Uploaded image for project: 'Struts 2'
  1. Struts 2
  2. WW-4171

getText methods are not documented as evaluating OGNL

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 2.3.15.1
    • 2.5.8
    • Documentation
    • Important

    Description

      The methods below evaluate OGNL as their first parameter. However they are not documented as evaluating OGNL. We have observed this occurring in one project and are contacting the affected vendors.

      com.opensymphony.xwork2.TextProviderSupport.getText(String, String[])
      com.opensymphony.xwork2.TextProviderSupport.getText(String, List<?>)
      com.opensymphony.xwork2.TextProviderSupport.getText(String)

      These methods are then used by ActionSupport (via its getText methods). None of these methods are documented as evaluating OGNL either.

      This issue is recommending that all of these methods are documented as evaluating OGNL since this may come as a surprise to some developers.

      Attachments

        Issue Links

          is related to

          New Feature - A new feature of the product, which has yet to be developed. WW-2760 Annotation-based Parameters Interceptor

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Activity

            People

              lukaszlenart Lukasz Lenart
              coverity_srl Coverity Security Research Laboratory
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: