This is an automated email from the ASF dual-hosted git repository.

kusal pushed a commit to branch WW-5341-classloaders
in repository https://gitbox.apache.org/repos/asf/struts.git

commit 358798dc8ba7b3aeb06e48d1123968c44c343e70
Author: Kusal Kithul-Godage <g...@kusal.io>
AuthorDate: Tue Aug 29 09:21:01 2023 +1000

    WW-5341 Move proxy check to be first
---
 .../main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java | 5 +++++
 1 file changed, 5 insertions(+)

diff --git 
a/core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java 
b/core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
index f65c322b8..e75805d71 100644
--- a/core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
+++ b/core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
@@ -111,6 +111,11 @@ public class SecurityMemberAccess implements MemberAccess {
             throw new IllegalArgumentException("Target does not match 
member!");
         }
 
+        if (disallowProxyMemberAccess && ProxyUtil.isProxyMember(member, 
target)) {
+            LOG.warn("Access to proxy is blocked! Target class [{}] of target 
[{}], member [{}]", targetClass, target, member);
+            return false;
+        }
+
         if (!checkPublicMemberAccess(memberModifiers)) {
             LOG.warn("Access to non-public [{}] is blocked!", member);
             return false;

Reply via email to