[
https://issues.apache.org/jira/browse/WW-3668?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13081931#comment-13081931
]
Hideyuki Suzumi edited comment on WW-3668 at 8/9/11 9:22 PM:
-------------------------------------------------------------
On Jetty,
OGNL had failed toString of #application.
It seems the bug of Jetty('s jasper).
See following log.
2011-08-10 06:19:13,473 WARN (com.opensymphony.xwork2.ognl.OgnlValueStack:60)
- Caught an exception while evaluating expression 'integerValidatorField'
against value stack
java.lang.NullPointerException
at
org.apache.jasper.compiler.TagLibraryInfoImpl.toString(TagLibraryInfoImpl.java:127)
at java.lang.String.valueOf(String.java:2902)
at java.lang.StringBuilder.append(StringBuilder.java:128)
at java.util.AbstractMap.toString(AbstractMap.java:523)
at java.lang.String.valueOf(String.java:2902)
at java.lang.StringBuilder.append(StringBuilder.java:128)
at java.util.AbstractMap.toString(AbstractMap.java:523)
at ognl.OgnlOps.stringValue(OgnlOps.java:303)
at ognl.OgnlOps.stringValue(OgnlOps.java:321)
at ognl.OgnlOps.add(OgnlOps.java:869)
TagLibraryInfoImpl is an application scoped variable named
"com.sun.jsp.taglibraryCache".
was (Author: slopetown):
On Jetty,
OGNL had failed toString of #application.
It seems the bug of Jetty('s jasper).
See following log.
2011-08-10 05:38:31,243 DEBUG
(com.opensymphony.xwork2.conversion.impl.XWorkConverter:72) - unable to convert
value using type converter
[com.opensymphony.xwork2.conversion.impl.XWorkBasicConverter]
java.lang.NullPointerException
at
org.apache.jasper.compiler.TagLibraryInfoImpl.toString(TagLibraryInfoImpl.java:127)
at java.lang.String.valueOf(String.java:2902)
at java.lang.StringBuilder.append(StringBuilder.java:128)
at java.util.AbstractMap.toString(AbstractMap.java:523)
at java.lang.String.valueOf(String.java:2902)
at java.lang.StringBuilder.append(StringBuilder.java:128)
at java.util.AbstractMap.toString(AbstractMap.java:523)
at
com.opensymphony.xwork2.conversion.impl.DefaultTypeConverter.stringValue(DefaultTypeConverter.java:309)
TagLibraryInfoImpl is an application scoped variable named
"com.sun.jsp.taglibraryCache".
> Vulnerability: User input is evaluated as an OGNL expression when there's a
> conversion error.
> ---------------------------------------------------------------------------------------------
>
> Key: WW-3668
> URL: https://issues.apache.org/jira/browse/WW-3668
> Project: Struts 2
> Issue Type: Bug
> Components: Core Interceptors
> Affects Versions: 2.2.3
> Environment: Struts 2.2.3
> Tomcat 7.0.19
> Reporter: Hideyuki Suzumi
>
> 1. Run "Struts Showcase".
> 2. Click "Validation".
> 3. Click "Field Validators".
> 4. Type "<' + #application + '>" in the "Integer Validator Field".
> 5. Click "Submit".
> 6. You can get all "application" scoped variables in the "Integer Validator
> Field".
> Please fix ConversionErrorInterceptor and
> RepopulateConversionErrorFieldValidatorSupport.
> com.opensymphony.xwork2.interceptor.ConversionErrorInterceptor
> 87: return "'" + value + "'";
> com.opensymphony.xwork2.validator.validators.RepopulateConversionErrorFieldValidatorSupport
> 175: fakeParams.put(fullFieldName, "'" + tmpValue[0] +
> "'");
> 182: fakeParams.put(fullFieldName, "'" + tmpValue + "'");
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
