Author: rgielen
Date: Sat Jul 6 19:00:21 2013
New Revision: 1500311
URL: http://svn.apache.org/r1500311
Log:
WW-3873 file tag leaks server path information
- file-tag: disabled rendering of any content within value attribute
Modified:
struts/struts2/branches/STRUTS_2_3_15_X/core/src/main/resources/template/simple/file.ftl
struts/struts2/branches/STRUTS_2_3_15_X/core/src/test/java/org/apache/struts2/views/jsp/ui/FileTest.java
struts/struts2/branches/STRUTS_2_3_15_X/core/src/test/resources/org/apache/struts2/views/jsp/ui/File-1.txt
Modified:
struts/struts2/branches/STRUTS_2_3_15_X/core/src/main/resources/template/simple/file.ftl
URL:
http://svn.apache.org/viewvc/struts/struts2/branches/STRUTS_2_3_15_X/core/src/main/resources/template/simple/file.ftl?rev=1500311&r1=1500310&r2=1500311&view=diff
==============================================================================
---
struts/struts2/branches/STRUTS_2_3_15_X/core/src/main/resources/template/simple/file.ftl
(original)
+++
struts/struts2/branches/STRUTS_2_3_15_X/core/src/main/resources/template/simple/file.ftl
Sat Jul 6 19:00:21 2013
@@ -25,9 +25,7 @@
<#if parameters.get("size")??>
size="${parameters.get("size")?html}"<#rt/>
</#if>
-<#if parameters.nameValue??>
- value="<@s.property value="parameters.nameValue"/>"<#rt/>
-</#if>
+ value=""<#rt/>
<#if parameters.disabled?default(false)>
disabled="disabled"<#rt/>
</#if>
Modified:
struts/struts2/branches/STRUTS_2_3_15_X/core/src/test/java/org/apache/struts2/views/jsp/ui/FileTest.java
URL:
http://svn.apache.org/viewvc/struts/struts2/branches/STRUTS_2_3_15_X/core/src/test/java/org/apache/struts2/views/jsp/ui/FileTest.java?rev=1500311&r1=1500310&r2=1500311&view=diff
==============================================================================
---
struts/struts2/branches/STRUTS_2_3_15_X/core/src/test/java/org/apache/struts2/views/jsp/ui/FileTest.java
(original)
+++
struts/struts2/branches/STRUTS_2_3_15_X/core/src/test/java/org/apache/struts2/views/jsp/ui/FileTest.java
Sat Jul 6 19:00:21 2013
@@ -66,6 +66,7 @@ public class FileTest extends AbstractUI
Map result = super.initializedGenericTagTestProperties();
new PropertyHolder("accept", "someAccepted").addToMap(result);
new PropertyHolder("size", "101").addToMap(result);
+ new PropertyHolder("value", "").addToMap(result);
return result;
}
Modified:
struts/struts2/branches/STRUTS_2_3_15_X/core/src/test/resources/org/apache/struts2/views/jsp/ui/File-1.txt
URL:
http://svn.apache.org/viewvc/struts/struts2/branches/STRUTS_2_3_15_X/core/src/test/resources/org/apache/struts2/views/jsp/ui/File-1.txt?rev=1500311&r1=1500310&r2=1500311&view=diff
==============================================================================
---
struts/struts2/branches/STRUTS_2_3_15_X/core/src/test/resources/org/apache/struts2/views/jsp/ui/File-1.txt
(original)
+++
struts/struts2/branches/STRUTS_2_3_15_X/core/src/test/resources/org/apache/struts2/views/jsp/ui/File-1.txt
Sat Jul 6 19:00:21 2013
@@ -1,4 +1,4 @@
<tr>
<td class="tdLabel"><label for="myname" class="label">mylabel:</label></td>
- <td><input type="file" name="myname" size="10" value="bar" accept="*.txt"
id="myname" title="mytitle"/></td>
+ <td><input type="file" name="myname" size="10" value="" accept="*.txt"
id="myname" title="mytitle"/></td>
</tr>
