struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lukasz Lenart <lukaszlen...@apache.org>
Subject Re: Struts 2.3.25
Date Mon, 14 Mar 2016 08:39:51 GMT
2016-03-14 9:30 GMT+01:00 Greg Huber <gregh3269@gmail.com>:
> Its checking
>
> bean.address.longitude.doubleValue() >>> class java.lang.Double
>
> in
>
> com.opensymphony.xwork2.ognl.SecurityMemberAccess
>
> method
> isPackageExcluded(...)
>
> for (String packageName: excludedPackageNames) {
>             if (targetPackageName.startsWith(packageName) ||
> targetPackageName.equals(packageName)
>                     || memberPackageName.startsWith(packageName) ||
> memberPackageName.equals(packageName)) {
>                 return true;
>             }
>         }
>
>
> packageName == java.lang
> excludedPackageNames == [java.lang, ognl, javax]
>
> So where does the excludedPackageNames come from??

It's here https://issues.apache.org/jira/browse/WW-4575
There is a unittest for primitive int, adding the same for double, though


Regards
-- 
Ɓukasz
+ 48 606 323 122 http://www.lenart.org.pl/

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org


Mime
View raw message