It seems like an evaluation of a value, which could be bad, in fact a large
security hole. What if that value were "System.exit()"? (I forget my ognl...I
think you need fully qualified path and a hash or at or something to call
static methods, but you get the point.)
-Dale
On May 7, 2013, at 11:10 PM, Zoran Avtarovski <zo...@sparecreative.com> wrote:
> I have a small issue that I'm trying to resolve and I was hoping the someone
> might have come across it earlier.
>
> I'll try to explain as best I can:
> I have a number of objects on the value stack:
> 1. pojo - a java object with a string attribute called key which links to a
> DB based localised text value
> 2. movement another java object with a string attribute called strength
> To display the localised text associated with the pojo key I use the
> following tag
>
> <s:text name="%{pojo.key}" />
>
> The problem is that if the key value clashes with another item on the value
> stack I don't get the string value.
> For example if the key value on pojo is "movement.strength" and the strength
> value for movement is "weak" I don't get the expected results. Instead of
> getting the localised text with key "movement.strength" I get the localised
> text with key "weak". I tried setting the searchValueStack property to false
> but it made no change.
>
> I'd appreciate any help.
>
> Z.
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
