(struts) 01/01: WW-5364 Enable allowlist for showcase

Fri, 24 Nov 2023 01:56:03 -0800 

This is an automated email from the ASF dual-hosted git repository.

kusal pushed a commit to branch WW-5364-populate-allowlist
in repository https://gitbox.apache.org/repos/asf/struts.git

commit 324f825dc59e263ceae1400f6852140d238415eb
Author: Kusal Kithul-Godage <g...@kusal.io>
AuthorDate: Fri Nov 24 20:12:17 2023 +1100

    WW-5364 Enable allowlist for showcase
---
 apps/showcase/src/main/resources/struts.xml                   | 1 +
 core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java | 1 +
 2 files changed, 2 insertions(+)

diff --git a/apps/showcase/src/main/resources/struts.xml 
b/apps/showcase/src/main/resources/struts.xml
index f73963de9..150b8e36d 100644
--- a/apps/showcase/src/main/resources/struts.xml
+++ b/apps/showcase/src/main/resources/struts.xml
@@ -33,6 +33,7 @@
     <constant name="struts.configuration.xml.reload" value="false" />
     <constant name="struts.custom.i18n.resources" value="globalMessages" />
     <constant name="struts.action.extension" value="action,," />
+    <constant name="struts.allowlist.enable" value="true" />
 
     <constant name="struts.convention.package.locators.basePackage" 
value="org.apache.struts2.showcase" />
     <constant name="struts.convention.result.path" value="/WEB-INF" />
diff --git a/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java 
b/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
index 62e635fbc..331ddcc02 100644
--- a/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
+++ b/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
@@ -856,6 +856,7 @@ public class OgnlUtil {
         }
 
         SecurityMemberAccess memberAccess = 
container.getInstance(SecurityMemberAccess.class);
+        memberAccess.useEnforceAllowlistEnabled(Boolean.FALSE.toString());
 
         if (devMode) {
             if (!warnReported.get()) {

Reply via email to