You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@struts.apache.org by lu...@apache.org on 2013/10/18 10:39:11 UTC
svn commit: r1533360 -
/struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
Author: lukaszlenart
Date: Fri Oct 18 08:39:11 2013
New Revision: 1533360
URL: http://svn.apache.org/r1533360
Log:
WW-4162 Doesn't check for disallowed ognl expressions if getting from expression cache
Modified:
struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
Modified: struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
URL: http://svn.apache.org/viewvc/struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java?rev=1533360&r1=1533359&r2=1533360&view=diff
==============================================================================
--- struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java (original)
+++ struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java Fri Oct 18 08:39:11 2013
@@ -266,17 +266,21 @@ public class OgnlUtil {
tree = expressions.get(expression);
if (tree == null) {
tree = Ognl.parseExpression(expression);
+ checkEnableEvalExpression(tree, context);
expressions.putIfAbsent(expression, tree);
}
} else {
tree = Ognl.parseExpression(expression);
+ checkEnableEvalExpression(tree, context);
}
+ return tree;
+ }
+
+ private void checkEnableEvalExpression(Object tree, Map<String, Object> context) throws OgnlException {
if (!enableEvalExpression && isEvalExpression(tree, context)) {
- throw new OgnlException("Eval expressions has been disabled");
+ throw new OgnlException("Eval expressions has been disabled!");
}
-
- return tree;
}
/**