svn commit: r1235614 - in /commons/proper/ognl/trunk/src/main/java/org/apache/commons/ognl: ASTEval.java SimpleNode.java

[mcucchiara]

Author: mcucchiara
Date: Wed Jan 25 03:31:12 2012
New Revision: 1235614

URL: http://svn.apache.org/viewvc?rev=1235614&view=rev
Log:
Added a method to identify an eval expression (necessary to fix a security 
issue on struts, see https://cwiki.apache.org/confluence/display/WW/S2-009)

Modified:
    commons/proper/ognl/trunk/src/main/java/org/apache/commons/ognl/ASTEval.java
    
commons/proper/ognl/trunk/src/main/java/org/apache/commons/ognl/SimpleNode.java

Modified: 
commons/proper/ognl/trunk/src/main/java/org/apache/commons/ognl/ASTEval.java
URL: 
http://svn.apache.org/viewvc/commons/proper/ognl/trunk/src/main/java/org/apache/commons/ognl/ASTEval.java?rev=1235614&r1=1235613&r2=1235614&view=diff
==============================================================================
--- 
commons/proper/ognl/trunk/src/main/java/org/apache/commons/ognl/ASTEval.java 
(original)
+++ 
commons/proper/ognl/trunk/src/main/java/org/apache/commons/ognl/ASTEval.java 
Wed Jan 25 03:31:12 2012
@@ -94,4 +94,11 @@ class ASTEval
     {
         return visitor.visit( this, data );
     }
+
+    @Override
+    public boolean isEvalChain( OgnlContext context )
+        throws OgnlException
+    {
+        return true;
+    }
 }

Modified: 
commons/proper/ognl/trunk/src/main/java/org/apache/commons/ognl/SimpleNode.java
URL: 
http://svn.apache.org/viewvc/commons/proper/ognl/trunk/src/main/java/org/apache/commons/ognl/SimpleNode.java?rev=1235614&r1=1235613&r2=1235614&view=diff
==============================================================================
--- 
commons/proper/ognl/trunk/src/main/java/org/apache/commons/ognl/SimpleNode.java 
(original)
+++ 
commons/proper/ognl/trunk/src/main/java/org/apache/commons/ognl/SimpleNode.java 
Wed Jan 25 03:31:12 2012
@@ -377,6 +377,26 @@ public abstract class SimpleNode
         return isSimpleProperty( context );
     }
 
+    public boolean isEvalChain( OgnlContext context )
+        throws OgnlException
+    {
+        if ( children == null )
+        {
+            return false;
+        }
+        for ( Node child : children )
+        {
+            if ( child instanceof SimpleNode )
+            {
+                if ( ( (SimpleNode) child ).isEvalChain( context ) )
+                {
+                    return true;
+                }
+            }
+        }
+        return false;
+    }
+
     protected boolean lastChild( OgnlContext context )
     {
         return parent == null || context.get( "_lastChild" ) != null;