This is an automated email from the ASF dual-hosted git repository. ddekany pushed a commit to branch 3 in repository https://gitbox.apache.org/repos/asf/freemarker.git
commit d1dd7915531b060ab0b836471323ac7d7647eaf8 Author: ddekany <[email protected]> AuthorDate: Sat Jun 27 16:26:31 2020 +0200 Forward ported from 2.3-gae: [FREEMARKER-133] Fixed bug where FreeMarker sometimes tries to expose public methods that are defined or overridden in a non-public class, if the non-public class was then extended by a public class. Calling such method just ends up with IllegalAccessException, but they shouldn't be exposed on the first place, and furthermore can sometimes hide the callable version of the method. --- .../core/model/impl/ClassIntrospector.java | 36 ++++++++++++---------- 1 file changed, 19 insertions(+), 17 deletions(-) diff --git a/freemarker-core/src/main/java/org/apache/freemarker/core/model/impl/ClassIntrospector.java b/freemarker-core/src/main/java/org/apache/freemarker/core/model/impl/ClassIntrospector.java index 0199cb7..330caed 100644 --- a/freemarker-core/src/main/java/org/apache/freemarker/core/model/impl/ClassIntrospector.java +++ b/freemarker-core/src/main/java/org/apache/freemarker/core/model/impl/ClassIntrospector.java @@ -738,24 +738,26 @@ class ClassIntrospector { Method[] methods = clazz.getMethods(); for (Method method : methods) { ExecutableMemberSignature sig = new ExecutableMemberSignature(method); - // Contrary to intuition, a class can actually have several - // different methods with same signature *but* different - // return types. These can't be constructed using Java the - // language, as this is illegal on source code level, but - // the compiler can emit synthetic methods as part of - // generic type reification that will have same signature - // yet different return type than an existing explicitly - // declared method. Consider: - // public interface I<T> { T m(); } - // public class C implements I<Integer> { Integer m() { return 42; } } - // C.class will have both "Object m()" and "Integer m()" methods. - List<Method> methodList = accessibles.get(sig); - if (methodList == null) { - // TODO Collection.singletonList is more efficient, though read only. - methodList = new LinkedList<>(); - accessibles.put(sig, methodList); + if (Modifier.isPublic(method.getDeclaringClass().getModifiers())) { + // Contrary to intuition, a class can actually have several + // different methods with same signature *but* different + // return types. These can't be constructed using Java the + // language, as this is illegal on source code level, but + // the compiler can emit synthetic methods as part of + // generic type reification that will have same signature + // yet different return type than an existing explicitly + // declared method. Consider: + // public interface I<T> { T m(); } + // public class C implements I<Integer> { Integer m() { return 42; } } + // C.class will have both "Object m()" and "Integer m()" methods. + List<Method> methodList = accessibles.get(sig); + if (methodList == null) { + // TODO Collection.singletonList is more efficient, though read only. + methodList = new LinkedList<>(); + accessibles.put(sig, methodList); + } + methodList.add(method); } - methodList.add(method); } return; } catch (SecurityException e) {
