Re: Problems with commons-beanutils-1.9.4

[Claude Brisson <cl...@renegat.net.INVALID>]

On 20-02-07 17 h 44, Nathan Bubna wrote:
> As for setClass(Class cls), couldn't we just change it to:
>
> public void setClass(String classname) {
>      setClassname(classname);
> }
>
> Seems like that would keep the class="org.com.Foo" config syntax working
> and avoid the security issue, right?

Nah, because what happens is that the "class" property is filtered 
beforehand by beanutils introspector.

What I did is provide the xml digester with a alias, mapping "class" 
towards "classname".

I'm gonna push your suggestion also, though, as it might help for other 
configuration methods when running under a security manager.



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@velocity.apache.org
For additional commands, e-mail: dev-help@velocity.apache.org