Passing paremeter value from Action to Action requires a security vulnerability
-------------------------------------------------------------------------------
Key: WW-2949
URL: https://issues.apache.org/struts/browse/WW-2949
Project: Struts 2
Issue Type: Bug
Components: Core Actions
Affects Versions: 2.1.6
Environment: All
Reporter: Lee Clemens
To pass parameter value from Action->form->Action, need to use URL parameter or
<s:hidden>
URL can be manipulated manually and hidden form field can be altered via
Firefox plugin, etc
This presents a security issue, since the form's hidden attribute can be
manipulated via a Firefox plugin, etc and the URL can be altered directly
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
