Hi, Yeah, it looks like a double evaluation which is a bug probably
Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ 2013/5/8 Dale Newfield <d...@newfield.org>: > It seems like an evaluation of a value, which could be bad, in fact a large > security hole. What if that value were "System.exit()"? (I forget my > ognl...I think you need fully qualified path and a hash or at or something to > call static methods, but you get the point.) > > -Dale > > > On May 7, 2013, at 11:10 PM, Zoran Avtarovski <zo...@sparecreative.com> wrote: > >> I have a small issue that I'm trying to resolve and I was hoping the someone >> might have come across it earlier. >> >> I'll try to explain as best I can: >> I have a number of objects on the value stack: >> 1. pojo - a java object with a string attribute called key which links to a >> DB based localised text value >> 2. movement another java object with a string attribute called strength >> To display the localised text associated with the pojo key I use the >> following tag >> >> <s:text name="%{pojo.key}" /> >> >> The problem is that if the key value clashes with another item on the value >> stack I don't get the string value. >> For example if the key value on pojo is "movement.strength" and the strength >> value for movement is "weak" I don't get the expected results. Instead of >> getting the localised text with key "movement.strength" I get the localised >> text with key "weak". I tried setting the searchValueStack property to false >> but it made no change. >> >> I'd appreciate any help. >> >> Z. >> >> >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
