Details
-
Bug
-
Status: Closed
-
Minor
-
Resolution: Not A Problem
-
2.0.11
-
None
-
None
-
any
Description
struts-default.xml (struts 2.0.11) gives this interceptor order in the stacks:
<interceptor-ref name="staticParams"/>
<interceptor-ref name="params"/>
is it correct that staticParams comes before params ? this allow GET and POST variable to overwrite statically set parameters. Maybe this can lead to security risks.