[16/50] [abbrv] struts git commit: Prevents eval expressions at all

lukaszlenart Fri, 15 Jul 2016 06:18:58 -0700

Prevents eval expressions at all


Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/61f9b07a
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/61f9b07a
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/61f9b07a

Branch: refs/heads/master
Commit: 61f9b07a788292b03ccdfae727f19bf2d7d47ad9
Parents: 46f3cf2
Author: Lukasz Lenart <lukaszlen...@apache.org>
Authored: Sun Jan 10 12:00:10 2016 +0100
Committer: Lukasz Lenart <lukasz.len...@gmail.com>
Committed: Tue Jan 19 16:18:01 2016 +0100

----------------------------------------------------------------------
 .../java/com/opensymphony/xwork2/ognl/OgnlUtil.java     |  8 ++------
 .../com/opensymphony/xwork2/ognl/OgnlValueStack.java    | 12 ++++--------
 2 files changed, 6 insertions(+), 14 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/struts/blob/61f9b07a/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java 
b/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
index f6f2ea8..8143613 100644
--- a/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
+++ b/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
@@ -273,14 +273,10 @@ public class OgnlUtil {
      *
      * @throws OgnlException in case of ognl errors
      */
-    public void setValue(String name, Map<String, Object> context, Object 
root, Object value) throws OgnlException {
-        setValue(name, context, root, value, true);
-    }
-
-    protected void setValue(String name, final Map<String, Object> context, 
final Object root, final Object value, final boolean evalName) throws 
OgnlException {
+    public void setValue(final String name, final Map<String, Object> context, 
final Object root, final Object value) throws OgnlException {
         compileAndExecute(name, context, new OgnlTask<Void>() {
             public Void execute(Object tree) throws OgnlException {
-                if (!evalName && isEvalExpression(tree, context)) {
+                if (isEvalExpression(tree, context)) {
                     throw new OgnlException("Eval expression cannot be used as 
parameter name");
                 }
                 Ognl.setValue(tree, context, root, value);

http://git-wip-us.apache.org/repos/asf/struts/blob/61f9b07a/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlValueStack.java
----------------------------------------------------------------------
diff --git 
a/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlValueStack.java 
b/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlValueStack.java
index af7fbc5..4394d03 100644
--- a/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlValueStack.java
+++ b/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlValueStack.java
@@ -148,7 +148,7 @@ public class OgnlValueStack implements Serializable, 
ValueStack, ClearableValueS
      * @see com.opensymphony.xwork2.util.ValueStack#setParameter(String, 
Object)
      */
     public void setParameter(String expr, Object value) {
-        setValue(expr, value, devMode, false);
+        setValue(expr, value, devMode);
     }
 
     /**
@@ -164,13 +164,9 @@ public class OgnlValueStack implements Serializable, 
ValueStack, ClearableValueS
      * @see com.opensymphony.xwork2.util.ValueStack#setValue(java.lang.String, 
java.lang.Object, boolean)
      */
     public void setValue(String expr, Object value, boolean 
throwExceptionOnFailure) {
-        setValue(expr, value, throwExceptionOnFailure, true);
-    }
-
-    private void setValue(String expr, Object value, boolean 
throwExceptionOnFailure, boolean evalExpression) {
         Map<String, Object> context = getContext();
         try {
-            trySetValue(expr, value, throwExceptionOnFailure, context, 
evalExpression);
+            trySetValue(expr, value, throwExceptionOnFailure, context);
         } catch (OgnlException e) {
             handleOgnlException(expr, value, throwExceptionOnFailure, e);
         } catch (RuntimeException re) { //XW-281
@@ -180,10 +176,10 @@ public class OgnlValueStack implements Serializable, 
ValueStack, ClearableValueS
         }
     }
 
-    private void trySetValue(String expr, Object value, boolean 
throwExceptionOnFailure, Map<String, Object> context, boolean evalExpression) 
throws OgnlException {
+    private void trySetValue(String expr, Object value, boolean 
throwExceptionOnFailure, Map<String, Object> context) throws OgnlException {
         context.put(XWorkConverter.CONVERSION_PROPERTY_FULLNAME, expr);
         context.put(REPORT_ERRORS_ON_NO_PROP, (throwExceptionOnFailure) ? 
Boolean.TRUE : Boolean.FALSE);
-        ognlUtil.setValue(expr, context, root, value, evalExpression);
+        ognlUtil.setValue(expr, context, root, value);
     }
 
     private void cleanUpContext(Map<String, Object> context) {

[16/50] [abbrv] struts git commit: Prevents eval expressions at all

Reply via email to