Jeromy Evans wrote:
It would be simple enough for the DefaultActionMapper to check a flag as
well except I think this would also prevent the method="METHOD_NAME"
notation from being used in struts.xml as well.
Urk! I didn't realize that. If true, that definitely means the simple
solution is
Dale Newfield wrote:
Dave Newton wrote:
Does that deal with the submit button name thing?
--- Jeromy Evans <[EMAIL PROTECTED]>
wrote:
I don't believe so. It just makes /home_update.do execute the
doUpdate() method (assuming it does the camelcase stuff implied). It
doesn't change the
Dale Newfield wrote:
Jeromy Evans wrote:
I always use the following configuration to minimise the vulnerability::
With that setting, only methods with the prefix "do" in their name
can be executed.
ie. ?method:update calls doUpdate()
Even if that does exactly what you expect it does (whi
Dave Newton wrote:
Does that deal with the submit button name thing?
--- Jeromy Evans <[EMAIL PROTECTED]>
wrote:
I don't believe so. It just makes /home_update.do execute the
doUpdate() method (assuming it does the camelcase stuff implied). It
doesn't change the naming scheme for all
Jeromy Evans wrote:
I always use the following configuration to minimise the vulnerability::
With that setting, only methods with the prefix "do" in their name can
be executed.
ie. ?method:update calls doUpdate()
Even if that does exactly what you expect it does (which I'm not
convinced
Does that deal with the submit button name thing?
d.
--- Jeromy Evans <[EMAIL PROTECTED]>
wrote:
> Dale Newfield wrote:
> > Don Brown wrote:
> >> Little known fact, but you can specify the method
> via:
> >>
> >> "?method:MY_METHOD_NAME"
> >>
> >> This code exists to support the method attribute
Dale Newfield wrote:
Don Brown wrote:
Little known fact, but you can specify the method via:
"?method:MY_METHOD_NAME"
This code exists to support the method attribute on the submit tag,
allowing you to submit the form to different methods based on what
button is clicked.
I wondered how the s
Don Brown wrote:
Little known fact, but you can specify the method via:
"?method:MY_METHOD_NAME"
This code exists to support the method attribute on the submit tag,
allowing you to submit the form to different methods based on what
button is clicked.
I wondered how the submit tag argument wor
8 matches
Mail list logo
