Uploaded image for project: 'Struts 2'
  1. Struts 2
  2. WW-4171

getText methods are not documented as evaluating OGNL

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.3.15.1
    • Fix Version/s: 2.5.8
    • Component/s: Documentation
    • Labels:
    • Flags:
      Important

      Description

      The methods below evaluate OGNL as their first parameter. However they are not documented as evaluating OGNL. We have observed this occurring in one project and are contacting the affected vendors.

      com.opensymphony.xwork2.TextProviderSupport.getText(String, String[])
      com.opensymphony.xwork2.TextProviderSupport.getText(String, List<?>)
      com.opensymphony.xwork2.TextProviderSupport.getText(String)

      These methods are then used by ActionSupport (via its getText methods). None of these methods are documented as evaluating OGNL either.

      This issue is recommending that all of these methods are documented as evaluating OGNL since this may come as a surprise to some developers.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                lukaszlenart Lukasz Lenart
                Reporter:
                coverity_srl Coverity Security Research Laboratory
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: