[
https://issues.apache.org/jira/browse/WW-3668?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13081845#comment-13081845
]
Lukasz Lenart commented on WW-3668:
-----------------------------------
@Maurizio it's too late :/
We should continue to discuss here as we still don't have clue what's wrong. As
we see it's quite weird issue, it's behave differently on different containers.
Escaping is the one solution for now, but I'd like know what's the origins of
that problem.
Maybe it has something to do with Sitemesh plugin ?
> Vulnerability: User input is evaluated as an OGNL expression when there's a
> conversion error.
> ---------------------------------------------------------------------------------------------
>
> Key: WW-3668
> URL: https://issues.apache.org/jira/browse/WW-3668
> Project: Struts 2
> Issue Type: Bug
> Components: Core Interceptors
> Affects Versions: 2.2.3
> Environment: Struts 2.2.3
> Tomcat 7.0.19
> Reporter: Hideyuki Suzumi
>
> 1. Run "Struts Showcase".
> 2. Click "Validation".
> 3. Click "Field Validators".
> 4. Type "<' + #application + '>" in the "Integer Validator Field".
> 5. Click "Submit".
> 6. You can get all "application" scoped variables in the "Integer Validator
> Field".
> Please fix ConversionErrorInterceptor and
> RepopulateConversionErrorFieldValidatorSupport.
> com.opensymphony.xwork2.interceptor.ConversionErrorInterceptor
> 87: return "'" + value + "'";
> com.opensymphony.xwork2.validator.validators.RepopulateConversionErrorFieldValidatorSupport
> 175: fakeParams.put(fullFieldName, "'" + tmpValue[0] +
> "'");
> 182: fakeParams.put(fullFieldName, "'" + tmpValue + "'");
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
