2013/7/31 Antonio Sánchez :
> At logging out, session is invalidated and redirected page is displayed in
> default language.
>
> Say: default language: Spanish; current language: English; logging out and
> resulted page is in Spanish, but should be English. .
>
> This is not working (code in acti
The closeSession redirects to a new page? In that case the setLocale is
lost (it only lives during the request) and the new local is picked up from
the browser language, or from the default language you have setup.
2013/7/31 Antonio Sánchez
> At logging out, session is invalidated and redirecte
At logging out, session is invalidated and redirected page is displayed in
default language.
Say: default language: Spanish; current language: English; logging out and
resulted page is in Spanish, but should be English. .
This is not working (code in action class):
public String closeSes
Forgot to say: theme is default.
El Miércoles, 31 de julio de 2013 11:07:42 usted escribió:
Sorry, what do you mean with Submit class?
Use case is simple login. The exception is thrown when the form does not pass
validation and "results" in "input".
Displayed is:
Developer Notification (s
We just discovered that if a Map gets passed to a select-tag
where the entry's key/value pair are ""/"" that the
option's value attribute contains "" as one would have expected, but
the body of the option-tag is empty as seen here
There isn't a clean way to scrub this data to eliminat
Hi Struts users,
I am having problems migrating from version 2.3.1.2 to version
2.3.15.1. This upgrade seems pretty important as it fixes a known
security issue.
The problem I am having is the that apparently, I can no longer
check if a property has been gi
I'll voice my personal opinion.
No matter what framework you choose (Struts, MyFaces, Tapestry, etc.), it
is the responsibility of all IT shops to do a security vulnerability
assessment before first releasing to production and after each update. That
is "Security 101" because there are multitude o
Frans
if you want to throw darts at Frameworks Im amazed that nobody mentioned the
vulnerability from Struts Ajax Framework Rival
"IceFaces IntervalRenderer not supporting isUserInRole() "
https://www.owasp.org/index.php/Java_Server_Faces
(you can integrate ACEGI but that's an afterthought)
On Jul 31, 2013, at 9:25 AM, Dave Newton wrote:
> I'm not convinced OGNL itself is the issue, but
> rather its unfettered access into internals. An intermediate, sandbox-y
> layer might resolve that.
It's only partially what data ognl can fetch/modify, it's also what it can do.
System.exit() is
The blog post is speculative, but the Hacker News post was by Patrick
Lightbody, a WW founder. I'm not convinced OGNL itself is the issue, but
rather its unfettered access into internals. An intermediate, sandbox-y
layer might resolve that.
Dave
On Jul 31, 2013 8:22 AM, "Christian Grobmeier" wro
You can't rely on anyone's code for security, not a .jar, not struts, not
anything.
To guarantee security you need to go through every single entry point and fuzz
it yourself. This is a major pain and headache and only .001% of devs do this
but don't blame the developers that are providing a fr
I read through the blog i confused at this statement
"n Struts 2 before 2.3.15.1 the information following "action:",
"redirect:" or "redirectAction:" is not properly sanitized. Since said
information will be evaluated as OGNL expression against the value stack,
this introduces the possibility to
Hi Vicky,
the .action by itself in the Urls is a good hint. Furthermore, if you check
the html source you'll probably find struts written somewhere e.g., dojodivs
Antonios
On 31 July 2013 14:04, vicky b wrote:
> I browsed through apple site i could not find any clue that it was made in
> stru
I browsed through apple site i could not find any clue that it was made in
struts, can you please let me know how did the hacker recognized that it
was developed in struts, secondly how could he exactly hiek , sorry if this
is out of scope for this forum
On Wed, Jul 31, 2013 at 6:08 PM, Frans
Any apple guy here?
I.just want to.know.how.struts.use there.
I just know they use .action means struts apps.
On Jul 31, 2013 7:22 PM, "Christian Grobmeier" wrote:
> I read that. I don't think we should do anything.
>
> The blog post is speculative. Nobody from Apple did tell us if it was
> rea
I read that. I don't think we should do anything.
The blog post is speculative. Nobody from Apple did tell us if it was
really a Struts problem or not. If it is, then well, we can't do
anything. This doesn't make Struts a dangerous framework at all, it
just highlights you should update when your f
Anyone read this?
http://java.dzone.com/articles/was-struts-responsible-apples
How we handle this?
F
Sorry, what do you mean with Submit class?
Use case is simple login. The exception is thrown when the form does not pass
validation and "results" in "input".
Displayed is:
Developer Notification (set struts.devMode to false to disable this message):
Unexpected Exception caught setting 'entra
This is a well know problem with Eclipse - it stop deploying new
version at some point. Try to Clean and Deploy (that how it was in
NetBeans - I don't have Eclipse)
Regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/
-
I am not familiar with the "Run As" options of the IDE as I use
command line for such tasks, but basically you are expected to create
a war file and deploy it to your container when something changes.
Personally I am using the mvn jetty plugin and Jrebel (when doing open
source work) for that.
Can
20 matches
Mail list logo
