You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@freemarker.apache.org by dd...@apache.org on 2017/01/21 15:12:10 UTC
incubator-freemarker git commit: Removed
TemplateClassResolver.SAFER_RESOLVER,
because the classes it has blocked were removed from FreeMarker,
so it's the same as UNRESTRICTED_RESOLVER
Repository: incubator-freemarker
Updated Branches:
refs/heads/3 88d1d901b -> d0e056eaa
Removed TemplateClassResolver.SAFER_RESOLVER, because the classes it has blocked were removed from FreeMarker, so it's the same as UNRESTRICTED_RESOLVER
Project: http://git-wip-us.apache.org/repos/asf/incubator-freemarker/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-freemarker/commit/d0e056ea
Tree: http://git-wip-us.apache.org/repos/asf/incubator-freemarker/tree/d0e056ea
Diff: http://git-wip-us.apache.org/repos/asf/incubator-freemarker/diff/d0e056ea
Branch: refs/heads/3
Commit: d0e056eaa08ec618ad397ffd62f8139cfccdd6ff
Parents: 88d1d90
Author: ddekany <dd...@apache.org>
Authored: Sat Jan 21 16:03:07 2017 +0100
Committer: ddekany <dd...@apache.org>
Committed: Sat Jan 21 16:03:07 2017 +0100
----------------------------------------------------------------------
README | 7 +++++++
src/main/java/freemarker/core/Configurable.java | 16 ++++++----------
.../freemarker/core/OptInTemplateClassResolver.java | 5 +++--
.../java/freemarker/core/TemplateClassResolver.java | 6 ------
src/manual/en_US/FM3-CHANGE-LOG.txt | 2 ++
.../freemarker/core/ObjectBuilderSettingsTest.java | 16 ++++++++++++++--
.../freemarker/test/templatesuite/testcases.xml | 3 ---
7 files changed, 32 insertions(+), 23 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-freemarker/blob/d0e056ea/README
----------------------------------------------------------------------
diff --git a/README b/README
index 0c1f042..92719f9 100644
--- a/README
+++ b/README
@@ -159,6 +159,13 @@ apply it to your development environment:
- Java -> Installed JRE-s:
Ensure that you have JDK 6 installed, and that it was added to Eclipse.
Note that it's not JRE, but JDK.
+ - Java -> Compiler -> Javadoc:
+ "Malformed Javadoc comments": Error
+ "Only consider members as visible": Private
+ "Validate tag argunebts": true
+ "Missing tag descriptions": Validate @return tags
+ "Missing Javadoc tags": Ignore
+ "Missing Javadoc comments": Ignore
- Create new "Java Project" in Eclipse:
- In the first window popping up:
- Change the "location" to the directory of the FreeMarker project
http://git-wip-us.apache.org/repos/asf/incubator-freemarker/blob/d0e056ea/src/main/java/freemarker/core/Configurable.java
----------------------------------------------------------------------
diff --git a/src/main/java/freemarker/core/Configurable.java b/src/main/java/freemarker/core/Configurable.java
index 8e35b5b..704a7c0 100644
--- a/src/main/java/freemarker/core/Configurable.java
+++ b/src/main/java/freemarker/core/Configurable.java
@@ -1349,10 +1349,9 @@ public class Configurable {
* a template contains the <code>"com.example.SomeClassName"?new</code>
* expression, this object will be called to resolve the
* <code>"com.example.SomeClassName"</code> string to a class. The default
- * value is {@link TemplateClassResolver#UNRESTRICTED_RESOLVER} in
- * FreeMarker 2.3.x, and {@link TemplateClassResolver#SAFER_RESOLVER}
- * starting from FreeMarker 2.4.0. If you allow users to upload templates,
- * it's important to use a custom restrictive {@link TemplateClassResolver}.
+ * value is {@link TemplateClassResolver#UNRESTRICTED_RESOLVER}. If you allow
+ * users to upload templates, it's important to use a custom restrictive
+ * {@link TemplateClassResolver} or {@link TemplateClassResolver#ALLOWS_NOTHING_RESOLVER}.
*
* @since 2.3.17
*/
@@ -1989,8 +1988,6 @@ public class Configurable {
* <ol>
* <li><p>{@code "unrestricted"}:
* Use {@link TemplateClassResolver#UNRESTRICTED_RESOLVER}
- * <li><p>{@code "safer"}:
- * Use {@link TemplateClassResolver#SAFER_RESOLVER}
* <li><p>{@code "allows_nothing"}:
* Use {@link TemplateClassResolver#ALLOWS_NOTHING_RESOLVER}
* <li><p>Something that contains colon will use
@@ -2015,7 +2012,7 @@ public class Configurable {
* {@code lib/foo/bar.ftl}) and template {@code safe.ftl}
* (that does not match {@code foo/safe.ftl}, only
* exactly {@code safe.ftl}) to instantiate anything
- * that {@link TemplateClassResolver#SAFER_RESOLVER} allows.
+ * that {@link TemplateClassResolver#UNRESTRICTED_RESOLVER} allows.
* <tr>
* <td>
* {@code allowed_classes: com.example.C1, com.example.C2}
@@ -2036,7 +2033,8 @@ public class Configurable {
* <li><p>Otherwise if the value contains dot, it's interpreted as an <a href="#fm_obe">object builder
* expression</a>.
* </ol>
- *
+ * Note that the {@code safer} option was removed in FreeMarker 3.0.0, as it has become equivalent with
+ * {@code "unrestricted"}, as the classes it has blocked were removed from FreeMarker.
* <li><p>{@code "show_error_tips"}:
* See {@link #setShowErrorTips(boolean)}.
* Since 2.3.21.
@@ -2369,8 +2367,6 @@ public class Configurable {
|| NEW_BUILTIN_CLASS_RESOLVER_KEY_CAMEL_CASE.equals(name)) {
if ("unrestricted".equals(value)) {
setNewBuiltinClassResolver(TemplateClassResolver.UNRESTRICTED_RESOLVER);
- } else if ("safer".equals(value)) {
- setNewBuiltinClassResolver(TemplateClassResolver.SAFER_RESOLVER);
} else if ("allows_nothing".equals(value) || "allowsNothing".equals(value)) {
setNewBuiltinClassResolver(TemplateClassResolver.ALLOWS_NOTHING_RESOLVER);
} else if (value.indexOf(":") != -1) {
http://git-wip-us.apache.org/repos/asf/incubator-freemarker/blob/d0e056ea/src/main/java/freemarker/core/OptInTemplateClassResolver.java
----------------------------------------------------------------------
diff --git a/src/main/java/freemarker/core/OptInTemplateClassResolver.java b/src/main/java/freemarker/core/OptInTemplateClassResolver.java
index b64569d..729c685 100644
--- a/src/main/java/freemarker/core/OptInTemplateClassResolver.java
+++ b/src/main/java/freemarker/core/OptInTemplateClassResolver.java
@@ -50,7 +50,7 @@ public class OptInTemplateClassResolver implements TemplateClassResolver {
* @param trustedTemplates the {@link List} of {@link String}-s that contains
* template names (i.e., template root directory relative paths)
* and prefix patterns (like <code>"include/*"</code>) of templates
- * for which {@link TemplateClassResolver#SAFER_RESOLVER} will be
+ * for which {@link TemplateClassResolver#UNRESTRICTED_RESOLVER} will be
* used (which is not as safe as {@link OptInTemplateClassResolver}).
* The list items need not start with <code>"/"</code> (if they are, it
* will be removed). List items ending with <code>"*"</code> are treated
@@ -88,6 +88,7 @@ public class OptInTemplateClassResolver implements TemplateClassResolver {
}
}
+ @Override
public Class resolve(String className, Environment env, Template template)
throws TemplateException {
String templateName = safeGetTemplateName(template);
@@ -95,7 +96,7 @@ public class OptInTemplateClassResolver implements TemplateClassResolver {
if (templateName != null
&& (trustedTemplateNames.contains(templateName)
|| hasMatchingPrefix(templateName))) {
- return TemplateClassResolver.SAFER_RESOLVER.resolve(className, env, template);
+ return TemplateClassResolver.UNRESTRICTED_RESOLVER.resolve(className, env, template);
} else {
if (!allowedClasses.contains(className)) {
throw new _MiscTemplateException(env,
http://git-wip-us.apache.org/repos/asf/incubator-freemarker/blob/d0e056ea/src/main/java/freemarker/core/TemplateClassResolver.java
----------------------------------------------------------------------
diff --git a/src/main/java/freemarker/core/TemplateClassResolver.java b/src/main/java/freemarker/core/TemplateClassResolver.java
index bacc311..afe4707 100644
--- a/src/main/java/freemarker/core/TemplateClassResolver.java
+++ b/src/main/java/freemarker/core/TemplateClassResolver.java
@@ -55,12 +55,6 @@ public interface TemplateClassResolver {
};
/**
- * Same as {@link #UNRESTRICTED_RESOLVER} at the moment.
- */
- // [FM3] Do something with this. Like, only classes annotated in a certain would be accessible.
- TemplateClassResolver SAFER_RESOLVER = UNRESTRICTED_RESOLVER;
-
- /**
* Doesn't allow resolving any classes.
*/
TemplateClassResolver ALLOWS_NOTHING_RESOLVER = new TemplateClassResolver() {
http://git-wip-us.apache.org/repos/asf/incubator-freemarker/blob/d0e056ea/src/manual/en_US/FM3-CHANGE-LOG.txt
----------------------------------------------------------------------
diff --git a/src/manual/en_US/FM3-CHANGE-LOG.txt b/src/manual/en_US/FM3-CHANGE-LOG.txt
index d7b1efb..43ad129 100644
--- a/src/manual/en_US/FM3-CHANGE-LOG.txt
+++ b/src/manual/en_US/FM3-CHANGE-LOG.txt
@@ -12,3 +12,5 @@ the FreeMarer 3 changelog here:
- Removed classic_compatible (classicCompatible) setting, which was used to emulate some of the FreeMarker 1.x behavior
- Removed utility TemplateModel-s that can very easily mean a security problem: freemarker.template.utility.Execute and
freemarker.template.utility.ObjectConstructor
+- Removed TemplateClassResolver.SAFER_RESOLVER, because the classes it has blocked were removed from FreeMarker, so it's
+ the same as UNRESTRICTED_RESOLVER
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-freemarker/blob/d0e056ea/src/test/java/freemarker/core/ObjectBuilderSettingsTest.java
----------------------------------------------------------------------
diff --git a/src/test/java/freemarker/core/ObjectBuilderSettingsTest.java b/src/test/java/freemarker/core/ObjectBuilderSettingsTest.java
index 4684705..a77777c 100644
--- a/src/test/java/freemarker/core/ObjectBuilderSettingsTest.java
+++ b/src/test/java/freemarker/core/ObjectBuilderSettingsTest.java
@@ -429,7 +429,7 @@ public class ObjectBuilderSettingsTest {
props.setProperty(Configuration.CACHE_STORAGE_KEY,
"soft: 500, strong: 100");
props.setProperty(Configurable.NEW_BUILTIN_CLASS_RESOLVER_KEY,
- "safer");
+ "allows_nothing");
cfg.setSettings(props);
assertEquals(DefaultObjectWrapper.class, cfg.getObjectWrapper().getClass());
assertFalse(((WriteProtectable) cfg.getObjectWrapper()).isWriteProtected());
@@ -437,7 +437,7 @@ public class ObjectBuilderSettingsTest {
assertEquals(1, ((DummyTemplateExceptionHandler) cfg.getTemplateExceptionHandler()).getX());
assertEquals(Configuration.VERSION_2_3_0, ((BeansWrapper) cfg.getObjectWrapper()).getIncompatibleImprovements());
assertEquals(500, ((MruCacheStorage) cfg.getCacheStorage()).getSoftSizeLimit());
- assertEquals(TemplateClassResolver.SAFER_RESOLVER, cfg.getNewBuiltinClassResolver());
+ assertEquals(TemplateClassResolver.ALLOWS_NOTHING_RESOLVER, cfg.getNewBuiltinClassResolver());
assertEquals("utf-8", cfg.getDefaultEncoding());
}
@@ -1139,10 +1139,12 @@ public class ObjectBuilderSettingsTest {
private int x;
+ @Override
public void writeProtect() {
writeProtected = true;
}
+ @Override
public boolean isWriteProtected() {
return writeProtected;
}
@@ -1455,6 +1457,7 @@ public class ObjectBuilderSettingsTest {
private int x;
+ @Override
public void handleTemplateException(TemplateException te, Environment env, Writer out) throws TemplateException {
}
@@ -1470,16 +1473,20 @@ public class ObjectBuilderSettingsTest {
public static class DummyCacheStorage implements CacheStorage {
+ @Override
public Object get(Object key) {
return null;
}
+ @Override
public void put(Object key, Object value) {
}
+ @Override
public void remove(Object key) {
}
+ @Override
public void clear() {
}
@@ -1487,6 +1494,7 @@ public class ObjectBuilderSettingsTest {
public static class DummyNewBuiltinClassResolver implements TemplateClassResolver {
+ @Override
public Class resolve(String className, Environment env, Template template) throws TemplateException {
return null;
}
@@ -1495,18 +1503,22 @@ public class ObjectBuilderSettingsTest {
public static class DummyTemplateLoader implements TemplateLoader {
+ @Override
public Object findTemplateSource(String name) throws IOException {
return null;
}
+ @Override
public long getLastModified(Object templateSource) {
return 0;
}
+ @Override
public Reader getReader(Object templateSource, String encoding) throws IOException {
return null;
}
+ @Override
public void closeTemplateSource(Object templateSource) throws IOException {
}
http://git-wip-us.apache.org/repos/asf/incubator-freemarker/blob/d0e056ea/src/test/resources/freemarker/test/templatesuite/testcases.xml
----------------------------------------------------------------------
diff --git a/src/test/resources/freemarker/test/templatesuite/testcases.xml b/src/test/resources/freemarker/test/templatesuite/testcases.xml
index 2b59048..a5ba4bf 100644
--- a/src/test/resources/freemarker/test/templatesuite/testcases.xml
+++ b/src/test/resources/freemarker/test/templatesuite/testcases.xml
@@ -243,9 +243,6 @@
<testCase name="new-unrestricted" template="new-defaultresolver.ftl" expected="new-defaultresolver.txt">
<setting new_builtin_class_resolver="unrestricted"/>
</testCase>
- <testCase name="new-safer" template="new-defaultresolver.ftl" expected="new-defaultresolver.txt">
- <setting new_builtin_class_resolver="safer"/>
- </testCase>
<testCase name="new-allowsnothing" template="new-defaultresolver.ftl">
<setting new_builtin_class_resolver="allows_nothing"/>
</testCase>