Repository: struts Updated Branches: refs/heads/master 0cc5fcaaa -> c53c6d8c8
WW-4596 Uses unmodifiable set to avoid changing allowed methods Project: http://git-wip-us.apache.org/repos/asf/struts/repo Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/c53c6d8c Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/c53c6d8c Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/c53c6d8c Branch: refs/heads/master Commit: c53c6d8c8e3c2985dd57b7d7c0e2b30cce85e3e8 Parents: 0cc5fca Author: Lukasz Lenart <lukaszlen...@apache.org> Authored: Fri Feb 5 09:02:52 2016 +0100 Committer: Lukasz Lenart <lukaszlen...@apache.org> Committed: Fri Feb 5 09:02:52 2016 +0100 ---------------------------------------------------------------------- .../com/opensymphony/xwork2/config/entities/PackageConfig.java | 2 +- .../xwork2/config/providers/XmlConfigurationProvider.java | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/struts/blob/c53c6d8c/core/src/main/java/com/opensymphony/xwork2/config/entities/PackageConfig.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/com/opensymphony/xwork2/config/entities/PackageConfig.java b/core/src/main/java/com/opensymphony/xwork2/config/entities/PackageConfig.java index 1e7a4dd..c0e9477 100644 --- a/core/src/main/java/com/opensymphony/xwork2/config/entities/PackageConfig.java +++ b/core/src/main/java/com/opensymphony/xwork2/config/entities/PackageConfig.java @@ -519,7 +519,7 @@ public class PackageConfig extends Located implements Comparable, Serializable, public Set<String> getGlobalAllowedMethods() { Set <String> allowedMethods = target.globalAllowedMethods; allowedMethods.addAll(getParentsAllowedMethods(target.parents)); - return allowedMethods; + return Collections.unmodifiableSet(allowedMethods); } public Set<String> getParentsAllowedMethods(List<PackageConfig> parents) { http://git-wip-us.apache.org/repos/asf/struts/blob/c53c6d8c/core/src/main/java/com/opensymphony/xwork2/config/providers/XmlConfigurationProvider.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/com/opensymphony/xwork2/config/providers/XmlConfigurationProvider.java b/core/src/main/java/com/opensymphony/xwork2/config/providers/XmlConfigurationProvider.java index c27f95b..1ea9c3e 100644 --- a/core/src/main/java/com/opensymphony/xwork2/config/providers/XmlConfigurationProvider.java +++ b/core/src/main/java/com/opensymphony/xwork2/config/providers/XmlConfigurationProvider.java @@ -859,7 +859,7 @@ public class XmlConfigurationProvider implements ConfigurationProvider { Set<String> allowedMethods; if (allowedMethodsEls.getLength() > 0) { // user defined 'allowed-methods' so used them whatever Strict DMI was enabled or not - allowedMethods = packageContext.getGlobalAllowedMethods(); + allowedMethods = new HashSet<>(packageContext.getGlobalAllowedMethods()); if (allowedMethodsEls.getLength() > 0) { Node n = allowedMethodsEls.item(0).getFirstChild(); @@ -872,14 +872,14 @@ public class XmlConfigurationProvider implements ConfigurationProvider { } } else if (packageContext.isStrictMethodInvocation()) { // user enabled Strict DMI but didn't defined action specific 'allowed-methods' so we use 'global-allowed-methods' only - allowedMethods = packageContext.getGlobalAllowedMethods(); + allowedMethods = new HashSet<>(packageContext.getGlobalAllowedMethods()); } else { // Strict DMI is disabled to any method can be called allowedMethods = new HashSet<>(); allowedMethods.add(ActionConfig.REGEX_WILDCARD); } - return allowedMethods; + return Collections.unmodifiableSet(allowedMethods); } protected void loadDefaultInterceptorRef(PackageConfig.Builder packageContext, Element element) {
