ognl: ASTEval.java SimpleNode.java

Simone Tripodi Tue, 24 Jan 2012 22:15:37 -0800

great!!!
-Simo

http://people.apache.org/~simonetripodi/
http://simonetripodi.livejournal.com/
http://twitter.com/simonetripodi
http://www.99soft.org/




On Wed, Jan 25, 2012 at 4:31 AM,  <mcucchi...@apache.org> wrote:
> Author: mcucchiara
> Date: Wed Jan 25 03:31:12 2012
> New Revision: 1235614
>
> URL: http://svn.apache.org/viewvc?rev=1235614&view=rev
> Log:
> Added a method to identify an eval expression (necessary to fix a security 
> issue on struts, see https://cwiki.apache.org/confluence/display/WW/S2-009)
>
> Modified:
>    
> commons/proper/ognl/trunk/src/main/java/org/apache/commons/ognl/ASTEval.java
>    
> commons/proper/ognl/trunk/src/main/java/org/apache/commons/ognl/SimpleNode.java
>
> Modified: 
> commons/proper/ognl/trunk/src/main/java/org/apache/commons/ognl/ASTEval.java
> URL: 
> http://svn.apache.org/viewvc/commons/proper/ognl/trunk/src/main/java/org/apache/commons/ognl/ASTEval.java?rev=1235614&r1=1235613&r2=1235614&view=diff
> ==============================================================================
> --- 
> commons/proper/ognl/trunk/src/main/java/org/apache/commons/ognl/ASTEval.java 
> (original)
> +++ 
> commons/proper/ognl/trunk/src/main/java/org/apache/commons/ognl/ASTEval.java 
> Wed Jan 25 03:31:12 2012
> @@ -94,4 +94,11 @@ class ASTEval
>     {
>         return visitor.visit( this, data );
>     }
> +
> +    @Override
> +    public boolean isEvalChain( OgnlContext context )
> +        throws OgnlException
> +    {
> +        return true;
> +    }
>  }
>
> Modified: 
> commons/proper/ognl/trunk/src/main/java/org/apache/commons/ognl/SimpleNode.java
> URL: 
> http://svn.apache.org/viewvc/commons/proper/ognl/trunk/src/main/java/org/apache/commons/ognl/SimpleNode.java?rev=1235614&r1=1235613&r2=1235614&view=diff
> ==============================================================================
> --- 
> commons/proper/ognl/trunk/src/main/java/org/apache/commons/ognl/SimpleNode.java
>  (original)
> +++ 
> commons/proper/ognl/trunk/src/main/java/org/apache/commons/ognl/SimpleNode.java
>  Wed Jan 25 03:31:12 2012
> @@ -377,6 +377,26 @@ public abstract class SimpleNode
>         return isSimpleProperty( context );
>     }
>
> +    public boolean isEvalChain( OgnlContext context )
> +        throws OgnlException
> +    {
> +        if ( children == null )
> +        {
> +            return false;
> +        }
> +        for ( Node child : children )
> +        {
> +            if ( child instanceof SimpleNode )
> +            {
> +                if ( ( (SimpleNode) child ).isEvalChain( context ) )
> +                {
> +                    return true;
> +                }
> +            }
> +        }
> +        return false;
> +    }
> +
>     protected boolean lastChild( OgnlContext context )
>     {
>         return parent == null || context.get( "_lastChild" ) != null;
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
For additional commands, e-mail: dev-h...@commons.apache.org

Re: svn commit: r1235614 - in /commons/proper/ognl/trunk/src/main/java/org/apache/commons/ognl: ASTEval.java SimpleNode.java

Reply via email to