(struts) branch master updated (8566c1464 -> a0dc19c4b)
This is an automated email from the ASF dual-hosted git repository. kusal pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/struts.git from 8566c1464 Merge pull request #1096 from apache/feature/WW-5476-deprecate add 7cdcd84b8 Merge pull request #1072 from apache/fix/WW-5468-modeldriven-2 new a0dc19c4b Merge pull request #1104 from apache/WW-5468-modeldriven-strutsparameter-fix The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: .../showcase/modelDriven/ModelDrivenAction.java| 2 +- .../main/java/org/apache/struts2/ModelDriven.java | 6 + .../parameter/ParametersInterceptor.java | 45 ++- .../com/opensymphony/xwork2/ModelDrivenAction.java | 3 +- .../xwork2/ModelDrivenAnnotationAction.java| 3 +- .../interceptor/ModelDrivenInterceptorTest.java| 2 +- .../xwork2/test/ModelDrivenAction2.java| 4 +- .../xwork2/test/ModelDrivenAnnotationAction2.java | 4 +- .../xwork2/test/subtest/NullModelDrivenAction.java | 3 +- .../validator/VisitorValidatorModelAction.java | 5 +- .../parameter/StrutsParameterAnnotationTest.java | 36 +- .../apache/struts2/result/StreamResultTest.java| 6 +- .../beanvalidation/actions/ModelDrivenAction.java | 2 - .../actions/ValidateGroupAction.java | 2 - .../apache/struts2/junit/StrutsRestTestCase.java | 3 +- .../struts2/rest/RestActionInvocationTest.java | 400 ++--- .../com/opensymphony/xwork2/ModelDrivenAction.java | 3 +- 17 files changed, 281 insertions(+), 248 deletions(-)
(struts) branch WW-5468-modeldriven-strutsparameter-fix deleted (was 7cdcd84b8)
This is an automated email from the ASF dual-hosted git repository. kusal pushed a change to branch WW-5468-modeldriven-strutsparameter-fix in repository https://gitbox.apache.org/repos/asf/struts.git was 7cdcd84b8 Merge pull request #1072 from apache/fix/WW-5468-modeldriven-2 The revisions that were on this branch are still contained in other references; therefore, this change does not discard any commits from the repository.
(struts) branch feature/WW-3714-rename deleted (was 32bc4045b)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch feature/WW-3714-rename in repository https://gitbox.apache.org/repos/asf/struts.git was 32bc4045b WW-3714 Moves all classes from com.opensymphony.xwork2 into org.apache.struts2 The revisions that were on this branch are still contained in other references; therefore, this change does not discard any commits from the repository.
(struts) 01/01: Merge pull request #1104 from apache/WW-5468-modeldriven-strutsparameter-fix
This is an automated email from the ASF dual-hosted git repository. kusal pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/struts.git commit a0dc19c4bebfccf693f6a8d7a0f77d901cd537f1 Merge: 8566c1464 7cdcd84b8 Author: Kusal Kithul-Godage AuthorDate: Fri Nov 1 23:19:43 2024 +1100 Merge pull request #1104 from apache/WW-5468-modeldriven-strutsparameter-fix .../showcase/modelDriven/ModelDrivenAction.java| 2 +- .../main/java/org/apache/struts2/ModelDriven.java | 6 + .../parameter/ParametersInterceptor.java | 45 ++- .../com/opensymphony/xwork2/ModelDrivenAction.java | 3 +- .../xwork2/ModelDrivenAnnotationAction.java| 3 +- .../interceptor/ModelDrivenInterceptorTest.java| 2 +- .../xwork2/test/ModelDrivenAction2.java| 4 +- .../xwork2/test/ModelDrivenAnnotationAction2.java | 4 +- .../xwork2/test/subtest/NullModelDrivenAction.java | 3 +- .../validator/VisitorValidatorModelAction.java | 5 +- .../parameter/StrutsParameterAnnotationTest.java | 36 +- .../apache/struts2/result/StreamResultTest.java| 6 +- .../beanvalidation/actions/ModelDrivenAction.java | 2 - .../actions/ValidateGroupAction.java | 2 - .../apache/struts2/junit/StrutsRestTestCase.java | 3 +- .../struts2/rest/RestActionInvocationTest.java | 400 ++--- .../com/opensymphony/xwork2/ModelDrivenAction.java | 3 +- 17 files changed, 281 insertions(+), 248 deletions(-)
(struts) branch WW-5476-defaultresultfactory updated (1562d8331 -> c17639092)
This is an automated email from the ASF dual-hosted git repository. kusal pushed a change to branch WW-5476-defaultresultfactory in repository https://gitbox.apache.org/repos/asf/struts.git discard 1562d8331 WW-5476 Fix ActionContext equals/hashCode contract discard 9543142fe WW-5476 Deprecate DefaultResultFactory add fe46ad9f4 WW-5478 Deprecate DefaultResultFactory add c17639092 WW-5478 Fix ActionContext equals/hashCode contract This update added new revisions after undoing existing revisions. That is to say, some revisions that were in the old version of the branch are not in the new version. This situation occurs when a user --force pushes a change and generates a repository containing something like this: * -- * -- B -- O -- O -- O (1562d8331) \ N -- N -- N refs/heads/WW-5476-defaultresultfactory (c17639092) You should already have received notification emails for all of the O revisions, and so the following emails describe only the N revisions from the common base, B. Any revisions marked "omit" are not gone; other references still refer to them. Any revisions marked "discard" are gone forever. No new revisions were added by this update. Summary of changes:
(struts) branch master updated (a0dc19c4b -> 1908cbab8)
This is an automated email from the ASF dual-hosted git repository. kusal pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/struts.git from a0dc19c4b Merge pull request #1104 from apache/WW-5468-modeldriven-strutsparameter-fix add fe46ad9f4 WW-5478 Deprecate DefaultResultFactory add c17639092 WW-5478 Fix ActionContext equals/hashCode contract new 1908cbab8 Merge pull request #1105 from apache/WW-5476-defaultresultfactory The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: .../java/com/opensymphony/xwork2/config/entities/ResultConfig.java | 6 +++--- .../com/opensymphony/xwork2/config/impl/DefaultConfiguration.java | 4 ++-- .../java/com/opensymphony/xwork2/factory/DefaultResultFactory.java | 4 core/src/main/java/org/apache/struts2/ActionContext.java | 7 ++- .../xwork2/interceptor/ChainingInterceptorWithConfigTest.java | 7 --- .../struts2/convention/PackageBasedActionConfigBuilderTest.java| 4 ++-- 6 files changed, 21 insertions(+), 11 deletions(-)
(struts) 01/01: Merge pull request #1105 from apache/WW-5476-defaultresultfactory
This is an automated email from the ASF dual-hosted git repository. kusal pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/struts.git commit 1908cbab8fd200f35eae66f716582c92849aa9ff Merge: a0dc19c4b c17639092 Author: Kusal Kithul-Godage AuthorDate: Sat Nov 2 14:05:37 2024 +1100 Merge pull request #1105 from apache/WW-5476-defaultresultfactory WW-5478 Deprecate DefaultResultFactory .../java/com/opensymphony/xwork2/config/entities/ResultConfig.java | 6 +++--- .../com/opensymphony/xwork2/config/impl/DefaultConfiguration.java | 4 ++-- .../java/com/opensymphony/xwork2/factory/DefaultResultFactory.java | 4 core/src/main/java/org/apache/struts2/ActionContext.java | 7 ++- .../xwork2/interceptor/ChainingInterceptorWithConfigTest.java | 7 --- .../struts2/convention/PackageBasedActionConfigBuilderTest.java| 4 ++-- 6 files changed, 21 insertions(+), 11 deletions(-)
(struts) branch WW-5476-defaultresultfactory deleted (was c17639092)
This is an automated email from the ASF dual-hosted git repository. kusal pushed a change to branch WW-5476-defaultresultfactory in repository https://gitbox.apache.org/repos/asf/struts.git was c17639092 WW-5478 Fix ActionContext equals/hashCode contract The revisions that were on this branch are still contained in other references; therefore, this change does not discard any commits from the repository.
(struts) 01/01: Merge remote-tracking branch 'origin/master' into 7.0.x/merge-master-2024-11-02
This is an automated email from the ASF dual-hosted git repository.
kusal pushed a commit to branch 7.0.x/merge-master-2024-11-02
in repository https://gitbox.apache.org/repos/asf/struts.git
commit 3bd473b2d398fbd7614275b02c31eb01b53a2ac1
Merge: 99434d99b 1908cbab8
Author: Kusal Kithul-Godage
AuthorDate: Sat Nov 2 14:11:48 2024 +1100
Merge remote-tracking branch 'origin/master' into
7.0.x/merge-master-2024-11-02
core/src/main/java/org/apache/struts2/ActionContext.java | 5 +
core/src/main/java/org/apache/struts2/ModelDriven.java | 3 +++
.../org/apache/struts2/config/entities/ResultConfig.java | 6 +++---
.../apache/struts2/config/impl/DefaultConfiguration.java | 4 ++--
.../org/apache/struts2/factory/DefaultResultFactory.java | 3 +++
.../interceptor/parameter/ParametersInterceptor.java | 1 +
.../interceptor/ChainingInterceptorWithConfigTest.java | 7 ---
.../convention/PackageBasedActionConfigBuilderTest.java| 4 ++--
.../org/apache/struts2/rest/RestActionInvocationTest.java | 14 ++
9 files changed, 29 insertions(+), 18 deletions(-)
diff --cc core/src/main/java/org/apache/struts2/ActionContext.java
index 56163eacc,335c24e95..2f023bc51
--- a/core/src/main/java/org/apache/struts2/ActionContext.java
+++ b/core/src/main/java/org/apache/struts2/ActionContext.java
@@@ -543,9 -543,15 +543,14 @@@ public class ActionContext implements S
@Override
public final boolean equals(Object obj) {
-if (!(obj instanceof ActionContext)) {
+if (!(obj instanceof ActionContext other)) {
return false;
}
-ActionContext other = (ActionContext) obj;
return Objects.equals(getContextMap(), other.getContextMap());
}
+
+ @Override
+ public final int hashCode() {
+ return Objects.hash(getContextMap());
+ }
}
diff --cc
core/src/main/java/org/apache/struts2/config/entities/ResultConfig.java
index 5e2a1daae,0..40d20838e
mode 100644,00..100644
--- a/core/src/main/java/org/apache/struts2/config/entities/ResultConfig.java
+++ b/core/src/main/java/org/apache/struts2/config/entities/ResultConfig.java
@@@ -1,163 -1,0 +1,163 @@@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.struts2.config.entities;
+
+import org.apache.struts2.util.location.Located;
+import org.apache.struts2.util.location.Location;
+
+import java.io.Serializable;
+import java.util.Collections;
+import java.util.LinkedHashMap;
+import java.util.Map;
+import java.util.Objects;
+
+
+/**
+ * Configuration for Result.
+ *
+ *
+ * In the xml configuration file this is defined as the result
tag.
+ *
+ *
+ * @author Mike
+ */
+public class ResultConfig extends Located implements Serializable {
+
- protected Map params;
++protected Map params;
+protected String className;
+protected String name;
+
+protected ResultConfig(String name, String className) {
+this.name = name;
+this.className = className;
+params = new LinkedHashMap<>();
+}
+
+protected ResultConfig(ResultConfig orig) {
+this.params = orig.params;
+this.name = orig.name;
+this.className = orig.className;
+this.location = orig.location;
+}
+
+public String getClassName() {
+return className;
+}
+
+public String getName() {
+return name;
+}
+
- public Map getParams() {
++public Map getParams() {
+return params;
+}
+
+@Override
+public boolean equals(Object o) {
+if (this == o) {
+return true;
+}
+
+if (!(o instanceof ResultConfig resultConfig)) {
+return false;
+}
+
+if (!Objects.equals(className, resultConfig.className)) {
+return false;
+}
+
+if (!Objects.equals(name, resultConfig.name)) {
+return false;
+}
+
+if (!Objects.equals(params, resultConfig.params)) {
+return false;
+}
+
+return true;
+}
+
+@Override
+public int hashCode() {
+int result;
+
(struts) branch 7.0.x/merge-master-2024-11-02 created (now 3bd473b2d)
This is an automated email from the ASF dual-hosted git repository. kusal pushed a change to branch 7.0.x/merge-master-2024-11-02 in repository https://gitbox.apache.org/repos/asf/struts.git at 3bd473b2d Merge remote-tracking branch 'origin/master' into 7.0.x/merge-master-2024-11-02 This branch includes the following new commits: new 3bd473b2d Merge remote-tracking branch 'origin/master' into 7.0.x/merge-master-2024-11-02 The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference.
(struts) 01/01: WW-5478 Delete deprecated DefaultResultFactory
This is an automated email from the ASF dual-hosted git repository.
kusal pushed a commit to branch 7.0.x/WW-5478-delete-result
in repository https://gitbox.apache.org/repos/asf/struts.git
commit 792497f0c1df9899797ba7fb518b2bc82e117dd0
Author: Kusal Kithul-Godage
AuthorDate: Sat Nov 2 14:13:26 2024 +1100
WW-5478 Delete deprecated DefaultResultFactory
---
.../struts2/factory/DefaultResultFactory.java | 81 --
1 file changed, 81 deletions(-)
diff --git
a/core/src/main/java/org/apache/struts2/factory/DefaultResultFactory.java
b/core/src/main/java/org/apache/struts2/factory/DefaultResultFactory.java
deleted file mode 100644
index 54efb6972..0
--- a/core/src/main/java/org/apache/struts2/factory/DefaultResultFactory.java
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.struts2.factory;
-
-import org.apache.struts2.ObjectFactory;
-import org.apache.struts2.Result;
-import org.apache.struts2.config.ConfigurationException;
-import org.apache.struts2.config.entities.ResultConfig;
-import org.apache.struts2.inject.Inject;
-import org.apache.struts2.util.reflection.ReflectionException;
-import org.apache.struts2.util.reflection.ReflectionExceptionHandler;
-import org.apache.struts2.util.reflection.ReflectionProvider;
-
-import java.util.Map;
-
-/**
- * Default implementation
- *
- * @deprecated since 6.7.0, use {@link StrutsResultFactory} instead.
- */
-@Deprecated
-public class DefaultResultFactory implements ResultFactory {
-
-private ObjectFactory objectFactory;
-private ReflectionProvider reflectionProvider;
-
-@Inject
-public void setObjectFactory(ObjectFactory objectFactory) {
-this.objectFactory = objectFactory;
-}
-
-@Inject
-public void setReflectionProvider(ReflectionProvider reflectionProvider) {
-this.reflectionProvider = reflectionProvider;
-}
-
-public Result buildResult(ResultConfig resultConfig, Map
extraContext) throws Exception {
-String resultClassName = resultConfig.getClassName();
-if (resultClassName == null) {
-return null;
-}
-
-Object o = objectFactory.buildBean(resultClassName, extraContext);
-
-if (!(o instanceof Result result)) {
-throw new ConfigurationException("Class [" + resultClassName + "]
does not implement Result", resultConfig);
-}
-
-Map params = resultConfig.getParams();
-if (params != null) {
-for (Map.Entry paramEntry : params.entrySet()) {
-try {
-reflectionProvider.setProperty(paramEntry.getKey(),
paramEntry.getValue(), result, extraContext, true);
-} catch (ReflectionException ex) {
-if (result instanceof ReflectionExceptionHandler
reflectionExceptionHandler) {
-reflectionExceptionHandler.handle(ex);
-}
-}
-}
-}
-
-return result;
-}
-
-}
(struts) branch 7.0.x/WW-5478-delete-result created (now 792497f0c)
This is an automated email from the ASF dual-hosted git repository. kusal pushed a change to branch 7.0.x/WW-5478-delete-result in repository https://gitbox.apache.org/repos/asf/struts.git at 792497f0c WW-5478 Delete deprecated DefaultResultFactory This branch includes the following new commits: new 792497f0c WW-5478 Delete deprecated DefaultResultFactory The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference.
(struts) branch 7.0.x/WW-5478-delete-result updated (792497f0c -> 0d0560370)
This is an automated email from the ASF dual-hosted git repository. kusal pushed a change to branch 7.0.x/WW-5478-delete-result in repository https://gitbox.apache.org/repos/asf/struts.git discard 792497f0c WW-5478 Delete deprecated DefaultResultFactory discard 3bd473b2d Merge remote-tracking branch 'origin/master' into 7.0.x/merge-master-2024-11-02 add a43f8a523 Merge remote-tracking branch 'origin/master' into 7.0.x/merge-master-2024-11-02 add ecad4a576 Replace com.opensymphony.xwork2 mentions add 0d0560370 WW-5478 Delete deprecated DefaultResultFactory This update added new revisions after undoing existing revisions. That is to say, some revisions that were in the old version of the branch are not in the new version. This situation occurs when a user --force pushes a change and generates a repository containing something like this: * -- * -- B -- O -- O -- O (792497f0c) \ N -- N -- N refs/heads/7.0.x/WW-5478-delete-result (0d0560370) You should already have received notification emails for all of the O revisions, and so the following emails describe only the N revisions from the common base, B. Any revisions marked "omit" are not gone; other references still refer to them. Any revisions marked "discard" are gone forever. No new revisions were added by this update. Summary of changes: .../interceptor/ActionFileUploadInterceptor.java | 2 +- .../parameter/ParametersInterceptor.java | 33 +++--- 2 files changed, 17 insertions(+), 18 deletions(-)
(struts) branch 7.0.x/merge-master-2024-11-02 updated (3bd473b2d -> a43f8a523)
This is an automated email from the ASF dual-hosted git repository. kusal pushed a change to branch 7.0.x/merge-master-2024-11-02 in repository https://gitbox.apache.org/repos/asf/struts.git omit 3bd473b2d Merge remote-tracking branch 'origin/master' into 7.0.x/merge-master-2024-11-02 add a43f8a523 Merge remote-tracking branch 'origin/master' into 7.0.x/merge-master-2024-11-02 This update added new revisions after undoing existing revisions. That is to say, some revisions that were in the old version of the branch are not in the new version. This situation occurs when a user --force pushes a change and generates a repository containing something like this: * -- * -- B -- O -- O -- O (3bd473b2d) \ N -- N -- N refs/heads/7.0.x/merge-master-2024-11-02 (a43f8a523) You should already have received notification emails for all of the O revisions, and so the following emails describe only the N revisions from the common base, B. Any revisions marked "omit" are not gone; other references still refer to them. Any revisions marked "discard" are gone forever. No new revisions were added by this update. Summary of changes: .../parameter/ParametersInterceptor.java | 31 +++--- 1 file changed, 15 insertions(+), 16 deletions(-)
(struts) branch 7.0.x/merge-master-2024-11-02 updated (a43f8a523 -> ecad4a576)
This is an automated email from the ASF dual-hosted git repository. kusal pushed a change to branch 7.0.x/merge-master-2024-11-02 in repository https://gitbox.apache.org/repos/asf/struts.git from a43f8a523 Merge remote-tracking branch 'origin/master' into 7.0.x/merge-master-2024-11-02 add ecad4a576 Replace com.opensymphony.xwork2 mentions No new revisions were added by this update. Summary of changes: .../org/apache/struts2/interceptor/ActionFileUploadInterceptor.java | 2 +- .../org/apache/struts2/interceptor/parameter/ParametersInterceptor.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)
(struts) 01/01: WW-5480 Warn against potential templating bug
This is an automated email from the ASF dual-hosted git repository.
kusal pushed a commit to branch WW-5480-templating-warning
in repository https://gitbox.apache.org/repos/asf/struts.git
commit fca7631fe87016a24fa709a6f4e06662bdb4cfa9
Author: Kusal Kithul-Godage
AuthorDate: Sat Nov 2 14:41:30 2024 +1100
WW-5480 Warn against potential templating bug
---
.../java/org/apache/struts2/components/UIBean.java | 9 -
.../org/apache/struts2/components/UIBeanTest.java | 47 +-
2 files changed, 46 insertions(+), 10 deletions(-)
diff --git a/core/src/main/java/org/apache/struts2/components/UIBean.java
b/core/src/main/java/org/apache/struts2/components/UIBean.java
index 4d6897a4b..1506e6970 100644
--- a/core/src/main/java/org/apache/struts2/components/UIBean.java
+++ b/core/src/main/java/org/apache/struts2/components/UIBean.java
@@ -655,7 +655,7 @@ public abstract class UIBean extends Component {
if (this.key != null) {
if(this.name == null) {
-this.name = key;
+setName(key);
}
if(this.label == null) {
@@ -1137,6 +1137,13 @@ public abstract class UIBean extends Component {
@StrutsTagAttribute(description="The name to set for element")
public void setName(String name) {
+if (name != null && name.startsWith("$")) {
+LOG.error("The name attribute should not usually be a templating
variable." +
+ " This can cause a critical vulnerability if the
resolved value is derived from user input." +
+ " If you are certain that you require this behaviour,
please use OGNL expression syntax ( %{expr} ) instead.",
+new IllegalStateException());
+return;
+}
this.name = name;
}
diff --git a/core/src/test/java/org/apache/struts2/components/UIBeanTest.java
b/core/src/test/java/org/apache/struts2/components/UIBeanTest.java
index 7893e2232..07ecd5b34 100644
--- a/core/src/test/java/org/apache/struts2/components/UIBeanTest.java
+++ b/core/src/test/java/org/apache/struts2/components/UIBeanTest.java
@@ -38,6 +38,21 @@ import static
com.opensymphony.xwork2.security.DefaultNotExcludedAcceptedPattern
public class UIBeanTest extends StrutsInternalTestCase {
+private UIBean bean;
+
+public void setUp() throws Exception {
+super.setUp();
+ValueStack stack = ActionContext.getContext().getValueStack();
+MockHttpServletRequest req = new MockHttpServletRequest();
+MockHttpServletResponse res = new MockHttpServletResponse();
+bean = new UIBean(stack, req, res) {
+@Override
+protected String getDefaultTemplate() {
+return null;
+}
+};
+}
+
public void testPopulateComponentHtmlId1() {
ValueStack stack = ActionContext.getContext().getValueStack();
MockHttpServletRequest req = new MockHttpServletRequest();
@@ -102,15 +117,6 @@ public class UIBeanTest extends StrutsInternalTestCase {
}
public void testEscape() {
-ValueStack stack = ActionContext.getContext().getValueStack();
-MockHttpServletRequest req = new MockHttpServletRequest();
-MockHttpServletResponse res = new MockHttpServletResponse();
-UIBean bean = new UIBean(stack, req, res) {
-protected String getDefaultTemplate() {
-return null;
-}
-};
-
assertEquals(bean.escape("hello[world"), "hello_world");
assertEquals(bean.escape("hello.world"), "hello_world");
assertEquals(bean.escape("hello]world"), "hello_world");
@@ -424,4 +430,27 @@ public class UIBeanTest extends StrutsInternalTestCase {
assertEquals("/content", field.uiStaticContentPath);
}
+/**
+ * The {@code name} attribute of a {@link UIBean} is evaluated to
determine the {@value UIBean#ATTR_NAME_VALUE}
+ * parameter value. Thus, it is imperative that the {@code name} attribute
is not derived from user input as it will
+ * otherwise result in a critical SSTI vulnerability.
+ *
+ * When using FreeMarker, if the {@code name} attribute is a templating
variable that corresponds to a getter which
+ * returns user-controlled input, it will usually resolve to {@code null}
when loading the corresponding Action,
+ * which results in a rendering error, giving developers strong feedback
that the attribute is not set correctly.
+ *
+ * In the case of Velocity, templating variables which resolve to {@code
null} do not cause rendering errors, making
+ * this potentially critical mistake sometimes undetectable. By logging a
prominent warning, Velocity developers are
+ * also given a clear indication that the {@code name} attribute is not
set correctly.
+ *
+ * If the name attribute should definitely correspond to a variable (it is
NOT derived from user input), the warning
+
(struts) branch WW-5480-templating-warning created (now fca7631fe)
This is an automated email from the ASF dual-hosted git repository. kusal pushed a change to branch WW-5480-templating-warning in repository https://gitbox.apache.org/repos/asf/struts.git at fca7631fe WW-5480 Warn against potential templating bug This branch includes the following new commits: new fca7631fe WW-5480 Warn against potential templating bug The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference.
(struts) branch WW-5480-templating-warning updated (fca7631fe -> ced44650e)
This is an automated email from the ASF dual-hosted git repository. kusal pushed a change to branch WW-5480-templating-warning in repository https://gitbox.apache.org/repos/asf/struts.git discard fca7631fe WW-5480 Warn against potential templating bug new ced44650e WW-5480 Warn against potential templating bug This update added new revisions after undoing existing revisions. That is to say, some revisions that were in the old version of the branch are not in the new version. This situation occurs when a user --force pushes a change and generates a repository containing something like this: * -- * -- B -- O -- O -- O (fca7631fe) \ N -- N -- N refs/heads/WW-5480-templating-warning (ced44650e) You should already have received notification emails for all of the O revisions, and so the following emails describe only the N revisions from the common base, B. Any revisions marked "omit" are not gone; other references still refer to them. Any revisions marked "discard" are gone forever. The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: core/src/test/java/org/apache/struts2/components/UIBeanTest.java | 1 + 1 file changed, 1 insertion(+)
(struts) 01/01: WW-5480 Warn against potential templating bug
This is an automated email from the ASF dual-hosted git repository.
kusal pushed a commit to branch WW-5480-templating-warning
in repository https://gitbox.apache.org/repos/asf/struts.git
commit ced44650ec3e12f265eca72499700e8ad7a3905f
Author: Kusal Kithul-Godage
AuthorDate: Sat Nov 2 14:41:30 2024 +1100
WW-5480 Warn against potential templating bug
---
.../java/org/apache/struts2/components/UIBean.java | 9 +++-
.../org/apache/struts2/components/UIBeanTest.java | 48 ++
2 files changed, 47 insertions(+), 10 deletions(-)
diff --git a/core/src/main/java/org/apache/struts2/components/UIBean.java
b/core/src/main/java/org/apache/struts2/components/UIBean.java
index 4d6897a4b..1506e6970 100644
--- a/core/src/main/java/org/apache/struts2/components/UIBean.java
+++ b/core/src/main/java/org/apache/struts2/components/UIBean.java
@@ -655,7 +655,7 @@ public abstract class UIBean extends Component {
if (this.key != null) {
if(this.name == null) {
-this.name = key;
+setName(key);
}
if(this.label == null) {
@@ -1137,6 +1137,13 @@ public abstract class UIBean extends Component {
@StrutsTagAttribute(description="The name to set for element")
public void setName(String name) {
+if (name != null && name.startsWith("$")) {
+LOG.error("The name attribute should not usually be a templating
variable." +
+ " This can cause a critical vulnerability if the
resolved value is derived from user input." +
+ " If you are certain that you require this behaviour,
please use OGNL expression syntax ( %{expr} ) instead.",
+new IllegalStateException());
+return;
+}
this.name = name;
}
diff --git a/core/src/test/java/org/apache/struts2/components/UIBeanTest.java
b/core/src/test/java/org/apache/struts2/components/UIBeanTest.java
index 7893e2232..ff3dc50f1 100644
--- a/core/src/test/java/org/apache/struts2/components/UIBeanTest.java
+++ b/core/src/test/java/org/apache/struts2/components/UIBeanTest.java
@@ -38,6 +38,22 @@ import static
com.opensymphony.xwork2.security.DefaultNotExcludedAcceptedPattern
public class UIBeanTest extends StrutsInternalTestCase {
+private UIBean bean;
+
+@Override
+public void setUp() throws Exception {
+super.setUp();
+ValueStack stack = ActionContext.getContext().getValueStack();
+MockHttpServletRequest req = new MockHttpServletRequest();
+MockHttpServletResponse res = new MockHttpServletResponse();
+bean = new UIBean(stack, req, res) {
+@Override
+protected String getDefaultTemplate() {
+return null;
+}
+};
+}
+
public void testPopulateComponentHtmlId1() {
ValueStack stack = ActionContext.getContext().getValueStack();
MockHttpServletRequest req = new MockHttpServletRequest();
@@ -102,15 +118,6 @@ public class UIBeanTest extends StrutsInternalTestCase {
}
public void testEscape() {
-ValueStack stack = ActionContext.getContext().getValueStack();
-MockHttpServletRequest req = new MockHttpServletRequest();
-MockHttpServletResponse res = new MockHttpServletResponse();
-UIBean bean = new UIBean(stack, req, res) {
-protected String getDefaultTemplate() {
-return null;
-}
-};
-
assertEquals(bean.escape("hello[world"), "hello_world");
assertEquals(bean.escape("hello.world"), "hello_world");
assertEquals(bean.escape("hello]world"), "hello_world");
@@ -424,4 +431,27 @@ public class UIBeanTest extends StrutsInternalTestCase {
assertEquals("/content", field.uiStaticContentPath);
}
+/**
+ * The {@code name} attribute of a {@link UIBean} is evaluated to
determine the {@value UIBean#ATTR_NAME_VALUE}
+ * parameter value. Thus, it is imperative that the {@code name} attribute
is not derived from user input as it will
+ * otherwise result in a critical SSTI vulnerability.
+ *
+ * When using FreeMarker, if the {@code name} attribute is a templating
variable that corresponds to a getter which
+ * returns user-controlled input, it will usually resolve to {@code null}
when loading the corresponding Action,
+ * which results in a rendering error, giving developers strong feedback
that the attribute is not set correctly.
+ *
+ * In the case of Velocity, templating variables which resolve to {@code
null} do not cause rendering errors, making
+ * this potentially critical mistake sometimes undetectable. By logging a
prominent warning, Velocity developers are
+ * also given a clear indication that the {@code name} attribute is not
set correctly.
+ *
+ * If the name attribute should definitely correspond to a variable (it is
NOT derived from user input), t
(struts) branch feature/WW-3714-rename updated (cdcf1396b -> 32bc4045b)
This is an automated email from the ASF dual-hosted git repository. kusal pushed a change to branch feature/WW-3714-rename in repository https://gitbox.apache.org/repos/asf/struts.git discard cdcf1396b WW-3714 Moves all classes from com.opensymphony.xwork2 into org.apache.struts2 add 49ddf6130 WW-5471 Marks Sitemesh plugin as deprecated add 9f2770b2c Merge pull request #1075 from apache/feature/WW-5471-deprecate-sitemesh add 7deb48129 WW-3714 Deprecate and migrate Action, Interceptor, Result add 8da6a7992 WW-3714 Deprecate and migrate ActionContext add ae9dc42da WW-3714 Deprecate and migrate ConditionalInterceptor add 60095a693 WW-3714 Deprecate and migrate ActionInvocation add 272c2e7bb WW-3714 Deprecate and migrate PreResultListener add e3fbe8835 WW-3714 Update new ActionContext with new ActionInvocation add 36a890ba6 WW-3714 Add factory support for new Interceptor, Result interfaces add b622e5d72 WW-3714 Ensure ReflectionExceptionHandler, WithLazyParams, ParamNameAwareResult marker interfaces respected add 91154f0ec Merge branch 'kusal-depr-apis-3.5' into 7.0.x/merge-master-2024-11-01 add bbca2717f WW-3714 Deprecate and migrate ActionEventListener add 14bd4b80c WW-3714 Deprecate and migrate ActionProxy add 8ba8ee5fe WW-3714 Deprecate and migrate ValueStack add 111bc2565 WW-3714 Deprecate and migrate assorted marker interfaces add dfd07190b WW-3714 Update new ActionContext with new ValueStack add 7ce8f484e WW-3714 Shortcut adapters add ebedd7391 WW-3714 Marker interface migration follow-up add 2757c2357 WW-3714 Fix replacement ValidationAware marker not recognised add 56004a10a Merge branch 'kusal-depr-apis-5' into 7.0.x/merge-master-2024-11-01 add a623842bc WW-3714 Deprecate and migrate ActionSupport add 9e23fbe66 WW-3714 Deprecate and migrate AbstractInterceptor and MethodFilterInterceptor add f95f9a7cd WW-3714 Add alternative constructors in InterceptorMapping add deb6c09bc WW-3714 Replace deprecated APIs in new ActionSupport add 45a1f5efc WW-3714 Deprecate and migrate assorted Interceptors add 243244997 WW-3714 Update StrutsResultSupport to allow overriding new signature add a34bffdf3 Merge branch 'kusal-depr-apis-7' into 7.0.x/merge-master-2024-11-01 add 09eb28602 Initial Commit: - Fix for boundary condition bug in JakartaMultipartRequest that results in a NPE when struts.multipart.maxStringLength is not explicitly set, and normal fields are processed along with a file upload. - Additional unit tests for file upload interceptors to confirm functionality with-or-without max parameters being set when a file upload is processed alone as well as with normal fields. add b359da551 Merge pull request #1068 from JCgH4164838Gh792C124B5/localS2_66_JakartaMulipartRequestFix1 add efa447af2 Merge pull request #1079 from apache/kusal-depr-apis add d1695f7a4 Bump github/codeql-action from 3.26.12 to 3.26.13 add a28f22605 Merge pull request #1090 from apache/dependabot/github_actions/github/codeql-action-3.26.13 add 28c8f1503 Bump maven-surefire-plugin.version from 3.5.0 to 3.5.1 add 117e84f24 Merge pull request #1092 from apache/dependabot/maven/maven-surefire-plugin.version-3.5.1 add cf6cbf381 Bump org.apache.maven.plugins:maven-failsafe-plugin from 3.3.1 to 3.5.1 add 9b87e88bb Merge pull request #1095 from apache/dependabot/maven/org.apache.maven.plugins-maven-failsafe-plugin-3.5.1 add b18fbda1f Bump org.apache.maven.doxia:doxia-core from 1.12.0 to 2.0.0 add 144010c3b Merge pull request #1093 from apache/dependabot/maven/org.apache.maven.doxia-doxia-core-2.0.0 add b488c80aa Merge pull request #1081 from apache/kusal-depr-apis-3 add 323267fa8 Merge pull request #1087 from apache/kusal-depr-apis-3.5 add 266cd1333 Merge pull request #1082 from apache/kusal-depr-apis-4 add 5b81ec085 Merge pull request #1083 from apache/kusal-depr-apis-5 add 67ee1b2d6 Merge pull request #1084 from apache/kusal-depr-apis-6 add 89bcbecc7 Merge pull request #1085 from apache/kusal-depr-apis-7 add 48ee44bbc Bump org.apache.commons:commons-lang3 from 3.15.0 to 3.17.0 add d9d580ae3 Merge pull request #1094 from apache/dependabot/maven/org.apache.commons-commons-lang3-3.17.0 add 3f7492309 Bump github/codeql-action from 3.26.13 to 3.27.0 add b15dc458c Merge pull request #1102 from apache/dependabot/github_actions/github/codeql-action-3.27.0 add 5b2f63fa7 Bump asm.version from 9.7 to 9.7.1 add c75ddbbf3 Merge pull request #1098 from apache/dependabot/maven/asm.version-9.7.1 add 67e047799 WW-5476 Deprecates tag's parameters as replaced with attributes add 8566c1464 Merge pull request #1096 from apache/feature/WW-5476-deprecate add f55c404d2 Merge branch 'master' into 7.0.x/merge-master-2024-11-01 add eab6d9ef8 Fix merge errors add 08d54d2b6 Merg
(struts) branch WW-5468-modeldriven-strutsparameter-fix created (now 7cdcd84b8)
This is an automated email from the ASF dual-hosted git repository. kusal pushed a change to branch WW-5468-modeldriven-strutsparameter-fix in repository https://gitbox.apache.org/repos/asf/struts.git at 7cdcd84b8 Merge pull request #1072 from apache/fix/WW-5468-modeldriven-2 This branch includes the following new commits: new 7cdcd84b8 Merge pull request #1072 from apache/fix/WW-5468-modeldriven-2 The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference.
(struts) 01/01: Merge pull request #1072 from apache/fix/WW-5468-modeldriven-2
This is an automated email from the ASF dual-hosted git repository.
kusal pushed a commit to branch WW-5468-modeldriven-strutsparameter-fix
in repository https://gitbox.apache.org/repos/asf/struts.git
commit 7cdcd84b838eaea5a3f10af5ea64e6856dc3c27d
Author: Kusal Kithul-Godage
AuthorDate: Mon Oct 14 18:59:11 2024 +1100
Merge pull request #1072 from apache/fix/WW-5468-modeldriven-2
WW-5468 Exempt ModelDriven Actions from @StrutsParameter requirement
---
.../showcase/modelDriven/ModelDrivenAction.java| 2 +-
.../main/java/org/apache/struts2/ModelDriven.java | 6 +
.../parameter/ParametersInterceptor.java | 45 ++-
.../com/opensymphony/xwork2/ModelDrivenAction.java | 3 +-
.../xwork2/ModelDrivenAnnotationAction.java| 3 +-
.../interceptor/ModelDrivenInterceptorTest.java| 2 +-
.../xwork2/test/ModelDrivenAction2.java| 4 +-
.../xwork2/test/ModelDrivenAnnotationAction2.java | 4 +-
.../xwork2/test/subtest/NullModelDrivenAction.java | 3 +-
.../validator/VisitorValidatorModelAction.java | 5 +-
.../parameter/StrutsParameterAnnotationTest.java | 36 +-
.../apache/struts2/result/StreamResultTest.java| 6 +-
.../beanvalidation/actions/ModelDrivenAction.java | 2 -
.../actions/ValidateGroupAction.java | 2 -
.../apache/struts2/junit/StrutsRestTestCase.java | 3 +-
.../struts2/rest/RestActionInvocationTest.java | 400 ++---
.../com/opensymphony/xwork2/ModelDrivenAction.java | 3 +-
17 files changed, 281 insertions(+), 248 deletions(-)
diff --git
a/apps/showcase/src/main/java/org/apache/struts2/showcase/modelDriven/ModelDrivenAction.java
b/apps/showcase/src/main/java/org/apache/struts2/showcase/modelDriven/ModelDrivenAction.java
index 60692b0e6..0fae6c481 100644
---
a/apps/showcase/src/main/java/org/apache/struts2/showcase/modelDriven/ModelDrivenAction.java
+++
b/apps/showcase/src/main/java/org/apache/struts2/showcase/modelDriven/ModelDrivenAction.java
@@ -42,7 +42,7 @@ public class ModelDrivenAction extends ActionSupport
implements ModelDriven {
}
@Override
- public Object getModel() {
+ public Gangster getModel() {
return new Gangster();
}
}
diff --git a/core/src/main/java/org/apache/struts2/ModelDriven.java
b/core/src/main/java/org/apache/struts2/ModelDriven.java
index 0704109f1..993a6f5eb 100644
--- a/core/src/main/java/org/apache/struts2/ModelDriven.java
+++ b/core/src/main/java/org/apache/struts2/ModelDriven.java
@@ -18,6 +18,8 @@
*/
package org.apache.struts2;
+import org.apache.struts2.interceptor.parameter.StrutsParameter;
+
/**
* ModelDriven Actions provide a model object to be pushed onto the ValueStack
* in addition to the Action itself, allowing a FormBean type approach like
Struts.
@@ -28,9 +30,13 @@ public interface ModelDriven {
/**
* Gets the model to be pushed onto the ValueStack instead of the Action
itself.
+ *
+ * Please be aware that all setters and getters of every depth on the
object returned by this method are available
+ * for user parameter injection!
*
* @return the model
*/
+@StrutsParameter(depth = Integer.MAX_VALUE)
T getModel();
}
diff --git
a/core/src/main/java/org/apache/struts2/interceptor/parameter/ParametersInterceptor.java
b/core/src/main/java/org/apache/struts2/interceptor/parameter/ParametersInterceptor.java
index 239bc6d6c..9f6ff8f53 100644
---
a/core/src/main/java/org/apache/struts2/interceptor/parameter/ParametersInterceptor.java
+++
b/core/src/main/java/org/apache/struts2/interceptor/parameter/ParametersInterceptor.java
@@ -35,6 +35,7 @@ import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.ClassUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
+import org.apache.struts2.ModelDriven;
import org.apache.struts2.StrutsConstants;
import org.apache.struts2.action.NoParameters;
import org.apache.struts2.action.ParameterNameAware;
@@ -348,7 +349,15 @@ public class ParametersInterceptor extends
MethodFilterInterceptor {
}
long paramDepth = name.codePoints().mapToObj(c -> (char)
c).filter(NESTING_CHARS::contains).count();
+
+if (action instanceof ModelDriven &&
!ActionContext.getContext().getValueStack().peek().equals(action)) {
+LOG.debug("Model driven Action detected, exempting from
@StrutsParameter annotation requirement and OGNL allowlisting model type");
+// (Exempted by annotation on
com.opensymphony.xwork2.ModelDriven#getModel)
+return hasValidAnnotatedMember("model", action, paramDepth + 1);
+}
+
if (requireAnnotationsTransitionMode && paramDepth == 0) {
+LOG.debug("Annotation transition mode enabled, exempting
non-nested parameter [{}] from @StrutsParameter annotation requirement", name);
return true;
}
@@ -365,6 +374,
(struts) branch WW-5476-defaultresultfactory created (now c73e6d199)
This is an automated email from the ASF dual-hosted git repository. kusal pushed a change to branch WW-5476-defaultresultfactory in repository https://gitbox.apache.org/repos/asf/struts.git at c73e6d199 WW-5476 Deprecate DefaultResultFactory This branch includes the following new commits: new c73e6d199 WW-5476 Deprecate DefaultResultFactory The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference.
(struts) 01/01: WW-5476 Deprecate DefaultResultFactory
This is an automated email from the ASF dual-hosted git repository.
kusal pushed a commit to branch WW-5476-defaultresultfactory
in repository https://gitbox.apache.org/repos/asf/struts.git
commit c73e6d199f891431de2af8ecbb2de802272f1a3d
Author: Kusal Kithul-Godage
AuthorDate: Fri Nov 1 19:48:46 2024 +1100
WW-5476 Deprecate DefaultResultFactory
---
.../java/com/opensymphony/xwork2/config/entities/ResultConfig.java | 6 +++---
.../com/opensymphony/xwork2/config/impl/DefaultConfiguration.java | 4 ++--
.../java/com/opensymphony/xwork2/factory/DefaultResultFactory.java | 4
core/src/main/java/org/apache/struts2/ActionContext.java | 2 +-
.../xwork2/interceptor/ChainingInterceptorWithConfigTest.java | 7 ---
.../struts2/convention/PackageBasedActionConfigBuilderTest.java| 4 ++--
6 files changed, 16 insertions(+), 11 deletions(-)
diff --git
a/core/src/main/java/com/opensymphony/xwork2/config/entities/ResultConfig.java
b/core/src/main/java/com/opensymphony/xwork2/config/entities/ResultConfig.java
index 50602636b..9cb78c0fd 100644
---
a/core/src/main/java/com/opensymphony/xwork2/config/entities/ResultConfig.java
+++
b/core/src/main/java/com/opensymphony/xwork2/config/entities/ResultConfig.java
@@ -38,7 +38,7 @@ import java.util.Map;
*/
public class ResultConfig extends Located implements Serializable {
-protected Map params;
+protected Map params;
protected String className;
protected String name;
@@ -63,7 +63,7 @@ public class ResultConfig extends Located implements
Serializable {
return name;
}
-public Map getParams() {
+public Map getParams() {
return params;
}
@@ -140,7 +140,7 @@ public class ResultConfig extends Located implements
Serializable {
return this;
}
-public Builder addParams(Map params) {
+public Builder addParams(Map params) {
target.params.putAll(params);
return this;
}
diff --git
a/core/src/main/java/com/opensymphony/xwork2/config/impl/DefaultConfiguration.java
b/core/src/main/java/com/opensymphony/xwork2/config/impl/DefaultConfiguration.java
index 7c725e15b..d1560f53f 100644
---
a/core/src/main/java/com/opensymphony/xwork2/config/impl/DefaultConfiguration.java
+++
b/core/src/main/java/com/opensymphony/xwork2/config/impl/DefaultConfiguration.java
@@ -66,7 +66,6 @@ import com.opensymphony.xwork2.factory.ActionFactory;
import com.opensymphony.xwork2.factory.ConverterFactory;
import com.opensymphony.xwork2.factory.DefaultActionFactory;
import com.opensymphony.xwork2.factory.DefaultInterceptorFactory;
-import com.opensymphony.xwork2.factory.DefaultResultFactory;
import com.opensymphony.xwork2.factory.DefaultUnknownHandlerFactory;
import com.opensymphony.xwork2.factory.DefaultValidatorFactory;
import com.opensymphony.xwork2.factory.InterceptorFactory;
@@ -109,6 +108,7 @@ import org.apache.struts2.StrutsConstants;
import org.apache.struts2.conversion.StrutsConversionPropertiesProcessor;
import org.apache.struts2.conversion.StrutsTypeConverterCreator;
import org.apache.struts2.conversion.StrutsTypeConverterHolder;
+import org.apache.struts2.factory.StrutsResultFactory;
import org.apache.struts2.ognl.OgnlGuard;
import org.apache.struts2.ognl.ProviderAllowlist;
import org.apache.struts2.ognl.StrutsOgnlGuard;
@@ -363,7 +363,7 @@ public class DefaultConfiguration implements Configuration {
// TODO: SpringObjectFactoryTest fails when these are SINGLETON
.factory(ObjectFactory.class, Scope.PROTOTYPE)
.factory(ActionFactory.class, DefaultActionFactory.class,
Scope.PROTOTYPE)
-.factory(ResultFactory.class, DefaultResultFactory.class,
Scope.PROTOTYPE)
+.factory(ResultFactory.class, StrutsResultFactory.class,
Scope.PROTOTYPE)
.factory(InterceptorFactory.class,
DefaultInterceptorFactory.class, Scope.PROTOTYPE)
.factory(ValidatorFactory.class,
DefaultValidatorFactory.class, Scope.PROTOTYPE)
.factory(ConverterFactory.class, StrutsConverterFactory.class,
Scope.PROTOTYPE)
diff --git
a/core/src/main/java/com/opensymphony/xwork2/factory/DefaultResultFactory.java
b/core/src/main/java/com/opensymphony/xwork2/factory/DefaultResultFactory.java
index 42527494e..b4e312bfd 100644
---
a/core/src/main/java/com/opensymphony/xwork2/factory/DefaultResultFactory.java
+++
b/core/src/main/java/com/opensymphony/xwork2/factory/DefaultResultFactory.java
@@ -26,12 +26,16 @@ import com.opensymphony.xwork2.inject.Inject;
import com.opensymphony.xwork2.util.reflection.ReflectionException;
import com.opensymphony.xwork2.util.reflection.ReflectionExceptionHandler;
import com.opensymphony.xwork2.util.reflection.ReflectionProvider;
+import org.apache.struts2.factory.StrutsResultFactory;
import java.util.Map;
/**
* Default implementation
+ *
+ * @deprecated since 6.7.0, use {@link StrutsResult
(struts) branch WW-5476-defaultresultfactory updated (c73e6d199 -> 1562d8331)
This is an automated email from the ASF dual-hosted git repository. kusal pushed a change to branch WW-5476-defaultresultfactory in repository https://gitbox.apache.org/repos/asf/struts.git discard c73e6d199 WW-5476 Deprecate DefaultResultFactory add 9543142fe WW-5476 Deprecate DefaultResultFactory add 1562d8331 WW-5476 Fix ActionContext equals/hashCode contract This update added new revisions after undoing existing revisions. That is to say, some revisions that were in the old version of the branch are not in the new version. This situation occurs when a user --force pushes a change and generates a repository containing something like this: * -- * -- B -- O -- O -- O (c73e6d199) \ N -- N -- N refs/heads/WW-5476-defaultresultfactory (1562d8331) You should already have received notification emails for all of the O revisions, and so the following emails describe only the N revisions from the common base, B. Any revisions marked "omit" are not gone; other references still refer to them. Any revisions marked "discard" are gone forever. No new revisions were added by this update. Summary of changes: core/src/main/java/org/apache/struts2/ActionContext.java | 5 + 1 file changed, 5 insertions(+)
