double Name expression gets escaped without being evaluated
-----------------------------------------------------------
Key: WW-2993
URL: https://issues.apache.org/struts/browse/WW-2993
Project: Struts 2
Issue Type: Bug
Affects Versions: 2.0.14
Reporter: Qiang Zheng
In DoubleListUIBean.java, there is one piece of code trying to populate
"doubleId" parameter. Looks like when "form!=null" this.doubleName get escaped
without being evaluated. The counter part in "form is null" case does
"findString" before do "escape". This cause problem when we pass in doubleName
as
"%{#attr.name}", the lower part of "doubleId" became "_%{#attr_name}". Here is
the code.
-----------------------------------------------------------------
if (doubleId != null) {
.....
} else if (form != null) {
addParameter("doubleId", form.getParameters().get("id") + "_"
+escape(this.doubleName));
} else {
addParameter("doubleId", escape(doubleName !=null ?
findString(doubleName) : null));
}
-----------------------------------------------------------------
Should it acutally be:
if (doubleId != null) {
.....
} else if (form != null) {
addParameter("doubleId", form.getParameters().get("id") + "_"
+escape(doubleName !=null ? findString(doubleName) : null));
} else {
addParameter("doubleId", escape(doubleName !=null ?
findString(doubleName) : null));
}
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
