kusalk commented on code in PR #780:
URL: https://github.com/apache/struts/pull/780#discussion_r1382547971
##########
core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java:
##########
@@ -104,126 +105,168 @@ public void restore(Map context, Object target, Member
member, String propertyNa
public boolean isAccessible(Map context, Object target, Member member,
String propertyName) {
LOG.debug("Checking access for [target: {}, member: {}, property:
{}]", target, member, propertyName);
- final int memberModifiers = member.getModifiers();
- final Class<?> memberClass = member.getDeclaringClass();
- // target can be null in case of accessing static fields, since OGNL
3.2.8
- final Class<?> targetClass = Modifier.isStatic(memberModifiers) ?
memberClass : target.getClass();
- if (!memberClass.isAssignableFrom(targetClass)) {
- throw new IllegalArgumentException("Target does not match
member!");
+ if (target != null) {
+ // Special case: Target is a Class object but not Class.class
+ if (Class.class.equals(target.getClass()) &&
!Class.class.equals(target)) {
Review Comment:
Validate and throw exceptions if arguments are not what we expect as the
following logic depends on these assumptions to be accurate
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@struts.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
