[ https://issues.apache.org/jira/browse/WW-4616?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15209894#comment-15209894 ]
Takeshi Nakashima commented on WW-4616: --------------------------------------- Lukasz Thank you very much for the information. And I'm sorry for taking your time. Now I have found some similar questions on the Internet. But I still have a question. Are you sure if the reversion from ognl-3.0.13.jar to the old ognl-3.0.6.jar does not affect the security fix for CVE-2016-0785 ? I guess only struts2-core-2.3.28.jar and xwork-core-2.3.28.jar are reqiured fix CVE-2016-0785 but I'm not 100% sure about it. > Unable to receive GET parameters with field name 'cId' > ------------------------------------------------------ > > Key: WW-4616 > URL: https://issues.apache.org/jira/browse/WW-4616 > Project: Struts 2 > Issue Type: Bug > Components: Core Actions > Affects Versions: 2.3.28 > Environment: CentOS6/Windows7, Oracle Java 1.8.0_74, Tomcat6 > Reporter: Takeshi Nakashima > > After I upgraded Struts from 2.3.24.1 to 2.3.28, some action classes got > unable to receive some GET parameters. > The action classes have fields and setter methods like below. > private int cId; > public void setCId(int cId) { > this.cId = cId; > } > private int blockId; > public void setBlockId(int blockId) { > this.blockId = blockId; > } > http://localhost:8080/app/XXX.action?cId=9&blockId=145 > When I send an HTTP request from a link like above, the action class only > receive only 'blockId' value. > cId=0 > num=145 > But if I change the field name 'cId' to 'cid' and the method name 'setCId' to > 'setCid', the GET value 9 will be passed to 'cid'. > cid=9 > num=145 -- This message was sent by Atlassian JIRA (v6.3.4#6332)