Re: Localised text tag

2013-05-08 Thread Lukasz Lenart
Rather no or I cannot recall any and it isn't related to OGNL but how S2 is using it. Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ 2013/5/8 Zoran Avtarovski : > I'm using struts v2.3.8 and OGNL v3.0.6. > > Is there a property or setting for OGNL to prevent double evaluations? Or

Re: Localised text tag

2013-05-08 Thread Zoran Avtarovski
I'm using struts v2.3.8 and OGNL v3.0.6. Is there a property or setting for OGNL to prevent double evaluations? Or is there a fix in GitHub? Z. On 8/05/13 3:51 PM, "Lukasz Lenart" wrote: >Hi, > >Yeah, it looks like a double evaluation which is a bug probably > > >Regards >-- >Łukasz >+ 48 60

Re: Localised text tag

2013-05-07 Thread Lukasz Lenart
Hi, Yeah, it looks like a double evaluation which is a bug probably Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ 2013/5/8 Dale Newfield : > It seems like an evaluation of a value, which could be bad, in fact a large > security hole. What if that value were "System.exit()"? (

Re: Localised text tag

2013-05-07 Thread Dale Newfield
It seems like an evaluation of a value, which could be bad, in fact a large security hole. What if that value were "System.exit()"? (I forget my ognl...I think you need fully qualified path and a hash or at or something to call static methods, but you get the point.) -Dale On May 7, 2013, at

Localised text tag

2013-05-07 Thread Zoran Avtarovski
I have a small issue that I'm trying to resolve and I was hoping the someone might have come across it earlier. I'll try to explain as best I can: I have a number of objects on the value stack: 1. pojo - a java object with a string attribute called key which links to a DB based localised text val