S: the form tag action parameters are deleted

Question

S: the form tag action parameters are deleted

I searched and searched, and it destroys me. I have it:

<s:form method="post" action="%{methodOne}" cssClass="buttons">

EmailFormUrl correctly returns the URL, but the parameters have been deleted.

  public String methodOne() { return anotherClass.methodTwo(id); }

What says about:

  public static String methodTwo( String id) { return fastEncode("", "longurl/view.jsp", new ParameterPairing("id", id)); }

For some reason, the identifier is lost, this leaves me with a verification error and does not perform the required action. As far as I know, before the July urgent security update, we had no problems, but this is a little functionality that is rarely used (I assume the argument for its removal).

I don’t want to add a hidden parameter, because I want to understand the reason why this does not work, and not the workaround (I'm still in the hard training part of my career).

+6

java parameters jsp forms struts2

Phish Jan 31 '14 at 11:17

source share

1 answer

Aleksandr M · Accepted Answer · 2014-01-31T21:13:47+0000

In a servlet environment, the <s:form> uses the ServletUrlRenderer class to display the URL of the form. If the setting for the action specified in the action attribute cannot be found, then the literal value (without parameters) of the action attribute will be used.

Note. you need to use the action name without extension so that it can be found in the configuration. Thus, some_action?foo=bar will be set with parameters in the form if you have some_action in the configuration, but some_action.action?foo=bar will not be found due to the .action extension and the parameters will be deleted.

S: the form tag action parameters are deleted

More articles: