[
https://issues.apache.org/jira/browse/WW-4641?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15346248#comment-15346248
]
Greg Huber commented on WW-4641:
--------------------------------
....hm, this would have also broken my system but has not:
{code:xml}
<s:hidden id="1" name="eventList(%/{#list.sequence}).id.eventCategory"
value="%{#list.id.eventCategory}" />
<s:hidden id="2" name="eventList(%/{#list.sequence}).id.eventCategory"/>
{code}
but renders correctly:
{code:xml}
<input id="1" type="hidden" value="myvalue"
name="eventList(1).id.eventCategory">
<input id="2" type="hidden" value="myvalue"
name="eventList(1).id.eventCategory">
{code}
I am running v2.5 maybe the mods done effect this version?
> CVE-2016-0785
> -------------
>
> Key: WW-4641
> URL: https://issues.apache.org/jira/browse/WW-4641
> Project: Struts 2
> Issue Type: New Feature
> Components: Expression Language
> Affects Versions: 2.3.20
> Environment: apache tomcat 6.0.27
> Reporter: Samba
> Assignee: Lukasz Lenart
> Labels: features
> Fix For: 2.3.30
>
> Original Estimate: 168h
> Remaining Estimate: 168h
>
> Hi Team,
> http://struts.apache.org/docs/s2-029.html
> please suggest the replacement code for %{..} for the latest version of the
> struts 2.3.28
> Thanks
> Sambasiva Rao
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
