor"/> <interceptor name="modelDriven" class="com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor"/> <interceptor name="scopedModelDriven" class="com.opensymphony.xwork2.interceptor.ScopedModelDrivenInterceptor"/> Modified: websites/production/struts/content/docs/template-loading.html ============================================================================== --- websites/production/struts/content/docs/template-loading.html (original) +++ websites/production/struts/content/docs/template-loading.html Fri Dec 2 07:17:46 2016 @@ -125,45 +125,14 @@ under the License. <div class="pagecontent"> <div class="wiki-content"> - <div id="ConfluenceContent"><p>Templates are loaded first by searching the application and then by searching the classpath. If a template needs to be overridden, an edited copy can be placed in the application, so that is found first.</p> - -<div class="confluence-information-macro confluence-information-macro-information"><p class="title">One for all</p><span class="aui-icon aui-icon-small aui-iconfont-info confluence-information-macro-icon"></span><div class="confluence-information-macro-body"> -<p>FreeMarker is the default templating engine. The FreeMarker templates are used regardless of what format the view may use. Internally, the JSP, FTL, Velocity tags are all rendered using FreeMarker. </p></div></div> - -<h2 id="TemplateLoading-TemplateandThemes">Template and Themes</h2> - -<p>Templates are loaded based the template directory and theme name (see <a shape="rect" href="selecting-themes.html">Selecting Themes</a>). The template directory is defined by the <code>struts.ui.templateDir</code> property in <a shape="rect" href="strutsproperties.html">struts.properties</a> (defaults to <code>template</code>). If a tag is using the <code>xhtml</code> theme, the following two locations will be searched (in this order):</p> - -<div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p> In the application </p></th><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>/template/xhtml/template.ftl</code> </p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p> In the classpath </p></th><td colspan="1" rowspan="1" class="confluenceTd"><p> <code>/template/xhtml/template.ftl</code> </p></td></tr></tbody></table></div> - - -<p><img class="emoticon emoticon-warning" src="https://cwiki.apache.org/confluence/s/en_GB/5982/f2b47fb3d636c8bc9fd0b11c0ec6d0ae18646be7.1/_/images/icons/emoticons/warning.png" data-emoticon-name="warning" alt="(warning)"> For performance reasons, you may want to prefer the first location, although the second one is more flexible. See <a shape="rect" href="performance-tuning.html">Performance Tuning</a> for a discussion on this topic.</p> - -<h2 id="TemplateLoading-OverridingTemplates">Overriding Templates</h2> - -<p>The default templates provided in the <code>struts-core.jar</code> should suit the needs of many applications. However, if a template needs to be modified, it's easy to plug in a new version. Extract the template you need to change from the <code>struts-core.jar</code>, make the modifications, and save the updated copy to <code>/template/$theme/$template.ftl</code>. If you are using the xhmtl theme and need to change how the select tags render, edit that template and save it to <code>/template/xhtml/select.ftl</code>.</p> - -<p><img class="emoticon emoticon-warning" src="https://cwiki.apache.org/confluence/s/en_GB/5982/f2b47fb3d636c8bc9fd0b11c0ec6d0ae18646be7.1/_/images/icons/emoticons/warning.png" data-emoticon-name="warning" alt="(warning)"> It is easier and better to edit and override an existing template than provide a new one of your own.</p> - -<h2 id="TemplateLoading-AlteringTemplateLoadingBehaviour">Altering Template Loading Behaviour</h2> - -<p>It is possible to load template from other locations, like the file system or a URL. Loading templates from alternate locations can be useful not only for tags, but for custom results. For details, see the <a shape="rect" href="freemarker.html">FreeMarker</a> documentation and consult the section on extending the FreeMarkerManager.</p> - -<h2 id="TemplateLoading-AlternativeTemplateEngines">Alternative Template Engines</h2> - -<p>The framework provides for template rendering engines other than FreeMarker. (Though, there is rarely a need to use another system!)</p> - -<div class="confluence-information-macro confluence-information-macro-warning"><p class="title">Don't try this at home!</p><span class="aui-icon aui-icon-small aui-iconfont-error confluence-information-macro-icon"></span><div class="confluence-information-macro-body"><p>Alternative template engines are best left to advanced users with special needs!</p></div></div> - -<p>The framework supports three template engines, which can be controlled by the <code>struts.ui.templateSuffix</code> in <a shape="rect" href="strutsproperties.html">struts.properties</a>.</p> - -<div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p> ftl (default) </p></th><td colspan="1" rowspan="1" class="confluenceTd"><p> <a shape="rect" href="freemarker.html">FreeMarker</a>-based template engine </p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p> vm </p></th><td colspan="1" rowspan="1" class="confluenceTd"><p> <a shape="rect" href="velocity.html">Velocity</a>-based template engine </p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p> jsp </p></th><td colspan="1" rowspan="1" class="confluenceTd"><p> <a shape="rect" href="jsp.html">JSP</a>-based template engine </p></td></tr></tbody></table></div> - - -<p>The only set of templates and themes provided in the distribution is for FreeMarker. In order to use another template engine, you must provide your own template and theme for that engine. </p> - -<div class="confluence-information-macro confluence-information-macro-tip"><p class="title">Stay the course</p><span class="aui-icon aui-icon-small aui-iconfont-approve confluence-information-macro-icon"></span><div class="confluence-information-macro-body"> -<p>Don't feel that you need to rewrite the templates to match your view format. If you need to customize the template, try copying and modifying the FreeMarker template first. Most changes should be obvious.</p></div></div></div> + <div id="ConfluenceContent"><p><style type="text/css">/*<![CDATA[*/ +div.rbtoc1480661603920 {padding: 0px;} +div.rbtoc1480661603920 ul {list-style: disc;margin-left: 0px;} +div.rbtoc1480661603920 li {margin-left: 0px;padding-left: 0px;} + +/*]]>*/</style></p><div class="toc-macro rbtoc1480661603920"> +<ul class="toc-indentation"><li><a shape="rect" href="#TemplateLoading-TemplateandThemes">Template and Themes</a></li><li><a shape="rect" href="#TemplateLoading-OverridingTemplates">Overriding Templates</a></li><li><a shape="rect" href="#TemplateLoading-AlteringTemplateLoadingBehaviour">Altering Template Loading Behaviour</a></li><li><a shape="rect" href="#TemplateLoading-AlternativeTemplateEngines">Alternative Template Engines</a></li></ul> +</div><p>Templates are loaded first by searching the application and then by searching the classpath. If a template needs to be overridden, an edited copy can be placed in the application, so that is found first.</p><div class="confluence-information-macro confluence-information-macro-information"><p class="title">One for all</p><span class="aui-icon aui-icon-small aui-iconfont-info confluence-information-macro-icon"></span><div class="confluence-information-macro-body"><p>FreeMarker is the default templating engine. The FreeMarker templates are used regardless of what format the view may use. Internally, the JSP, FTL, Velocity tags are all rendered using FreeMarker.</p></div></div><h2 id="TemplateLoading-TemplateandThemes">Template and Themes</h2><p>Templates are loaded based the template directory and theme name (see <a shape="rect" href="selecting-themes.html">Selecting Themes</a>). The template directory is defined by the <code>struts.ui.templateDir</code> property in <a shape=" rect" href="strutsproperties.html">struts.properties</a> (defaults to <code>template</code>). If a tag is using the <code>xhtml</code> theme, the following two locations will be searched (in this order):</p><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>In the application</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p><code>/template/xhtml/template.ftl</code></p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>In the classpath</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p><code>/template/xhtml/template.ftl</code></p></td></tr></tbody></table></div><p><img class="emoticon emoticon-warning" src="https://cwiki.apache.org/confluence/s/en_GB/5982/f2b47fb3d636c8bc9fd0b11c0ec6d0ae18646be7.1/_/images/icons/emoticons/warning.png" data-emoticon-name="warning" alt="(warning)"> For performance reasons, you may want to prefer the first location, although the second one is more flexi ble. See <a shape="rect" href="performance-tuning.html">Performance Tuning</a> for a discussion on this topic.</p><h2 id="TemplateLoading-OverridingTemplates">Overriding Templates</h2><p>The default templates provided in the <code>struts-core.jar</code> should suit the needs of many applications. However, if a template needs to be modified, it's easy to plug in a new version. Extract the template you need to change from the <code>struts-core.jar</code>, make the modifications, and save the updated copy to <code>/template/$theme/$template.ftl</code>. If you are using the xhmtl theme and need to change how the select tags render, edit that template and save it to <code>/template/xhtml/select.ftl</code>.</p><p><img class="emoticon emoticon-warning" src="https://cwiki.apache.org/confluence/s/en_GB/5982/f2b47fb3d636c8bc9fd0b11c0ec6d0ae18646be7.1/_/images/icons/emoticons/warning.png" data-emoticon-name="warning" alt="(warning)"> It is easier and better to edit and override an existing tem plate than provide a new one of your own.</p><h2 id="TemplateLoading-AlteringTemplateLoadingBehaviour">Altering Template Loading Behaviour</h2><p>It is possible to load template from other locations, like the file system or a URL. Loading templates from alternate locations can be useful not only for tags, but for custom results. For details, see the <a shape="rect" href="freemarker.html">FreeMarker</a> documentation and consult the section on extending the FreeMarkerManager.</p><h2 id="TemplateLoading-AlternativeTemplateEngines">Alternative Template Engines</h2><p>The framework provides for template rendering engines other than FreeMarker. (Though, there is rarely a need to use another system!)</p><div class="confluence-information-macro confluence-information-macro-warning"><p class="title">Don't try this at home!</p><span class="aui-icon aui-icon-small aui-iconfont-error confluence-information-macro-icon"></span><div class="confluence-information-macro-body"><p>Alternative templat e engines are best left to advanced users with special needs!</p></div></div><p>The framework supports three template engines, which can be controlled by the <code>struts.ui.templateSuffix</code> in <a shape="rect" href="strutsproperties.html">struts.properties</a>.</p><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>ftl (default)</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" href="freemarker.html">FreeMarker</a>-based template engine</p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>vm</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" href="velocity.html">Velocity</a>-based template engine</p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>jsp</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" href="jsp.html">JSP</a>-based template engine</p></td></tr></tbody></table></div><p>The only set of templa tes and themes provided in the distribution is for FreeMarker. In order to use another template engine, you must provide your own template and theme for that engine.</p><div class="confluence-information-macro confluence-information-macro-tip"><p class="title">Stay the course</p><span class="aui-icon aui-icon-small aui-iconfont-approve confluence-information-macro-icon"></span><div class="confluence-information-macro-body"><p>Don't feel that you need to rewrite the templates to match your view format. If you need to customize the template, try copying and modifying the FreeMarker template first. Most changes should be obvious.</p></div></div></div> </div> Modified: websites/production/struts/content/docs/testing-actions.html ============================================================================== --- websites/production/struts/content/docs/testing-actions.html (original) +++ websites/production/struts/content/docs/testing-actions.html Fri Dec 2 07:17:46 2016 @@ -138,14 +138,8 @@ under the License. <div class="pagecontent"> <div class="wiki-content"> - <div id="ConfluenceContent"><p>The recommended way to test actions is to instantiate the action classes and test them. The <a shape="rect" href="junit-plugin.html">JUnit Plugin</a> supports testing actions within a Struts invocation, meaning that a full request is simulated, and the output of the action can be tested. </p> - -<h3 id="TestingActions-Strutsactions(withoutSpring)">Struts actions (without Spring)</h3> -<p>To test actions that do not use Spring, extend <code>StrutsTestCase</code>. The following example shows different ways of testing an action:<br clear="none"> -Mapping:</p> -<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl"> -<pre class="brush: xml; gutter: false; theme: Default" style="font-size:12px;"> -<struts> + <div id="ConfluenceContent"><p>The recommended way to test actions is to instantiate the action classes and test them. The <a shape="rect" href="junit-plugin.html">JUnit Plugin</a> supports testing actions within a Struts invocation, meaning that a full request is simulated, and the output of the action can be tested.</p><h3 id="TestingActions-Strutsactions(withoutSpring)">Struts actions (without Spring)</h3><p>To test actions that do not use Spring, extend <code>StrutsTestCase</code>. The following example shows different ways of testing an action:<br clear="none"> Mapping:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl"> +<pre class="brush: xml; gutter: false; theme: Default" style="font-size:12px;"><struts> <constant name="struts.objectFactory" value="spring"/> <package name="test" namespace="/test" extends="struts-default"> <action name="testAction" class="org.apache.struts2.TestAction"> @@ -154,11 +148,8 @@ Mapping:</p> </package> </struts> </pre> -</div></div> -<p>Action:</p> -<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl"> -<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;"> -public class TestAction extends ActionSupport { +</div></div><p>Action:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl"> +<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">public class TestAction extends ActionSupport { private String name; public String getName() { @@ -170,11 +161,8 @@ public class TestAction extends ActionSu } } </pre> -</div></div> -<p>JUnit:</p> -<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl"> -<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;"> -package org.apache.struts2; +</div></div><p>JUnit:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl"> +<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">package org.apache.struts2; import org.apache.struts2.dispatcher.mapper.ActionMapping; @@ -222,34 +210,14 @@ public class StrutsTestCaseTest extends } } </pre> -</div></div> - -<h3 id="TestingActions-Thetemplate">The template</h3> -<p>If you use JSPs as the template engine you won't be able to test the action output outside the container. The <a shape="rect" href="embedded-jsp-plugin.html">Embedded JSP Plugin</a> can be used to overcome this limitation and be able to use JSPs from the classpath and outside the container.</p> - -<p>There are several utility methods and mock objects defined in StrutsTestCase which can be used to facilitate the testing:<br clear="none"> -Methods:</p> -<div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Method Name</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>executeAction(String)</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Pass the url for the action, and it will return the output of the action. This output <strong>is not</strong> the action result, like "success", but what would be written to the result stream. To use this the actions must be using a result type that can be read from the classpath, like FreeMarker, velocity, etc (if you are using the experimental Embedded JSP Plugin, you can use JSPs also)</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>getActionProxy(String)</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Builds an action proxy that can be used to invoke an action, by calling <code>execute()</code> on th e returned proxy object. The return value of <code>execute()</code> is the action result, like "success"</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>getActionMapping(String)</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Gets an <code>ActionMapping</code> for the url</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>injectStrutsDependencies(object)</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Injects Struts dependencies into an object (dependencies are marked with <code>Inject</code>)</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>findValueAfterExecute(String)</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Finds an object in the value stack, after an action has been executed</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>applyAdditionalParams(ActionContext)</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Can be overwritten in subclass to provid e additional params and settings used during action invocation</p></td></tr></tbody></table></div> - - -<div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Field</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>MockHttpServletRequest request</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>The request that will be passed to Struts. Make sure to set parameters in this object before calling methods like <code>getActionProxy</code></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>MockHttpServletResponse response</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>The response object passed to Struts, you can use this class to test the output, response headers, etc</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>MockServletContext servletContext</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>The servlet context object passed to Struts</p></td></tr></tbody></tabl e></div> - - -<h3 id="TestingActions-StrutsActionsusingSpring">Struts Actions using Spring</h3> -<p>Make sure to add a dependency to the <a shape="rect" href="spring-plugin.html">Spring Plugin</a> to your <code>pom.xml</code>:</p> -<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl"> -<pre class="brush: xml; gutter: false; theme: Default" style="font-size:12px;"> -<dependency> +</div></div><h3 id="TestingActions-Thetemplate">The template</h3><p>If you use JSPs as the template engine you won't be able to test the action output outside the container. The <a shape="rect" href="embedded-jsp-plugin.html">Embedded JSP Plugin</a> can be used to overcome this limitation and be able to use JSPs from the classpath and outside the container.</p><p>There are several utility methods and mock objects defined in StrutsTestCase which can be used to facilitate the testing:<br clear="none"> Methods:</p><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Method Name</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>executeAction(String)</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Pass the url for the action, and it will return the output of the action. This output <strong>is not</strong> the action result , like "success", but what would be written to the result stream. To use this the actions must be using a result type that can be read from the classpath, like FreeMarker, velocity, etc (if you are using the experimental Embedded JSP Plugin, you can use JSPs also)</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>getActionProxy(String)</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Builds an action proxy that can be used to invoke an action, by calling <code>execute()</code> on the returned proxy object. The return value of <code>execute()</code> is the action result, like "success"</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>getActionMapping(String)</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Gets an <code>ActionMapping</code> for the url</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>injectStrutsDependencies(object)</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Injects Stru ts dependencies into an object (dependencies are marked with <code>Inject</code>)</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>findValueAfterExecute(String)</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Finds an object in the value stack, after an action has been executed</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>applyAdditionalParams(ActionContext)</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Can be overwritten in subclass to provide additional params and settings used during action invocation</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">createAction(Class)</td><td colspan="1" rowspan="1" class="confluenceTd">Can be used to instantiate an action which requires framework's dependencies to be injected (e.g. extending <code>ActionSupport</code> requires inject some internal dependencies)</td></tr></tbody></table></div><div class="table-wrap"><table class="confluenceTable"><tbody><tr><t h colspan="1" rowspan="1" class="confluenceTh"><p>Field</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>MockHttpServletRequest request</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>The request that will be passed to Struts. Make sure to set parameters in this object before calling methods like <code>getActionProxy</code></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>MockHttpServletResponse response</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>The response object passed to Struts, you can use this class to test the output, response headers, etc</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>MockServletContext servletContext</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>The servlet context object passed to Struts</p></td></tr></tbody></table></div><h3 id="TestingActions-StrutsActionsusingSpring">Struts Acti ons using Spring</h3><p>Make sure to add a dependency to the <a shape="rect" href="spring-plugin.html">Spring Plugin</a> to your <code>pom.xml</code>:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl"> +<pre class="brush: xml; gutter: false; theme: Default" style="font-size:12px;"><dependency> <groupId>org.apache.struts</groupId> <artifactId>struts2-spring-plugin</artifactId> <version>STRUTS_VERSION</version> </dependency> </pre> -</div></div> - -<p>If you use Spring as the object factory, the <code>StrutsSpringTestCase</code> class can be used to write your JUnits. This class extends <code>StrutsTestCase</code> and has a <code>applicationContext</code> field of type <code>ApplicationContext</code>. </p> - -<p>The Spring context is loaded from "classpath*:applicationContext.xml" by default. To provide a different location, overwrite <code>getContextLocations</code>. </p></div> +</div></div><p>If you use Spring as the object factory, the <code>StrutsSpringTestCase</code> class can be used to write your JUnits. This class extends <code>StrutsTestCase</code> and has a <code>applicationContext</code> field of type <code>ApplicationContext</code>.</p><p>The Spring context is loaded from "classpath*:applicationContext.xml" by default. To provide a different location, overwrite <code>getContextLocations</code>.</p></div> </div> Modified: websites/production/struts/content/docs/text.html ============================================================================== --- websites/production/struts/content/docs/text.html (original) +++ websites/production/struts/content/docs/text.html Fri Dec 2 07:17:46 2016 @@ -156,7 +156,7 @@ extension. <p></p><p> If the named message is not found in a property file, then the body of the -tag will be used as default message. If no body is used, then the stack will +tag will be used as default message. If no body is used, then the stack can be searched, and if a value is returned, it will written to the output. If no value is found on the stack, the key of the message will be written out. </p> @@ -165,7 +165,7 @@ If no value is found on the stack, the k <h2 id="text-Parameters">Parameters</h2> -<p><table width="100%"><tr><td colspan="6" rowspan="1"><h4>Dynamic Attributes Allowed:</h4> false</td></tr><tr><td colspan="6" rowspan="1"> </td></tr><tr><th align="left" colspan="1" rowspan="1" valign="top"><h4>Name</h4></th><th align="left" colspan="1" rowspan="1" valign="top"><h4>Required</h4></th><th align="left" colspan="1" rowspan="1" valign="top"><h4>Default</h4></th><th align="left" colspan="1" rowspan="1" valign="top"><h4>Evaluated</h4></th><th align="left" colspan="1" rowspan="1" valign="top"><h4>Type</h4></th><th align="left" colspan="1" rowspan="1" valign="top"><h4>Description</h4></th></tr><tr><td align="left" colspan="1" rowspan="1" valign="top">name</td><td align="left" colspan="1" rowspan="1" valign="top"><strong>true</strong></td><td align="left" colspan="1" rowspan="1" valign="top"></td><td align="left" colspan="1" rowspan="1" valign="top">false</td><td align="left" colspan="1" rowspan="1" valign="top">String</td><td align="left" colspan="1" rowspan="1" valign ="top">Name of resource property to fetch</td></tr><tr><td align="left" colspan="1" rowspan="1" valign="top">searchValueStack</td><td align="left" colspan="1" rowspan="1" valign="top">false</td><td align="left" colspan="1" rowspan="1" valign="top">true</td><td align="left" colspan="1" rowspan="1" valign="top">false</td><td align="left" colspan="1" rowspan="1" valign="top">Boolean</td><td align="left" colspan="1" rowspan="1" valign="top">Search the stack if property is not found on resources</td></tr><tr><td align="left" colspan="1" rowspan="1" valign="top">var</td><td align="left" colspan="1" rowspan="1" valign="top">false</td><td align="left" colspan="1" rowspan="1" valign="top"></td><td align="left" colspan="1" rowspan="1" valign="top">false</td><td align="left" colspan="1" rowspan="1" valign="top">String</td><td align="left" colspan="1" rowspan="1" valign="top">Name used to reference the value pushed into the Value Stack</td></tr></table></p> +<p><table width="100%"><tr><td colspan="6" rowspan="1"><h4>Dynamic Attributes Allowed:</h4> false</td></tr><tr><td colspan="6" rowspan="1"> </td></tr><tr><th align="left" colspan="1" rowspan="1" valign="top"><h4>Name</h4></th><th align="left" colspan="1" rowspan="1" valign="top"><h4>Required</h4></th><th align="left" colspan="1" rowspan="1" valign="top"><h4>Default</h4></th><th align="left" colspan="1" rowspan="1" valign="top"><h4>Evaluated</h4></th><th align="left" colspan="1" rowspan="1" valign="top"><h4>Type</h4></th><th align="left" colspan="1" rowspan="1" valign="top"><h4>Description</h4></th></tr><tr><td align="left" colspan="1" rowspan="1" valign="top">name</td><td align="left" colspan="1" rowspan="1" valign="top"><strong>true</strong></td><td align="left" colspan="1" rowspan="1" valign="top"></td><td align="left" colspan="1" rowspan="1" valign="top">false</td><td align="left" colspan="1" rowspan="1" valign="top">String</td><td align="left" colspan="1" rowspan="1" valign ="top">Name of resource property to fetch</td></tr><tr><td align="left" colspan="1" rowspan="1" valign="top">searchValueStack</td><td align="left" colspan="1" rowspan="1" valign="top">false</td><td align="left" colspan="1" rowspan="1" valign="top">false</td><td align="left" colspan="1" rowspan="1" valign="top">false</td><td align="left" colspan="1" rowspan="1" valign="top">Boolean</td><td align="left" colspan="1" rowspan="1" valign="top">Search the stack if property is not found on resources</td></tr><tr><td align="left" colspan="1" rowspan="1" valign="top">var</td><td align="left" colspan="1" rowspan="1" valign="top">false</td><td align="left" colspan="1" rowspan="1" valign="top"></td><td align="left" colspan="1" rowspan="1" valign="top">false</td><td align="left" colspan="1" rowspan="1" valign="top">String</td><td align="left" colspan="1" rowspan="1" valign="top">Name used to reference the value pushed into the Value Stack</td></tr></table></p> <h2 id="text-Examples">Examples</h2> Modified: websites/production/struts/content/docs/tiles-plugin.html ============================================================================== --- websites/production/struts/content/docs/tiles-plugin.html (original) +++ websites/production/struts/content/docs/tiles-plugin.html Fri Dec 2 07:17:46 2016 @@ -139,11 +139,11 @@ under the License. <div class="pagecontent"> <div class="wiki-content"> <div id="ConfluenceContent"><p><style type="text/css">/*<![CDATA[*/ -div.rbtoc1476770248680 {padding: 0px;} -div.rbtoc1476770248680 ul {list-style: disc;margin-left: 0px;} -div.rbtoc1476770248680 li {margin-left: 0px;padding-left: 0px;} +div.rbtoc1480661954732 {padding: 0px;} +div.rbtoc1480661954732 ul {list-style: disc;margin-left: 0px;} +div.rbtoc1480661954732 li {margin-left: 0px;padding-left: 0px;} -/*]]>*/</style></p><div class="toc-macro rbtoc1476770248680"> +/*]]>*/</style></p><div class="toc-macro rbtoc1480661954732"> <ul class="toc-indentation"><li><a shape="rect" href="#TilesPlugin-Features">Features</a></li><li><a shape="rect" href="#TilesPlugin-Usage">Usage</a> <ul class="toc-indentation"><li><a shape="rect" href="#TilesPlugin-AccessingStrutsattributes">Accessing Struts attributes</a></li><li><a shape="rect" href="#TilesPlugin-I18N">I18N</a></li></ul> </li><li><a shape="rect" href="#TilesPlugin-Example">Example</a></li><li><a shape="rect" href="#TilesPlugin-Settings">Settings</a></li><li><a shape="rect" href="#TilesPlugin-Installation">Installation</a></li></ul> Modified: websites/production/struts/content/docs/type-conversion.html ============================================================================== --- websites/production/struts/content/docs/type-conversion.html (original) +++ websites/production/struts/content/docs/type-conversion.html Fri Dec 2 07:17:46 2016 @@ -141,11 +141,11 @@ under the License. <div id="ConfluenceContent"><p>Routine type conversion in the framework is transparent. Generally, all you need to do is ensure that HTML inputs have names that can be used in <a shape="rect" href="ognl.html">OGNL</a> expressions. (HTML inputs are form elements and other GET/POST parameters.)</p> <style type="text/css">/*<![CDATA[*/ -div.rbtoc1464698191529 {padding: 0px;} -div.rbtoc1464698191529 ul {list-style: none;margin-left: 0px;} -div.rbtoc1464698191529 li {margin-left: 0px;padding-left: 0px;} +div.rbtoc1480661791861 {padding: 0px;} +div.rbtoc1480661791861 ul {list-style: none;margin-left: 0px;} +div.rbtoc1480661791861 li {margin-left: 0px;padding-left: 0px;} -/*]]>*/</style><div class="toc-macro rbtoc1464698191529"> +/*]]>*/</style><div class="toc-macro rbtoc1480661791861"> <ul class="toc-indentation"><li><span class="TOCOutline">1</span> <a shape="rect" href="#TypeConversion-BuiltinTypeConversionSupport">Built in Type Conversion Support</a></li><li><span class="TOCOutline">2</span> <a shape="rect" href="#TypeConversion-RelationshiptoParameterNames">Relationship to Parameter Names</a></li><li><span class="TOCOutline">3</span> <a shape="rect" href="#TypeConversion-CreatingaTypeConverter">Creating a Type Converter</a></li><li><span class="TOCOutline">4</span> <a shape="rect" href="#TypeConversion-ApplyingaTypeConvertertoanAction">Applying a Type Converter to an Action</a></li><li><span class="TOCOutline">5</span> <a shape="rect" href="#TypeConversion-ApplyingaTypeConvertertoabeanormodel">Applying a Type Converter to a bean or model</a></li><li><span class="TOCOutline">6</span> <a shape="rect" href="#TypeConversion-ApplyingaTypeConverterforanapplication">Applying a Type Converter for an application</a></li><li><span class="TOCOutline">7</span> <a shape="r ect" href="#TypeConversion-ASimpleExample">A Simple Example</a></li><li><span class="TOCOutline">8</span> <a shape="rect" href="#TypeConversion-AdvancedTypeConversion">Advanced Type Conversion</a> <ul class="toc-indentation"><li><span class="TOCOutline">8.1</span> <a shape="rect" href="#TypeConversion-NullPropertyHandling">Null Property Handling</a></li><li><span class="TOCOutline">8.2</span> <a shape="rect" href="#TypeConversion-CollectionandMapSupport">Collection and Map Support</a> <ul class="toc-indentation"><li><span class="TOCOutline">8.2.1</span> <a shape="rect" href="#TypeConversion-Indexingacollectionbyapropertyofthatcollection">Indexing a collection by a property of that collection</a></li></ul> Modified: websites/production/struts/content/docs/updownselect.html ============================================================================== --- websites/production/struts/content/docs/updownselect.html (original) +++ websites/production/struts/content/docs/updownselect.html Fri Dec 2 07:17:46 2016 @@ -142,7 +142,7 @@ under the License. <div class="confluence-information-macro confluence-information-macro-note"><p class="title">Important</p><span class="aui-icon aui-icon-small aui-iconfont-warning confluence-information-macro-icon"></span><div class="confluence-information-macro-body"> <p></p><p> Note that the listkey and listvalue attribute will default to "key" and "value" -respectively only when the list attribute is evaluated to a Map or its decendant. +respectively only when the list attribute is evaluated to a Map or its descendant. Everything else will result in listkey and listvalue to be null and not used. </p></div></div> Modified: websites/production/struts/content/docs/validation.html ============================================================================== --- websites/production/struts/content/docs/validation.html (original) +++ websites/production/struts/content/docs/validation.html Fri Dec 2 07:17:46 2016 @@ -139,11 +139,11 @@ under the License. <div class="pagecontent"> <div class="wiki-content"> <div id="ConfluenceContent"><p>Struts 2 validation is configured via XML or annotations. Manual validation in the action is also possible, and may be combined with XML and annotation-driven validation.</p><p>Validation also depends on both the <code>validation</code> and <code>workflow</code> interceptors (both are included in the default interceptor stack). The <code>validation</code> interceptor does the validation itself and creates a list of field-specific errors. The <code>workflow</code> interceptor checks for the presence of validation errors: if any are found, it returns the "input" result (by default), taking the user back to the form which contained the validation errors.</p><p>If we're using the default settings <em>and</em> our action doesn't have an "input" result defined <em>and</em> there are validation (or, incidentally, type conversion) errors, we'll get an error message back telling us there's no "input" result defined for the action.</p><p><strong>CONT ENTS</strong></p><p><style type="text/css">/*<![CDATA[*/ -div.rbtoc1464698322819 {padding: 0px;} -div.rbtoc1464698322819 ul {list-style: none;margin-left: 0px;} -div.rbtoc1464698322819 li {margin-left: 0px;padding-left: 0px;} +div.rbtoc1480661925380 {padding: 0px;} +div.rbtoc1480661925380 ul {list-style: none;margin-left: 0px;} +div.rbtoc1480661925380 li {margin-left: 0px;padding-left: 0px;} -/*]]>*/</style></p><div class="toc-macro rbtoc1464698322819"> +/*]]>*/</style></p><div class="toc-macro rbtoc1480661925380"> <ul class="toc-indentation"><li><span class="TOCOutline">1</span> <a shape="rect" href="#Validation-UsingAnnotations">Using Annotations</a></li><li><span class="TOCOutline">2</span> <a shape="rect" href="#Validation-BeanValidation">Bean Validation</a></li><li><span class="TOCOutline">3</span> <a shape="rect" href="#Validation-Examples">Examples</a></li><li><span class="TOCOutline">4</span> <a shape="rect" href="#Validation-BundledValidators">Bundled Validators</a></li><li><span class="TOCOutline">5</span> <a shape="rect" href="#Validation-RegisteringValidators">Registering Validators</a></li><li><span class="TOCOutline">6</span> <a shape="rect" href="#Validation-TurningonValidation">Turning on Validation</a></li><li><span class="TOCOutline">7</span> <a shape="rect" href="#Validation-ValidatorScopes">Validator Scopes</a> <ul class="toc-indentation"><li><span class="TOCOutline">7.1</span> <a shape="rect" href="#Validation-Notes">Notes</a></li></ul> </li><li><span class="TOCOutline">8</span> <a shape="rect" href="#Validation-DefiningValidationRules">Defining Validation Rules</a></li><li><span class="TOCOutline">9</span> <a shape="rect" href="#Validation-LocalizingandParameterizingMessages">Localizing and Parameterizing Messages</a></li><li><span class="TOCOutline">10</span> <a shape="rect" href="#Validation-ValidatorFlavor">Validator Flavor</a></li><li><span class="TOCOutline">11</span> <a shape="rect" href="#Validation-Non-FieldValidatorVsField-Validatorvalidatortypes">Non-Field Validator Vs Field-Validator</a></li><li><span class="TOCOutline">12</span> <a shape="rect" href="#Validation-Short-CircuitingValidator">Short-Circuiting Validator</a></li><li><span class="TOCOutline">13</span> <a shape="rect" href="#Validation-HowValidatorsofanActionareFound">How Validators of an Action are Found</a></li><li><span class="TOCOutline">14</span> <a shape="rect" href="#Validation-Writingcustomvalidators">Writing custom validators</a></li> <li><span class="TOCOutline">15</span> <a shape="rect" href="#Validation-Resources">Resources</a></li><li><span class="TOCOutline">16</span> <a shape="rect" href="#Validation-Next:">Next: Localization</a></li></ul> Modified: websites/production/struts/content/docs/version-notes-2331.html ============================================================================== --- websites/production/struts/content/docs/version-notes-2331.html (original) +++ websites/production/struts/content/docs/version-notes-2331.html Fri Dec 2 07:17:46 2016 @@ -155,7 +155,7 @@ under the License. <url>https://repository.apache.org/content/groups/staging/</url> </repository> </repositories></pre> -</div></div><h2 id="VersionNotes2.3.31-InternalChanges">Internal Changes</h2><ul><li><img class="emoticon emoticon-warning" src="https://cwiki.apache.org/confluence/s/en_GB/5982/f2b47fb3d636c8bc9fd0b11c0ec6d0ae18646be7.1/_/images/icons/emoticons/warning.png" data-emoticon-name="warning" alt="(warning)"> Possible path traversal in the Convention plugin <a shape="rect" href="s2-042.html">S2-042</a></li><li><img class="emoticon emoticon-warning" src="https://cwiki.apache.org/confluence/s/en_GB/5982/f2b47fb3d636c8bc9fd0b11c0ec6d0ae18646be7.1/_/images/icons/emoticons/warning.png" data-emoticon-name="warning" alt="(warning)"> Using the Config Browser plugin in production <a shape="rect" href="s2-043.html">S2-043</a></li></ul><p> </p><div class="confluence-information-macro confluence-information-macro-note"><span class="aui-icon aui-icon-small aui-iconfont-warning confluence-information-macro-icon"></span><div class="confluence-information-macro-body"><p>This rele ase contains fixes related to <a shape="rect" href="s2-042.html">S2-042</a> and <a shape="rect" href="s2-043.html">S2-043</a> security bulletins, please read them carefully!</p></div></div><h3 id="VersionNotes2.3.31-Issues">Issues</h3><h4 id="VersionNotes2.3.31-Bug">Bug</h4><ul><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4601">WW-4601</a>] - webconsole can always be accessed</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4628">WW-4628</a>] - Space character and includeParams</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4659">WW-4659</a>] - Exception starting filter struts2 java.lang.IncompatibleClassChangeError: Implementing class</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4663">WW-4663</a>] - NullPointerException when displaying a form without action attribute</li><li>[<a shape="rect" class=" external-link" href="https://issues.apache.org/jira/browse/WW-4667">WW-4667</a>] - ParametersInterceptor excludeParams only applies to first instance of params interceptor in paramsPrepareParamsStack</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4669">WW-4669</a>] - Struts 2.5.1 gives errors on unexpected action names</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4675">WW-4675</a>] - Select box does not pre-select chosen values</li></ul><h4 id="VersionNotes2.3.31-Improvement">Improvement</h4><ul><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4674">WW-4674</a>] - StrutsPrepareAndExecuteFilter should check for response commited status</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4685">WW-4685</a>] - Allow directly accessing I18N keys from Tiles defintions</li></ul><h3 id="VersionNotes2.3.31-IssueDeta il">Issue Detail</h3><ul><li><a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311041&version=12337872">JIRA Release Notes 2.3.31</a></li></ul><h3 id="VersionNotes2.3.31-IssueList">Issue List</h3><ul><li><a shape="rect" class="external-link" href="https://issues.apache.org/jira/issues/?filter=12338537">Struts 2.3.30 DONE</a></li><li><a shape="rect" class="external-link" href="https://issues.apache.org/jira/issues/?filter=12318399">Struts 2.3.x TODO</a></li></ul><h3 id="VersionNotes2.3.31-Otherresources">Other resources</h3><ul><li><a shape="rect" class="external-link" href="http://www.mail-archive.com/commits%40struts.apache.org/" rel="nofollow">Commit Logs</a></li><li><a shape="rect" class="external-link" href="https://git-wip-us.apache.org/repos/asf?p=struts.git;a=tree;h=refs/heads/develop;hb=develop">Source Code Repository</a></li></ul><div><span style="font-size: 24.0px;line-height: 30.0px;"><br clear="none"></span ></div><div><span style="font-size: 24.0px;line-height: >30.0px;background-color: rgb(245,245,245);"><br >clear="none"></span></div></div> +</div></div><h2 id="VersionNotes2.3.31-InternalChanges">Internal Changes</h2><ul><li><img class="emoticon emoticon-warning" src="https://cwiki.apache.org/confluence/s/en_GB/5982/f2b47fb3d636c8bc9fd0b11c0ec6d0ae18646be7.1/_/images/icons/emoticons/warning.png" data-emoticon-name="warning" alt="(warning)"> Possible path traversal in the Convention plugin <a shape="rect" href="s2-042.html">S2-042</a></li><li><img class="emoticon emoticon-warning" src="https://cwiki.apache.org/confluence/s/en_GB/5982/f2b47fb3d636c8bc9fd0b11c0ec6d0ae18646be7.1/_/images/icons/emoticons/warning.png" data-emoticon-name="warning" alt="(warning)"> Using the Config Browser plugin in production <a shape="rect" href="s2-043.html">S2-043</a></li></ul><p> </p><div class="confluence-information-macro confluence-information-macro-note"><span class="aui-icon aui-icon-small aui-iconfont-warning confluence-information-macro-icon"></span><div class="confluence-information-macro-body"><p>This rele ase contains fixes related to <a shape="rect" href="s2-042.html">S2-042</a> and <a shape="rect" href="s2-043.html">S2-043</a> security bulletins, please read them carefully!</p></div></div><h3 id="VersionNotes2.3.31-Issues">Issues</h3><h4 id="VersionNotes2.3.31-Bug">Bug</h4><ul><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4601">WW-4601</a>] - webconsole can always be accessed</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4628">WW-4628</a>] - Space character and includeParams</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4659">WW-4659</a>] - Exception starting filter struts2 java.lang.IncompatibleClassChangeError: Implementing class</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4663">WW-4663</a>] - NullPointerException when displaying a form without action attribute</li><li>[<a shape="rect" class=" external-link" href="https://issues.apache.org/jira/browse/WW-4667">WW-4667</a>] - ParametersInterceptor excludeParams only applies to first instance of params interceptor in paramsPrepareParamsStack</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4669">WW-4669</a>] - Struts 2.5.1 gives errors on unexpected action names</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4675">WW-4675</a>] - Select box does not pre-select chosen values</li></ul><h4 id="VersionNotes2.3.31-Improvement">Improvement</h4><ul><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4674">WW-4674</a>] - StrutsPrepareAndExecuteFilter should check for response commited status</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4685">WW-4685</a>] - Allow directly accessing I18N keys from Tiles defintions</li></ul><h3 id="VersionNotes2.3.31-IssueDeta il">Issue Detail</h3><ul><li><a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311041&version=12337872">JIRA Release Notes 2.3.31</a></li></ul><h3 id="VersionNotes2.3.31-IssueList">Issue List</h3><ul><li><a shape="rect" class="external-link" href="https://issues.apache.org/jira/issues/?filter=12338537">Struts 2.3.31 DONE</a></li><li><a shape="rect" class="external-link" href="https://issues.apache.org/jira/issues/?filter=12318399">Struts 2.3.x TODO</a></li></ul><h3 id="VersionNotes2.3.31-Otherresources">Other resources</h3><ul><li><a shape="rect" class="external-link" href="http://www.mail-archive.com/commits%40struts.apache.org/" rel="nofollow">Commit Logs</a></li><li><a shape="rect" class="external-link" href="https://git-wip-us.apache.org/repos/asf?p=struts.git;a=tree;h=refs/heads/develop;hb=develop">Source Code Repository</a></li></ul><div><span style="font-size: 24.0px;line-height: 30.0px;"><br clear="none"></span ></div><div><span style="font-size: 24.0px;line-height: >30.0px;background-color: rgb(245,245,245);"><br >clear="none"></span></div></div> </div>