This is an automated email from the ASF dual-hosted git repository.
kusal pushed a commit to branch WW-5341-classloaders
in repository https://gitbox.apache.org/repos/asf/struts.git
commit 358798dc8ba7b3aeb06e48d1123968c44c343e70
Author: Kusal Kithul-Godage <g...@kusal.io>
AuthorDate: Tue Aug 29 09:21:01 2023 +1000
WW-5341 Move proxy check to be first
---
.../main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java | 5 +++++
1 file changed, 5 insertions(+)
diff --git
a/core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
b/core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
index f65c322b8..e75805d71 100644
--- a/core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
+++ b/core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
@@ -111,6 +111,11 @@ public class SecurityMemberAccess implements MemberAccess {
throw new IllegalArgumentException("Target does not match
member!");
}
+ if (disallowProxyMemberAccess && ProxyUtil.isProxyMember(member,
target)) {
+ LOG.warn("Access to proxy is blocked! Target class [{}] of target
[{}], member [{}]", targetClass, target, member);
+ return false;
+ }
+
if (!checkPublicMemberAccess(memberModifiers)) {
LOG.warn("Access to non-public [{}] is blocked!", member);
return false;
