You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@struts.apache.org by lu...@apache.org on 2016/04/18 20:50:28 UTC

[2/5] struts git commit: Adds additional blocked classes

Adds additional blocked classes


Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/51b276c2
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/51b276c2
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/51b276c2

Branch: refs/heads/struts-2-3-20-2
Commit: 51b276c2d80c4008b86f47a0232c32e8385c0096
Parents: 98eb21a
Author: Lukasz Lenart <lu...@apache.org>
Authored: Mon Apr 18 20:38:49 2016 +0200
Committer: Lukasz Lenart <lu...@apache.org>
Committed: Mon Apr 18 20:38:49 2016 +0200

----------------------------------------------------------------------
 core/src/main/resources/struts-default.xml                      | 3 +++
 core/src/test/java/org/apache/struts2/views/jsp/URLTagTest.java | 3 +--
 2 files changed, 4 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/struts/blob/51b276c2/core/src/main/resources/struts-default.xml
----------------------------------------------------------------------
diff --git a/core/src/main/resources/struts-default.xml b/core/src/main/resources/struts-default.xml
index 256d056..b3fab8f 100644
--- a/core/src/main/resources/struts-default.xml
+++ b/core/src/main/resources/struts-default.xml
@@ -50,6 +50,9 @@
                 ognl.MemberAccess,
                 ognl.ClassResolver,
                 ognl.TypeConverter,
+                ognl.MemberAccess,
+                ognl.DefaultMemberAccess,
+                com.opensymphony.xwork2.ognl.SecurityMemberAccess,
                 com.opensymphony.xwork2.ActionContext" />
     <!-- this must be valid regex, each '.' in package name must be escaped! -->
     <constant name="struts.excludedPackageNamePatterns" value="^java\.lang\..*,^ognl.*,^(?!javax\.servlet\..+)(javax\..+)" />

http://git-wip-us.apache.org/repos/asf/struts/blob/51b276c2/core/src/test/java/org/apache/struts2/views/jsp/URLTagTest.java
----------------------------------------------------------------------
diff --git a/core/src/test/java/org/apache/struts2/views/jsp/URLTagTest.java b/core/src/test/java/org/apache/struts2/views/jsp/URLTagTest.java
index 50bf576..6c141aa 100644
--- a/core/src/test/java/org/apache/struts2/views/jsp/URLTagTest.java
+++ b/core/src/test/java/org/apache/struts2/views/jsp/URLTagTest.java
@@ -657,8 +657,7 @@ public class URLTagTest extends AbstractUITagTest {
 		tag.doEndTag();
 
 		Object allowMethodAccess = stack.findValue("\u0023_memberAccess['allowStaticMethodAccess']");
-		assertNotNull(allowMethodAccess);
-		assertEquals(Boolean.FALSE, allowMethodAccess);
+		assertNull(allowMethodAccess);
 
 		assertNull(session.get("foo"));