struts-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lukaszlen...@apache.org
Subject [1/5] struts git commit: Uses isSequence flag to block chained expressions
Date Mon, 18 Apr 2016 18:50:27 GMT
Repository: struts
Updated Branches:
  refs/heads/struts-2-3-20-2 [created] c7113e9d6


Uses isSequence flag to block chained expressions


Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/98eb21ae
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/98eb21ae
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/98eb21ae

Branch: refs/heads/struts-2-3-20-2
Commit: 98eb21ae8528dd5fdc3f76ed9ade897a1c679131
Parents: a9974ee
Author: Lukasz Lenart <lukaszlenart@apache.org>
Authored: Mon Apr 18 20:38:27 2016 +0200
Committer: Lukasz Lenart <lukaszlenart@apache.org>
Committed: Mon Apr 18 20:38:27 2016 +0200

----------------------------------------------------------------------
 .../java/com/opensymphony/xwork2/ognl/OgnlUtil.java  |  6 +++---
 .../com/opensymphony/xwork2/ognl/OgnlUtilTest.java   | 15 +++++++++++++++
 2 files changed, 18 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/struts/blob/98eb21ae/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
----------------------------------------------------------------------
diff --git a/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java b/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
index 63c45fe..0421fac 100644
--- a/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
+++ b/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
@@ -282,7 +282,7 @@ public class OgnlUtil {
         compileAndExecute(name, context, new OgnlTask<Void>() {
             public Void execute(Object tree) throws OgnlException {
                 if (!evalName && isEvalExpression(tree, context)) {
-                    throw new OgnlException("Eval expression cannot be used as parameter
name");
+                    throw new OgnlException("Eval expression/chained expressions cannot be
used as parameter name");
                 }
                 Ognl.setValue(tree, context, root, value);
                 return null;
@@ -298,7 +298,7 @@ public class OgnlUtil {
             if (context!=null && context instanceof OgnlContext) {
                 ognlContext = (OgnlContext) context;
             }
-            return node.isEvalChain(ognlContext);
+            return node.isEvalChain(ognlContext) || node.isSequence(ognlContext);
         }
         return false;
     }
@@ -355,7 +355,7 @@ public class OgnlUtil {
     
     private void checkEnableEvalExpression(Object tree, Map<String, Object> context)
throws OgnlException {
         if (!enableEvalExpression && isEvalExpression(tree, context)) {
-            throw new OgnlException("Eval expressions has been disabled!");
+            throw new OgnlException("Eval expressions/chained expressions have been disabled!");
         }
     }
 

http://git-wip-us.apache.org/repos/asf/struts/blob/98eb21ae/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java
----------------------------------------------------------------------
diff --git a/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java b/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java
index 6726af6..13442b1 100644
--- a/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java
+++ b/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java
@@ -750,6 +750,21 @@ public class OgnlUtilTest extends XWorkTestCase {
         assertEquals(expected.getMessage(), "Method \"getRuntime\" failed for object class
java.lang.Runtime");
     }
 
+    public void testBlockSequenceOfExpressions() throws Exception {
+        Foo foo = new Foo();
+
+        Exception expected = null;
+        try {
+            ognlUtil.setValue("#booScope=@myclass@DEFAULT_SCOPE,#bootScope.init()", ognlUtil.createDefaultContext(foo),
foo, true);
+            fail();
+        } catch (OgnlException e) {
+            expected = e;
+        }
+        assertNotNull(expected);
+        assertSame(OgnlException.class, expected.getClass());
+        assertEquals(expected.getMessage(), "Eval expressions/chained expressions have been
disabled!");
+    }
+
     public static class Email {
         String address;
 


Mime
View raw message