This is an automated email from the ASF dual-hosted git repository.
git-site-role pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/struts-site.git
The following commit(s) were added to refs/heads/asf-site by this push:
new 2fa4a2d Updates production by Jenkins
2fa4a2d is described below
commit 2fa4a2db3ef8ab4dce240629062d3f2c69a511a2
Author: jenkins <[email protected]>
AuthorDate: Wed Jan 8 07:45:40 2020 +0000
Updates production by Jenkins
---
content/core-developers/default-properties.html | 11 +++++++++++
content/core-developers/interceptors.html | 17 +++++++++++------
content/core-developers/struts-default-xml.html | 17 +++++++++++------
content/tag-developers/checkboxlist-tag.html | 2 +-
4 files changed, 34 insertions(+), 13 deletions(-)
diff --git a/content/core-developers/default-properties.html
b/content/core-developers/default-properties.html
index fd6b3ac..447bfa1 100644
--- a/content/core-developers/default-properties.html
+++ b/content/core-developers/default-properties.html
@@ -366,6 +366,17 @@ struts.ognl.enableExpressionCache=true
### Indicates if Dispatcher should handle unexpected exceptions by calling
sendError()
### or simply rethrow it as a ServletException to allow future processing by
other frameworks like Spring Security
struts.handle.exception=true
+
+### Applies maximum length allowed on OGNL expressions for security
enhancement (optional)
+###
+### **WARNING**: If developers enable this option (by configuration) they
should make sure that they understand the implications of setting
+### struts.ognl.expressionMaxLength. They must choose a value large enough
to permit ALL valid OGNL expressions used within the application.
+### Values larger than the 200-400 range have diminishing security value (at
which point it is really only a "style guard" for long OGNL
+### expressions in an application. Setting a value of null or "" will also
disable the feature.
+###
+### NOTE: The sample line below is *INTENTIONALLY* commented out, as this
feature is disabled by default.
+# struts.ognl.expressionMaxLength=256
+
### END SNIPPET: complete_file</code></pre></figure>
diff --git a/content/core-developers/interceptors.html
b/content/core-developers/interceptors.html
index 29e063a..81763ab 100644
--- a/content/core-developers/interceptors.html
+++ b/content/core-developers/interceptors.html
@@ -248,8 +248,8 @@ than reiterate the same list of Interceptors, we can bundle
these Interceptors t
<span class="c"><!--
When declaring beans in this file you must either use name="struts" or
don't name the bean at all.
- The name="struts" must be used when alias was defined in {@link
org.apache.struts2.config.DefaultBeanSelectionProvider} -
- it is then the default bean's name and {@link
org.apache.struts2.config.DefaultBeanSelectionProvider} links name "struts"
+ The name="struts" must be used when alias was defined in {@link
org.apache.struts2.config.StrutsBeanSelectionProvider} -
+ it is then the default bean's name and {@link
org.apache.struts2.config.StrutsBeanSelectionProvider} links name "struts"
with "default" (aliasing it)
If name won't be defined then the "default" value will be used {@link
com.opensymphony.xwork2.inject.Container#DEFAULT_NAME}
@@ -270,6 +270,7 @@ than reiterate the same list of Interceptors, we can bundle
these Interceptors t
java.lang.ClassLoader,
java.lang.Shutdown,
java.lang.ProcessBuilder,
+ sun.misc.Unsafe,
com.opensymphony.xwork2.ActionContext"</span> <span
class="nt">/></span>
<span class="c"><!-- this must be valid regex, each '.' in package name
must be escaped! --></span>
@@ -280,13 +281,21 @@ than reiterate the same list of Interceptors, we can
bundle these Interceptors t
<span class="nt"><constant</span> <span class="na">name=</span><span
class="s">"struts.excludedPackageNames"</span>
<span class="na">value=</span><span class="s">"
ognl.,
+ java.io.,
+ java.net.,
+ java.nio.,
javax.,
freemarker.core.,
freemarker.template.,
+ freemarker.ext.jsp.,
freemarker.ext.rhino.,
+ sun.misc.,
sun.reflect.,
javassist.,
+ org.apache.velocity.,
org.objectweb.asm.,
+ org.springframework.context.,
+ com.opensymphony.xwork2.inject.,
com.opensymphony.xwork2.ognl.,
com.opensymphony.xwork2.security.,
com.opensymphony.xwork2.util."</span> <span
class="nt">/></span>
@@ -322,16 +331,13 @@ than reiterate the same list of Interceptors, we can
bundle these Interceptors t
<span class="nt"><bean</span> <span class="na">type=</span><span
class="s">"org.apache.struts2.dispatcher.multipart.MultiPartRequest"</span>
<span class="na">name=</span><span class="s">"jakarta"</span> <span
class="na">class=</span><span
class="s">"org.apache.struts2.dispatcher.multipart.JakartaMultiPartRequest"</span>
<span class="na">scope=</span><span class="s">"prototype"</span><span
class="nt">/></span>
<span class="nt"><bean</span> <span class="na">type=</span><span
class="s">"org.apache.struts2.dispatcher.multipart.MultiPartRequest"</span>
<span class="na">name=</span><span class="s">"jakarta-stream"</span> <span
class="na">class=</span><span
class="s">"org.apache.struts2.dispatcher.multipart.JakartaStreamMultiPartRequest"</span>
<span class="na">scope=</span><span class="s">"prototype"</span><span
class="nt">/></span>
- <span class="nt"><bean</span> <span class="na">type=</span><span
class="s">"org.apache.struts2.views.TagLibraryDirectiveProvider"</span> <span
class="na">name=</span><span class="s">"s"</span> <span
class="na">class=</span><span
class="s">"org.apache.struts2.views.DefaultTagLibrary"</span> <span
class="nt">/></span>
<span class="nt"><bean</span> <span class="na">type=</span><span
class="s">"org.apache.struts2.views.TagLibraryModelProvider"</span> <span
class="na">name=</span><span class="s">"s"</span> <span
class="na">class=</span><span
class="s">"org.apache.struts2.views.DefaultTagLibrary"</span> <span
class="nt">/></span>
<span class="nt"><bean</span> <span class="na">class=</span><span
class="s">"org.apache.struts2.views.freemarker.FreemarkerThemeTemplateLoader"</span>
<span class="nt">/></span>
<span class="nt"><bean</span> <span class="na">class=</span><span
class="s">"org.apache.struts2.views.freemarker.FreemarkerManager"</span> <span
class="na">name=</span><span class="s">"struts"</span> <span
class="nt">/></span>
- <span class="nt"><bean</span> <span class="na">class=</span><span
class="s">"org.apache.struts2.views.velocity.VelocityManager"</span> <span
class="na">name=</span><span class="s">"struts"</span> <span
class="na">optional=</span><span class="s">"true"</span> <span
class="nt">/></span>
<span class="nt"><bean</span> <span class="na">class=</span><span
class="s">"org.apache.struts2.components.template.TemplateEngineManager"</span>
<span class="nt">/></span>
<span class="nt"><bean</span> <span class="na">type=</span><span
class="s">"org.apache.struts2.components.template.TemplateEngine"</span> <span
class="na">name=</span><span class="s">"ftl"</span> <span
class="na">class=</span><span
class="s">"org.apache.struts2.components.template.FreemarkerTemplateEngine"</span>
<span class="nt">/></span>
- <span class="nt"><bean</span> <span class="na">type=</span><span
class="s">"org.apache.struts2.components.template.TemplateEngine"</span> <span
class="na">name=</span><span class="s">"vm"</span> <span
class="na">class=</span><span
class="s">"org.apache.struts2.components.template.VelocityTemplateEngine"</span>
<span class="nt">/></span>
<span class="nt"><bean</span> <span class="na">type=</span><span
class="s">"org.apache.struts2.components.template.TemplateEngine"</span> <span
class="na">name=</span><span class="s">"jsp"</span> <span
class="na">class=</span><span
class="s">"org.apache.struts2.components.template.JspTemplateEngine"</span>
<span class="nt">/></span>
<span class="nt"><bean</span> <span class="na">type=</span><span
class="s">"com.opensymphony.xwork2.conversion.impl.XWorkConverter"</span> <span
class="na">name=</span><span class="s">"struts"</span> <span
class="na">class=</span><span
class="s">"com.opensymphony.xwork2.conversion.impl.XWorkConverter"</span> <span
class="nt">/></span>
@@ -417,7 +423,6 @@ than reiterate the same list of Interceptors, we can bundle
these Interceptors t
<span class="nt"><result-type</span> <span
class="na">name=</span><span class="s">"redirect"</span> <span
class="na">class=</span><span
class="s">"org.apache.struts2.result.ServletRedirectResult"</span><span
class="nt">/></span>
<span class="nt"><result-type</span> <span
class="na">name=</span><span class="s">"redirectAction"</span> <span
class="na">class=</span><span
class="s">"org.apache.struts2.result.ServletActionRedirectResult"</span><span
class="nt">/></span>
<span class="nt"><result-type</span> <span
class="na">name=</span><span class="s">"stream"</span> <span
class="na">class=</span><span
class="s">"org.apache.struts2.result.StreamResult"</span><span
class="nt">/></span>
- <span class="nt"><result-type</span> <span
class="na">name=</span><span class="s">"velocity"</span> <span
class="na">class=</span><span
class="s">"org.apache.struts2.result.VelocityResult"</span><span
class="nt">/></span>
<span class="nt"><result-type</span> <span
class="na">name=</span><span class="s">"xslt"</span> <span
class="na">class=</span><span
class="s">"org.apache.struts2.views.xslt.XSLTResult"</span><span
class="nt">/></span>
<span class="nt"><result-type</span> <span
class="na">name=</span><span class="s">"plainText"</span> <span
class="na">class=</span><span
class="s">"org.apache.struts2.result.PlainTextResult"</span> <span
class="nt">/></span>
<span class="nt"><result-type</span> <span
class="na">name=</span><span class="s">"postback"</span> <span
class="na">class=</span><span
class="s">"org.apache.struts2.result.PostbackResult"</span> <span
class="nt">/></span>
diff --git a/content/core-developers/struts-default-xml.html
b/content/core-developers/struts-default-xml.html
index 0efbc91..d679948 100644
--- a/content/core-developers/struts-default-xml.html
+++ b/content/core-developers/struts-default-xml.html
@@ -165,8 +165,8 @@ setting in <a
href="struts-properties.html">struts.properties</a>.</p>
<span class="c"><!--
When declaring beans in this file you must either use name="struts" or
don't name the bean at all.
- The name="struts" must be used when alias was defined in {@link
org.apache.struts2.config.DefaultBeanSelectionProvider} -
- it is then the default bean's name and {@link
org.apache.struts2.config.DefaultBeanSelectionProvider} links name "struts"
+ The name="struts" must be used when alias was defined in {@link
org.apache.struts2.config.StrutsBeanSelectionProvider} -
+ it is then the default bean's name and {@link
org.apache.struts2.config.StrutsBeanSelectionProvider} links name "struts"
with "default" (aliasing it)
If name won't be defined then the "default" value will be used {@link
com.opensymphony.xwork2.inject.Container#DEFAULT_NAME}
@@ -187,6 +187,7 @@ setting in <a
href="struts-properties.html">struts.properties</a>.</p>
java.lang.ClassLoader,
java.lang.Shutdown,
java.lang.ProcessBuilder,
+ sun.misc.Unsafe,
com.opensymphony.xwork2.ActionContext"</span> <span
class="nt">/></span>
<span class="c"><!-- this must be valid regex, each '.' in package name
must be escaped! --></span>
@@ -197,13 +198,21 @@ setting in <a
href="struts-properties.html">struts.properties</a>.</p>
<span class="nt"><constant</span> <span class="na">name=</span><span
class="s">"struts.excludedPackageNames"</span>
<span class="na">value=</span><span class="s">"
ognl.,
+ java.io.,
+ java.net.,
+ java.nio.,
javax.,
freemarker.core.,
freemarker.template.,
+ freemarker.ext.jsp.,
freemarker.ext.rhino.,
+ sun.misc.,
sun.reflect.,
javassist.,
+ org.apache.velocity.,
org.objectweb.asm.,
+ org.springframework.context.,
+ com.opensymphony.xwork2.inject.,
com.opensymphony.xwork2.ognl.,
com.opensymphony.xwork2.security.,
com.opensymphony.xwork2.util."</span> <span
class="nt">/></span>
@@ -239,16 +248,13 @@ setting in <a
href="struts-properties.html">struts.properties</a>.</p>
<span class="nt"><bean</span> <span class="na">type=</span><span
class="s">"org.apache.struts2.dispatcher.multipart.MultiPartRequest"</span>
<span class="na">name=</span><span class="s">"jakarta"</span> <span
class="na">class=</span><span
class="s">"org.apache.struts2.dispatcher.multipart.JakartaMultiPartRequest"</span>
<span class="na">scope=</span><span class="s">"prototype"</span><span
class="nt">/></span>
<span class="nt"><bean</span> <span class="na">type=</span><span
class="s">"org.apache.struts2.dispatcher.multipart.MultiPartRequest"</span>
<span class="na">name=</span><span class="s">"jakarta-stream"</span> <span
class="na">class=</span><span
class="s">"org.apache.struts2.dispatcher.multipart.JakartaStreamMultiPartRequest"</span>
<span class="na">scope=</span><span class="s">"prototype"</span><span
class="nt">/></span>
- <span class="nt"><bean</span> <span class="na">type=</span><span
class="s">"org.apache.struts2.views.TagLibraryDirectiveProvider"</span> <span
class="na">name=</span><span class="s">"s"</span> <span
class="na">class=</span><span
class="s">"org.apache.struts2.views.DefaultTagLibrary"</span> <span
class="nt">/></span>
<span class="nt"><bean</span> <span class="na">type=</span><span
class="s">"org.apache.struts2.views.TagLibraryModelProvider"</span> <span
class="na">name=</span><span class="s">"s"</span> <span
class="na">class=</span><span
class="s">"org.apache.struts2.views.DefaultTagLibrary"</span> <span
class="nt">/></span>
<span class="nt"><bean</span> <span class="na">class=</span><span
class="s">"org.apache.struts2.views.freemarker.FreemarkerThemeTemplateLoader"</span>
<span class="nt">/></span>
<span class="nt"><bean</span> <span class="na">class=</span><span
class="s">"org.apache.struts2.views.freemarker.FreemarkerManager"</span> <span
class="na">name=</span><span class="s">"struts"</span> <span
class="nt">/></span>
- <span class="nt"><bean</span> <span class="na">class=</span><span
class="s">"org.apache.struts2.views.velocity.VelocityManager"</span> <span
class="na">name=</span><span class="s">"struts"</span> <span
class="na">optional=</span><span class="s">"true"</span> <span
class="nt">/></span>
<span class="nt"><bean</span> <span class="na">class=</span><span
class="s">"org.apache.struts2.components.template.TemplateEngineManager"</span>
<span class="nt">/></span>
<span class="nt"><bean</span> <span class="na">type=</span><span
class="s">"org.apache.struts2.components.template.TemplateEngine"</span> <span
class="na">name=</span><span class="s">"ftl"</span> <span
class="na">class=</span><span
class="s">"org.apache.struts2.components.template.FreemarkerTemplateEngine"</span>
<span class="nt">/></span>
- <span class="nt"><bean</span> <span class="na">type=</span><span
class="s">"org.apache.struts2.components.template.TemplateEngine"</span> <span
class="na">name=</span><span class="s">"vm"</span> <span
class="na">class=</span><span
class="s">"org.apache.struts2.components.template.VelocityTemplateEngine"</span>
<span class="nt">/></span>
<span class="nt"><bean</span> <span class="na">type=</span><span
class="s">"org.apache.struts2.components.template.TemplateEngine"</span> <span
class="na">name=</span><span class="s">"jsp"</span> <span
class="na">class=</span><span
class="s">"org.apache.struts2.components.template.JspTemplateEngine"</span>
<span class="nt">/></span>
<span class="nt"><bean</span> <span class="na">type=</span><span
class="s">"com.opensymphony.xwork2.conversion.impl.XWorkConverter"</span> <span
class="na">name=</span><span class="s">"struts"</span> <span
class="na">class=</span><span
class="s">"com.opensymphony.xwork2.conversion.impl.XWorkConverter"</span> <span
class="nt">/></span>
@@ -334,7 +340,6 @@ setting in <a
href="struts-properties.html">struts.properties</a>.</p>
<span class="nt"><result-type</span> <span
class="na">name=</span><span class="s">"redirect"</span> <span
class="na">class=</span><span
class="s">"org.apache.struts2.result.ServletRedirectResult"</span><span
class="nt">/></span>
<span class="nt"><result-type</span> <span
class="na">name=</span><span class="s">"redirectAction"</span> <span
class="na">class=</span><span
class="s">"org.apache.struts2.result.ServletActionRedirectResult"</span><span
class="nt">/></span>
<span class="nt"><result-type</span> <span
class="na">name=</span><span class="s">"stream"</span> <span
class="na">class=</span><span
class="s">"org.apache.struts2.result.StreamResult"</span><span
class="nt">/></span>
- <span class="nt"><result-type</span> <span
class="na">name=</span><span class="s">"velocity"</span> <span
class="na">class=</span><span
class="s">"org.apache.struts2.result.VelocityResult"</span><span
class="nt">/></span>
<span class="nt"><result-type</span> <span
class="na">name=</span><span class="s">"xslt"</span> <span
class="na">class=</span><span
class="s">"org.apache.struts2.views.xslt.XSLTResult"</span><span
class="nt">/></span>
<span class="nt"><result-type</span> <span
class="na">name=</span><span class="s">"plainText"</span> <span
class="na">class=</span><span
class="s">"org.apache.struts2.result.PlainTextResult"</span> <span
class="nt">/></span>
<span class="nt"><result-type</span> <span
class="na">name=</span><span class="s">"postback"</span> <span
class="na">class=</span><span
class="s">"org.apache.struts2.result.PostbackResult"</span> <span
class="nt">/></span>
diff --git a/content/tag-developers/checkboxlist-tag.html
b/content/tag-developers/checkboxlist-tag.html
index eafea7d..e79687c 100644
--- a/content/tag-developers/checkboxlist-tag.html
+++ b/content/tag-developers/checkboxlist-tag.html
@@ -535,7 +535,7 @@ Everything else will result in <code
class="highlighter-rouge">listkey</code> an
<td align="left"
valign="top">String</td>
- <td align="left" valign="top">The name
to set for element</td>
+ <td align="left" valign="top">Set
element name. Set Struts Action field to populate with selected list keys.</td>
</tr>
