Repository: struts Updated Branches: refs/heads/struts-2-3-20-2 [created] c7113e9d6
Uses isSequence flag to block chained expressions Project: http://git-wip-us.apache.org/repos/asf/struts/repo Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/98eb21ae Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/98eb21ae Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/98eb21ae Branch: refs/heads/struts-2-3-20-2 Commit: 98eb21ae8528dd5fdc3f76ed9ade897a1c679131 Parents: a9974ee Author: Lukasz Lenart <lukaszlen...@apache.org> Authored: Mon Apr 18 20:38:27 2016 +0200 Committer: Lukasz Lenart <lukaszlen...@apache.org> Committed: Mon Apr 18 20:38:27 2016 +0200 ---------------------------------------------------------------------- .../java/com/opensymphony/xwork2/ognl/OgnlUtil.java | 6 +++--- .../com/opensymphony/xwork2/ognl/OgnlUtilTest.java | 15 +++++++++++++++ 2 files changed, 18 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/struts/blob/98eb21ae/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java ---------------------------------------------------------------------- diff --git a/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java b/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java index 63c45fe..0421fac 100644 --- a/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java +++ b/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java @@ -282,7 +282,7 @@ public class OgnlUtil { compileAndExecute(name, context, new OgnlTask<Void>() { public Void execute(Object tree) throws OgnlException { if (!evalName && isEvalExpression(tree, context)) { - throw new OgnlException("Eval expression cannot be used as parameter name"); + throw new OgnlException("Eval expression/chained expressions cannot be used as parameter name"); } Ognl.setValue(tree, context, root, value); return null; @@ -298,7 +298,7 @@ public class OgnlUtil { if (context!=null && context instanceof OgnlContext) { ognlContext = (OgnlContext) context; } - return node.isEvalChain(ognlContext); + return node.isEvalChain(ognlContext) || node.isSequence(ognlContext); } return false; } @@ -355,7 +355,7 @@ public class OgnlUtil { private void checkEnableEvalExpression(Object tree, Map<String, Object> context) throws OgnlException { if (!enableEvalExpression && isEvalExpression(tree, context)) { - throw new OgnlException("Eval expressions has been disabled!"); + throw new OgnlException("Eval expressions/chained expressions have been disabled!"); } } http://git-wip-us.apache.org/repos/asf/struts/blob/98eb21ae/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java ---------------------------------------------------------------------- diff --git a/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java b/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java index 6726af6..13442b1 100644 --- a/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java +++ b/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java @@ -750,6 +750,21 @@ public class OgnlUtilTest extends XWorkTestCase { assertEquals(expected.getMessage(), "Method \"getRuntime\" failed for object class java.lang.Runtime"); } + public void testBlockSequenceOfExpressions() throws Exception { + Foo foo = new Foo(); + + Exception expected = null; + try { + ognlUtil.setValue("#booScope=@myclass@DEFAULT_SCOPE,#bootScope.init()", ognlUtil.createDefaultContext(foo), foo, true); + fail(); + } catch (OgnlException e) { + expected = e; + } + assertNotNull(expected); + assertSame(OgnlException.class, expected.getClass()); + assertEquals(expected.getMessage(), "Eval expressions/chained expressions have been disabled!"); + } + public static class Email { String address;
