Uploaded image for project: 'Struts 2'
  1. Struts 2
  2. WW-4771

minor typos in confluence page "security.html"

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Trivial
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.5.12
    • Component/s: Documentation
    • Labels:

      Description

      • page : https://struts.apache.org/docs/security.html
      • spotted typos:
        • inside a title
          current
          Do not defined setters when not needed
          
          fixed
          Do not define setters when not needed
          
        • inside text under title Do not use incoming values as an input for localisation logic
          current
          All TextProvider's getText(...) methods (e.g in ActionSupport) performs evaluation of parameters included in a message to properly localize the text. This means using incoming request parameters with getText(...) methods is potentially dangerous and should be avoided. Se example below, assuming that an action implements getter and setter for property message, the below code allows inject an OGNL expression:
          
          fixed
          All TextProvider's getText(...) methods (e.g in ActionSupport) perform evaluation of parameters included in a message to properly localize the text. This means using incoming request parameters with getText(...) methods is potentially dangerous and should be avoided. See example below, assuming that an action implements getter and setter for property message, the below code allows inject an OGNL expression:
          
        • inside text under title Accepted / Excluded patterns
          current
          ...to check if param can accepted or must be excluded.
          
          fixed
          ...to check if param can be accepted or must be excluded.
          

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              sdutry Stefaan Dutry
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: