Modified: websites/production/struts/content/docs/processing-forms.html
==============================================================================
--- websites/production/struts/content/docs/processing-forms.html (original)
+++ websites/production/struts/content/docs/processing-forms.html Fri Mar 11
11:02:24 2016
@@ -138,7 +138,7 @@ under the License.
<div class="pagecontent">
<div class="wiki-content">
- <div id="ConfluenceContent"><div
class="confluence-information-macro
confluence-information-macro-information"><span class="aui-icon aui-icon-small
aui-iconfont-info confluence-information-macro-icon"></span><div
class="confluence-information-macro-body"><p>This tutorial assumes you've
completed the <a shape="rect" class="unresolved" href="#">Coding Struts 2
Actons</a> tutorial and have a working coding_actions project. The example code
for this tutorial, form_processing, is available for checkout from the Struts 2
GitHub subversion repository: <a shape="rect" class="external-link"
href="https://github.com/apache/struts-examples";
rel="nofollow">https://github.com/apache/struts-examples</a>.</p></div></div><h3
id="ProcessingForms-Introduction">Introduction</h3><p>In this tutorial we'll
explore using Struts 2 to do more involved processing of a form submission.
We'll cover how to use a Java model class to store the form input and how to
create the Struts 2 form to match up
with that model class.</p><p>The code provided in this tutorial may be added
to the <a shape="rect" href="coding-struts-2-actions.html">Coding Struts 2
Actions</a> example or you can download this complete example from Google Code
- <a shape="rect" class="external-link"
href="http://code.google.com/p/struts2-examples/downloads/list";
rel="nofollow">http://code.google.com/p/struts2-examples/downloads/list</a>.</p><div
class="confluence-information-macro confluence-information-macro-tip"><span
class="aui-icon aui-icon-small aui-iconfont-approve
confluence-information-macro-icon"></span><div
class="confluence-information-macro-body"><p>The <a shape="rect"
class="external-link" href="http://struts.apache.org/mail.html";>Struts 2 user
mailing list</a> is an excellent place to get help. If you are having a problem
getting the tutorial example applications to work search the Struts 2 mailing
list. If you don't find an answer to your problem, post a question on the
mailing list.</p></div></d
iv><h3 id="ProcessingForms-FormsandAJavaModelClass">Forms and A Java Model
Class</h3><p>For this tutorial let's say we need to provide a form that a user
may submit to register for a prize drawing. Our business rules state the user
must provide his/her first name, last name, email address, and age.</p><p>To
encapsulate this data, we'll use a simple Java class that follows the basic
Java Bean specifications (public set/get methods for each instance field). If
you're following along add this class to package
org.apache.struts.register.model in the <a shape="rect"
href="coding-struts-2-actions.html">Coding Struts 2 Actions</a>
example.</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeHeader panelHeader pdl" style="border-bottom-width:
1px;"><b>Person.java</b></div><div class="codeContent panelContent pdl">
+ <div id="ConfluenceContent"><div
class="confluence-information-macro
confluence-information-macro-information"><span class="aui-icon aui-icon-small
aui-iconfont-info confluence-information-macro-icon"></span><div
class="confluence-information-macro-body"><p>This tutorial assumes you've
completed the <a shape="rect" class="createlink"
href="https://cwiki.apache.org/confluence/pages/createpage.action?spaceKey=WW&title=Coding+Struts+2+Actons&linkCreation=true&fromPageId=14811889";>Coding
Struts 2 Actons</a> tutorial and have a working coding_actions project. The
example code for this tutorial, form_processing, is available for checkout from
the Struts 2 GitHub subversion repository: <a shape="rect"
class="external-link" href="https://github.com/apache/struts-examples";
rel="nofollow">https://github.com/apache/struts-examples</a>.</p></div></div><h3
id="ProcessingForms-Introduction">Introduction</h3><p>In this tutorial we'll
explore using Struts 2 to do more involv
ed processing of a form submission. We'll cover how to use a Java model class
to store the form input and how to create the Struts 2 form to match up with
that model class.</p><p>The code provided in this tutorial may be added to the
<a shape="rect" href="coding-struts-2-actions.html">Coding Struts 2 Actions</a>
example or you can download this complete example from Google Code - <a
shape="rect" class="external-link"
href="http://code.google.com/p/struts2-examples/downloads/list";
rel="nofollow">http://code.google.com/p/struts2-examples/downloads/list</a>.</p><div
class="confluence-information-macro confluence-information-macro-tip"><span
class="aui-icon aui-icon-small aui-iconfont-approve
confluence-information-macro-icon"></span><div
class="confluence-information-macro-body"><p>The <a shape="rect"
class="external-link" href="http://struts.apache.org/mail.html";>Struts 2 user
mailing list</a> is an excellent place to get help. If you are having a problem
getting the tutorial example
applications to work search the Struts 2 mailing list. If you don't find an
answer to your problem, post a question on the mailing list.</p></div></div><h3
id="ProcessingForms-FormsandAJavaModelClass">Forms and A Java Model
Class</h3><p>For this tutorial let's say we need to provide a form that a user
may submit to register for a prize drawing. Our business rules state the user
must provide his/her first name, last name, email address, and age.</p><p>To
encapsulate this data, we'll use a simple Java class that follows the basic
Java Bean specifications (public set/get methods for each instance field). If
you're following along add this class to package
org.apache.struts.register.model in the <a shape="rect"
href="coding-struts-2-actions.html">Coding Struts 2 Actions</a>
example.</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeHeader panelHeader pdl" style="border-bottom-width:
1px;"><b>Person.java</b></div><div class="codeContent panelContent pdl">
<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;">public class Person
{
private String firstName;
Modified: websites/production/struts/content/docs/release-notes-202.html
==============================================================================
--- websites/production/struts/content/docs/release-notes-202.html (original)
+++ websites/production/struts/content/docs/release-notes-202.html Fri Mar 11
11:02:24 2016
@@ -172,7 +172,7 @@ under the License.
<h2 id="ReleaseNotes2.0.2-NewFeaturesandPlugins">New Features and Plugins</h2>
-<ul><li>Plugins are now documented in the <a shape="rect" class="unresolved"
href="#">Apache Struts 2 Plugin Registry</a>.</li><li><a shape="rect"
href="annotations.html">Annotations</a>: @Result annotation now supports
parameters (WW-1575).</li><li><a shape="rect" href="ajax-tags.html">Ajax
Tags</a>: The Autocompleter AJAX tag wraps Dojo's ComboBox and supports remote,
static, and JSON content.</li><li><a shape="rect"
href="https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=33274";>Spring
Plugin</a>: Integrate Spring with your application using a plugin (WW-1499).
Or, if you prefer, use the <a shape="rect"
href="https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=33365";>Plexus
Plugin</a> instead.</li><li><a shape="rect"
href="file-upload-interceptor.html">File Uploading</a> Explore multiple file
uploading through our new Showcase example (WW-1479).</li><li><a shape="rect"
href="action.html">Action tag</a>: Eliminate unwanted exceptions with the new
<code>f
lush</code> attribute (WW-1472).</li><li><a shape="rect"
href="checkboxlist.html">Checkboxlist</a> tag: Use Maps with CheckboxList
(WW-1471).</li><li><a shape="rect" href="roles-interceptor.html">Roles
Interceptor</a>: Integrate JAAS with a new interceptor - now on the default
stack (WW-1469).</li><li><a shape="rect" href="textfield.html">Localized
Links</a>: Use the new <code>key</code> attribute to streamline link markup
(WW-1458).</li><li><a shape="rect" href="constant-configuration.html">Constant
Configuration</a>: Override factory default settings from any XML configurtion
document, including <code>web.xml</code>! (WW-1421).</li><li><a shape="rect"
href="strutsxml-examples.html">Action Class Ref</a>: Configure a custom default
Action for any package to use instead of ActionSupport (WW-1420).</li><li><a
shape="rect" href="struts-maven-archetypes.html">Struts Maven Archetypes</a>
The standard archetype includes sample code from the <a shape="rect"
href="bootstrap.html">Bootstrap
</a> tutorial {WW-1412).</li><li><a shape="rect"
href="result-types.html">Direct Results</a>: Create a custom Result Type
directly from an Action class (WW-1393).</li></ul>
+<ul><li>Plugins are now documented in the <a shape="rect" class="createlink"
href="https://cwiki.apache.org/confluence/pages/createpage.action?spaceKey=S2PLUGINS&title=Angosso";>Apache
Struts 2 Plugin Registry</a>.</li><li><a shape="rect"
href="annotations.html">Annotations</a>: @Result annotation now supports
parameters (WW-1575).</li><li><a shape="rect" href="ajax-tags.html">Ajax
Tags</a>: The Autocompleter AJAX tag wraps Dojo's ComboBox and supports remote,
static, and JSON content.</li><li><a shape="rect"
href="https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=33274";>Spring
Plugin</a>: Integrate Spring with your application using a plugin (WW-1499).
Or, if you prefer, use the <a shape="rect"
href="https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=33365";>Plexus
Plugin</a> instead.</li><li><a shape="rect"
href="file-upload-interceptor.html">File Uploading</a> Explore multiple file
uploading through our new Showcase example (WW-1479).</li><li><a sha
pe="rect" href="action.html">Action tag</a>: Eliminate unwanted exceptions
with the new <code>flush</code> attribute (WW-1472).</li><li><a shape="rect"
href="checkboxlist.html">Checkboxlist</a> tag: Use Maps with CheckboxList
(WW-1471).</li><li><a shape="rect" href="roles-interceptor.html">Roles
Interceptor</a>: Integrate JAAS with a new interceptor - now on the default
stack (WW-1469).</li><li><a shape="rect" href="textfield.html">Localized
Links</a>: Use the new <code>key</code> attribute to streamline link markup
(WW-1458).</li><li><a shape="rect" href="constant-configuration.html">Constant
Configuration</a>: Override factory default settings from any XML configurtion
document, including <code>web.xml</code>! (WW-1421).</li><li><a shape="rect"
href="strutsxml-examples.html">Action Class Ref</a>: Configure a custom default
Action for any package to use instead of ActionSupport (WW-1420).</li><li><a
shape="rect" href="struts-maven-archetypes.html">Struts Maven Archetypes</a>
The s
tandard archetype includes sample code from the <a shape="rect"
href="bootstrap.html">Bootstrap</a> tutorial {WW-1412).</li><li><a shape="rect"
href="result-types.html">Direct Results</a>: Create a custom Result Type
directly from an Action class (WW-1393).</li></ul>
<h2 id="ReleaseNotes2.0.2-ExperimentalFeaturesandPlugins">Experimental
Features and Plugins </h2>
Modified: websites/production/struts/content/docs/release-plan-200.html
==============================================================================
--- websites/production/struts/content/docs/release-plan-200.html (original)
+++ websites/production/struts/content/docs/release-plan-200.html Fri Mar 11
11:02:24 2016
@@ -224,7 +224,7 @@ under the License.
<h2 id="ReleasePlan2.0.0-TestBuildDistributionChecklist(A)">Test Build
Distribution Checklist (A)</h2>
-<p>See also <a shape="rect" class="unresolved" href="#">Creating and Signing
Releases</a></p>
+<p>See also <a shape="rect" class="createlink"
href="https://cwiki.apache.org/confluence/pages/createpage.action?spaceKey=WW&title=Creating+and+Signing+Releases&linkCreation=true&fromPageId=19602";>Creating
and Signing Releases</a></p>
<div class="table-wrap"><table class="confluenceTable"><tbody><tr><th
colspan="1" rowspan="1" class="confluenceTh"><p> # </p></th><th colspan="1"
rowspan="1" class="confluenceTh"><p> Description </p></th><th colspan="1"
rowspan="1" class="confluenceTh"><p> Completed </p></th></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p> A1. </p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p> Setup new JIRA version level or update
release on Roadmap </p></td><th colspan="1" rowspan="1"
class="confluenceTh"><p> <img class="emoticon emoticon-tick"
src="https://cwiki.apache.org/confluence/s/en_GB/5982/f2b47fb3d636c8bc9fd0b11c0ec6d0ae18646be7.1/_/images/icons/emoticons/check.png";
data-emoticon-name="tick" alt="(tick)"> Done </p></th></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p> A2. </p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p> Tag release in svn: ${STRUTS_2_0_0} </p></td><th
colspan="1" rowspan="1" class="confluenceTh"><p> <img class="emoticon emo
ticon-tick"
src="https://cwiki.apache.org/confluence/s/en_GB/5982/f2b47fb3d636c8bc9fd0b11c0ec6d0ae18646be7.1/_/images/icons/emoticons/check.png";
data-emoticon-name="tick" alt="(tick)"> Done (r447072) </p></th></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p> A3. </p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p> Update POM version level and run
Distribution Target </p></td><th colspan="1" rowspan="1"
class="confluenceTh"><p> <img class="emoticon emoticon-tick"
src="https://cwiki.apache.org/confluence/s/en_GB/5982/f2b47fb3d636c8bc9fd0b11c0ec6d0ae18646be7.1/_/images/icons/emoticons/check.png";
data-emoticon-name="tick" alt="(tick)"> Done </p></th></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p> A4. </p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p> Create Sums and Sign Distributions </p></td><th
colspan="1" rowspan="1" class="confluenceTh"><p> <img class="emoticon
emoticon-tick" src="https://cwiki.apache.org/confluence/s/en_GB/5982/f2b47fb
3d636c8bc9fd0b11c0ec6d0ae18646be7.1/_/images/icons/emoticons/check.png"
data-emoticon-name="tick" alt="(tick)"> Done </p></th></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p> A5. </p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p> Upload Distribution to
<code>people.apache.org/builds/struts/2.0.0/</code> </p></td><th colspan="1"
rowspan="1" class="confluenceTh"><p> <img class="emoticon emoticon-tick"
src="https://cwiki.apache.org/confluence/s/en_GB/5982/f2b47fb3d636c8bc9fd0b11c0ec6d0ae18646be7.1/_/images/icons/emoticons/check.png";
data-emoticon-name="tick" alt="(tick)"> Done </p></th></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p> A6. </p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p> Deploy JAR to Apache Java-Repository </p></td><th
colspan="1" rowspan="1" class="confluenceTh"><p> <img class="emoticon
emoticon-tick"
src="https://cwiki.apache.org/confluence/s/en_GB/5982/f2b47fb3d636c8bc9fd0b11c0ec6d0ae18646be7.1/_/images/icons/emoticon
s/check.png" data-emoticon-name="tick" alt="(tick)"> Done
</p></th></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p> </p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p> <code>$ mvn deploy -P pre-assembly</code> </p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p> </p></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p> A7. </p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p> Post release-quality vote on dev@ lists
</p></td><th colspan="1" rowspan="1" class="confluenceTh"><p> ${STATUS}
</p></th></tr></tbody></table></div>
Modified: websites/production/struts/content/docs/rest-plugin.html
==============================================================================
--- websites/production/struts/content/docs/rest-plugin.html (original)
+++ websites/production/struts/content/docs/rest-plugin.html Fri Mar 11
11:02:24 2016
@@ -139,11 +139,11 @@ under the License.
<div class="pagecontent">
<div class="wiki-content">
<div id="ConfluenceContent"><div
class="confluence-information-macro
confluence-information-macro-information"><span class="aui-icon aui-icon-small
aui-iconfont-info confluence-information-macro-icon"></span><div
class="confluence-information-macro-body"><p>This plugin is only available with
Struts 2.1.1 or later</p></div></div><p><style type="text/css">/*<![CDATA[*/
-div.rbtoc1456773665918 {padding: 0px;}
-div.rbtoc1456773665918 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1456773665918 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1453884501969 {padding: 0px;}
+div.rbtoc1453884501969 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1453884501969 li {margin-left: 0px;padding-left: 0px;}
-/*]]>*/</style></p><div class="toc-macro rbtoc1456773665918">
+/*]]>*/</style></p><div class="toc-macro rbtoc1453884501969">
<ul class="toc-indentation"><li><span class="TOCOutline">1</span> <a
shape="rect" href="#RESTPlugin-Overview">Overview</a>
<ul class="toc-indentation"><li><span class="TOCOutline">1.1</span> <a
shape="rect" href="#RESTPlugin-Features">Features</a></li><li><span
class="TOCOutline">1.2</span> <a shape="rect"
href="#RESTPlugin-MappingRESTURLstoStruts2Actions">Mapping REST URLs to Struts
2 Actions</a>
<ul class="toc-indentation"><li><span class="TOCOutline">1.2.1</span> <a
shape="rect" href="#RESTPlugin-RESTfulURLMappingLogic">RESTful URL Mapping
Logic</a></li></ul>
Modified: websites/production/struts/content/docs/result-configuration.html
==============================================================================
--- websites/production/struts/content/docs/result-configuration.html (original)
+++ websites/production/struts/content/docs/result-configuration.html Fri Mar
11 11:02:24 2016
@@ -139,11 +139,11 @@ under the License.
<div class="pagecontent">
<div class="wiki-content">
<div id="ConfluenceContent"><p><style type="text/css">/*<![CDATA[*/
-div.rbtoc1456773353562 {padding: 0px;}
-div.rbtoc1456773353562 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1456773353562 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1457693886833 {padding: 0px;}
+div.rbtoc1457693886833 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1457693886833 li {margin-left: 0px;padding-left: 0px;}
-/*]]>*/</style></p><div class="toc-macro rbtoc1456773353562">
+/*]]>*/</style></p><div class="toc-macro rbtoc1457693886833">
<ul class="toc-indentation"><li><a shape="rect"
href="#ResultConfiguration-ResultElements">Result Elements</a>
<ul class="toc-indentation"><li><a shape="rect"
href="#ResultConfiguration-IntelligentDefaults">Intelligent
Defaults</a></li><li><a shape="rect"
href="#ResultConfiguration-Multiplenames">Multiple names</a></li></ul>
</li><li><a shape="rect" href="#ResultConfiguration-GlobalResults">Global
Results</a></li><li><a shape="rect"
href="#ResultConfiguration-DynamicResults">Dynamic Results</a></li><li><a
shape="rect" href="#ResultConfiguration-ReturningResultObjects">Returning
Result Objects</a></li></ul>
Modified: websites/production/struts/content/docs/result-types.html
==============================================================================
--- websites/production/struts/content/docs/result-types.html (original)
+++ websites/production/struts/content/docs/result-types.html Fri Mar 11
11:02:24 2016
@@ -138,7 +138,7 @@ under the License.
<div class="pagecontent">
<div class="wiki-content">
- <div id="ConfluenceContent"><p>Most use cases can be divided into
two phases. First, we need to change or query the application's state, and then
we need to present an updated view of the application. The Action class manages
the application's state, and the Result Type manages the view.</p><h2
id="ResultTypes-PredefinedResultTypes">Predefined Result Types</h2><p>The
framework provides several implementations of the
<code>com.opensymphony.xwork2.Result</code> interface, ready to use in your own
applications.</p><div class="table-wrap"><table
class="confluenceTable"><tbody><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><a shape="rect" href="chain-result.html">Chain
Result</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Used for
<a shape="rect" href="action-chaining.html">Action
Chaining</a></p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><a shape="rect"
href="dispatcher-result.html">Dispatcher Result</a></p></td><td colspan="1
" rowspan="1" class="confluenceTd"><p>Used for web resource integration,
including <a shape="rect" href="jsp.html">JSP</a>
integration</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><a shape="rect"
href="freemarker-result.html">FreeMarker Result</a></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>Used for <a shape="rect"
href="freemarker.html">FreeMarker</a> integration</p></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect"
href="httpheader-result.html">HttpHeader Result</a></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>Used to control special HTTP
behaviors</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><a shape="rect" href="redirect-result.html">Redirect
Result</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Used to
redirect to another URL (web resource)</p></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p><a shape="rect"
href="redirect-action-result.
html">Redirect Action Result</a></p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Used to redirect to another action
mapping</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><a
shape="rect" href="stream-result.html">Stream Result</a></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>Used to stream an InputStream
back to the browser (usually for file downloads)</p></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect"
href="velocity-result.html">Velocity Result</a></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>Used for <a shape="rect"
href="velocity.html">Velocity</a> integration</p></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p><a shape="rect" href="xsl-result.html">XSL
Result</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Used for
XML/XSLT integration</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><a shape="rect" href="plaintext-result.html">Pl
ainText Result</a></p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Used to display the raw content of a particular page
(i.e jsp, HTML)</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><a shape="rect" href="tiles-plugin.html">Tiles 2
Result</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Used to
provide Tiles 2 integration</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><a shape="rect" href="tiles-3-plugin.html">Tiles 3
Result</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Used to
provide Tiles 3 integration</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><a shape="rect" href="postback-result.html">Postback
Result</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Used to
postback request parameters as a form to the specified
destination</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><a shape="rect" href="json-plugin.html">JSON
Result</a></td><td
colspan="1" rowspan="1" class="confluenceTd">Used to serialize actions into
JSON</td></tr></tbody></table></div><h3
id="ResultTypes-Optional">Optional</h3><div class="table-wrap"><table
class="confluenceTable"><tbody><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><a shape="rect"
href="jasperreports-plugin.html">JasperReports Plugin</a></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>Used for <a shape="rect"
href="jasperreports-tutorial.html">JasperReports Tutorial</a>
integration</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Optional, third-party
plugin</p></td></tr></tbody></table></div><p>Additional Result Types can be
created and plugged into an application by implementing the
<code>com.opensymphony.xwork2.Result</code> interface. Custom Result Types
might include generating an email or JMS message, generating images, and so
forth.</p><h2 id="ResultTypes-DefaultParameters">Default Parameters</h2><p>To
minimize configuration, Results can be conf
igured with a single value, which will be converted into a parameter, and each
Result can specify which parameter this value should be set as. For example,
here is a result defined in XML that uses a default parameter:</p><div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
+ <div id="ConfluenceContent"><p>Most use cases can be divided into
two phases. First, we need to change or query the application's state, and then
we need to present an updated view of the application. The Action class manages
the application's state, and the Result Type manages the view.</p><h2
id="ResultTypes-PredefinedResultTypes">Predefined Result Types</h2><p>The
framework provides several implementations of the
<code>com.opensymphony.xwork2.Result</code> interface, ready to use in your own
applications.</p><div class="table-wrap"><table
class="confluenceTable"><tbody><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><a shape="rect" href="chain-result.html">Chain
Result</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Used for
<a shape="rect" href="action-chaining.html">Action
Chaining</a></p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><a shape="rect"
href="dispatcher-result.html">Dispatcher Result</a></p></td><td colspan="1
" rowspan="1" class="confluenceTd"><p>Used for web resource integration,
including <a shape="rect" href="jsp.html">JSP</a>
integration</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><a shape="rect"
href="freemarker-result.html">FreeMarker Result</a></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>Used for <a shape="rect"
href="freemarker.html">FreeMarker</a> integration</p></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect"
href="httpheader-result.html">HttpHeader Result</a></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>Used to control special HTTP
behaviors</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><a shape="rect" href="redirect-result.html">Redirect
Result</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Used to
redirect to another URL (web resource)</p></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p><a shape="rect"
href="redirect-action-result.
html">Redirect Action Result</a></p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Used to redirect to another action
mapping</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><a
shape="rect" href="stream-result.html">Stream Result</a></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>Used to stream an InputStream
back to the browser (usually for file downloads)</p></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect"
href="velocity-result.html">Velocity Result</a></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>Used for <a shape="rect"
href="velocity.html">Velocity</a> integration</p></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p><a shape="rect" href="xsl-result.html">XSL
Result</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Used for
XML/XSLT integration</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><a shape="rect" href="plaintext-result.html">Pl
ainText Result</a></p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Used to display the raw content of a particular page
(i.e jsp, HTML)</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><a shape="rect" href="tiles-2-plugin.html">Tiles 2
Result</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Used to
provide Tiles 2 integration</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><a shape="rect" href="tiles-3-plugin.html">Tiles 3
Result</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Used to
provide Tiles 3 integration</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><a shape="rect" href="postback-result.html">Postback
Result</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Used to
postback request parameters as a form to the specified
destination</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><a shape="rect" href="json-plugin.html">JSON
Result</a></td><
td colspan="1" rowspan="1" class="confluenceTd">Used to serialize actions into
JSON</td></tr></tbody></table></div><h3
id="ResultTypes-Optional">Optional</h3><div class="table-wrap"><table
class="confluenceTable"><tbody><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><a shape="rect"
href="jasperreports-plugin.html">JasperReports Plugin</a></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>Used for <a shape="rect"
href="jasperreports-tutorial.html">JasperReports Tutorial</a>
integration</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Optional, third-party
plugin</p></td></tr></tbody></table></div><p>Additional Result Types can be
created and plugged into an application by implementing the
<code>com.opensymphony.xwork2.Result</code> interface. Custom Result Types
might include generating an email or JMS message, generating images, and so
forth.</p><h2 id="ResultTypes-DefaultParameters">Default Parameters</h2><p>To
minimize configuration, Results can be co
nfigured with a single value, which will be converted into a parameter, and
each Result can specify which parameter this value should be set as. For
example, here is a result defined in XML that uses a default parameter:</p><div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
<pre class="brush: xml; gutter: false; theme: Default"
style="font-size:12px;"><result type="freemarker">foo.fm</result>
</pre>
</div></div><p>That is the equivalent to this:</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeContent panelContent pdl">
Modified: websites/production/struts/content/docs/s2-003.html
==============================================================================
--- websites/production/struts/content/docs/s2-003.html (original)
+++ websites/production/struts/content/docs/s2-003.html Fri Mar 11 11:02:24 2016
@@ -139,11 +139,11 @@ under the License.
<p>So, for instance, to set #session.user to '0wn3d' the following parameter
name can be used:</p>
-<p>('\u0023' + 'session<a shape="rect" class="unresolved"
href="#">\'user\'</a>')(unused)=0wn3d</p>
+<p>('\u0023' + 'session<a shape="rect" class="createlink"
href="https://cwiki.apache.org/confluence/pages/createpage.action?spaceKey=WW&title=%5C%27user%5C%27&linkCreation=true&fromPageId=88882";>\'user\'</a>')(unused)=0wn3d</p>
<p>which will look as follows once URL encoded:</p>
-<p>('\u0023'%20%2b%20'session<a shape="rect" class="unresolved"
href="#">\'user\'</a>')(unused)=0wn3d </p>
+<p>('\u0023'%20%2b%20'session<a shape="rect" class="createlink"
href="https://cwiki.apache.org/confluence/pages/createpage.action?spaceKey=WW&title=%5C%27user%5C%27&linkCreation=true&fromPageId=88882";>\'user\'</a>')(unused)=0wn3d
</p>
<h2 id="S2-003-Solution">Solution</h2>
Added: websites/production/struts/content/docs/s2-028.html
==============================================================================
--- websites/production/struts/content/docs/s2-028.html (added)
+++ websites/production/struts/content/docs/s2-028.html Fri Mar 11 11:02:24 2016
@@ -0,0 +1,165 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd";>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<html>
+<head>
+ <link type="text/css" rel="stylesheet"
href="https://struts.apache.org/css/default.css";>
+ <style type="text/css">
+ .dp-highlighter {
+ width:95% !important;
+ }
+ </style>
+ <style type="text/css">
+ .footer {
+ background-image:
url('https://cwiki.apache.org/confluence/images/border/border_bottom.gif');
+ background-repeat: repeat-x;
+ background-position: left top;
+ padding-top: 4px;
+ color: #666;
+ }
+ </style>
+ <script type="text/javascript" language="javascript">
+ var hide = null;
+ var show = null;
+ var children = null;
+
+ function init() {
+ /* Search form initialization */
+ var form = document.forms['search'];
+ if (form != null) {
+ form.elements['domains'].value = location.hostname;
+ form.elements['sitesearch'].value = location.hostname;
+ }
+
+ /* Children initialization */
+ hide = document.getElementById('hide');
+ show = document.getElementById('show');
+ children = document.all != null ?
+ document.all['children'] :
+ document.getElementById('children');
+ if (children != null) {
+ children.style.display = 'none';
+ show.style.display = 'inline';
+ hide.style.display = 'none';
+ }
+ }
+
+ function showChildren() {
+ children.style.display = 'block';
+ show.style.display = 'none';
+ hide.style.display = 'inline';
+ }
+
+ function hideChildren() {
+ children.style.display = 'none';
+ show.style.display = 'inline';
+ hide.style.display = 'none';
+ }
+ </script>
+ <title>S2-028</title>
+</head>
+<body onload="init()">
+<table border="0" cellpadding="2" cellspacing="0" width="100%">
+ <tr class="topBar">
+ <td align="left" valign="middle" class="topBarDiv" align="left" nowrap>
+ <a href="home.html">Home</a> > <a
href="security-bulletins.html">Security Bulletins</a> > <a
href="s2-028.html">S2-028</a>
+ </td>
+ <td align="right" valign="middle" nowrap>
+ <form name="search" action="https://www.google.com/search";
method="get">
+ <input type="hidden" name="ie" value="UTF-8" />
+ <input type="hidden" name="oe" value="UTF-8" />
+ <input type="hidden" name="domains" value="" />
+ <input type="hidden" name="sitesearch" value="" />
+ <input type="text" name="q" maxlength="255" value="" />
+ <input type="submit" name="btnG" value="Google Search" />
+ </form>
+ </td>
+ </tr>
+</table>
+
+<div id="PageContent">
+ <div class="pageheader" style="padding: 6px 0px 0px 0px;">
+ <!-- We'll enable this once we figure out how to access (and save) the
logo resource -->
+ <!--img src="/wiki/images/confluence_logo.gif" style="float: left;
margin: 4px 4px 4px 10px;" border="0"-->
+ <div style="margin: 0px 10px 0px 10px" class="smalltext">Apache Struts
2 Documentation</div>
+ <div style="margin: 0px 10px 8px 10px" class="pagetitle">S2-028</div>
+
+ <div class="greynavbar" align="right" style="padding: 2px 10px;
margin: 0px;">
+ <a
href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=62686284";>
+ <img
src="https://cwiki.apache.org/confluence/images/icons/notep_16.gif";
+ height="16" width="16" border="0" align="absmiddle"
title="Edit Page"></a>
+ <a
href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=62686284";>Edit
Page</a>
+
+ <a
href="https://cwiki.apache.org/confluence/pages/listpages.action?key=WW";>
+ <img
src="https://cwiki.apache.org/confluence/images/icons/browse_space.gif";
+ height="16" width="16" border="0" align="absmiddle"
title="Browse Space"></a>
+ <a
href="https://cwiki.apache.org/confluence/pages/listpages.action?key=WW";>Browse
Space</a>
+
+ <a
href="https://cwiki.apache.org/confluence/pages/createpage.action?spaceKey=WW&fromPageId=62686284";>
+ <img
src="https://cwiki.apache.org/confluence/images/icons/add_page_16.gif";
+ height="16" width="16" border="0" align="absmiddle"
title="Add Page"></a>
+ <a
href="https://cwiki.apache.org/confluence/pages/createpage.action?spaceKey=WW&fromPageId=62686284";>Add
Page</a>
+
+ <a
href="https://cwiki.apache.org/confluence/pages/createblogpost.action?spaceKey=WW&fromPageId=62686284";>
+ <img
src="https://cwiki.apache.org/confluence/images/icons/add_blogentry_16.gif";
+ height="16" width="16" border="0" align="absmiddle"
title="Add News"></a>
+ <a
href="https://cwiki.apache.org/confluence/pages/createblogpost.action?spaceKey=WW&fromPageId=62686284";>Add
News</a>
+ </div>
+ </div>
+
+ <div class="pagecontent">
+ <div class="wiki-content">
+ <div id="ConfluenceContent"><h2
id="S2-028-Summary">Summary</h2>Use of a JRE with broken URLDecoder
implementation may lead to XSS vulnerability in Struts 2 based web
applications.<div class="table-wrap"><table
class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1"
class="confluenceTh"><p>Who should read this</p></th><td colspan="1"
rowspan="1" class="confluenceTd"><p>All Struts 2 developers and
users</p></td></tr><tr><th colspan="1" rowspan="1"
class="confluenceTh"><p>Impact of vulnerability</p></th><td colspan="1"
rowspan="1" class="confluenceTd"><p>Affects of a cross-site scripting
vulnerability.</p></td></tr><tr><th colspan="1" rowspan="1"
class="confluenceTh"><p>Maximum security rating</p></th><td colspan="1"
rowspan="1" class="confluenceTd"><p>Important</p></td></tr><tr><th colspan="1"
rowspan="1" class="confluenceTh"><p>Recommendation</p></th><td colspan="1"
rowspan="1" class="confluenceTd"><p>Upgrade runtime JRE to a recent major
version, preferably 1.8.
Alternatively upgrade to <a shape="rect" class="external-link"
href="http://struts.apache.org/download.cgi#struts2325";>Struts
2.3.25</a></p></td></tr><tr><th colspan="1" rowspan="1"
class="confluenceTh"><p>Affected Software</p></th><td colspan="1" rowspan="1"
class="confluenceTd"><p>Struts 2.0.0 - Struts <span style="color:
rgb(23,35,59);">Struts 2.3.24.1</span></p></td></tr><tr><th colspan="1"
rowspan="1" class="confluenceTh"><p>Reporter</p></th><td colspan="1"
rowspan="1" class="confluenceTd"><p>WhiteHat Security (<a shape="rect"
class="external-link" href="http://whitehatsec.com";
rel="nofollow">whitehatsec.com</a>)</p></td></tr><tr><th colspan="1"
rowspan="1" class="confluenceTh"><p>CVE Identifier</p></th><td colspan="1"
rowspan="1" class="confluenceTd"><p><span style="color:
rgb(34,34,34);">-</span></p></td></tr></tbody></table></div><h2
id="S2-028-Problem">Problem</h2><p>When using a single byte page encoding such
as ISO-8895-1, an attacker might submit a non-spec URL-encoded p
arameter value including multi-byte characters.</p><p>Struts 2 used the
standard JRE URLDecoder to decode parameter values. <span>Especially JRE
1.5's URLDecoder implementation seems to be broken to the point that this
non-spec encoding isn't rejected / filtered. In later JREs the issue was fixed,
best known solution is found in JRE 1.8.</span></p><h2
id="S2-028-Solution">Solution</h2><p>Upgrade runtime JRE/JDK, preferably to the
most recent 1.8 version.</p><p>Alternatively <span style="line-height:
1.42857;">upgrade to Struts 2.3.25, which includes and uses a safe URLDecoder
implementation from Apache Tomcat</span></p><h2
id="S2-028-Backwardcompatibility">Backward compatibility</h2><p>No issues
expected when upgrading to Struts 2.3.25</p><h2
id="S2-028-Workaround">Workaround</h2><p>Use UTF-8 for page and parameter
encoding.</p><h2 id="S2-028-FurtherReference">Further Reference</h2><p><style>
+ .jira-issue {
+ padding: 0 0 0 2px;
+ line-height: 20px;
+ }
+
+ .jira-issue img {
+ padding-right: 5px;
+ }
+ .jira-issue .aui-lozenge {
+ line-height: 18px;
+ vertical-align: top;
+ }
+
+ .jira-issue .icon {
+ background-position: left center;
+ background-repeat: no-repeat;
+ display: inline-block;
+ font-size: 0;
+ max-height: 16px;
+ text-align: left;
+ text-indent: -9999em;
+ vertical-align: text-bottom;
+ }
+</style>
+
+ <span class="jira-issue WW-4507"><a shape="rect" class="issue-link"
href="https://issues.apache.org/jira/browse/WW-4507?src=confmacro";>WW-4507</a></span>
+</p></div>
+ </div>
+
+
+ </div>
+</div>
+<div class="footer">
+ Generated by CXF SiteExporter
+</div>
+</body>
+</html>
Added: websites/production/struts/content/docs/s2-029.html
==============================================================================
--- websites/production/struts/content/docs/s2-029.html (added)
+++ websites/production/struts/content/docs/s2-029.html Fri Mar 11 11:02:24 2016
@@ -0,0 +1,138 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd";>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<html>
+<head>
+ <link type="text/css" rel="stylesheet"
href="https://struts.apache.org/css/default.css";>
+ <style type="text/css">
+ .dp-highlighter {
+ width:95% !important;
+ }
+ </style>
+ <style type="text/css">
+ .footer {
+ background-image:
url('https://cwiki.apache.org/confluence/images/border/border_bottom.gif');
+ background-repeat: repeat-x;
+ background-position: left top;
+ padding-top: 4px;
+ color: #666;
+ }
+ </style>
+ <script type="text/javascript" language="javascript">
+ var hide = null;
+ var show = null;
+ var children = null;
+
+ function init() {
+ /* Search form initialization */
+ var form = document.forms['search'];
+ if (form != null) {
+ form.elements['domains'].value = location.hostname;
+ form.elements['sitesearch'].value = location.hostname;
+ }
+
+ /* Children initialization */
+ hide = document.getElementById('hide');
+ show = document.getElementById('show');
+ children = document.all != null ?
+ document.all['children'] :
+ document.getElementById('children');
+ if (children != null) {
+ children.style.display = 'none';
+ show.style.display = 'inline';
+ hide.style.display = 'none';
+ }
+ }
+
+ function showChildren() {
+ children.style.display = 'block';
+ show.style.display = 'none';
+ hide.style.display = 'inline';
+ }
+
+ function hideChildren() {
+ children.style.display = 'none';
+ show.style.display = 'inline';
+ hide.style.display = 'none';
+ }
+ </script>
+ <title>S2-029</title>
+</head>
+<body onload="init()">
+<table border="0" cellpadding="2" cellspacing="0" width="100%">
+ <tr class="topBar">
+ <td align="left" valign="middle" class="topBarDiv" align="left" nowrap>
+ <a href="home.html">Home</a> > <a
href="security-bulletins.html">Security Bulletins</a> > <a
href="s2-029.html">S2-029</a>
+ </td>
+ <td align="right" valign="middle" nowrap>
+ <form name="search" action="https://www.google.com/search";
method="get">
+ <input type="hidden" name="ie" value="UTF-8" />
+ <input type="hidden" name="oe" value="UTF-8" />
+ <input type="hidden" name="domains" value="" />
+ <input type="hidden" name="sitesearch" value="" />
+ <input type="text" name="q" maxlength="255" value="" />
+ <input type="submit" name="btnG" value="Google Search" />
+ </form>
+ </td>
+ </tr>
+</table>
+
+<div id="PageContent">
+ <div class="pageheader" style="padding: 6px 0px 0px 0px;">
+ <!-- We'll enable this once we figure out how to access (and save) the
logo resource -->
+ <!--img src="/wiki/images/confluence_logo.gif" style="float: left;
margin: 4px 4px 4px 10px;" border="0"-->
+ <div style="margin: 0px 10px 0px 10px" class="smalltext">Apache Struts
2 Documentation</div>
+ <div style="margin: 0px 10px 8px 10px" class="pagetitle">S2-029</div>
+
+ <div class="greynavbar" align="right" style="padding: 2px 10px;
margin: 0px;">
+ <a
href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=62687048";>
+ <img
src="https://cwiki.apache.org/confluence/images/icons/notep_16.gif";
+ height="16" width="16" border="0" align="absmiddle"
title="Edit Page"></a>
+ <a
href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=62687048";>Edit
Page</a>
+
+ <a
href="https://cwiki.apache.org/confluence/pages/listpages.action?key=WW";>
+ <img
src="https://cwiki.apache.org/confluence/images/icons/browse_space.gif";
+ height="16" width="16" border="0" align="absmiddle"
title="Browse Space"></a>
+ <a
href="https://cwiki.apache.org/confluence/pages/listpages.action?key=WW";>Browse
Space</a>
+
+ <a
href="https://cwiki.apache.org/confluence/pages/createpage.action?spaceKey=WW&fromPageId=62687048";>
+ <img
src="https://cwiki.apache.org/confluence/images/icons/add_page_16.gif";
+ height="16" width="16" border="0" align="absmiddle"
title="Add Page"></a>
+ <a
href="https://cwiki.apache.org/confluence/pages/createpage.action?spaceKey=WW&fromPageId=62687048";>Add
Page</a>
+
+ <a
href="https://cwiki.apache.org/confluence/pages/createblogpost.action?spaceKey=WW&fromPageId=62687048";>
+ <img
src="https://cwiki.apache.org/confluence/images/icons/add_blogentry_16.gif";
+ height="16" width="16" border="0" align="absmiddle"
title="Add News"></a>
+ <a
href="https://cwiki.apache.org/confluence/pages/createblogpost.action?spaceKey=WW&fromPageId=62687048";>Add
News</a>
+ </div>
+ </div>
+
+ <div class="pagecontent">
+ <div class="wiki-content">
+ <div id="ConfluenceContent"><h2
id="S2-029-Summary">Summary</h2>Double OGNL evaluation when using raw user
input in tag's attributes.<div class="table-wrap"><table
class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1"
class="confluenceTh"><p>Who should read this</p></th><td colspan="1"
rowspan="1" class="confluenceTd"><p>All Struts 2 developers and
users</p></td></tr><tr><th colspan="1" rowspan="1"
class="confluenceTh"><p>Impact of vulnerability</p></th><td colspan="1"
rowspan="1" class="confluenceTd"><p>Possible Remote Code Execution
vulnerability</p></td></tr><tr><th colspan="1" rowspan="1"
class="confluenceTh"><p>Maximum security rating</p></th><td colspan="1"
rowspan="1" class="confluenceTd"><p>Important</p></td></tr><tr><th colspan="1"
rowspan="1" class="confluenceTh"><p>Recommendation</p></th><td colspan="1"
rowspan="1" class="confluenceTd"><p>Always validate incoming parameters' values
when re-assigning them to certain Struts' tags attributes. Alternative
ly upgrade to <a shape="rect" class="external-link"
href="http://struts.apache.org/download.cgi#struts2325";>Struts
2.3.25</a></p></td></tr><tr><th colspan="1" rowspan="1"
class="confluenceTh"><p>Affected Software</p></th><td colspan="1" rowspan="1"
class="confluenceTd"><p>Struts 2.0.0 - Struts <span style="color:
rgb(23,35,59);">Struts 2.3.24.1</span></p></td></tr><tr><th colspan="1"
rowspan="1" class="confluenceTh"><p>Reporter</p></th><td colspan="1"
rowspan="1" class="confluenceTd"><p>Romain Gaucher rgaucher at coverity dot com
- <a shape="rect" class="external-link" href="http://www.coverity.com/";
rel="nofollow">Coverity</a></p></td></tr><tr><th colspan="1" rowspan="1"
class="confluenceTh"><p>CVE Identifier</p></th><td colspan="1" rowspan="1"
class="confluenceTd"><p><span style="color:
rgb(34,34,34);">CVE-2016-0785</span></p></td></tr></tbody></table></div><h2
id="S2-029-Problem">Problem</h2><p>The Apache Struts frameworks performs double
evaluation of attributes' values assigned
to certain tags so it is possible to pass in a value that will be evaluated
again when a tag's attributes will be rendered.</p><h2
id="S2-029-Solution">Solution</h2><p>Adding a proper validation of each value
that's coming in and it's used in tag's
attributes. Alternatively <span style="line-height: 1.42857;">upgrade
to Struts 2.3.25.</span></p><h2 id="S2-029-Backwardcompatibility">Backward
compatibility</h2><p>No issues expected when upgrading to Struts 2.3.25</p><h2
id="S2-029-Workaround">Workaround</h2><p>Not possible</p></div>
+ </div>
+
+
+ </div>
+</div>
+<div class="footer">
+ Generated by CXF SiteExporter
+</div>
+</body>
+</html>
Added: websites/production/struts/content/docs/s2-030.html
==============================================================================
--- websites/production/struts/content/docs/s2-030.html (added)
+++ websites/production/struts/content/docs/s2-030.html Fri Mar 11 11:02:24 2016
@@ -0,0 +1,138 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd";>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<html>
+<head>
+ <link type="text/css" rel="stylesheet"
href="https://struts.apache.org/css/default.css";>
+ <style type="text/css">
+ .dp-highlighter {
+ width:95% !important;
+ }
+ </style>
+ <style type="text/css">
+ .footer {
+ background-image:
url('https://cwiki.apache.org/confluence/images/border/border_bottom.gif');
+ background-repeat: repeat-x;
+ background-position: left top;
+ padding-top: 4px;
+ color: #666;
+ }
+ </style>
+ <script type="text/javascript" language="javascript">
+ var hide = null;
+ var show = null;
+ var children = null;
+
+ function init() {
+ /* Search form initialization */
+ var form = document.forms['search'];
+ if (form != null) {
+ form.elements['domains'].value = location.hostname;
+ form.elements['sitesearch'].value = location.hostname;
+ }
+
+ /* Children initialization */
+ hide = document.getElementById('hide');
+ show = document.getElementById('show');
+ children = document.all != null ?
+ document.all['children'] :
+ document.getElementById('children');
+ if (children != null) {
+ children.style.display = 'none';
+ show.style.display = 'inline';
+ hide.style.display = 'none';
+ }
+ }
+
+ function showChildren() {
+ children.style.display = 'block';
+ show.style.display = 'none';
+ hide.style.display = 'inline';
+ }
+
+ function hideChildren() {
+ children.style.display = 'none';
+ show.style.display = 'inline';
+ hide.style.display = 'none';
+ }
+ </script>
+ <title>S2-030</title>
+</head>
+<body onload="init()">
+<table border="0" cellpadding="2" cellspacing="0" width="100%">
+ <tr class="topBar">
+ <td align="left" valign="middle" class="topBarDiv" align="left" nowrap>
+ <a href="home.html">Home</a> > <a
href="security-bulletins.html">Security Bulletins</a> > <a
href="s2-030.html">S2-030</a>
+ </td>
+ <td align="right" valign="middle" nowrap>
+ <form name="search" action="https://www.google.com/search";
method="get">
+ <input type="hidden" name="ie" value="UTF-8" />
+ <input type="hidden" name="oe" value="UTF-8" />
+ <input type="hidden" name="domains" value="" />
+ <input type="hidden" name="sitesearch" value="" />
+ <input type="text" name="q" maxlength="255" value="" />
+ <input type="submit" name="btnG" value="Google Search" />
+ </form>
+ </td>
+ </tr>
+</table>
+
+<div id="PageContent">
+ <div class="pageheader" style="padding: 6px 0px 0px 0px;">
+ <!-- We'll enable this once we figure out how to access (and save) the
logo resource -->
+ <!--img src="/wiki/images/confluence_logo.gif" style="float: left;
margin: 4px 4px 4px 10px;" border="0"-->
+ <div style="margin: 0px 10px 0px 10px" class="smalltext">Apache Struts
2 Documentation</div>
+ <div style="margin: 0px 10px 8px 10px" class="pagetitle">S2-030</div>
+
+ <div class="greynavbar" align="right" style="padding: 2px 10px;
margin: 0px;">
+ <a
href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=62687301";>
+ <img
src="https://cwiki.apache.org/confluence/images/icons/notep_16.gif";
+ height="16" width="16" border="0" align="absmiddle"
title="Edit Page"></a>
+ <a
href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=62687301";>Edit
Page</a>
+
+ <a
href="https://cwiki.apache.org/confluence/pages/listpages.action?key=WW";>
+ <img
src="https://cwiki.apache.org/confluence/images/icons/browse_space.gif";
+ height="16" width="16" border="0" align="absmiddle"
title="Browse Space"></a>
+ <a
href="https://cwiki.apache.org/confluence/pages/listpages.action?key=WW";>Browse
Space</a>
+
+ <a
href="https://cwiki.apache.org/confluence/pages/createpage.action?spaceKey=WW&fromPageId=62687301";>
+ <img
src="https://cwiki.apache.org/confluence/images/icons/add_page_16.gif";
+ height="16" width="16" border="0" align="absmiddle"
title="Add Page"></a>
+ <a
href="https://cwiki.apache.org/confluence/pages/createpage.action?spaceKey=WW&fromPageId=62687301";>Add
Page</a>
+
+ <a
href="https://cwiki.apache.org/confluence/pages/createblogpost.action?spaceKey=WW&fromPageId=62687301";>
+ <img
src="https://cwiki.apache.org/confluence/images/icons/add_blogentry_16.gif";
+ height="16" width="16" border="0" align="absmiddle"
title="Add News"></a>
+ <a
href="https://cwiki.apache.org/confluence/pages/createblogpost.action?spaceKey=WW&fromPageId=62687301";>Add
News</a>
+ </div>
+ </div>
+
+ <div class="pagecontent">
+ <div class="wiki-content">
+ <div id="ConfluenceContent"><h2
id="S2-030-Summary">Summary</h2>Possible XSS vulnerability in
<code>I18NInterceptor</code><div class="table-wrap"><table
class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1"
class="confluenceTh"><p>Who should read this</p></th><td colspan="1"
rowspan="1" class="confluenceTd"><p>All Struts 2 developers and
users</p></td></tr><tr><th colspan="1" rowspan="1"
class="confluenceTh"><p>Impact of vulnerability</p></th><td colspan="1"
rowspan="1" class="confluenceTd"><p>Possible XSS
vulnerability</p></td></tr><tr><th colspan="1" rowspan="1"
class="confluenceTh"><p>Maximum security rating</p></th><td colspan="1"
rowspan="1" class="confluenceTd"><p>Low</p></td></tr><tr><th colspan="1"
rowspan="1" class="confluenceTh"><p>Recommendation</p></th><td colspan="1"
rowspan="1" class="confluenceTd"><p>Do not expose parts of <code>Locale</code>
object constructed by <code>I18NInterceptor</code> as it may contain user
specific string which may leads
to XSS vulnerability.</p></td></tr><tr><th colspan="1" rowspan="1"
class="confluenceTh"><p>Affected Software</p></th><td colspan="1" rowspan="1"
class="confluenceTd"><p>Struts 2.0.0 - Struts <span style="color:
rgb(23,35,59);">Struts 2.3.24.1</span></p></td></tr><tr><th colspan="1"
rowspan="1" class="confluenceTh"><p>Reporter</p></th><td colspan="1"
rowspan="1" class="confluenceTd"><p>Paolo Perliti paolo dot perliti at miliaris
dot it - <a shape="rect" class="external-link" href="http://www.miliaris.it/";
rel="nofollow">M<span>iliaris</span></a><span> </span></p></td></tr><tr><th
colspan="1" rowspan="1" class="confluenceTh"><p>CVE Identifier</p></th><td
colspan="1" rowspan="1"
class="confluenceTd"><p>CVE-2016-2162</p></td></tr></tbody></table></div><h2
id="S2-030-Problem">Problem</h2><p>The Apache Struts framework uses
<code>I18NInterceptor</code> to allow users and developers switch language used
in the framework and an application built on top of it. The problem is that the
in
terceptor doesn't perform any validation of the user input and accept
arbitrary string which can be used by a developer to display language selected
by the user. However, the framework doesn't expose the value directly in
UI.</p><h2 id="S2-030-Solution">Solution</h2><p>If you want present language
selected by user based on <code>I18NInterceptor</code> always escape the string
before presenting it to the user. Alternatively <span
style="line-height: 1.42857;">upgrade to Struts 2.3.25.</span></p><h2
id="S2-030-Backwardcompatibility">Backward compatibility</h2><p>No issues
expected when upgrading to Struts 2.3.25</p><h2
id="S2-030-Workaround">Workaround</h2><p>When needed you can use <a
shape="rect" class="external-link"
href="https://commons.apache.org/proper/commons-lang/javadocs/api-3.4/org/apache/commons/lang3/StringEscapeUtils.html";>StringEscapeUtils</a>
from the Apache Commons to escape the string.</p></div>
+ </div>
+
+
+ </div>
+</div>
+<div class="footer">
+ Generated by CXF SiteExporter
+</div>
+</body>
+</html>
Modified: websites/production/struts/content/docs/sample-announcements.html
==============================================================================
--- websites/production/struts/content/docs/sample-announcements.html (original)
+++ websites/production/struts/content/docs/sample-announcements.html Fri Mar
11 11:02:24 2016
@@ -127,11 +127,11 @@ under the License.
<div class="wiki-content">
<div id="ConfluenceContent"><h1
id="Sampleannouncements-Content">Content</h1>
<style type="text/css">/*<![CDATA[*/
-div.rbtoc1456773755099 {padding: 0px;}
-div.rbtoc1456773755099 ul {list-style: none;margin-left: 0px;}
-div.rbtoc1456773755099 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1453884616256 {padding: 0px;}
+div.rbtoc1453884616256 ul {list-style: none;margin-left: 0px;}
+div.rbtoc1453884616256 li {margin-left: 0px;padding-left: 0px;}
-/*]]>*/</style><div class="toc-macro rbtoc1456773755099">
+/*]]>*/</style><div class="toc-macro rbtoc1453884616256">
<ul class="toc-indentation"><li><span class="TOCOutline">1</span> <a
shape="rect" href="#Sampleannouncements-Content">Content</a>
<ul class="toc-indentation"><li><span class="TOCOutline">1.1</span> <a
shape="rect"
href="#Sampleannouncements-SampleStrutsAnnotationsRelease/QualityVote">Sample
Struts Annotations Release/Quality Vote</a></li><li><span
class="TOCOutline">1.2</span> <a shape="rect"
href="#Sampleannouncements-SampleTestBuildAnnouncement">Sample Test Build
Announcement</a></li><li><span class="TOCOutline">1.3</span> <a shape="rect"
href="#Sampleannouncements-SampleRelease/QualityVote">Sample Release/Quality
Vote</a></li><li><span class="TOCOutline">1.4</span> <a shape="rect"
href="#Sampleannouncements-SampleReleaseAnnouncement">Sample Release
Announcement</a></li><li><span class="TOCOutline">1.5</span> <a shape="rect"
href="#Sampleannouncements-Fast-TrackinganImportantSecurityRelease">Fast-Tracking
an Important Security Release</a></li></ul>
</li></ul>
Modified: websites/production/struts/content/docs/security-bulletins.html
==============================================================================
--- websites/production/struts/content/docs/security-bulletins.html (original)
+++ websites/production/struts/content/docs/security-bulletins.html Fri Mar 11
11:02:24 2016
@@ -126,7 +126,7 @@ under the License.
<div class="pagecontent">
<div class="wiki-content">
<div id="ConfluenceContent"><p>The following security bulletins
are available:</p>
-<ul class="childpages-macro"><li><a shape="rect" href="s2-001.html">S2-001</a>
— <span class="smalltext">Remote code exploit on form validation
error</span></li><li><a shape="rect" href="s2-002.html">S2-002</a> —
<span class="smalltext">Cross site scripting (XSS) vulnerability on
<s:url> and <s:a> tags</span></li><li><a shape="rect"
href="s2-003.html">S2-003</a> — <span class="smalltext">XWork
ParameterInterceptors bypass allows OGNL statement execution</span></li><li><a
shape="rect" href="s2-004.html">S2-004</a> — <span
class="smalltext">Directory traversal vulnerability while serving static
content</span></li><li><a shape="rect" href="s2-005.html">S2-005</a> —
<span class="smalltext">XWork ParameterInterceptors bypass allows remote
command execution</span></li><li><a shape="rect" href="s2-006.html">S2-006</a>
— <span class="smalltext">Multiple Cross-Site Scripting (XSS) in XWork
generated error pages</span></li><li><a shape="rect" hr
ef="s2-007.html">S2-007</a> — <span class="smalltext">User input is
evaluated as an OGNL expression when there's a conversion
error</span></li><li><a shape="rect" href="s2-008.html">S2-008</a> —
<span class="smalltext">Multiple critical vulnerabilities in
Struts2</span></li><li><a shape="rect" href="s2-009.html">S2-009</a> —
<span class="smalltext">ParameterInterceptor vulnerability allows remote
command execution</span></li><li><a shape="rect" href="s2-010.html">S2-010</a>
— <span class="smalltext">When using Struts 2 token mechanism for CSRF
protection, token check may be bypassed by misusing known session
attributes</span></li><li><a shape="rect" href="s2-011.html">S2-011</a> —
<span class="smalltext">Long request parameter names might significantly
promote the effectiveness of DOS attacks</span></li><li><a shape="rect"
href="s2-012.html">S2-012</a> — <span class="smalltext">Showcase app
vulnerability allows remote command execution</span></li>
<li><a shape="rect" href="s2-013.html">S2-013</a> — <span
class="smalltext">A vulnerability, present in the includeParams attribute of
the URL and Anchor Tag, allows remote command execution</span></li><li><a
shape="rect" href="s2-014.html">S2-014</a> — <span class="smalltext">A
vulnerability introduced by forcing parameter inclusion in the URL and Anchor
Tag allows remote command execution, session access and manipulation and XSS
attacks</span></li><li><a shape="rect" href="s2-015.html">S2-015</a> —
<span class="smalltext">A vulnerability introduced by wildcard matching
mechanism or double evaluation of OGNL Expression allows remote command
execution.</span></li><li><a shape="rect" href="s2-016.html">S2-016</a> —
<span class="smalltext">A vulnerability introduced by manipulating parameters
prefixed with "action:"/"redirect:"/"redirectAction:" allows remote command
execution</span></li><li><a shape="rect" href="s2-017.html">S2-017</a> —
<span class="sma
lltext">A vulnerability introduced by manipulating parameters prefixed with
"redirect:"/"redirectAction:" allows for open redirects</span></li><li><a
shape="rect" href="s2-018.html">S2-018</a> — <span
class="smalltext">Broken Access Control Vulnerability in Apache
Struts2</span></li><li><a shape="rect" href="s2-019.html">S2-019</a> —
<span class="smalltext">Dynamic Method Invocation disabled by
default</span></li><li><a shape="rect" href="s2-020.html">S2-020</a> —
<span class="smalltext">Upgrade Commons FileUpload to version 1.3.1 (avoids DoS
attacks) and adds 'class' to exclude params in ParametersInterceptor (avoid
ClassLoader manipulation)</span></li><li><a shape="rect"
href="s2-021.html">S2-021</a> — <span class="smalltext">Improves excluded
params in ParametersInterceptor and CookieInterceptor to avoid ClassLoader
manipulation</span></li><li><a shape="rect" href="s2-022.html">S2-022</a>
— <span class="smalltext">Extends excluded params in CookieInt
erceptor to avoid manipulation of Struts' internals</span></li><li><a
shape="rect" href="s2-023.html">S2-023</a> — <span
class="smalltext">Generated value of token can be predictable</span></li><li><a
shape="rect" href="s2-024.html">S2-024</a> — <span
class="smalltext">Wrong excludeParams overrides those defined in
DefaultExcludedPatternsChecker</span></li><li><a shape="rect"
href="s2-025.html">S2-025</a> — <span class="smalltext">Cross-Site
Scripting Vulnerability in Debug Mode and in exposed JSP
files</span></li><li><a shape="rect" href="s2-026.html">S2-026</a> —
<span class="smalltext">Special top object can be used to access Struts'
internals</span></li><li><a shape="rect" href="s2-027.html">S2-027</a> —
<span class="smalltext">TextParseUtil.translateVariables does not filter
malicious OGNL expressions</span></li></ul></div>
+<ul class="childpages-macro"><li><a shape="rect" href="s2-001.html">S2-001</a>
— <span class="smalltext">Remote code exploit on form validation
error</span></li><li><a shape="rect" href="s2-002.html">S2-002</a> —
<span class="smalltext">Cross site scripting (XSS) vulnerability on
<s:url> and <s:a> tags</span></li><li><a shape="rect"
href="s2-003.html">S2-003</a> — <span class="smalltext">XWork
ParameterInterceptors bypass allows OGNL statement execution</span></li><li><a
shape="rect" href="s2-004.html">S2-004</a> — <span
class="smalltext">Directory traversal vulnerability while serving static
content</span></li><li><a shape="rect" href="s2-005.html">S2-005</a> —
<span class="smalltext">XWork ParameterInterceptors bypass allows remote
command execution</span></li><li><a shape="rect" href="s2-006.html">S2-006</a>
— <span class="smalltext">Multiple Cross-Site Scripting (XSS) in XWork
generated error pages</span></li><li><a shape="rect" hr
ef="s2-007.html">S2-007</a> — <span class="smalltext">User input is
evaluated as an OGNL expression when there's a conversion
error</span></li><li><a shape="rect" href="s2-008.html">S2-008</a> —
<span class="smalltext">Multiple critical vulnerabilities in
Struts2</span></li><li><a shape="rect" href="s2-009.html">S2-009</a> —
<span class="smalltext">ParameterInterceptor vulnerability allows remote
command execution</span></li><li><a shape="rect" href="s2-010.html">S2-010</a>
— <span class="smalltext">When using Struts 2 token mechanism for CSRF
protection, token check may be bypassed by misusing known session
attributes</span></li><li><a shape="rect" href="s2-011.html">S2-011</a> —
<span class="smalltext">Long request parameter names might significantly
promote the effectiveness of DOS attacks</span></li><li><a shape="rect"
href="s2-012.html">S2-012</a> — <span class="smalltext">Showcase app
vulnerability allows remote command execution</span></li>
<li><a shape="rect" href="s2-013.html">S2-013</a> — <span
class="smalltext">A vulnerability, present in the includeParams attribute of
the URL and Anchor Tag, allows remote command execution</span></li><li><a
shape="rect" href="s2-014.html">S2-014</a> — <span class="smalltext">A
vulnerability introduced by forcing parameter inclusion in the URL and Anchor
Tag allows remote command execution, session access and manipulation and XSS
attacks</span></li><li><a shape="rect" href="s2-015.html">S2-015</a> —
<span class="smalltext">A vulnerability introduced by wildcard matching
mechanism or double evaluation of OGNL Expression allows remote command
execution.</span></li><li><a shape="rect" href="s2-016.html">S2-016</a> —
<span class="smalltext">A vulnerability introduced by manipulating parameters
prefixed with "action:"/"redirect:"/"redirectAction:" allows remote command
execution</span></li><li><a shape="rect" href="s2-017.html">S2-017</a> —
<span class="sma
lltext">A vulnerability introduced by manipulating parameters prefixed with
"redirect:"/"redirectAction:" allows for open redirects</span></li><li><a
shape="rect" href="s2-018.html">S2-018</a> — <span
class="smalltext">Broken Access Control Vulnerability in Apache
Struts2</span></li><li><a shape="rect" href="s2-019.html">S2-019</a> —
<span class="smalltext">Dynamic Method Invocation disabled by
default</span></li><li><a shape="rect" href="s2-020.html">S2-020</a> —
<span class="smalltext">Upgrade Commons FileUpload to version 1.3.1 (avoids DoS
attacks) and adds 'class' to exclude params in ParametersInterceptor (avoid
ClassLoader manipulation)</span></li><li><a shape="rect"
href="s2-021.html">S2-021</a> — <span class="smalltext">Improves excluded
params in ParametersInterceptor and CookieInterceptor to avoid ClassLoader
manipulation</span></li><li><a shape="rect" href="s2-022.html">S2-022</a>
— <span class="smalltext">Extends excluded params in CookieInt
erceptor to avoid manipulation of Struts' internals</span></li><li><a
shape="rect" href="s2-023.html">S2-023</a> — <span
class="smalltext">Generated value of token can be predictable</span></li><li><a
shape="rect" href="s2-024.html">S2-024</a> — <span
class="smalltext">Wrong excludeParams overrides those defined in
DefaultExcludedPatternsChecker</span></li><li><a shape="rect"
href="s2-025.html">S2-025</a> — <span class="smalltext">Cross-Site
Scripting Vulnerability in Debug Mode and in exposed JSP
files</span></li><li><a shape="rect" href="s2-026.html">S2-026</a> —
<span class="smalltext">Special top object can be used to access Struts'
internals</span></li><li><a shape="rect" href="s2-027.html">S2-027</a> —
<span class="smalltext">TextParseUtil.translateVariables does not filter
malicious OGNL expressions</span></li><li><a shape="rect"
href="s2-028.html">S2-028</a> — <span class="smalltext">Use of a JRE with
broken URLDecoder implementation may l
ead to XSS vulnerability in Struts 2 based web applications.</span></li><li><a
shape="rect" href="s2-029.html">S2-029</a> — <span
class="smalltext">Double OGNL evaluation when using raw user input in tag's
attributes.</span></li><li><a shape="rect" href="s2-030.html">S2-030</a>
— <span class="smalltext">Possible XSS vulnerability in
I18NInterceptor</span></li></ul></div>
</div>
<div class="tabletitle">
@@ -141,6 +141,15 @@ under the License.
<span class="smalltext">(Apache Struts 2
Documentation)</span>
<br>
$page.link($child)
+ <span class="smalltext">(Apache Struts 2
Documentation)</span>
+ <br>
+ $page.link($child)
+ <span class="smalltext">(Apache Struts 2
Documentation)</span>
+ <br>
+ $page.link($child)
+ <span class="smalltext">(Apache Struts 2
Documentation)</span>
+ <br>
+ $page.link($child)
<span class="smalltext">(Apache Struts 2
Documentation)</span>
<br>
$page.link($child)
Modified: websites/production/struts/content/docs/security.html
==============================================================================
--- websites/production/struts/content/docs/security.html (original)
+++ websites/production/struts/content/docs/security.html Fri Mar 11 11:02:24
2016
@@ -139,11 +139,11 @@ under the License.
<div class="pagecontent">
<div class="wiki-content">
<div id="ConfluenceContent"><p><style type="text/css">/*<![CDATA[*/
-div.rbtoc1456773801895 {padding: 0px;}
-div.rbtoc1456773801895 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1456773801895 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1457693901922 {padding: 0px;}
+div.rbtoc1457693901922 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1457693901922 li {margin-left: 0px;padding-left: 0px;}
-/*]]>*/</style></p><div class="toc-macro rbtoc1456773801895">
+/*]]>*/</style></p><div class="toc-macro rbtoc1457693901922">
<ul class="toc-indentation"><li><a shape="rect"
href="#Security-Securitytips">Security tips</a>
<ul class="toc-indentation"><li><a shape="rect"
href="#Security-RestrictaccesstotheConfigBrowser">Restrict access to the Config
Browser</a></li><li><a shape="rect"
href="#Security-Don'tmixdifferentaccesslevelsinthesamenamespace">Don't mix
different access levels in the same namespace</a></li><li><a shape="rect"
href="#Security-NeverexposeJSPfilesdirectly">Never expose JSP files
directly</a></li><li><a shape="rect" href="#Security-DisabledevMode">Disable
devMode</a></li><li><a shape="rect" href="#Security-UseUTF-8encoding">Use UTF-8
encoding</a></li></ul>
</li><li><a shape="rect" href="#Security-Internalsecuritymechanism">Internal
security mechanism</a>
@@ -212,7 +212,7 @@ public abstract class AbstractAction ext
// some logic
}
}</pre>
-</div></div><p>In such case OGNL cannot properly map which method to call when
request is coming. This is do the OGNL limitation. To solve the problem don't
use the same method's names through the hierarchy, you can simply change the
action's method from <code>save()</code>
to <code>saveAction()</code> and leaving annotation as is to
allow <span style="line-height: 1.4285715;">call this action
via </span><code style="line-height: 1.4285715;">/save.action</code><span
style="line-height: 1.4285715;"> request.</span></p><h4
id="Security-Accepted/Excludedpatterns"><span style="line-height:
1.4285715;">Accepted / Excluded patterns</span></h4><p><span
style="line-height: 1.4285715;">As from version 2.3.20 the framework provides
two new interfaces which are used to accept / exclude param names and values
- <a shape="rect" class="external-link"
href="http://struts.apache.org/maven/xwork-core/apidocs/com/opensymphony/xwork2/security/AcceptedPatternsChecker.html";
>AcceptedPatternsChecker</a> and <a shape="rect" class="external-link"
>href="http://struts.apache.org/maven/xwork-core/apidocs/com/opensymphony/xwork2/security/ExcludedPatternsChecker.html";>ExcludedPatternsChecker</a>
> with default implementations. These two interfaces are used by <a
>shape="rect" href="parameters-interceptor.html">Parameters Interceptor</a>
>and <a shape="rect" href="cookie-interceptor.html">Cookie
>Interceptor</a> to check if param can accepted or must be excluded. If you
>were using <code>excludeParams</code> previously please compare patterns
>used by you with these provided by the framework in default
>implementation.</span></p><h4 id="Security-StrictMethodInvocation"><span
>style="line-height: 1.4285715;">Strict Method Invocation</span></h4><p><span
>style="line-height: 1.4285715;">This mechanism was introduced in version 2.5.
>It allows control what methods can be accessed with the bang "!" operator via
><a shape="rect" href="action-configuration.htm
l">Dynamic Method Invocation</a>. Please read more in Strict Method
Invocation section of <a shape="rect"
href="action-configuration.html">Action Configuration</a>.</span></p></div>
+</div></div><p>In such case OGNL cannot properly map which method to call when
request is coming. This is do the OGNL limitation. To solve the problem don't
use the same method's names through the hierarchy, you can simply change the
action's method from <code>save()</code>
to <code>saveAction()</code> and leaving annotation as is to
allow <span style="line-height: 1.4285715;">call this action
via </span><code style="line-height: 1.4285715;">/save.action</code><span
style="line-height: 1.4285715;"> request.</span></p><h4
id="Security-Accepted/Excludedpatterns"><span style="line-height:
1.4285715;">Accepted / Excluded patterns</span></h4><p><span
style="line-height: 1.4285715;">As from version 2.3.20 the framework provides
two new interfaces which are used to accept / exclude param names and values
- <a shape="rect" class="external-link"
href="http://struts.apache.org/maven/struts2-core/apidocs/com/opensymphony/xwork2/security/AcceptedPatternsChecker.htm
l">AcceptedPatternsChecker</a> and <a shape="rect" class="external-link"
href="http://struts.apache.org/maven/struts2-core/apidocs/com/opensymphony/xwork2/security/ExcludedPatternsChecker.html";>ExcludedPatternsChecker</a>
with default implementations. These two interfaces are used by <a
shape="rect" href="parameters-interceptor.html">Parameters Interceptor</a>
and <a shape="rect" href="cookie-interceptor.html">Cookie Interceptor</a>
to check if param can accepted or must be excluded. If you were
using <code>excludeParams</code> previously please compare patterns used
by you with these provided by the framework in default
implementation.</span></p><h4 id="Security-StrictMethodInvocation"><span
style="line-height: 1.4285715;">Strict Method Invocation</span></h4><p><span
style="line-height: 1.4285715;">This mechanism was introduced in version 2.5.
It allows control what methods can be accessed with the bang "!" operator via
<a shape="rect" href="action-configuration
.html">Dynamic Method Invocation</a>. Please read more in Strict Method
Invocation section of <a shape="rect"
href="action-configuration.html">Action Configuration</a>.</span></p></div>
</div>
Modified: websites/production/struts/content/docs/struts-2-blank-archetype.html
==============================================================================
--- websites/production/struts/content/docs/struts-2-blank-archetype.html
(original)
+++ websites/production/struts/content/docs/struts-2-blank-archetype.html Fri
Mar 11 11:02:24 2016
@@ -149,11 +149,11 @@ under the License.
<p><strong>Contents</strong></p>
<style type="text/css">/*<![CDATA[*/
-div.rbtoc1456773702121 {padding: 0px;}
-div.rbtoc1456773702121 ul {list-style: none;margin-left: 0px;padding-left:
1em;}
-div.rbtoc1456773702121 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1453884536773 {padding: 0px;}
+div.rbtoc1453884536773 ul {list-style: none;margin-left: 0px;padding-left:
1em;}
+div.rbtoc1453884536773 li {margin-left: 0px;padding-left: 0px;}
-/*]]>*/</style><div class="toc-macro rbtoc1456773702121">
+/*]]>*/</style><div class="toc-macro rbtoc1453884536773">
<ul class="toc-indentation"><li><span class="TOCOutline">1</span> <a
shape="rect"
href="#Struts2BlankArchetype-CreatingOurblank-archetypeProject">Creating Our
blank-archetype Project</a>
<ul class="toc-indentation"><li><span class="TOCOutline">1.1</span> <a
shape="rect" href="#Struts2BlankArchetype-Stagingrepository">Staging
repository</a></li></ul>
</li><li><span class="TOCOutline">2</span> <a shape="rect"
href="#Struts2BlankArchetype-ProjectStructure">Project Structure</a>
Modified: websites/production/struts/content/docs/struts-2-maven-archetypes.html
==============================================================================
--- websites/production/struts/content/docs/struts-2-maven-archetypes.html
(original)
+++ websites/production/struts/content/docs/struts-2-maven-archetypes.html Fri
Mar 11 11:02:24 2016
@@ -143,11 +143,11 @@ under the License.
<p><strong>Contents</strong></p>
<style type="text/css">/*<![CDATA[*/
-div.rbtoc1456773703153 {padding: 0px;}
-div.rbtoc1456773703153 ul {list-style: none;margin-left: 0px;padding-left:
1em;}
-div.rbtoc1456773703153 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1453884535519 {padding: 0px;}
+div.rbtoc1453884535519 ul {list-style: none;margin-left: 0px;padding-left:
1em;}
+div.rbtoc1453884535519 li {margin-left: 0px;padding-left: 0px;}
-/*]]>*/</style><div class="toc-macro rbtoc1456773703153">
+/*]]>*/</style><div class="toc-macro rbtoc1453884535519">
<ul class="toc-indentation"><li><span class="TOCOutline">1</span> <a
shape="rect"
href="#Struts2MavenArchetypes-Quickstart">Quickstart</a></li><li><span
class="TOCOutline">2</span> <a shape="rect"
href="#Struts2MavenArchetypes-AvailableArchetypes">Available Archetypes</a>
<ul class="toc-indentation"><li><span class="TOCOutline">2.1</span> <a
shape="rect"
href="#Struts2MavenArchetypes-TheBlankConventionArchetype(struts2-archetype-convention)">The
Blank Convention Archetype (struts2-archetype-convention)</a></li><li><span
class="TOCOutline">2.2</span> <a shape="rect"
href="#Struts2MavenArchetypes-TheBlankArchetype(struts2-archetype-blank)">The
Blank Archetype (struts2-archetype-blank)</a></li><li><span
class="TOCOutline">2.3</span> <a shape="rect"
href="#Struts2MavenArchetypes-TheStarterArchetype(struts2-archetype-starter)">The
Starter Archetype (struts2-archetype-starter)</a></li><li><span
class="TOCOutline">2.4</span> <a shape="rect"
href="#Struts2MavenArchetypes-TheAngularJSArchetype(struts2-archetype-angularjs)">The
AngularJS Archetype (struts2-archetype-angularjs)</a></li><li><span
class="TOCOutline">2.5</span> <a shape="rect"
href="#Struts2MavenArchetypes-ThePortletBlankArchetype(struts2-archetype-portlet)">The
Portlet Blank Archetype (struts2-ar
chetype-portlet)</a></li><li><span class="TOCOutline">2.6</span> <a
shape="rect"
href="#Struts2MavenArchetypes-ThePortletDatabaseArchetype(struts2-archetype-dbportlet)">The
Portlet Database Archetype (struts2-archetype-dbportlet)</a></li><li><span
class="TOCOutline">2.7</span> <a shape="rect"
href="#Struts2MavenArchetypes-ThePluginArchetype(struts2-archetype-plugin)">The
Plugin Archetype (struts2-archetype-plugin)</a></li></ul>
</li><li><span class="TOCOutline">3</span> <a shape="rect"
href="#Struts2MavenArchetypes-CreatinganApplicationUsingaMavenArchetype">Creating
an Application Using a Maven Archetype</a>
Modified:
websites/production/struts/content/docs/struts-2-spring-2-jpa-ajax.html
==============================================================================
--- websites/production/struts/content/docs/struts-2-spring-2-jpa-ajax.html
(original)
+++ websites/production/struts/content/docs/struts-2-spring-2-jpa-ajax.html Fri
Mar 11 11:02:24 2016
@@ -145,11 +145,11 @@ under the License.
<div class="confluence-information-macro
confluence-information-macro-tip"><span class="aui-icon aui-icon-small
aui-iconfont-approve confluence-information-macro-icon"></span><div
class="confluence-information-macro-body"><p>Following this tutorial verbatim
will require use of a Struts 2 deployment greater than 2.0.3</p></div></div>
<style type="text/css">/*<![CDATA[*/
-div.rbtoc1456773601716 {padding: 0px;}
-div.rbtoc1456773601716 ul {list-style: none;margin-left: 0px;}
-div.rbtoc1456773601716 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1453884419616 {padding: 0px;}
+div.rbtoc1453884419616 ul {list-style: none;margin-left: 0px;}
+div.rbtoc1453884419616 li {margin-left: 0px;padding-left: 0px;}
-/*]]>*/</style><div class="toc-macro rbtoc1456773601716">
+/*]]>*/</style><div class="toc-macro rbtoc1453884419616">
<ul class="toc-indentation"><li><a shape="rect"
href="#Struts2+Spring2+JPA+AJAX-Prerequisites">Prerequisites</a>
<ul class="toc-indentation"><li><a shape="rect"
href="#Struts2+Spring2+JPA+AJAX-Tomcat">Tomcat</a></li><li><a shape="rect"
href="#Struts2+Spring2+JPA+AJAX-MySql">MySql</a></li></ul>
</li><li><a shape="rect" href="#Struts2+Spring2+JPA+AJAX-Getthecode">Get the
code</a>
Modified: websites/production/struts/content/docs/struts-next.html
==============================================================================
--- websites/production/struts/content/docs/struts-next.html (original)
+++ websites/production/struts/content/docs/struts-next.html Fri Mar 11
11:02:24 2016
@@ -125,12 +125,12 @@ under the License.
<div class="pagecontent">
<div class="wiki-content">
- <div id="ConfluenceContent"><h3
id="StrutsNext-/*<![CDATA[*/div.rbtoc1456773756987{padding:0px;}div.rbtoc1456773756987ul{list-style:disc;margin-left:0px;}div.rbtoc1456773756987li{margin-left:0px;padding-left:0px;}/*]]>*/#StrutsNext-Whatshouldbeimproved/changed#StrutsNext-Whatshouldbeimprove"><style
type="text/css">/*<![CDATA[*/
-div.rbtoc1456773756987 {padding: 0px;}
-div.rbtoc1456773756987 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1456773756987 li {margin-left: 0px;padding-left: 0px;}
+ <div id="ConfluenceContent"><h3
id="StrutsNext-/*<![CDATA[*/div.rbtoc1453884611957{padding:0px;}div.rbtoc1453884611957ul{list-style:disc;margin-left:0px;}div.rbtoc1453884611957li{margin-left:0px;padding-left:0px;}/*]]>*/#StrutsNext-Whatshouldbeimproved/changed#StrutsNext-Whatshouldbeimprove"><style
type="text/css">/*<![CDATA[*/
+div.rbtoc1453884611957 {padding: 0px;}
+div.rbtoc1453884611957 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1453884611957 li {margin-left: 0px;padding-left: 0px;}
-/*]]>*/</style></h3><div class="toc-macro rbtoc1456773756987">
+/*]]>*/</style></h3><div class="toc-macro rbtoc1453884611957">
<ul class="toc-indentation"><li><a shape="rect"
href="#StrutsNext-"></a></li></ul>
<ul><li><a shape="rect" href="#StrutsNext-Whatshouldbeimproved/changed">What
should be improved / changed</a></li><li><a shape="rect"
href="#StrutsNext-DevelopmentplanofStruts3">Development plan of Struts 3</a>
<ul class="toc-indentation"><li><a shape="rect"
href="#StrutsNext-M1(akaStruts2.5)">M1 (aka Struts 2.5)</a></li><li><a
shape="rect" href="#StrutsNext-M2(alphaStruts3)">M2 (alpha Struts
3)</a></li><li><a shape="rect" href="#StrutsNext-M3(alphaStruts3)">M3 (alpha
Struts 3)</a></li><li><a shape="rect" href="#StrutsNext-M4(beta1Struts3)">M4
(beta 1 Struts 3)</a></li></ul>
![https://cwiki.apache.org/confluence/s/en_GB/5982/f2b47fb3d636c8bc9fd0b11c0ec6d0ae18646be7.1/_/images/icons/emoticons/check.png"](https://cwiki.apache.org/confluence/s/en_GB/5982/f2b47fb3d636c8bc9fd0b11c0ec6d0ae18646be7.1/_/images/icons/emoticons/check.png"){kind=link}
![https://cwiki.apache.org/confluence/images/icons/notep_16.gif"](https://cwiki.apache.org/confluence/images/icons/notep_16.gif"){kind=link}
![https://cwiki.apache.org/confluence/images/icons/browse_space.gif"](https://cwiki.apache.org/confluence/images/icons/browse_space.gif"){kind=link}
![https://cwiki.apache.org/confluence/images/icons/add_page_16.gif"](https://cwiki.apache.org/confluence/images/icons/add_page_16.gif"){kind=link}
![https://cwiki.apache.org/confluence/images/icons/add_blogentry_16.gif"](https://cwiki.apache.org/confluence/images/icons/add_blogentry_16.gif"){kind=link}