You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@velocity.apache.org by "Vincent Massol (JIRA)" <de...@velocity.apache.org> on 2007/02/15 10:54:05 UTC

[jira] Created: (VELOCITY-516) SecureUberspector doesn't work with #foreach (iterators)

SecureUberspector doesn't work with #foreach (iterators)
--------------------------------------------------------

                 Key: VELOCITY-516
                 URL: https://issues.apache.org/jira/browse/VELOCITY-516
             Project: Velocity
          Issue Type: Bug
          Components: Engine
    Affects Versions: 1.5 beta2
            Reporter: Vincent Massol
            Priority: Critical


When using a #foreach iterating over strings I get: "Cannot retrieve iterator from object of class [Ljava.lang.String; due to security restrictions."

The reason is that in the SecureUberspector class there's a call to checkObjectExecutePermission() with the second parameter being null. And in checkObjectExecutePermission() there's:

{code}
        if (methodName == null)
        {
            return false;
        }
{code}



-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@velocity.apache.org
For additional commands, e-mail: dev-help@velocity.apache.org

[jira] Resolved: (VELOCITY-516) SecureUberspector doesn't work with #foreach (iterators)

Posted by "Henning Schmiedehausen (JIRA)" <de...@velocity.apache.org>.
     [ https://issues.apache.org/jira/browse/VELOCITY-516?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Henning Schmiedehausen resolved VELOCITY-516.
---------------------------------------------

    Resolution: Fixed

Nah, better use a sub-issue.

> SecureUberspector doesn't work with #foreach (iterators)
> --------------------------------------------------------
>
>                 Key: VELOCITY-516
>                 URL: https://issues.apache.org/jira/browse/VELOCITY-516
>             Project: Velocity
>          Issue Type: Bug
>          Components: Engine
>    Affects Versions: 1.5 beta2
>            Reporter: Vincent Massol
>         Assigned To: Henning Schmiedehausen
>            Priority: Critical
>             Fix For: 1.5
>
>
> When using a #foreach iterating over strings I get: "Cannot retrieve iterator from object of class [Ljava.lang.String; due to security restrictions."
> The reason is that in the SecureUberspector class there's a call to checkObjectExecutePermission() with the second parameter being null. And in checkObjectExecutePermission() there's:
> {code}
>         if (methodName == null)
>         {
>             return false;
>         }
> {code}

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@velocity.apache.org
For additional commands, e-mail: dev-help@velocity.apache.org

[jira] Resolved: (VELOCITY-516) SecureUberspector doesn't work with #foreach (iterators)

Posted by "Will Glass-Husain (JIRA)" <de...@velocity.apache.org>.
     [ https://issues.apache.org/jira/browse/VELOCITY-516?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Will Glass-Husain resolved VELOCITY-516.
----------------------------------------

       Resolution: Fixed
    Fix Version/s: 1.5

Fixed.  Just in time to make it into Velocity 1.5.  Thanks again.

> SecureUberspector doesn't work with #foreach (iterators)
> --------------------------------------------------------
>
>                 Key: VELOCITY-516
>                 URL: https://issues.apache.org/jira/browse/VELOCITY-516
>             Project: Velocity
>          Issue Type: Bug
>          Components: Engine
>    Affects Versions: 1.5 beta2
>            Reporter: Vincent Massol
>            Priority: Critical
>             Fix For: 1.5
>
>
> When using a #foreach iterating over strings I get: "Cannot retrieve iterator from object of class [Ljava.lang.String; due to security restrictions."
> The reason is that in the SecureUberspector class there's a call to checkObjectExecutePermission() with the second parameter being null. And in checkObjectExecutePermission() there's:
> {code}
>         if (methodName == null)
>         {
>             return false;
>         }
> {code}

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@velocity.apache.org
For additional commands, e-mail: dev-help@velocity.apache.org

[jira] Closed: (VELOCITY-516) SecureUberspector doesn't work with #foreach (iterators)

Posted by "Henning Schmiedehausen (JIRA)" <de...@velocity.apache.org>.
     [ https://issues.apache.org/jira/browse/VELOCITY-516?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Henning Schmiedehausen closed VELOCITY-516.
-------------------------------------------


> SecureUberspector doesn't work with #foreach (iterators)
> --------------------------------------------------------
>
>                 Key: VELOCITY-516
>                 URL: https://issues.apache.org/jira/browse/VELOCITY-516
>             Project: Velocity
>          Issue Type: Bug
>          Components: Engine
>    Affects Versions: 1.5 beta2
>            Reporter: Vincent Massol
>         Assigned To: Henning Schmiedehausen
>            Priority: Critical
>             Fix For: 1.5
>
>
> When using a #foreach iterating over strings I get: "Cannot retrieve iterator from object of class [Ljava.lang.String; due to security restrictions."
> The reason is that in the SecureUberspector class there's a call to checkObjectExecutePermission() with the second parameter being null. And in checkObjectExecutePermission() there's:
> {code}
>         if (methodName == null)
>         {
>             return false;
>         }
> {code}

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@velocity.apache.org
For additional commands, e-mail: dev-help@velocity.apache.org

[jira] Reopened: (VELOCITY-516) SecureUberspector doesn't work with #foreach (iterators)

Posted by "Henning Schmiedehausen (JIRA)" <de...@velocity.apache.org>.
     [ https://issues.apache.org/jira/browse/VELOCITY-516?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Henning Schmiedehausen reopened VELOCITY-516:
---------------------------------------------

      Assignee: Henning Schmiedehausen

I have to admit that I do not like the patch. It works, yes, but the addition of random "methodName != null" into if-statements leads to unreadable code in the end.

Some reshuffling would do the code good. I'll reopen this as a reminder for me for 1.6.


> SecureUberspector doesn't work with #foreach (iterators)
> --------------------------------------------------------
>
>                 Key: VELOCITY-516
>                 URL: https://issues.apache.org/jira/browse/VELOCITY-516
>             Project: Velocity
>          Issue Type: Bug
>          Components: Engine
>    Affects Versions: 1.5 beta2
>            Reporter: Vincent Massol
>         Assigned To: Henning Schmiedehausen
>            Priority: Critical
>             Fix For: 1.5
>
>
> When using a #foreach iterating over strings I get: "Cannot retrieve iterator from object of class [Ljava.lang.String; due to security restrictions."
> The reason is that in the SecureUberspector class there's a call to checkObjectExecutePermission() with the second parameter being null. And in checkObjectExecutePermission() there's:
> {code}
>         if (methodName == null)
>         {
>             return false;
>         }
> {code}

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@velocity.apache.org
For additional commands, e-mail: dev-help@velocity.apache.org

[jira] Commented: (VELOCITY-516) SecureUberspector doesn't work with #foreach (iterators)

Posted by "Vincent Massol (JIRA)" <de...@velocity.apache.org>.
    [ https://issues.apache.org/jira/browse/VELOCITY-516?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12473912 ] 

Vincent Massol commented on VELOCITY-516:
-----------------------------------------

Hi Will,

Here's a fix: replace null with "iterator" (for example, or anything really, an empty name, a dummy name).

Thanks for taking care of this. We're using Velocity in XWiki and for now I've created our own SecureUberspector but I'd love to be able to remove it and depend on the standard and default one you're providing.

Thanks
-Vincent

> SecureUberspector doesn't work with #foreach (iterators)
> --------------------------------------------------------
>
>                 Key: VELOCITY-516
>                 URL: https://issues.apache.org/jira/browse/VELOCITY-516
>             Project: Velocity
>          Issue Type: Bug
>          Components: Engine
>    Affects Versions: 1.5 beta2
>            Reporter: Vincent Massol
>            Priority: Critical
>
> When using a #foreach iterating over strings I get: "Cannot retrieve iterator from object of class [Ljava.lang.String; due to security restrictions."
> The reason is that in the SecureUberspector class there's a call to checkObjectExecutePermission() with the second parameter being null. And in checkObjectExecutePermission() there's:
> {code}
>         if (methodName == null)
>         {
>             return false;
>         }
> {code}

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@velocity.apache.org
For additional commands, e-mail: dev-help@velocity.apache.org

[jira] Commented: (VELOCITY-516) SecureUberspector doesn't work with #foreach (iterators)

Posted by "Will Glass-Husain (JIRA)" <de...@velocity.apache.org>.
    [ https://issues.apache.org/jira/browse/VELOCITY-516?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12473413 ] 

Will Glass-Husain commented on VELOCITY-516:
--------------------------------------------

Thanks for reporting this.  Good to to get actual user testing/feedback on new features.  Will dig into this.

> SecureUberspector doesn't work with #foreach (iterators)
> --------------------------------------------------------
>
>                 Key: VELOCITY-516
>                 URL: https://issues.apache.org/jira/browse/VELOCITY-516
>             Project: Velocity
>          Issue Type: Bug
>          Components: Engine
>    Affects Versions: 1.5 beta2
>            Reporter: Vincent Massol
>            Priority: Critical
>
> When using a #foreach iterating over strings I get: "Cannot retrieve iterator from object of class [Ljava.lang.String; due to security restrictions."
> The reason is that in the SecureUberspector class there's a call to checkObjectExecutePermission() with the second parameter being null. And in checkObjectExecutePermission() there's:
> {code}
>         if (methodName == null)
>         {
>             return false;
>         }
> {code}

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@velocity.apache.org
For additional commands, e-mail: dev-help@velocity.apache.org