Re: Struts 2.2.1 Problem
Maybe it's related to that http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html I've added some more restrictive rules regarding request's parameters names. Lot of special characters are disallowed, take a look on line 138 http://svn.apache.org/viewvc/struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java?view=markup You can always declare yours own by declaring acceptParamNames for that interceptor. Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ Kapituła Javarsovia 2010 http://javarsovia.pl - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Struts 2.2.1 Problem
I have just started using Struts 2.2.1, and I have found a bug ... I have several Hash Maps with a String for the key value. These key values sometimes contain special characters, including '-, /, \, _' any Map with a key value containing one of these characters seems to silently fail to call the set method. Any ideas on a fix??
Re: Struts 2.2.1 Problem
Under what circumstances? On Wed, Sep 22, 2010 at 11:20 AM, Michelle Weeks michelle.we...@jetisre.com wrote: I have just started using Struts 2.2.1, and I have found a bug ... I have several Hash Maps with a String for the key value. These key values sometimes contain special characters, including '-, /, \, _' any Map with a key value containing one of these characters seems to silently fail to call the set method. Any ideas on a fix??
RE: Struts 2.2.1 Problem
I guess I'm not sure what exactly you are asking ... My project uses the core Struts components as well as the Struts portlet components. All of the portlets we are having the issue in are pretty basic, using just the portletDefaultStack and basicStack interceptors. One of the Hash Maps that is not setting simply has a String key and a String value. If I find a key that does not contain a special character, the data saves. If one key has a special character the whole Map is not set into the action. -Original Message- From: Dave Newton [mailto:davelnew...@gmail.com] Sent: Wednesday, September 22, 2010 10:21 AM To: Struts Users Mailing List Subject: Re: Struts 2.2.1 Problem Under what circumstances? On Wed, Sep 22, 2010 at 11:20 AM, Michelle Weeks michelle.we...@jetisre.com wrote: I have just started using Struts 2.2.1, and I have found a bug ... I have several Hash Maps with a String for the key value. These key values sometimes contain special characters, including '-, /, \, _' any Map with a key value containing one of these characters seems to silently fail to call the set method. Any ideas on a fix?? - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Struts 2.2.1 Problem
On Wed, Sep 22, 2010 at 11:56 AM, Michelle Weeks michelle.we...@jetisre.com wrote: I guess I'm not sure what exactly you are asking ... When the error happens: the original message just said you had a map that set wasn't called on when you had key values containing certain characters--on its own, it's not really enough to help. One of the Hash Maps that is not setting simply has a String key and a String value. If I find a key that does not contain a special character, the data saves. If one key has a special character the whole Map is not set into the action. Do you mean on the JSP side? Can you show the code that's causing the problem? It would make it much easier to help. Dave
Re: Struts 2.2.1 Problem
On 9/22/10 11:56 AM, Michelle Weeks wrote: If one key has a special character the whole Map is not set into the action. I'm guessing it's an encoding issue. Are these strings encoded in the resulting html? If the parameters are part of the URL (GET request) then they'll probably wind up encoded by the browser before they get sent back, anyway. Trace it through the path outbound from the jsp to the browser back to the server through the params interceptor and see where the values are getting encoded and decoded. -Dale - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
RE: Struts 2.2.1 Problem
Sorry ... I forgot a big piece, we were running with Struts 2.1.8.1 and
then upgraded to 2.2.1 because of the security fix. All HashMaps were
working correctly before the upgrade.
Loading the HashMaps, with JavaScript, into the DOM like this ...
input type=text name=pagesMap['name/name'].key value=keyValue /
The actions contain getters and setters for the HashMaps ...
public MapString, Object getPagesMap()
{
return this.pagesMap;
}
public void setPagesMap(MapString, Object pagesmap)
{
this.pagesMap = pagesmap;
}
And I have the conversion properties in the resources directory.
-Original Message-
From: Dave Newton [mailto:davelnew...@gmail.com]
Sent: Wednesday, September 22, 2010 11:10 AM
To: Struts Users Mailing List
Subject: Re: Struts 2.2.1 Problem
On Wed, Sep 22, 2010 at 11:56 AM, Michelle Weeks
michelle.we...@jetisre.com
wrote:
I guess I'm not sure what exactly you are asking ...
When the error happens: the original message just said you had a map
that
set wasn't called on when you had key values containing certain
characters--on its own, it's not really enough to help.
One of the Hash Maps that is not setting simply has a String key and a
String value. If I find a key that does not contain a special
character, the data saves. If one key has a special character the
whole
Map is not set into the action.
Do you mean on the JSP side? Can you show the code that's causing the
problem? It would make it much easier to help.
Dave
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
Re: Struts 2.2.1 Problem
On 9/22/10 1:58 PM, Michelle Weeks wrote: input type=text name=pagesMap['name/name'].key value=keyValue / And is that form submitted with GET or POST? Are any characters encoded in that submission? Are you certain that the pagesMap map isn't having .put(name%2fname, keyValue) called on it? -Dale - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
