[jira] Commented: (WW-2993) double Name expression gets escaped without being evaluated

Mon, 20 Apr 2009 06:54:36 -0700 

    [ 
https://issues.apache.org/struts/browse/WW-2993?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=46067#action_46067
 ] 

Qiang Zheng commented on WW-2993:
---------------------------------

Thanks for all the tips about mvn and your help on check in the changes.

I was thinking to reorganize code bit      

---------- from this before the change 
---------------------------------------------------
} else if (form != null) {
            addParameter("doubleId", form.getParameters().get("id") + "_" 
+escape(this.doubleName));
        } else {
            addParameter("doubleId", escape(doubleName != null ? 
findString(doubleName) : null));
        }


------------ to This  
--------------------------------------------------------------------------
 } else {
            addParameter("doubleId", (form != 
null?(form.getParameters().get("id") + "_"):"") + escape(doubleName !=null ? 
findString(doubleName) : null));
        }
--------------------------------------------------------------------------------------------------

But the original fix should be fine as well.
Thanks again.


> double Name expression gets escaped without being evaluated
> -----------------------------------------------------------
>
>                 Key: WW-2993
>                 URL: https://issues.apache.org/struts/browse/WW-2993
>             Project: Struts 2
>          Issue Type: Bug
>    Affects Versions: 2.0.14
>            Reporter: Qiang Zheng
>            Assignee: Wes Wannemacher
>             Fix For: 2.1.7
>
>
> In DoubleListUIBean.java, there is one piece of code trying to populate 
> "doubleId" parameter. Looks like when "form!=null" this.doubleName get 
> escaped without being evaluated. The counter part in "form is null" case does 
> "findString" before do "escape". This cause problem when we pass in 
> doubleName as
> "%{#attr.name}", the lower part of "doubleId" became "_%{#attr_name}". Here 
> is the code.
> -----------------------------------------------------------------
> if (doubleId != null) {
> .....           
>         } else if (form != null) {
>             addParameter("doubleId", form.getParameters().get("id") + "_" 
> +escape(this.doubleName));
>         } else {
>             addParameter("doubleId", escape(doubleName !=null ? 
> findString(doubleName) : null));
>         }
> -----------------------------------------------------------------
> Should it acutally be:
> if (doubleId != null) {
> .....           
>         } else if (form != null) {
>             addParameter("doubleId", form.getParameters().get("id") + "_" 
> +escape(doubleName !=null ? findString(doubleName) : null));
>         } else {
>             addParameter("doubleId", escape(doubleName !=null ? 
> findString(doubleName) : null));
>         }

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to