Thanks Rick!
super.validate(mapping, request); works just fine for me.
I am able to now use both the validation.xml as well as the ones coded
in my actionform's validate method. :-)
~raghu~
On 1/21/06, Rick Reumann [EMAIL PROTECTED] wrote:
How are you certain the validation.xml isn't being
Checkout www.michaelmcgrady.com and click on the button ideas link. All the
code for each option is there. I would suggest the so-called (new) LOOKUP
DISPATCH ACTION SOLUTION. With this solution internationalizing your
button is easy. McGrady uses a processes that automatically makes gif
I figure I'm obligated to respond, since my comments were cited in the
original email. :)
I have to disagree with complaints about Wicket's complexity, but only
because I've been using it to build a product for the last few months.
Without heavy usage, I don't think I'd have the same positive
Nick Heudecker wrote:
All that said, I'd prefer if you don't use Wicket. I'd like to keep this
competitive advantage to myself. :)
LOL, I like that answer! :)
--
Frank W. Zammetti
Founder and Chief Software Architect
Omnytex Technologies
http://www.omnytex.com
AIM: fzammetti
Yahoo: fzammetti
From: Frank W. Zammetti [EMAIL PROTECTED]
Nick Heudecker wrote:
All that said, I'd prefer if you don't use Wicket. I'd like to keep this
competitive advantage to myself. :)
LOL, I like that answer! :)
Ya, I like that one too. As TBS would say, that's funny.
--
Frank W.
On 1/20/06, Michael Jouravlev [EMAIL PROTECTED] wrote:
If all that JSF rendereres produce are divs and spans with proper ids,
then dressing up a page would be a weekend fun a-la Zen Garden. Anyone
from JSF team hears me? ;-
Building such renderers would be trivially easy, and would make
Is there a hidden message in the fact that you CC'd me on this Craig? :)
Frank
Craig McClanahan wrote:
On 1/20/06, Michael Jouravlev [EMAIL PROTECTED] wrote:
If all that JSF rendereres produce are divs and spans with proper ids,
then dressing up a page would be a weekend fun a-la Zen Garden.
McGrady uses a processes that automatically makes gif buttons and is both
capable of i18n and change of font and color. He has a special taglib for
doing
that. Ask him and he might give it to you.
Might He? Why are you talking about yourself in the third person? Does that
creep out your
I doubt it - for some reason your messages add in your email address in the
reply to as well as the struts user (it did on this message, but I manually
removed it).
Niall
- Original Message -
From: Frank W. Zammetti [EMAIL PROTECTED]
Sent: Saturday, January 21, 2006 8:19 PM
Is there
ROFL
Niall
- Original Message -
From: Jakota Dack [EMAIL PROTECTED]
To: user@struts.apache.org
Sent: Saturday, January 21, 2006 9:06 PM
Subject: Re: submit button value vs displayed text
McGrady uses a processes that automatically makes gif buttons and is
both
capable of i18n and
Yeah, I suspected that was the case (and sent a follow-up to Craig
off-list saying as much). I have no doubt it's my fault, I'm just not
sure how yet :) I'll have to look over settings tonight.
With some of my past JSF comments though, I can never be sure :) Of
course, it that was the
Thank you very much Paul. It was a big time save for me.
Regards
Hakan
Paul Benedict [EMAIL PROTECTED]
20/01/2006 04:07 PM
Please respond to
Struts Users Mailing List user@struts.apache.org
To
Struts Users Mailing List user@struts.apache.org
cc
Subject
Re: error messages doesn't
Must have missed those comments, anyway not to worry, I take your word for
it so +1 from me for your ritual flogging :-)
Niall
- Original Message -
From: Frank W. Zammetti [EMAIL PROTECTED]
Sent: Saturday, January 21, 2006 9:50 PM
Yeah, I suspected that was the case (and sent a
I'd like to know if this is considered a security hole to other people besides
me. I saved an
email off this group back in July and finally went back to investigate it:
It seems that every action in Struts is cancellable, which means for Struts
actions that do not
religiously check for
I want to correct a statement here. What can be passed in is
org.apache.struts.taglib.html.CANCEL or
org.apache.struts.taglib.html.CANCEL.X which will set
the cancelled flag.
__
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam
Niall Pemberton wrote:
Must have missed those comments, anyway not to worry, I take your word for
it so +1 from me for your ritual flogging :-)
LOL :)
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands,
Hmm... is it truly a security hole? That's an interesting question...
I'm not so sure I would consider it one because in general you can play
a lot of games with a Struts-based app (and really just about any
webapp, although JSF is nice in this regard in that, AFAIK, everything
is POST-based)
Frank,
Good response. Let me add some to it:
The problem isn't that Struts allows the user to cancel an action, but that
EVERY action can be
cancelled.
This problem is heavily felt by GET requests because URLs are easy to mangle...
and parameters can
be added ad-hoc. I can take any action I
Paul Benedict wrote:
The problem isn't that Struts allows the user to cancel an action, but that
EVERY action can be
cancelled.
Understood...
This problem is heavily felt by GET requests because URLs are easy to mangle...
and parameters can
be added ad-hoc. I can take any action I use for
Hmm, maybe I don't understand the problem... as I understand it, cancel
essentially has no
effect on anything in Struts unless you manually check for it and act
accordingly, correct? Or
are you saying that everything happens *except* validation?
Correct. Cancel has no effect unless you
Paul Benedict wrote:
Hmm, maybe I don't understand the problem... as I understand it, cancel
essentially has no
effect on anything in Struts unless you manually check for it and act
accordingly, correct? Or
are you saying that everything happens *except* validation?
Correct. Cancel has no
Frank,
I am getting your emails delivered twice to the list today. Are you click happy
today? :) haha
Maybe mine are getting delivered twice; please tell me if so.
As for the bug/issue, I mainly use MappingDispatchAction and so there's no
reason to specifically
code for isCancelled() BUT I
Arguably, by default you would want to say that all Actions are either
cancelable or not,
rather than having to set something on all mappings. Just my superficial
thinking about it though
:)
Agreed. That's why I recommend a controller property default with overrides
at the action
level.
Paul Benedict wrote:
The problem isn't that Struts allows the user to cancel an action, but that
EVERY action can be
cancelled.
I must still be missing something.. what is the big deal here? If you
don't code to handle the cancel nothing serious can happen, and if you
do code for a
Rick Reumann wrote:
Paul Benedict wrote:
The problem isn't that Struts allows the user to cancel an action, but
that EVERY action can be
cancelled.
I must still be missing something.. what is the big deal here? If you
don't code to handle the cancel nothing serious can happen, and if you
Frank W. Zammetti wrote:
Now, imagine a hacker wants to get to a completely different table in
the database (I suppose reading from a selected table would be a better
example, but I digress). To do so, they can pass in the canceled
parameter and whatever table name they want, assuming they
Rick,
I think my concern is valid. I am sorry you don't find this a big deal but I
wonder how many
sites actually use validation to make sure they defend against bad input, only
to find out I can
pass in a request paramter to simply skip their checking. I mean, that's a
pretty big deal in my
Rick you said:
I must still be missing something.. what is the big deal here? If you don't
code to handle the
cancel nothing serious can happen, and if you do code for a cancel, what's the
worst case
scenario?
Yes, you are missing something :) If you don't code the cancel, then your
action
Hello again,
I'm running into a problem getting my /index.jsp to forward to a Clay
HTML page. The index.jsp page just contains the following:
jsp:forward page=default.html/
When I try to hit it with the URL
http://localhost:8080/shale-clay-example/ I get a 404 saying that
default.jsp
Rick Reumann wrote:
Maybe I'm missing how the above would happen. How would passing in the
canceled parameter end up getting them access to a table? Oh wait, maybe
this is with regular Actions with just an execute? It's been so long
since I used a non Dispatch Action I'm not aware of the
That is of course the other angle on this... maybe you can argue that
this is only a substantial security problem in certain contrived
situations... ok, fine :) ... but, as Paul points out, it makes it
exceedingly easy to break an application. That's a Denial Of Service
risk, so it still
I can't think of a good reason it wouldn't call validate() too, like any
other request, just
because the action was canceled. Like I said, maybe someone can come up with a
reasonable
explanation for that behavior, but I can't see it :)
There is a legitimate case: when an form can be cancelled,
On 1/21/06, Richard Wallace [EMAIL PROTECTED] wrote:
Hello again,
I'm running into a problem getting my /index.jsp to forward to a Clay
HTML page. The index.jsp page just contains the following:
jsp:forward page=default.html/
When I try to hit it with the URL
Hi!
Very interesting problem!
In my oppinion is clearly a bug!
On 1/22/06, Paul Benedict [EMAIL PROTECTED] wrote:
I can't think of a good reason it wouldn't call validate() too, like any
other request, just
because the action was canceled. Like I said, maybe someone can come up
with a
34 matches
Mail list logo
