[Struts Wiki] Update of "StrutsUpgradeNotes128to129" by NiallPemberton
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Struts Wiki" for change notification. The following page has been changed by NiallPemberton: http://wiki.apache.org/struts/StrutsUpgradeNotes128to129 The comment on the change is: Add details of test cases for these three bugs -- }}} - '''N.B.''' The ''struts-examples'' webapp, shipped in the binary distribution, has an example/test page for cancel handling in the ''exercise'' module. + === Test Cases === + This bug was tested using the struts-examples webapp (see '''struts-examples.war''' in the binary distribution). If you fire up the examples webapp, select the '''Taglib Test Pages''' link, then select the '' link you will be presented with a page where you can try the '''Cancel''' button for four different configurations. == Bug 38534 - DOS attack, application hack == @@ -81, +82 @@ None - simply upgarding to Struts 1.2.9 or later removes the ability for someone to launch a DOS attack in this way. + === Test Cases === + This bug was tested in two ways: + * New test case for '''!RequestUtils.populate()''' - The '''!TestRequestUtilsPopulate''' test case was added with the '''testMultipartVisibility()''' test for this bug. + * Using the '''struts-examples''' webapp - (see '''struts-examples.war''' in the binary distribution). If you fire up the examples webapp, select the '''Upload Examples''' link - at the bottom of the page there is a specific test for Bug 38534. To prove that the bug is fixed: + * Try the test for Bug 38534 in the Struts 1.2.9 version of the struts-examples webapp. + * Drop the Struts 1.2.9 version of '''upload.jsp''' into the Struts 1.2.8 version of the struts-examples webapp and see the devastation caused by the bug without the fix applied. + == Bug 38749 - XSS vulnerability in DispatchAction == === Issue: Cross Site Scripting (XSS) Vulnerability === @@ -96, +104 @@ None - simply upgarding to Struts 1.2.9 or later removes this vulnerability. + === Test Cases === + !DispatchAction and !ActionDispatcher were both tested to ensure that user input was no longer being rendered in the error messages - however, no test cases were added to the Struts code base for this bug. + = EventDispatchAction and EventActionDispatcher = Although Struts 1.2.9 primarily fixes the above security issues and a few other bugs new [http://struts.apache.org/struts-doc-1.2.9/api/org/apache/struts/actions/DispatchAction.html DispatchAction] and [http://struts.apache.org/struts-doc-1.2.9/api/org/apache/struts/actions/ActionDispatcher.html ActionDispatcher] flavours were introduced. See the [http://struts.apache.org/struts-doc-1.2.9/api/index.html JavaDocs] for more details: @@ -103, +114 @@ * [http://struts.apache.org/struts-doc-1.2.9/api/org/apache/struts/actions/EventActionDispatcher.html EventActionDispatcher] = Commons Validator = - Struts 1.2.9 is distributed with [http://jakarta.apache.org/commons/validator/ Commons Validator] 1.1.4. However you may wish to upgrade to the latest version of of Validator to take adavantage of new features or bug fixes. The current release of Validator (as of 22 March 2006) is 1.2.0... + Struts 1.2.9 is distributed with [http://jakarta.apache.org/commons/validator/ Commons Validator] 1.1.4. However you may wish to upgrade to the latest version of of Validator to take adavantage of new features or bug fixes. The current release of Validator (as of 24 March 2006) is 1.3.0... * [http://jakarta.apache.org/commons/validator/changes-report.html Validator Release History] * [http://wiki.apache.org/jakarta-commons/ValidatorVersion120 Changes/Upgrade Notes for Validator 1.2.0] - ...however, hopefully a Validator 1.3.0 release will be available soon. -
svn commit: r410110 - /struts/action/trunk/taglib/src/main/resources/META-INF/tld/struts-html.tld
Author: wsmoak Date: Mon May 29 08:46:02 2006 New Revision: 410110 URL: http://svn.apache.org/viewvc?rev=410110&view=rev Log: Errors can be stored in any scope, (not just request scope.) Modified: struts/action/trunk/taglib/src/main/resources/META-INF/tld/struts-html.tld Modified: struts/action/trunk/taglib/src/main/resources/META-INF/tld/struts-html.tld URL: http://svn.apache.org/viewvc/struts/action/trunk/taglib/src/main/resources/META-INF/tld/struts-html.tld?rev=410110&r1=410109&r2=410110&view=diff == --- struts/action/trunk/taglib/src/main/resources/META-INF/tld/struts-html.tld (original) +++ struts/action/trunk/taglib/src/main/resources/META-INF/tld/struts-html.tld Mon May 29 08:46:02 2006 @@ -812,7 +812,7 @@ true @@ -1404,7 +1404,7 @@ true
svn commit: r410111 - /struts/action/trunk/apps/examples/src/main/webapp/exercise/logic-iterate.jsp
Author: wsmoak Date: Mon May 29 08:47:51 2006 New Revision: 410111 URL: http://svn.apache.org/viewvc?rev=410111&view=rev Log: Added an example of using a JSP expression for the 'collection' attribute. Modified: struts/action/trunk/apps/examples/src/main/webapp/exercise/logic-iterate.jsp Modified: struts/action/trunk/apps/examples/src/main/webapp/exercise/logic-iterate.jsp URL: http://svn.apache.org/viewvc/struts/action/trunk/apps/examples/src/main/webapp/exercise/logic-iterate.jsp?rev=410111&r1=410110&r2=410111&view=diff == --- struts/action/trunk/apps/examples/src/main/webapp/exercise/logic-iterate.jsp (original) +++ struts/action/trunk/apps/examples/src/main/webapp/exercise/logic-iterate.jsp Mon May 29 08:47:51 2006 @@ -125,5 +125,15 @@ ] +Test 11 - Iterate over a List using the 'collection' attribute + + + + + + [ +] + +
svn commit: r410116 - in /struts/action/trunk: el/src/main/resources/META-INF/tld/struts-html-el.tld taglib/src/main/resources/META-INF/tld/struts-html.tld
Author: niallp Date: Mon May 29 09:25:22 2006 New Revision: 410116 URL: http://svn.apache.org/viewvc?rev=410116&view=rev Log: STR-2527 - Also allow runtime expression in the staticJavascript attribute and update the EL version of the TLD for the Javascript Tag to keep in line with the standard version Modified: struts/action/trunk/el/src/main/resources/META-INF/tld/struts-html-el.tld struts/action/trunk/taglib/src/main/resources/META-INF/tld/struts-html.tld Modified: struts/action/trunk/el/src/main/resources/META-INF/tld/struts-html-el.tld URL: http://svn.apache.org/viewvc/struts/action/trunk/el/src/main/resources/META-INF/tld/struts-html-el.tld?rev=410116&r1=410115&r2=410116&view=diff == --- struts/action/trunk/el/src/main/resources/META-INF/tld/struts-html-el.tld (original) +++ struts/action/trunk/el/src/main/resources/META-INF/tld/struts-html-el.tld Mon May 29 09:25:22 2006 @@ -3653,7 +3653,7 @@ dynamicJavascript false -false +true
svn commit: r410117 - /struts/action/trunk/el/src/main/resources/META-INF/tld/struts-html-el.tld
Author: wsmoak Date: Mon May 29 09:38:54 2006 New Revision: 410117 URL: http://svn.apache.org/viewvc?rev=410117&view=rev Log: Errors can be stored in any scope, (not just request scope.) See r410110 for similar changes to the html taglib TLD. Modified: struts/action/trunk/el/src/main/resources/META-INF/tld/struts-html-el.tld Modified: struts/action/trunk/el/src/main/resources/META-INF/tld/struts-html-el.tld URL: http://svn.apache.org/viewvc/struts/action/trunk/el/src/main/resources/META-INF/tld/struts-html-el.tld?rev=410117&r1=410116&r2=410117&view=diff == --- struts/action/trunk/el/src/main/resources/META-INF/tld/struts-html-el.tld (original) +++ struts/action/trunk/el/src/main/resources/META-INF/tld/struts-html-el.tld Mon May 29 09:38:54 2006 @@ -740,7 +740,7 @@ true @@ -1291,7 +1291,7 @@ true
svn commit: r410132 - in /struts/action2/trunk/apps/showcase/src/main: java/org/apache/struts/action2/showcase/conversion/ webapp/WEB-INF/classes/ webapp/WEB-INF/decorators/ webapp/conversion/
Author: tmjee
Date: Mon May 29 10:51:39 2006
New Revision: 410132
URL: http://svn.apache.org/viewvc?rev=410132&view=rev
Log:
- added a simple conversion example into showcase
- it is basically just populating a List in SAF2 Action with Person.java
Object. Using *-conversion.properties as well
- since this is asked constantly in the forum, we should just put a
simple example in showcase.
Added:
struts/action2/trunk/apps/showcase/src/main/java/org/apache/struts/action2/showcase/conversion/Person.java
(with props)
struts/action2/trunk/apps/showcase/src/main/java/org/apache/struts/action2/showcase/conversion/PersonAction-conversion.properties
(with props)
struts/action2/trunk/apps/showcase/src/main/java/org/apache/struts/action2/showcase/conversion/PersonAction.java
(with props)
struts/action2/trunk/apps/showcase/src/main/webapp/conversion/Person.java.txt
(with props)
struts/action2/trunk/apps/showcase/src/main/webapp/conversion/PersonAction.java.txt
(with props)
struts/action2/trunk/apps/showcase/src/main/webapp/conversion/enterPersonInfo.jsp
(with props)
struts/action2/trunk/apps/showcase/src/main/webapp/conversion/index.jsp
(with props)
struts/action2/trunk/apps/showcase/src/main/webapp/conversion/showPersonInfo.jsp
(with props)
Modified:
struts/action2/trunk/apps/showcase/src/main/webapp/WEB-INF/classes/xwork.xml
struts/action2/trunk/apps/showcase/src/main/webapp/WEB-INF/decorators/main.jsp
Added:
struts/action2/trunk/apps/showcase/src/main/java/org/apache/struts/action2/showcase/conversion/Person.java
URL:
http://svn.apache.org/viewvc/struts/action2/trunk/apps/showcase/src/main/java/org/apache/struts/action2/showcase/conversion/Person.java?rev=410132&view=auto
==
---
struts/action2/trunk/apps/showcase/src/main/java/org/apache/struts/action2/showcase/conversion/Person.java
(added)
+++
struts/action2/trunk/apps/showcase/src/main/java/org/apache/struts/action2/showcase/conversion/Person.java
Mon May 29 10:51:39 2006
@@ -0,0 +1,34 @@
+/*
+ * $Id: AbstractDao.java 394498 2006-04-16 15:28:06Z tmjee $
+ *
+ * Copyright 2006 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.struts.action2.showcase.conversion;
+
+import java.io.Serializable;
+
+/**
+ *
+ */
+public class Person implements Serializable {
+ private String name;
+ private Integer age;
+
+ public void setName(String name) { this.name = name; }
+ public String getName() { return this.name; }
+
+ public void setAge(Integer age) { this.age = age; }
+ public Integer getAge() { return this.age; }
+}
Propchange:
struts/action2/trunk/apps/showcase/src/main/java/org/apache/struts/action2/showcase/conversion/Person.java
--
svn:eol-style = native
Added:
struts/action2/trunk/apps/showcase/src/main/java/org/apache/struts/action2/showcase/conversion/PersonAction-conversion.properties
URL:
http://svn.apache.org/viewvc/struts/action2/trunk/apps/showcase/src/main/java/org/apache/struts/action2/showcase/conversion/PersonAction-conversion.properties?rev=410132&view=auto
==
---
struts/action2/trunk/apps/showcase/src/main/java/org/apache/struts/action2/showcase/conversion/PersonAction-conversion.properties
(added)
+++
struts/action2/trunk/apps/showcase/src/main/java/org/apache/struts/action2/showcase/conversion/PersonAction-conversion.properties
Mon May 29 10:51:39 2006
@@ -0,0 +1 @@
+Element_persons=org.apache.struts.action2.showcase.conversion.Person
Propchange:
struts/action2/trunk/apps/showcase/src/main/java/org/apache/struts/action2/showcase/conversion/PersonAction-conversion.properties
--
svn:eol-style = native
Added:
struts/action2/trunk/apps/showcase/src/main/java/org/apache/struts/action2/showcase/conversion/PersonAction.java
URL:
http://svn.apache.org/viewvc/struts/action2/trunk/apps/showcase/src/main/java/org/apache/struts/action2/showcase/conversion/PersonAction.java?rev=410132&view=auto
==
---
struts/action2/trunk/apps/showcase/src/main/java/org/apache/struts/act
svn commit: r410184 - /struts/action/trunk/faces/src/main/java/org/apache/struts/faces/renderer/ErrorsRenderer.java
Author: niallp
Date: Mon May 29 21:37:56 2006
New Revision: 410184
URL: http://svn.apache.org/viewvc?rev=410184&view=rev
Log:
STR-2493 ErrorsRenderer uses ActionErrors rather than ActionMessages
Modified:
struts/action/trunk/faces/src/main/java/org/apache/struts/faces/renderer/ErrorsRenderer.java
Modified:
struts/action/trunk/faces/src/main/java/org/apache/struts/faces/renderer/ErrorsRenderer.java
URL:
http://svn.apache.org/viewvc/struts/action/trunk/faces/src/main/java/org/apache/struts/faces/renderer/ErrorsRenderer.java?rev=410184&r1=410183&r2=410184&view=diff
==
---
struts/action/trunk/faces/src/main/java/org/apache/struts/faces/renderer/ErrorsRenderer.java
(original)
+++
struts/action/trunk/faces/src/main/java/org/apache/struts/faces/renderer/ErrorsRenderer.java
Mon May 29 21:37:56 2006
@@ -30,7 +30,7 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.struts.Globals;
-import org.apache.struts.action.ActionErrors;
+import org.apache.struts.action.ActionMessages;
import org.apache.struts.action.ActionMessage;
import org.apache.struts.util.MessageResources;
@@ -136,7 +136,7 @@
}
// Render any Struts messages
-ActionErrors errors = (ActionErrors)
+ActionMessages errors = (ActionMessages)
context.getExternalContext().getRequestMap().get
(Globals.ERROR_KEY);
if (errors != null) {
svn commit: r410185 - /struts/action/trunk/faces/src/main/java/org/apache/struts/faces/renderer/FormRenderer.java
Author: niallp
Date: Mon May 29 21:39:02 2006
New Revision: 410185
URL: http://svn.apache.org/viewvc?rev=410185&view=rev
Log:
Improve error handling when action mapping is not found
Modified:
struts/action/trunk/faces/src/main/java/org/apache/struts/faces/renderer/FormRenderer.java
Modified:
struts/action/trunk/faces/src/main/java/org/apache/struts/faces/renderer/FormRenderer.java
URL:
http://svn.apache.org/viewvc/struts/action/trunk/faces/src/main/java/org/apache/struts/faces/renderer/FormRenderer.java?rev=410185&r1=410184&r2=410185&view=diff
==
---
struts/action/trunk/faces/src/main/java/org/apache/struts/faces/renderer/FormRenderer.java
(original)
+++
struts/action/trunk/faces/src/main/java/org/apache/struts/faces/renderer/FormRenderer.java
Mon May 29 21:39:02 2006
@@ -111,6 +111,10 @@
String action = form.getAction();
ModuleConfig moduleConfig = form.lookupModuleConfig(context);
ActionConfig actionConfig = moduleConfig.findActionConfig(action);
+if (actionConfig == null) {
+throw new IllegalArgumentException("Cannot find action '" +
+ action + "' configuration");
+}
String beanName = actionConfig.getAttribute();
if (beanName != null) {
form.getAttributes().put("beanName", beanName);
svn commit: r410186 - in /struts/action/trunk/apps: faces-example1/src/main/webapp/ faces-example1/src/main/webapp/WEB-INF/ faces-example2/src/main/webapp/ faces-example2/src/main/webapp/WEB-INF/
Author: niallp Date: Mon May 29 21:43:05 2006 New Revision: 410186 URL: http://svn.apache.org/viewvc?rev=410186&view=rev Log: Fix TLD URIs and configure cancellable property. Modified: struts/action/trunk/apps/faces-example1/src/main/webapp/WEB-INF/struts-config.xml struts/action/trunk/apps/faces-example1/src/main/webapp/changePassword.jsp struts/action/trunk/apps/faces-example2/src/main/webapp/WEB-INF/struts-config.xml struts/action/trunk/apps/faces-example2/src/main/webapp/changePassword.jsp struts/action/trunk/apps/faces-example2/src/main/webapp/staticJavascript.jsp struts/action/trunk/apps/faces-example2/src/main/webapp/welcome.jsp Modified: struts/action/trunk/apps/faces-example1/src/main/webapp/WEB-INF/struts-config.xml URL: http://svn.apache.org/viewvc/struts/action/trunk/apps/faces-example1/src/main/webapp/WEB-INF/struts-config.xml?rev=410186&r1=410185&r2=410186&view=diff == --- struts/action/trunk/apps/faces-example1/src/main/webapp/WEB-INF/struts-config.xml (original) +++ struts/action/trunk/apps/faces-example1/src/main/webapp/WEB-INF/struts-config.xml Mon May 29 21:43:05 2006 @@ -138,6 +138,7 @@ type="org.apache.struts.webapp.example.SaveRegistrationAction" name="registrationForm" scope="request" +cancellable="true" input="registration"> @@ -146,6 +147,7 @@ type="org.apache.struts.webapp.example.SaveSubscriptionAction" name="subscriptionForm" scope="request" +cancellable="true" input="subscription"> Modified: struts/action/trunk/apps/faces-example1/src/main/webapp/changePassword.jsp URL: http://svn.apache.org/viewvc/struts/action/trunk/apps/faces-example1/src/main/webapp/changePassword.jsp?rev=410186&r1=410185&r2=410186&view=diff == --- struts/action/trunk/apps/faces-example1/src/main/webapp/changePassword.jsp (original) +++ struts/action/trunk/apps/faces-example1/src/main/webapp/changePassword.jsp Mon May 29 21:43:05 2006 @@ -1,6 +1,6 @@ <%@ page contentType="text/html;charset=UTF-8" language="java" %> -<%@ taglib uri="/WEB-INF/struts-bean.tld" prefix="bean" %> -<%@ taglib uri="/WEB-INF/struts-html.tld" prefix="html" %> +<%@ taglib uri="http://struts.apache.org/tags-html"; prefix="html" %> +<%@ taglib uri="http://struts.apache.org/tags-bean"; prefix="bean" %> @@ -151,6 +152,7 @@ type="org.apache.struts.webapp.example2.SaveSubscriptionAction" name="subscriptionForm" scope="request" +cancellable="true" input="subscription"> Modified: struts/action/trunk/apps/faces-example2/src/main/webapp/changePassword.jsp URL: http://svn.apache.org/viewvc/struts/action/trunk/apps/faces-example2/src/main/webapp/changePassword.jsp?rev=410186&r1=410185&r2=410186&view=diff == --- struts/action/trunk/apps/faces-example2/src/main/webapp/changePassword.jsp (original) +++ struts/action/trunk/apps/faces-example2/src/main/webapp/changePassword.jsp Mon May 29 21:43:05 2006 @@ -1,6 +1,6 @@ <%@ page contentType="text/html;charset=UTF-8" language="java" %> -<%@ taglib uri="/WEB-INF/struts-bean.tld" prefix="bean" %> -<%@ taglib uri="/WEB-INF/struts-html.tld" prefix="html" %> +<%@ taglib uri="http://struts.apache.org/tags-html"; prefix="html" %> +<%@ taglib uri="http://struts.apache.org/tags-bean"; prefix="bean" %>
svn commit: r410187 - /struts/action/trunk/apps/faces-example2/src/main/webapp/loggedoff.jsp
Author: niallp Date: Mon May 29 21:45:35 2006 New Revision: 410187 URL: http://svn.apache.org/viewvc?rev=410187&view=rev Log: STR-2496 Switch from standard JSF to Struts - thanks to MarioK Modified: struts/action/trunk/apps/faces-example2/src/main/webapp/loggedoff.jsp Modified: struts/action/trunk/apps/faces-example2/src/main/webapp/loggedoff.jsp URL: http://svn.apache.org/viewvc/struts/action/trunk/apps/faces-example2/src/main/webapp/loggedoff.jsp?rev=410187&r1=410186&r2=410187&view=diff == --- struts/action/trunk/apps/faces-example2/src/main/webapp/loggedoff.jsp (original) +++ struts/action/trunk/apps/faces-example2/src/main/webapp/loggedoff.jsp Mon May 29 21:45:35 2006 @@ -45,19 +45,19 @@ <%-- FIXME - needs "?action=Create" modifier --%> - - + - - +
[Struts Wiki] Update of "StrutsUpgradeNotes12to13" by WendySmoak
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Struts Wiki" for change
notification.
The following page has been changed by WendySmoak:
http://wiki.apache.org/struts/StrutsUpgradeNotes12to13
--
Beginning with Struts 1.3, a servlet container that supports Servlet 2.3 and
JSP 1.2 (such as Tomcat 4.x) is required.
== 2 .Packaging ==
- While previously Struts was distributed as a "monolithic" jar, beginning with
the 1.3.0 release, many things which were formerly in the "core" have been
split out into their own distributions. You will always need
"struts-action-1.3.x.jar", and you may need one or more of the following:
+ While previously Struts was distributed as a "monolithic" jar, beginning with
the 1.3.0 release, many things which were formerly in the "core" have been
split out into their own distributions. You will always need
"struts-core-1.3.x.jar", and you may need one or more of the following:
* struts-taglib-1.3.x.jar (if you want to use the JSP tag libraries, except
for the Tiles tag library)
* struts-el-1.3.x.jar (in addition to struts-taglib) if you want to use the
JSTL expression language
@@ -23, +23 @@
[http://jakarta.apache.org/commons/chain/ Commons Chain] version 1.0. -
remember to deploy the Chain jar
=== 3.2 File Upload 1.1 ===
- Struts 1.3 now depends on
+ Struts 1.3 has an ''optional'' dependency on
[http://jakarta.apache.org/commons/fileupload/ Commons FileUpload] version
1.1 (previously was version 1.0). As well as needing to upgrade the !FileUpload
jar you will now also need the
[http://jakarta.apache.org/commons/io/ Commons IO] Version 1.1 jar.
@@ -42, +42 @@
* If you change the doctype you will have to change the deprecated
''arg0-arg3'' elements to ''arg'' elements.
- * You must upgrade to the new version of validator-rules.xml. This file is
included in struts-action.jar, so the easiest way to upgrade is to delete any
copies you may have in your application and use the following Validator Plugin
configuration:
+ * You must upgrade to the new version of validator-rules.xml. This file is
included in struts-core-1.3.x.jar, so the easiest way to upgrade is to delete
any copies you may have in your application and use the following Validator
Plugin configuration:
{{{
