default.properties

mrdon Fri, 07 Sep 2007 08:18:39 -0700

Author: mrdon
Date: Fri Sep  7 08:18:09 2007
New Revision: 573606

URL: http://svn.apache.org/viewvc?rev=573606&view=rev
Log:
Turning off static method access in ognl expressions by default
WW-2160


Modified:
    
struts/struts2/trunk/core/src/main/java/org/apache/struts2/StrutsConstants.java
    
struts/struts2/trunk/core/src/main/java/org/apache/struts2/config/BeanSelectionProvider.java
    
struts/struts2/trunk/core/src/main/resources/org/apache/struts2/default.properties

Modified: 
struts/struts2/trunk/core/src/main/java/org/apache/struts2/StrutsConstants.java
URL: 
http://svn.apache.org/viewvc/struts/struts2/trunk/core/src/main/java/org/apache/struts2/StrutsConstants.java?rev=573606&r1=573605&r2=573606&view=diff
==============================================================================
--- 
struts/struts2/trunk/core/src/main/java/org/apache/struts2/StrutsConstants.java 
(original)
+++ 
struts/struts2/trunk/core/src/main/java/org/apache/struts2/StrutsConstants.java 
Fri Sep  7 08:18:09 2007
@@ -161,5 +161,8 @@
 
     /** The name of the parameter to create when mapping an id (used by some 
action mappers) */
        public static final String STRUTS_ID_PARAMETER_NAME = 
"struts.mapper.idParameterName";
+       
+       /** The name of the parameter to determine whether static method access 
will be allowed in OGNL expressions or not */
+       public static final String STRUTS_ALLOW_STATIC_METHOD_ACCESS = 
"struts.ognl.allowStaticMethodAccess";
 
 }

Modified: 
struts/struts2/trunk/core/src/main/java/org/apache/struts2/config/BeanSelectionProvider.java
URL: 
http://svn.apache.org/viewvc/struts/struts2/trunk/core/src/main/java/org/apache/struts2/config/BeanSelectionProvider.java?rev=573606&r1=573605&r2=573606&view=diff
==============================================================================
--- 
struts/struts2/trunk/core/src/main/java/org/apache/struts2/config/BeanSelectionProvider.java
 (original)
+++ 
struts/struts2/trunk/core/src/main/java/org/apache/struts2/config/BeanSelectionProvider.java
 Fri Sep  7 08:18:09 2007
@@ -172,6 +172,9 @@
             props.setProperty("devMode", "false");
         }
         
+        String val = 
props.getProperty(StrutsConstants.STRUTS_ALLOW_STATIC_METHOD_ACCESS);
+        props.setProperty("allowStaticMethodAccess", val);
+        
         // TODO: This should be moved to XWork after 2.0.4
         // struts.custom.i18n.resources
 

Modified: 
struts/struts2/trunk/core/src/main/resources/org/apache/struts2/default.properties
URL: 
http://svn.apache.org/viewvc/struts/struts2/trunk/core/src/main/resources/org/apache/struts2/default.properties?rev=573606&r1=573605&r2=573606&view=diff
==============================================================================
--- 
struts/struts2/trunk/core/src/main/resources/org/apache/struts2/default.properties
 (original)
+++ 
struts/struts2/trunk/core/src/main/resources/org/apache/struts2/default.properties
 Fri Sep  7 08:18:09 2007
@@ -183,4 +183,7 @@
 ### Whether to always select the namespace to be everything before the last 
slash or not
 struts.mapper.alwaysSelectFullNamespace=false
 
+### Whether to allow static method access in OGNL expressions or not
+struts.ognl.allowStaticMethodAccess=false
+
 ### END SNIPPET: complete_file

svn commit: r573606 - in /struts/struts2/trunk/core/src/main: java/org/apache/struts2/StrutsConstants.java java/org/apache/struts2/config/BeanSelectionProvider.java resources/org/apache/struts2/default.properties

Reply via email to