[
https://issues.apache.org/jira/browse/WW-4641?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15346118#comment-15346118
]
Dario Liberman commented on WW-4641:
------------------------------------
Hi Greg,
No need to introduce an iterator to see the issue. Also, please disregard the
id attribute. The key here is to have an expression in the name attribute
*without* providing a value attribute. The value should be automatically
extracted by evaluating the name expression. This effectively means that the
name attribute is evaluated twice:
# In order to produce the final name to be rendered in the input -> eval(name)
# In order to retrieve the value to be rendered in the input -> eval(eval(name))
Your example could be re-written as follows:
{code}
<s:hidden name="eventList[%{#bean.sequence}].sequence" />
{code}
_Notice above that I am not providing a value explicitly._
Here the new test that would be breaking without reverting the offending
changes in UIBean:
https://git1-us-west.apache.org/repos/asf?p=struts.git;a=blobdiff;f=core/src/test/java/org/apache/struts2/views/jsp/ui/TextfieldTest.java;h=806420480e1eee141ab1558ea991e8f415a2ccc6;hp=d8143084cfd8d7cad4e26765be0b789483edd7b8;hb=f096dd61;hpb=cfcefcf5898313043ef903ce0873b15fb7cf1df4
Thanks,
Dario.
> CVE-2016-0785
> -------------
>
> Key: WW-4641
> URL: https://issues.apache.org/jira/browse/WW-4641
> Project: Struts 2
> Issue Type: New Feature
> Components: Expression Language
> Affects Versions: 2.3.20
> Environment: apache tomcat 6.0.27
> Reporter: Samba
> Assignee: Lukasz Lenart
> Labels: features
> Fix For: 2.3.30
>
> Original Estimate: 168h
> Remaining Estimate: 168h
>
> Hi Team,
> http://struts.apache.org/docs/s2-029.html
> please suggest the replacement code for %{..} for the latest version of the
> struts 2.3.28
> Thanks
> Sambasiva Rao
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
