Uploaded image for project: 'Struts 1'
  1. Struts 1
  2. STR-2742

Validation always skipped with Globals.CANCEL_KEY

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.2.8
    • Fix Version/s: 1.2.9
    • Component/s: Core
    • Labels:
      None
    • Environment:
      Operating System: other
      Platform: Other
    • Bugzilla Id:
      38374

      Description

      • Issue: addition of a 'org.apache.struts.taglib.html.Constants.CANCEL'
        parameter to any request will cause validation to be skipped, but the rest of
        the request processing / action invocation cycle to proceed normally
      • Consequence: any action which proceeds assuming that validation has completed
        successfully and which doesn't explicitly check isCanceled() is proceeding on a
        broken assumption.

      The discussion of this issue began in the struts-user list:
      http://mail-archives.apache.org/mod_mbox/struts-user/200601.mbox/%3c20060121221800.15814.qmail@web32607.mail.mud.yahoo.com%3e

      The thread continued in struts-dev list:
      http://mail-archives.apache.org/mod_mbox/struts-dev/200601.mbox/%3cdr169r$623$2@sea.gmane.org%3e

      Most people have agreed that this is a security-related issue.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              paul4christ79@yahoo.com Paul Benedict
            • Votes:
              2 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: