zhouyanming created WW-4374:
-------------------------------
Summary: access enum values via ognl blocked by
SecurityMemberAccess
Key: WW-4374
URL: https://issues.apache.org/jira/browse/WW-4374
Project: Struts 2
Issue Type: Bug
Affects Versions: 2.3.18
Reporter: zhouyanming
Priority: Blocker
{code:html}
<@s.select list="@test.EnumType@values()">
{code}
doesn't works anymore,it breaked compatibility.
SecurityMemberAccess.isAccessible(Map context, Object target, Member member,
String propertyName)
solution is check enum access first then check others.
{code:java}
int modifiers = member.getModifiers();
if (Modifier.isStatic(modifiers)) {
if (member instanceof Method && !getAllowStaticMethodAccess()) {
if (target instanceof Class) {
Class clazz = (Class) target;
Method method = (Method) member;
if (Enum.class.isAssignableFrom(clazz) &&
method.getName().equals("values"))
return true;
}
}
}
if (isPackageExcluded(target.getClass().getPackage(),
member.getDeclaringClass().getPackage())) {
if (LOG.isWarnEnabled()) {
LOG.warn("Package of target [#0] or package of member [#1] are
excluded!", target, member);
}
return false;
}
if (isClassExcluded(target.getClass(), member.getDeclaringClass())) {
if (LOG.isWarnEnabled()) {
LOG.warn("Target class [#0] or declaring class of member type
[#1] are excluded!", target, member);
}
return false;
}
{code}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
