[prev in list] [next in list] [prev in thread] [next in thread]
List: struts-user
Subject: Re: Action failed for Struts 2.3.15.3 GA release
From: Emi Lu <emilu () encs ! concordia ! ca>
Date: 2013-10-30 13:18:49
Message-ID: 52710739.9090400 () encs ! concordia ! ca
[Download RAW message or body]
On 10/21/2013 07:03 PM, Greg Lindholm wrote:
> If you use struts.mapper.action.prefix.enabled to enable action: prefix
> support are you opening up a security whole?
> What is the liability?
No comments from users. Could consider no security issues, I guess?
> On Fri, Oct 18, 2013 at 12:28 PM, Lukasz Lenart <lukaszlenart@apache.org>wrote:
>
>> 2013/10/18 Emi Lu <emilu@encs.concordia.ca>:
>>> Good morning,
>>>
>>>
>>> Tried the new version15.3, but failed:
>>>
>>> login() method is not called at all.
>>>
>>> (1) login.jsp
>>> ================
>>> <s:submit value="Login"
>>> theme="simple"
>>> action="loginProcessLoginAction" />
>>
>> Struts 2.3.15.3 disables support for action: prefix by default [1], to
>> enable it you must set struts.mapper.action.prefix.enabled to true.
>> Instead action: you can use method: prefix (but you must enable
>> struts.enable.DynamicMethodInvocation to true [2])
>>
>> [1] http://struts.apache.org/release/2.3.x/docs/s2-018.html
>> [2] http://struts.apache.org/release/2.3.x/docs/s2-019.html
>>
>>
>> Regards
>> --
>> Ćukasz
>> + 48 606 323 122 http://www.lenart.org.pl/
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic