You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by jl...@apache.org on 2019/10/27 09:35:30 UTC
svn commit: r1869032 - in /ofbiz/ofbiz-framework/branches/release17.12: ./
framework/base/src/main/java/org/apache/ofbiz/base/util/UtilObject.java
Author: jleroux
Date: Sun Oct 27 09:35:29 2019
New Revision: 1869032
URL: http://svn.apache.org/viewvc?rev=1869032&view=rev
Log:
"Applied fix from trunk for revision: 1869001"
------------------------------------------------------------------------
r1869001 | mthl | 2019-10-26 16:42:02 +0200 (sam. 26 oct. 2019) | 9 lignes
Fixed: Handle whitelist of serializable classes from properties
(OFBIZ-11261)
There was a bug regarding the way the ‘ListOfSafeObjectsForInputStream’ value
defined in the “SafeObjectInputStream.properties” file was handled. Mistakenly
only one class identifier was allowed.
Some unit tests have been added to check that the identified bug is fixed.
------------------------------------------------------------------------
Modified:
ofbiz/ofbiz-framework/branches/release17.12/ (props changed)
ofbiz/ofbiz-framework/branches/release17.12/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilObject.java
Propchange: ofbiz/ofbiz-framework/branches/release17.12/
------------------------------------------------------------------------------
Merged /ofbiz/ofbiz-framework/trunk:r1869001,1869003
Modified: ofbiz/ofbiz-framework/branches/release17.12/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilObject.java
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/branches/release17.12/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilObject.java?rev=1869032&r1=1869031&r2=1869032&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/branches/release17.12/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilObject.java (original)
+++ ofbiz/ofbiz-framework/branches/release17.12/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilObject.java Sun Oct 27 09:35:29 2019
@@ -24,9 +24,11 @@ import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectOutputStream;
import java.lang.reflect.Array;
+import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.ServiceLoader;
+import java.util.stream.Collectors;
import org.apache.ofbiz.base.lang.Factory;
import org.apache.ofbiz.base.lang.SourceMonitored;
@@ -106,7 +108,10 @@ public final class UtilObject {
"ListOfSafeObjectsForInputStream");
List<String> listOfSafeObjects = null;
if (UtilValidate.isNotEmpty(listOfSafeObjectsForInputStream)) {
- listOfSafeObjects = java.util.Arrays.asList(listOfSafeObjectsForInputStream);
+ listOfSafeObjects = Arrays.stream(listOfSafeObjectsForInputStream.split(","))
+ .map(String::trim)
+ .filter(s -> !s.isEmpty())
+ .collect(Collectors.toList());
} else {
listOfSafeObjects = java.util.Arrays.asList("byte\\[\\]", "foo", "SerializationInjector",
"\\[Z","\\[B","\\[S","\\[I","\\[J","\\[F","\\[D","\\[C",