I think it would be the same, we would just need to add a method to
ValueStack, to clear the context.
musachy
On Thu, Jul 17, 2008 at 5:32 PM, Chris Pratt <[EMAIL PROTECTED]> wrote:
> Will it be pluggable between the new-and-improved ValueStack and the
> OGNL ValueStack so that we can make the transition as painless as
> possible?
> (*Chris*)
>
> On Thu, Jul 17, 2008 at 2:28 PM, Musachy Barroso <[EMAIL PROTECTED]> wrote:
>> Yeah I am set to fix those security holes ;). Doing the change below,
>> all tests pass, with the exception of some tests in
>> ParameterInterceptorTest, that need to inject dependencies, and others
>> that check for the order of the values added to the stack (new context
>> is created here, so they fail)
>>
>> + ValueStack emptyStack = valueStackFactory.createValueStack(stack);
>> + Map<String, Object> context = emptyStack.getContext();
>> + ((OgnlContext)context).getValues().clear(); /// THIS IS BAD
>> + ReflectionContextState.setCreatingNullObjects(context, true);
>> + ReflectionContextState.setDenyMethodExecution(context, true);
>> + ReflectionContextState.setReportingConversionErrors(context, true);
>> +
>> for (Map.Entry<String, Object> entry :
>> acceptableParameters.entrySet()) {
>> String name = entry.getKey();
>> Object value = entry.getValue();
>> @@ -233,7 +265,7 @@
>> String name = entry.getKey();
>> Object value = entry.getValue();
>> try {
>> - stack.setValue(name, value);
>> + emptyStack.setValue(name, value);
>> } catch (RuntimeException e) {
>> if (devMode) {
>> String developerNotification =
>> LocalizedTextUtil.findText(ParametersInterceptor.class,
>> "devmode.notification", ActionContext.getContext().getLocale(),
>> "Developer Notification:\n{0}", new Object[]{
>> @@ -246,6 +278,9 @@
>> }
>> }
>> }
>> + stack.getContext().putAll(acceptableParameters);
>> +
>>
>> The 2 big things to be addressed are:
>>
>> 1. ((OgnlContext)context).getValues().clear();
>>
>> I cannot just do context.clear(), because that method not only removes
>> the values from the stack, but it clears the root, type converter and
>> other stuff, so we will have to add another "clear" method to the
>> OgnlContext, that just clears the values.
>>
>> 2. throwPropertyExceptions which needs to be the same in the new value
>> stack, but I think it is getting cleared.
>>
>> what do you guys think?
>>
>> musachy
>> --
>> "Hey you! Would you help me to carry the stone?" Pink Floyd
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
--
"Hey you! Would you help me to carry the stone?" Pink Floyd
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
