The patch works the only problem is if you need to accept %{xxx} as
legal input from your users.
To apply the patch you need to download xwork sources, apply the
patch (with the patch command or manually if you don't have it since
there are few lines of code) and insert a couple of lines on
struts.xml. Recompile xwork and
use that jar instead of the jar distributed with struts.
Il giorno 16/lug/07, alle ore 10:44, Aram Mkhitaryan ha scritto:
Sorry guys for spamming, but it is not clear what the patch exactly
resolves.
disallow entering possible malicious code, i.e. expression like %
{xxx} is
illegal: instead it should be evaluated as the string "%{xxx}".
what means the first is illegal, but should be evaluated as the string
could you please bring an example with <s:property tag?
Best,
Aram
P.S. do you have a guide about "how to apply patches"?
________________________________
Aram Mkhitaryan
52, 25 Lvovyan, Yerevan 375000, Armenia
Mobile: +374 91 518456
E-mail: [EMAIL PROTECTED]
--
Ing. Andrea Vettori
Consulente per l'Information Technology
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]