DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=14800>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=14800 Fix initialization bug and add size parameter to form-property Summary: Fix initialization bug and add size parameter to form- property Product: Struts Version: Nightly Build Platform: Other OS/Version: Other Status: NEW Severity: Critical Priority: Other Component: Standard Actions AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] The logic for getting an initial value for a form-property was flawed, in this sense: If the initial value was a array, the initial() call would clone the array but not the values in the array, meaning that all copies of the form that used this property would share the same objects. This is a MAJOR security hole, as it means that people can end up seeing other people's credit card numbers, etc. I've changed it to always compute the initial value again, rather than trying to cache it. I've also removed the now-unused "initialized" property. This patch also adds a form-property parameter called size. If it is specified, the type must specify an array. It causes the property value to be initialized to an array of the appropriate size, with newly instantiated copies of the appropriate object type. The addition of "size" has been "Official Approved by Craig", for what that's worth, in that we talked about it at ApacheCon and he agreed it should be added. -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>