Thank you for your hard work.My name is Nanazip.
As you mentioned, we upgraded Struts2 from 2.3.16.1 to the latest version of 2.3.28.1.
This prevents jsp from retrieving some of the values it is retrieving in s:property.
Specifically, the following is true:
<s:iterator value="testList" var="rst" status="stts">
<s:set var="str" value="#rst.result">
<!--- value retrieved sproperty -->
<s:property value="%{example.util.StringUtil@toString(#str.test)}"/>
<!--- Value not retrieved sproperty-->
<s:property value="%{example.util.StringUtil@toString(#str.gTest)}"/>
Some of the values have been replaced.
2.3.16.1 has both been able to obtain values, so we suspect that some action has been taken to address the OGNL vulnerability and that the latter gTest call has been disabled.
Also, after correcting the sproperty, gTest field name, and getter and setter that have not been able to get the value, we were able to get the value as follows.
gTest→grpTest
getGTest()→getGrpTest()
setGTest()→setGrpTest()
<s:property value="%{example.util.StringUtil@toString(#str.grpTest)}"/>
At the moment, I was able to take first aid, but I don't know the cause.
If you know the version that caused this incident and how to fix it less, could you tell me?
Sorry for the inconvenience.Thank you for your cooperation.
In conclusion, I think you can write the following on JSP.
<s:property value="%{example.util.StringUtil@toString(#str.GTest)}"/>
This issue is caused by an update to ognl 3.0.6 → 3.0.11, applied in Struts 2.3.24.1 → 2.3.28.
Is gertrud's response the easiest?
© 2024 OneMinuteCode. All rights reserved.