StaticParametersInterceptor does not set setDenyMethodExecution()
-----------------------------------------------------------------
Key: WW-3213
URL: https://issues.apache.org/struts/browse/WW-3213
Project: Struts 2
Issue Type: Bug
Components: Core Interceptors
Affects Versions: 2.1.7, 2.1.6
Reporter: Jasper Rosenberg
Fix For: 2.0.15, 2.1.8
Static parameters can be set from wildcards in the action name, so I believe
they are also vulnerable to ognl method invocation security issues.
Perhaps StaticParametersInterceptor could be refactored to extend
ParametersInterceptor just as ActionMappingParametersInteceptor does?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
