« The Ajax Experience | Main | [ANN] Equinox 1.5... »
20051219 Monday December 19, 2005

Struts 1.2.8 has client-side validation issues just like 1.2.7 This weekend, I upgraded AppFuse from Struts 1.2.4 to 1.2.8. After failing to upgrade to 1.2.7, I was a little leary of this release - for good reason. It turns out, the 1.2.8 release has the same client-side validation issue as 1.2.7. The good news is it's a Commons Validator issue this time, and you can fix it by upgrading to Commons Validator 1.2.0 (it ships with 1.1.4).

If you're using custom client-side validators, you might have to patch your functions. Here's what I did to mine: 

- oTwoFields = eval('new ' + formName.value + '_twofields()');
+ oTwoFields = eval('new ' + retrieveFormName(form) + '_twofields()');

Also, if you'd like to use Spring MVC with Commons Validator 1.2.0, you'll need to patch springmodules-validator. Or you can just download the one from AppFuse's CVS. Posted in Java at Dec 19 2005, 04:55:37 PM MST 2 Comments

Comments:

Our hand was forced for the 1.2.8 release by the discovery of the XSS Vulnerability and it seemed like a good idea to keep 1.2.8 changes to a minimum. We could ship a 1.2.9 version with Commons Validator 1.2.0 - but with 1.3 on the horizon I'm not sure whether this will happen or not.

Posted by Niall on December 19, 2005 at 08:58 PM MST #

I had the same problem when upgrading Tudu Lists 2 days ago. The trick was to upgrade validator-rules.xml. The problem is that I'm just using server-side validation, and that I'm managing all my dependencies with Maven 2. So why on earth do I have to upgrade this file manually? Can't it be included in struts-1.2.8.jar? I understand that some people are editing the file manually : there could be an official validator-rules.xml, included in struts-XXX.jar, and a personalized one that inherits from it.

Posted by Julien Dubois on December 20, 2005 at 03:17 AM MST #

Post a Comment:
  • HTML Syntax: Allowed