You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@struts.apache.org by mr...@apache.org on 2007/09/07 17:18:10 UTC

svn commit: r573606 - in /struts/struts2/trunk/core/src/main: java/org/apache/struts2/StrutsConstants.java java/org/apache/struts2/config/BeanSelectionProvider.java resources/org/apache/struts2/default.properties

Author: mrdon
Date: Fri Sep  7 08:18:09 2007
New Revision: 573606

URL: http://svn.apache.org/viewvc?rev=573606&view=rev
Log:
Turning off static method access in ognl expressions by default
WW-2160

Modified:
    struts/struts2/trunk/core/src/main/java/org/apache/struts2/StrutsConstants.java
    struts/struts2/trunk/core/src/main/java/org/apache/struts2/config/BeanSelectionProvider.java
    struts/struts2/trunk/core/src/main/resources/org/apache/struts2/default.properties

Modified: struts/struts2/trunk/core/src/main/java/org/apache/struts2/StrutsConstants.java
URL: http://svn.apache.org/viewvc/struts/struts2/trunk/core/src/main/java/org/apache/struts2/StrutsConstants.java?rev=573606&r1=573605&r2=573606&view=diff
==============================================================================
--- struts/struts2/trunk/core/src/main/java/org/apache/struts2/StrutsConstants.java (original)
+++ struts/struts2/trunk/core/src/main/java/org/apache/struts2/StrutsConstants.java Fri Sep  7 08:18:09 2007
@@ -161,5 +161,8 @@
 
     /** The name of the parameter to create when mapping an id (used by some action mappers) */
 	public static final String STRUTS_ID_PARAMETER_NAME = "struts.mapper.idParameterName";
+	
+	/** The name of the parameter to determine whether static method access will be allowed in OGNL expressions or not */
+	public static final String STRUTS_ALLOW_STATIC_METHOD_ACCESS = "struts.ognl.allowStaticMethodAccess";
 
 }

Modified: struts/struts2/trunk/core/src/main/java/org/apache/struts2/config/BeanSelectionProvider.java
URL: http://svn.apache.org/viewvc/struts/struts2/trunk/core/src/main/java/org/apache/struts2/config/BeanSelectionProvider.java?rev=573606&r1=573605&r2=573606&view=diff
==============================================================================
--- struts/struts2/trunk/core/src/main/java/org/apache/struts2/config/BeanSelectionProvider.java (original)
+++ struts/struts2/trunk/core/src/main/java/org/apache/struts2/config/BeanSelectionProvider.java Fri Sep  7 08:18:09 2007
@@ -172,6 +172,9 @@
             props.setProperty("devMode", "false");
         }
         
+        String val = props.getProperty(StrutsConstants.STRUTS_ALLOW_STATIC_METHOD_ACCESS);
+        props.setProperty("allowStaticMethodAccess", val);
+        
         // TODO: This should be moved to XWork after 2.0.4
         // struts.custom.i18n.resources
 

Modified: struts/struts2/trunk/core/src/main/resources/org/apache/struts2/default.properties
URL: http://svn.apache.org/viewvc/struts/struts2/trunk/core/src/main/resources/org/apache/struts2/default.properties?rev=573606&r1=573605&r2=573606&view=diff
==============================================================================
--- struts/struts2/trunk/core/src/main/resources/org/apache/struts2/default.properties (original)
+++ struts/struts2/trunk/core/src/main/resources/org/apache/struts2/default.properties Fri Sep  7 08:18:09 2007
@@ -183,4 +183,7 @@
 ### Whether to always select the namespace to be everything before the last slash or not
 struts.mapper.alwaysSelectFullNamespace=false
 
+### Whether to allow static method access in OGNL expressions or not
+struts.ognl.allowStaticMethodAccess=false
+
 ### END SNIPPET: complete_file