<[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
From: Dale Newfield <[EMAIL PROTECTED]>
Date: Tue, 17 Jul 2007 1:17:55 -0500
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7bit
"Aram Mkhitaryan" <[EMAIL PROTECTED]
>I have to repeat my suggestion about the new "eval" method in ognl
>expressions which will force the evaluation
But of course this would still be a security hole if usable by
client-provided strings, and would still need to be disallowed there. How
is surrounding a string with "%{" and "}" not the "eval" you request?
-Dale Newfield
[EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
