You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@struts.apache.org by lu...@apache.org on 2016/04/20 08:22:13 UTC
[2/5] struts git commit: Uses isSequence flag to block chained
expressions
Uses isSequence flag to block chained expressions
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/5190b536
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/5190b536
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/5190b536
Branch: refs/heads/support-2-3
Commit: 5190b53673a710ead31bbb5f82cf4ca171994629
Parents: d36f31b
Author: Lukasz Lenart <lu...@apache.org>
Authored: Mon Apr 18 20:38:27 2016 +0200
Committer: Lukasz Lenart <lu...@apache.org>
Committed: Wed Apr 20 08:01:02 2016 +0200
----------------------------------------------------------------------
.../java/com/opensymphony/xwork2/ognl/OgnlUtil.java | 6 +++---
.../com/opensymphony/xwork2/ognl/OgnlUtilTest.java | 15 +++++++++++++++
2 files changed, 18 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/struts/blob/5190b536/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
----------------------------------------------------------------------
diff --git a/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java b/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
index eade684..40d112b 100644
--- a/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
+++ b/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
@@ -288,7 +288,7 @@ public class OgnlUtil {
compileAndExecute(name, context, new OgnlTask<Void>() {
public Void execute(Object tree) throws OgnlException {
if (isEvalExpression(tree, context)) {
- throw new OgnlException("Eval expression cannot be used as parameter name");
+ throw new OgnlException("Eval expression/chained expressions cannot be used as parameter name");
}
Ognl.setValue(tree, context, root, value);
return null;
@@ -304,7 +304,7 @@ public class OgnlUtil {
if (context!=null && context instanceof OgnlContext) {
ognlContext = (OgnlContext) context;
}
- return node.isEvalChain(ognlContext);
+ return node.isEvalChain(ognlContext) || node.isSequence(ognlContext);
}
return false;
}
@@ -361,7 +361,7 @@ public class OgnlUtil {
private void checkEnableEvalExpression(Object tree, Map<String, Object> context) throws OgnlException {
if (!enableEvalExpression && isEvalExpression(tree, context)) {
- throw new OgnlException("Eval expressions has been disabled!");
+ throw new OgnlException("Eval expressions/chained expressions have been disabled!");
}
}
http://git-wip-us.apache.org/repos/asf/struts/blob/5190b536/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java
----------------------------------------------------------------------
diff --git a/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java b/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java
index 96daab0..a0d3f2b 100644
--- a/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java
+++ b/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java
@@ -750,6 +750,21 @@ public class OgnlUtilTest extends XWorkTestCase {
assertEquals(expected.getMessage(), "Method \"getRuntime\" failed for object class java.lang.Runtime");
}
+ public void testBlockSequenceOfExpressions() throws Exception {
+ Foo foo = new Foo();
+
+ Exception expected = null;
+ try {
+ ognlUtil.setValue("#booScope=@myclass@DEFAULT_SCOPE,#bootScope.init()", ognlUtil.createDefaultContext(foo), foo, true);
+ fail();
+ } catch (OgnlException e) {
+ expected = e;
+ }
+ assertNotNull(expected);
+ assertSame(OgnlException.class, expected.getClass());
+ assertEquals(expected.getMessage(), "Eval expressions/chained expressions have been disabled!");
+ }
+
public static class Email {
String address;