Uploaded image for project: 'Struts 2'
  1. Struts 2
  2. WW-4728

JSONValidationInterceptor change static parameters names

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.5.10
    • Component/s: Plugin - JSON
    • Labels:
      None

      Description

      For security reasons I want to not reveal that we are using struts2 in our site. But the hackers can find it if they see the hidden parameters in the request.

      Is it possible to make below parameters configurable ( For example in struts.xml)

      public static final String VALIDATE_ONLY_PARAM = "struts.validateOnly";
      public static final String VALIDATE_JSON_PARAM = "struts.enableJSONValidation";
      public static final String NO_ENCODING_SET_PARAM = "struts.JSONValidation.no.encoding";
      

        Activity

        Hide
        hudson Hudson added a comment -

        SUCCESS: Integrated in Jenkins build Struts-JDK7-master #580 (See https://builds.apache.org/job/Struts-JDK7-master/580/)
        WW-4728 Allows override request parameter names used to enable (lukaszlenart: rev 08e181a4febb4e999e5e3366a0890eb1d5a953e5)

        • (edit) plugins/json/src/main/java/org/apache/struts2/json/JSONValidationInterceptor.java
        • (edit) plugins/json/src/test/java/org/apache/struts2/json/JSONValidationInterceptorTest.java
        Show
        hudson Hudson added a comment - SUCCESS: Integrated in Jenkins build Struts-JDK7-master #580 (See https://builds.apache.org/job/Struts-JDK7-master/580/ ) WW-4728 Allows override request parameter names used to enable (lukaszlenart: rev 08e181a4febb4e999e5e3366a0890eb1d5a953e5) (edit) plugins/json/src/main/java/org/apache/struts2/json/JSONValidationInterceptor.java (edit) plugins/json/src/test/java/org/apache/struts2/json/JSONValidationInterceptorTest.java
        Hide
        jira-bot ASF subversion and git services added a comment -

        Commit 08e181a4febb4e999e5e3366a0890eb1d5a953e5 in struts's branch refs/heads/master from Lukasz Lenart
        [ https://git-wip-us.apache.org/repos/asf?p=struts.git;h=08e181a ]

        WW-4728 Allows override request parameter names used to enable validation

        Show
        jira-bot ASF subversion and git services added a comment - Commit 08e181a4febb4e999e5e3366a0890eb1d5a953e5 in struts's branch refs/heads/master from Lukasz Lenart [ https://git-wip-us.apache.org/repos/asf?p=struts.git;h=08e181a ] WW-4728 Allows override request parameter names used to enable validation
        Show
        lukaszlenart Lukasz Lenart added a comment - Updated docs https://cwiki.apache.org/confluence/display/WW/AJAX+Validation#AJAXValidation-JSONValidationInterceptorparameters

          People

          • Assignee:
            lukaszlenart Lukasz Lenart
            Reporter:
            afattahi Alireza Fattahi
          • Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development