You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@commons.apache.org by Simone Tripodi <si...@apache.org> on 2012/01/25 07:14:51 UTC

Re: svn commit: r1235614 - in /commons/proper/ognl/trunk/src/main/java/org/apache/commons/ognl: ASTEval.java SimpleNode.java

great!!!
-Simo

http://people.apache.org/~simonetripodi/
http://simonetripodi.livejournal.com/
http://twitter.com/simonetripodi
http://www.99soft.org/



On Wed, Jan 25, 2012 at 4:31 AM,  <mc...@apache.org> wrote:
> Author: mcucchiara
> Date: Wed Jan 25 03:31:12 2012
> New Revision: 1235614
>
> URL: http://svn.apache.org/viewvc?rev=1235614&view=rev
> Log:
> Added a method to identify an eval expression (necessary to fix a security issue on struts, see https://cwiki.apache.org/confluence/display/WW/S2-009)
>
> Modified:
>    commons/proper/ognl/trunk/src/main/java/org/apache/commons/ognl/ASTEval.java
>    commons/proper/ognl/trunk/src/main/java/org/apache/commons/ognl/SimpleNode.java
>
> Modified: commons/proper/ognl/trunk/src/main/java/org/apache/commons/ognl/ASTEval.java
> URL: http://svn.apache.org/viewvc/commons/proper/ognl/trunk/src/main/java/org/apache/commons/ognl/ASTEval.java?rev=1235614&r1=1235613&r2=1235614&view=diff
> ==============================================================================
> --- commons/proper/ognl/trunk/src/main/java/org/apache/commons/ognl/ASTEval.java (original)
> +++ commons/proper/ognl/trunk/src/main/java/org/apache/commons/ognl/ASTEval.java Wed Jan 25 03:31:12 2012
> @@ -94,4 +94,11 @@ class ASTEval
>     {
>         return visitor.visit( this, data );
>     }
> +
> +    @Override
> +    public boolean isEvalChain( OgnlContext context )
> +        throws OgnlException
> +    {
> +        return true;
> +    }
>  }
>
> Modified: commons/proper/ognl/trunk/src/main/java/org/apache/commons/ognl/SimpleNode.java
> URL: http://svn.apache.org/viewvc/commons/proper/ognl/trunk/src/main/java/org/apache/commons/ognl/SimpleNode.java?rev=1235614&r1=1235613&r2=1235614&view=diff
> ==============================================================================
> --- commons/proper/ognl/trunk/src/main/java/org/apache/commons/ognl/SimpleNode.java (original)
> +++ commons/proper/ognl/trunk/src/main/java/org/apache/commons/ognl/SimpleNode.java Wed Jan 25 03:31:12 2012
> @@ -377,6 +377,26 @@ public abstract class SimpleNode
>         return isSimpleProperty( context );
>     }
>
> +    public boolean isEvalChain( OgnlContext context )
> +        throws OgnlException
> +    {
> +        if ( children == null )
> +        {
> +            return false;
> +        }
> +        for ( Node child : children )
> +        {
> +            if ( child instanceof SimpleNode )
> +            {
> +                if ( ( (SimpleNode) child ).isEvalChain( context ) )
> +                {
> +                    return true;
> +                }
> +            }
> +        }
> +        return false;
> +    }
> +
>     protected boolean lastChild( OgnlContext context )
>     {
>         return parent == null || context.get( "_lastChild" ) != null;
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org