[
https://issues.apache.org/jira/browse/WW-5498?focusedWorklogId=950924&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-950924
]
ASF GitHub Bot logged work on WW-5498:
--------------------------------------
Author: ASF GitHub Bot
Created on: 05/Jan/25 08:24
Start Date: 05/Jan/25 08:24
Worklog Time Spent: 10m
Work Description: sonarqubecloud[bot] commented on PR #1170:
URL: https://github.com/apache/struts/pull/1170#issuecomment-2571544364
## [](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=1170)
**Quality Gate passed**
Issues
 [0 New
issues](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=1170&issueStatuses=OPEN,CONFIRMED&sinceLeakPeriod=true)
 [0 Accepted
issues](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=1170&issueStatuses=ACCEPTED)
Measures
 [0 Security
Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=1170&issueStatuses=OPEN,CONFIRMED&sinceLeakPeriod=true)
 [100.0% Coverage on New
Code](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=1170&metric=new_coverage&view=list)
 [0.0% Duplication on New
Code](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=1170&metric=new_duplicated_lines_density&view=list)
[See analysis details on SonarQube
Cloud](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=1170)
Issue Time Tracking
-------------------
Worklog Id: (was: 950924)
Time Spent: 50m (was: 40m)
> <s:token /> with devMode enabled causes actionError
> ---------------------------------------------------
>
> Key: WW-5498
> URL: https://issues.apache.org/jira/browse/WW-5498
> Project: Struts 2
> Issue Type: Bug
> Affects Versions: 6.7.0
> Reporter: Jon Pulice
> Assignee: Lukasz Lenart
> Priority: Minor
> Fix For: 6.7.1, 7.0.1
>
> Time Spent: 50m
> Remaining Estimate: 0h
>
> When we upgraded Struts to 6.7.0, any form with a <s:token /> field now fails
> to submit as a result of an actionError only when devMode is enabled
> We see the following error in the logs:
> {noformat}
> ERROR org.apache.struts2.interceptor.parameter.ParametersInterceptor -
> Developer Notification (set struts.devMode to false to disable this message):
> Unexpected Exception caught setting 'token' on 'class com.example.TestAction:
> Error setting expression 'token' with value
> ['XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', ]
> {noformat}
> And the following actionError
> {noformat}
> Developer Notification (set struts.devMode to false to disable this message):
> Unexpected Exception caught setting 'token' on 'class com.example.TestAction:
> Error setting expression 'token' with value
> ['XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', ]
> {noformat}
> If devMode is disabled, then no exception is logged and there are no issues.
>
> In Struts 6.4.0, the behaviour was different. The exception is still reported
> in the logs when devMode is enabled, but instead of an actionError being
> added that prevents form submission, an actionMessage is created:
> {noformat}
> [Error setting expression 'token' with value
> ['XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', ]]
> {noformat}
>
> I don't think the Action need to be aware of the token value since the
> TokenInterceptor is handling the validation/logic.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
