struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Greg Huber <gregh3...@gmail.com>
Subject Re: Struts 2.3.25
Date Mon, 14 Mar 2016 08:59:20 GMT
.....not sure.

I checked on my dev server, on 2.5, and it does not seem to call the
SecurityMemberAccess isAccessible method,  will try and trace back to see
why its being called only on 2.3.25



On 14 March 2016 at 08:39, Lukasz Lenart <lukaszlenart@apache.org> wrote:

> 2016-03-14 9:30 GMT+01:00 Greg Huber <gregh3269@gmail.com>:
> > Its checking
> >
> > bean.address.longitude.doubleValue() >>> class java.lang.Double
> >
> > in
> >
> > com.opensymphony.xwork2.ognl.SecurityMemberAccess
> >
> > method
> > isPackageExcluded(...)
> >
> > for (String packageName: excludedPackageNames) {
> >             if (targetPackageName.startsWith(packageName) ||
> > targetPackageName.equals(packageName)
> >                     || memberPackageName.startsWith(packageName) ||
> > memberPackageName.equals(packageName)) {
> >                 return true;
> >             }
> >         }
> >
> >
> > packageName == java.lang
> > excludedPackageNames == [java.lang, ognl, javax]
> >
> > So where does the excludedPackageNames come from??
>
> It's here https://issues.apache.org/jira/browse/WW-4575
> There is a unittest for primitive int, adding the same for double, though
>
>
> Regards
> --
> Ɓukasz
> + 48 606 323 122 http://www.lenart.org.pl/
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
> For additional commands, e-mail: dev-help@struts.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message