You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ki...@apache.org on 2004/06/10 23:17:28 UTC
cvs commit: jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler Generator.java
kinman 2004/06/10 14:17:28
Modified: jasper2/src/share/org/apache/jasper/compiler Generator.java
Log:
- Fixed 29478: bean instantiations should be avoided at compilation time.
Patch by Jess Holle
Revision Changes Path
1.233 +9 -1 jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/Generator.java
Index: Generator.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/Generator.java,v
retrieving revision 1.232
retrieving revision 1.233
diff -u -r1.232 -r1.233
--- Generator.java 19 Apr 2004 21:10:19 -0000 1.232
+++ Generator.java 10 Jun 2004 21:17:28 -0000 1.233
@@ -21,6 +21,7 @@
import java.beans.Introspector;
import java.beans.PropertyDescriptor;
import java.lang.reflect.Method;
+import java.lang.reflect.Modifier;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
@@ -1209,7 +1210,14 @@
if (beanName == null) {
try {
Class bean = ctxt.getClassLoader().loadClass(klass);
- bean.newInstance();
+ int modifiers = bean.getModifiers();
+ if (!Modifier.isPublic(modifiers) ||
+ Modifier.isInterface(modifiers) ||
+ Modifier.isAbstract(modifiers)) {
+ throw new Exception("Invalid bean class modifier");
+ }
+ // Check that there is a 0 arg constructor
+ bean.getConstructor(new Class[] {});
generateNew = true;
} catch (Exception e) {
// Cannot instantiate the specified class
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org