struts-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lukaszlen...@apache.org
Subject [16/50] [abbrv] struts git commit: Prevents eval expressions at all
Date Fri, 15 Jul 2016 13:18:43 GMT
Prevents eval expressions at all


Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/61f9b07a
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/61f9b07a
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/61f9b07a

Branch: refs/heads/master
Commit: 61f9b07a788292b03ccdfae727f19bf2d7d47ad9
Parents: 46f3cf2
Author: Lukasz Lenart <lukaszlenart@apache.org>
Authored: Sun Jan 10 12:00:10 2016 +0100
Committer: Lukasz Lenart <lukasz.lenart@gmail.com>
Committed: Tue Jan 19 16:18:01 2016 +0100

----------------------------------------------------------------------
 .../java/com/opensymphony/xwork2/ognl/OgnlUtil.java     |  8 ++------
 .../com/opensymphony/xwork2/ognl/OgnlValueStack.java    | 12 ++++--------
 2 files changed, 6 insertions(+), 14 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/struts/blob/61f9b07a/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java b/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
index f6f2ea8..8143613 100644
--- a/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
+++ b/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
@@ -273,14 +273,10 @@ public class OgnlUtil {
      *
      * @throws OgnlException in case of ognl errors
      */
-    public void setValue(String name, Map<String, Object> context, Object root, Object
value) throws OgnlException {
-        setValue(name, context, root, value, true);
-    }
-
-    protected void setValue(String name, final Map<String, Object> context, final Object
root, final Object value, final boolean evalName) throws OgnlException {
+    public void setValue(final String name, final Map<String, Object> context, final
Object root, final Object value) throws OgnlException {
         compileAndExecute(name, context, new OgnlTask<Void>() {
             public Void execute(Object tree) throws OgnlException {
-                if (!evalName && isEvalExpression(tree, context)) {
+                if (isEvalExpression(tree, context)) {
                     throw new OgnlException("Eval expression cannot be used as parameter
name");
                 }
                 Ognl.setValue(tree, context, root, value);

http://git-wip-us.apache.org/repos/asf/struts/blob/61f9b07a/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlValueStack.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlValueStack.java b/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlValueStack.java
index af7fbc5..4394d03 100644
--- a/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlValueStack.java
+++ b/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlValueStack.java
@@ -148,7 +148,7 @@ public class OgnlValueStack implements Serializable, ValueStack, ClearableValueS
      * @see com.opensymphony.xwork2.util.ValueStack#setParameter(String, Object)
      */
     public void setParameter(String expr, Object value) {
-        setValue(expr, value, devMode, false);
+        setValue(expr, value, devMode);
     }
 
     /**
@@ -164,13 +164,9 @@ public class OgnlValueStack implements Serializable, ValueStack, ClearableValueS
      * @see com.opensymphony.xwork2.util.ValueStack#setValue(java.lang.String, java.lang.Object,
boolean)
      */
     public void setValue(String expr, Object value, boolean throwExceptionOnFailure) {
-        setValue(expr, value, throwExceptionOnFailure, true);
-    }
-
-    private void setValue(String expr, Object value, boolean throwExceptionOnFailure, boolean
evalExpression) {
         Map<String, Object> context = getContext();
         try {
-            trySetValue(expr, value, throwExceptionOnFailure, context, evalExpression);
+            trySetValue(expr, value, throwExceptionOnFailure, context);
         } catch (OgnlException e) {
             handleOgnlException(expr, value, throwExceptionOnFailure, e);
         } catch (RuntimeException re) { //XW-281
@@ -180,10 +176,10 @@ public class OgnlValueStack implements Serializable, ValueStack, ClearableValueS
         }
     }
 
-    private void trySetValue(String expr, Object value, boolean throwExceptionOnFailure,
Map<String, Object> context, boolean evalExpression) throws OgnlException {
+    private void trySetValue(String expr, Object value, boolean throwExceptionOnFailure,
Map<String, Object> context) throws OgnlException {
         context.put(XWorkConverter.CONVERSION_PROPERTY_FULLNAME, expr);
         context.put(REPORT_ERRORS_ON_NO_PROP, (throwExceptionOnFailure) ? Boolean.TRUE :
Boolean.FALSE);
-        ognlUtil.setValue(expr, context, root, value, evalExpression);
+        ognlUtil.setValue(expr, context, root, value);
     }
 
     private void cleanUpContext(Map<String, Object> context) {


Mime
View raw message