This is an automated email from the ASF dual-hosted git repository. ddekany pushed a commit to branch 2.3-gae in repository https://gitbox.apache.org/repos/asf/freemarker.git
commit e50d65125d91b3a87f41f8e5305eb779161d06da Author: ddekany <[email protected]> AuthorDate: Sat Apr 11 10:27:46 2020 +0200 (Some Javadoc and comment adjustments) --- src/main/java/freemarker/ext/beans/BeansWrapper.java | 11 +++++++++-- src/main/java/freemarker/ext/beans/ClassIntrospector.java | 6 +++--- .../java/freemarker/ext/beans/DefaultMemberAccessPolicy.java | 2 +- src/main/java/freemarker/ext/beans/MemberAccessPolicy.java | 4 ++++ .../java/freemarker/ext/beans/MethodAppearanceFineTuner.java | 2 +- 5 files changed, 18 insertions(+), 7 deletions(-) diff --git a/src/main/java/freemarker/ext/beans/BeansWrapper.java b/src/main/java/freemarker/ext/beans/BeansWrapper.java index 47eb5c72..372eefa5 100644 --- a/src/main/java/freemarker/ext/beans/BeansWrapper.java +++ b/src/main/java/freemarker/ext/beans/BeansWrapper.java @@ -98,8 +98,8 @@ public class BeansWrapper implements RichObjectWrapper, WriteProtectable { /** * At this level of exposure, all methods and properties of the - * wrapped objects are exposed to the template, and the {@link MemberAccessPolicy} - * will be ignored. + * wrapped objects are exposed to the template, and even the {@link MemberAccessPolicy} + * is ignored. */ public static final int EXPOSE_ALL = 0; @@ -113,6 +113,9 @@ public class BeansWrapper implements RichObjectWrapper, WriteProtectable { * java.lang.Thread and java.lang.ThreadGroup methods that can change its * state, as well as the usual suspects in java.lang.System and * java.lang.Runtime. + * + * <p>Note that the {@link MemberAccessPolicy} will further restrict what's visible. That mechanism was introduced + * much later than "exposure levels", and it's the primary place to look at if you are concerned with safety. */ public static final int EXPOSE_SAFE = 1; @@ -120,6 +123,8 @@ public class BeansWrapper implements RichObjectWrapper, WriteProtectable { * At this level of exposure, only property getters are exposed. * Additionally, property getters that map to unsafe methods are not * exposed (i.e. Class.classLoader and Thread.contextClassLoader). + * + * <p>Note that the {@link MemberAccessPolicy} will further restrict what's visible. */ public static final int EXPOSE_PROPERTIES_ONLY = 2; @@ -564,6 +569,8 @@ public class BeansWrapper implements RichObjectWrapper, WriteProtectable { * Sets the method exposure level. By default, set to <code>EXPOSE_SAFE</code>. * @param exposureLevel can be any of the <code>EXPOSE_xxx</code> * constants. + * Note that {@link #setMemberAccessPolicy(MemberAccessPolicy)} further restricts what's visible, unless this is + * set to {@link #EXPOSE_ALL}. */ public void setExposureLevel(int exposureLevel) { checkModifiable(); diff --git a/src/main/java/freemarker/ext/beans/ClassIntrospector.java b/src/main/java/freemarker/ext/beans/ClassIntrospector.java index 98580fc8..9ef51099 100644 --- a/src/main/java/freemarker/ext/beans/ClassIntrospector.java +++ b/src/main/java/freemarker/ext/beans/ClassIntrospector.java @@ -222,7 +222,7 @@ class ClassIntrospector { * * @return A {@link Map} where each key is a property/method/field name (or a special {@link Object} key like * {@link #CONSTRUCTORS_KEY}), each value is a {@link FastPropertyDescriptor} or {@link Method} or - * {@link OverloadedMethods} or {@link Field} (but better check the source code...). + * {@link OverloadedMethods} or {@link Field} (but, you better check the source code). */ Map<Object, Object> get(Class<?> clazz) { { @@ -248,7 +248,7 @@ class ClassIntrospector { introspData = cache.get(clazz); } catch (InterruptedException e) { throw new RuntimeException( - "Class inrospection data lookup aborded: " + e); + "Class introspection data lookup aborted: " + e); } } if (introspData != null) return introspData; @@ -388,7 +388,7 @@ class ClassIntrospector { ((OverloadedMethods) previous).addMethod(method); } else if (decision.getMethodShadowsProperty() || !(previous instanceof FastPropertyDescriptor)) { - // Simple method (this far) + // Simple method (so far) introspData.put(methodKey, method); Class<?>[] replaced = getArgTypesByMethod(introspData).put(method, method.getParameterTypes()); diff --git a/src/main/java/freemarker/ext/beans/DefaultMemberAccessPolicy.java b/src/main/java/freemarker/ext/beans/DefaultMemberAccessPolicy.java index 5f0b26ca..f5bdabd4 100644 --- a/src/main/java/freemarker/ext/beans/DefaultMemberAccessPolicy.java +++ b/src/main/java/freemarker/ext/beans/DefaultMemberAccessPolicy.java @@ -36,7 +36,7 @@ import freemarker.template.Version; import freemarker.template._TemplateAPI; /** - * Member access policy, used to implement default behavior that's mostly compatible with pre-2.3.30 versions, but is + * Member access policy to implement the default behavior that's mostly compatible with pre-2.3.30 versions, but is * somewhat safer; it still can't provide safety in practice, if you allow untrusted users to edit templates! Use * {@link WhitelistMemberAccessPolicy} if you need stricter control. * diff --git a/src/main/java/freemarker/ext/beans/MemberAccessPolicy.java b/src/main/java/freemarker/ext/beans/MemberAccessPolicy.java index 2ca568d2..6d7abdbf 100644 --- a/src/main/java/freemarker/ext/beans/MemberAccessPolicy.java +++ b/src/main/java/freemarker/ext/beans/MemberAccessPolicy.java @@ -58,6 +58,10 @@ import freemarker.template.TemplateModel; * {@link Object#equals(Object)} implementation if possible. * * @since 2.3.30 + * + * @see DefaultMemberAccessPolicy + * @see WhitelistMemberAccessPolicy + * @see LegacyDefaultMemberAccessPolicy */ public interface MemberAccessPolicy { /** diff --git a/src/main/java/freemarker/ext/beans/MethodAppearanceFineTuner.java b/src/main/java/freemarker/ext/beans/MethodAppearanceFineTuner.java index 8dd134a6..4980bd6d 100644 --- a/src/main/java/freemarker/ext/beans/MethodAppearanceFineTuner.java +++ b/src/main/java/freemarker/ext/beans/MethodAppearanceFineTuner.java @@ -67,7 +67,7 @@ public interface MethodAppearanceFineTuner { * The property name in the {@link PropertyDescriptor} can be anything, * but the method (or methods) in it must belong to the class that * is given as the <tt>clazz</tt> parameter or it must be inherited from - * that class, or else whatever errors can occur later. + * that class, otherwise the behavior is undefined, and errors can occur later. * {@link IndexedPropertyDescriptor}-s are supported. * If a real JavaBean property of the same name exists, or a fake property * of the same name was already assigned earlier, it won't be
