You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@struts.apache.org by lu...@apache.org on 2016/01/10 12:00:22 UTC

struts git commit: Prevents eval expressions at all

Repository: struts
Updated Branches:
  refs/heads/master 74e26830d -> 61a7ee296


Prevents eval expressions at all


Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/61a7ee29
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/61a7ee29
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/61a7ee29

Branch: refs/heads/master
Commit: 61a7ee296161bbfa61e90871649598a2e4a680a2
Parents: 74e2683
Author: Lukasz Lenart <lu...@apache.org>
Authored: Sun Jan 10 12:00:10 2016 +0100
Committer: Lukasz Lenart <lu...@apache.org>
Committed: Sun Jan 10 12:00:10 2016 +0100

----------------------------------------------------------------------
 .../java/com/opensymphony/xwork2/ognl/OgnlUtil.java     |  8 ++------
 .../com/opensymphony/xwork2/ognl/OgnlValueStack.java    | 12 ++++--------
 2 files changed, 6 insertions(+), 14 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/struts/blob/61a7ee29/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java b/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
index f6f2ea8..8143613 100644
--- a/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
+++ b/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
@@ -273,14 +273,10 @@ public class OgnlUtil {
      *
      * @throws OgnlException in case of ognl errors
      */
-    public void setValue(String name, Map<String, Object> context, Object root, Object value) throws OgnlException {
-        setValue(name, context, root, value, true);
-    }
-
-    protected void setValue(String name, final Map<String, Object> context, final Object root, final Object value, final boolean evalName) throws OgnlException {
+    public void setValue(final String name, final Map<String, Object> context, final Object root, final Object value) throws OgnlException {
         compileAndExecute(name, context, new OgnlTask<Void>() {
             public Void execute(Object tree) throws OgnlException {
-                if (!evalName && isEvalExpression(tree, context)) {
+                if (isEvalExpression(tree, context)) {
                     throw new OgnlException("Eval expression cannot be used as parameter name");
                 }
                 Ognl.setValue(tree, context, root, value);

http://git-wip-us.apache.org/repos/asf/struts/blob/61a7ee29/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlValueStack.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlValueStack.java b/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlValueStack.java
index af7fbc5..4394d03 100644
--- a/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlValueStack.java
+++ b/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlValueStack.java
@@ -148,7 +148,7 @@ public class OgnlValueStack implements Serializable, ValueStack, ClearableValueS
      * @see com.opensymphony.xwork2.util.ValueStack#setParameter(String, Object)
      */
     public void setParameter(String expr, Object value) {
-        setValue(expr, value, devMode, false);
+        setValue(expr, value, devMode);
     }
 
     /**
@@ -164,13 +164,9 @@ public class OgnlValueStack implements Serializable, ValueStack, ClearableValueS
      * @see com.opensymphony.xwork2.util.ValueStack#setValue(java.lang.String, java.lang.Object, boolean)
      */
     public void setValue(String expr, Object value, boolean throwExceptionOnFailure) {
-        setValue(expr, value, throwExceptionOnFailure, true);
-    }
-
-    private void setValue(String expr, Object value, boolean throwExceptionOnFailure, boolean evalExpression) {
         Map<String, Object> context = getContext();
         try {
-            trySetValue(expr, value, throwExceptionOnFailure, context, evalExpression);
+            trySetValue(expr, value, throwExceptionOnFailure, context);
         } catch (OgnlException e) {
             handleOgnlException(expr, value, throwExceptionOnFailure, e);
         } catch (RuntimeException re) { //XW-281
@@ -180,10 +176,10 @@ public class OgnlValueStack implements Serializable, ValueStack, ClearableValueS
         }
     }
 
-    private void trySetValue(String expr, Object value, boolean throwExceptionOnFailure, Map<String, Object> context, boolean evalExpression) throws OgnlException {
+    private void trySetValue(String expr, Object value, boolean throwExceptionOnFailure, Map<String, Object> context) throws OgnlException {
         context.put(XWorkConverter.CONVERSION_PROPERTY_FULLNAME, expr);
         context.put(REPORT_ERRORS_ON_NO_PROP, (throwExceptionOnFailure) ? Boolean.TRUE : Boolean.FALSE);
-        ognlUtil.setValue(expr, context, root, value, evalExpression);
+        ognlUtil.setValue(expr, context, root, value);
     }
 
     private void cleanUpContext(Map<String, Object> context) {