struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lukasz Lenart <lukaszlen...@apache.org>
Subject Re: OGNL expressions in headers and parameters
Date Mon, 13 Mar 2017 10:55:15 GMT
2017-03-13 10:54 GMT+01:00 Tamás Barta <bartatamas@gmail.com>:
> Lukasz, I don't write it to blame you. I very appreciate your work.
>
> I just write to this list because it seems to me that these OGNL
> expressions are evaluated before my code is executed and I wonder if it can
> be disabled anyhow.
> Can I turn off these auto-evaluated thinks if I don't need them at all? You
> wrote that it is my code which initiates this, but I don't think so.

Not sure what do you mean by the "auto-evaluated" - each expression to
be evaluated must be passed to an interpreter first (e.g. OGNL) so
there is no such thing like auto-evaluation of everything.

OGNL is used to convert incoming params and apply them onto your
actions (request param as a String -> OGNL -> an Object of given
type). You can pass an expression via such param e.g. %{'aaaaa' +
'bbbbb'} and it won't be evaluated, it will be applied literally as a
String.

The problem is when someone takes value of such param and passes it to
evaluator e.g. getText("%{'aaaaa' + 'bbbbb'}", "%{'aaaaa' + 'bbbbb'}")
- then the evaluation happens - but this a developer mistake not
"auto-evaluation".


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message