[
https://issues.apache.org/jira/browse/WW-5468?focusedWorklogId=937807&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-937807
]
ASF GitHub Bot logged work on WW-5468:
--------------------------------------
Author: ASF GitHub Bot
Created on: 14/Oct/24 07:47
Start Date: 14/Oct/24 07:47
Worklog Time Spent: 10m
Work Description: kusalk commented on code in PR #1072:
URL: https://github.com/apache/struts/pull/1072#discussion_r1798918429
##########
core/src/test/java/org/apache/struts2/interceptor/parameter/StrutsParameterAnnotationTest.java:
##########
@@ -343,6 +360,14 @@ public Map<String, Pojo> getPublicPojoMapDepthTwo() {
}
}
- class Pojo {
+ static class ModelAction implements ModelDriven<Pojo> {
Review Comment:
I think in such cases, the app developer should manually OGNL allowlist any
required types, I'm not confident of a secure way to auto allowlist in this case
Issue Time Tracking
-------------------
Worklog Id: (was: 937807)
Time Spent: 3h 10m (was: 3h)
> ModelDriven is not compatible with @StrutsParameter
> ---------------------------------------------------
>
> Key: WW-5468
> URL: https://issues.apache.org/jira/browse/WW-5468
> Project: Struts 2
> Issue Type: Bug
> Components: Core
> Affects Versions: 7.0.0
> Reporter: Lukasz Lenart
> Priority: Major
> Fix For: 7.0.0
>
> Time Spent: 3h 10m
> Remaining Estimate: 0h
>
> Currently if a Struts webapp uses {{ModelDriven<T>}} it won't be possible to
> use {{@StrutsParameter}} annotation on {{#getModel()}} getter.
> Use rest-angular as example
> https://github.com/apache/struts-examples/blob/master/rest-angular/src/main/resources/struts.xml#L13
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
