Rather no or I cannot recall any and it isn't related to OGNL but how
S2 is using it.
Regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/
2013/5/8 Zoran Avtarovski :
> I'm using struts v2.3.8 and OGNL v3.0.6.
>
> Is there a property or setting for OGNL to prevent double evaluations? Or
I'm using struts v2.3.8 and OGNL v3.0.6.
Is there a property or setting for OGNL to prevent double evaluations? Or
is there a fix in GitHub?
Z.
On 8/05/13 3:51 PM, "Lukasz Lenart" wrote:
>Hi,
>
>Yeah, it looks like a double evaluation which is a bug probably
>
>
>Regards
>--
>Łukasz
>+ 48 60
Hi,
Yeah, it looks like a double evaluation which is a bug probably
Regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/
2013/5/8 Dale Newfield :
> It seems like an evaluation of a value, which could be bad, in fact a large
> security hole. What if that value were "System.exit()"? (
It seems like an evaluation of a value, which could be bad, in fact a large
security hole. What if that value were "System.exit()"? (I forget my ognl...I
think you need fully qualified path and a hash or at or something to call
static methods, but you get the point.)
-Dale
On May 7, 2013, at
I have a small issue that I'm trying to resolve and I was hoping the someone
might have come across it earlier.
I'll try to explain as best I can:
I have a number of objects on the value stack:
1. pojo - a java object with a string attribute called key which links to a
DB based localised text val
5 matches
Mail list logo