I confirm the issue.
Just try this on an existing S2 application :
- add the field <s:password name="password"/>
- add the proper getter and setter in the Action class
- launch the app
- in the added field, write %{password}
-> in my case, the tomcat process is eating 100% of the cpu. no
problem with memory consumption, though.
Comments :
- password can be replaced by any other string.
- works with <s:textfield> tag too
My config:
Struts 2.0.8
Xwork 2.0.3
Tomcat 5.5.17
Java 1.5
I'm not familiar enough with JIRA to file an issue right now, but I'll
do so later today if I find some time...
On 05/07/07, Ing. Andrea Vettori <[EMAIL PROTECTED]> wrote:
Done.
https://issues.apache.org/struts/browse/WW-2030
I tried on two different struts application. Maybe others can try on
their app ???
If it's not already addressed it's a very serious bug!
Il giorno 05/lug/07, alle ore 12:28, Antonio Petrelli ha scritto:
> 2007/7/5, Ing. Andrea Vettori <[EMAIL PROTECTED]>:
>>
>> If the password field is named "password" and the password entered
>> value is %{password} than this loop is eating all memory...
>>
>> Don't think it's this to cause my problem BUT it's a potentially BIG
>> DOS problem !!!
>>
>> It work with every s:field I tried...
>
>
>
> Why don't you open a JIRA issue, attaching a sample application
> code that
> demonstrates the problem?
> If it's an XWork problem, then it will be verified and a new issue
> will be
> opened for XWork team by a Struts developer.
>
> Antonio
--
Ing. Andrea Vettori
Consulente per l'Information Technology
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
