I opened a code review here:
http://fisheye6.atlassian.com/cru/CR-9
I added a new interface ClearableValueStack, which if implemented will
make the OGNL parameter binding run in a clean context.
musachy
On Thu, Jul 17, 2008 at 5:46 PM, Musachy Barroso <[EMAIL PROTECTED]> wrote:
> I think it would be the same, we would just need to add a method to
> ValueStack, to clear the context.
>
> musachy
>
> On Thu, Jul 17, 2008 at 5:32 PM, Chris Pratt <[EMAIL PROTECTED]> wrote:
>> Will it be pluggable between the new-and-improved ValueStack and the
>> OGNL ValueStack so that we can make the transition as painless as
>> possible?
>> (*Chris*)
>>
>> On Thu, Jul 17, 2008 at 2:28 PM, Musachy Barroso <[EMAIL PROTECTED]> wrote:
>>> Yeah I am set to fix those security holes ;). Doing the change below,
>>> all tests pass, with the exception of some tests in
>>> ParameterInterceptorTest, that need to inject dependencies, and others
>>> that check for the order of the values added to the stack (new context
>>> is created here, so they fail)
>>>
>>> + ValueStack emptyStack = valueStackFactory.createValueStack(stack);
>>> + Map<String, Object> context = emptyStack.getContext();
>>> + ((OgnlContext)context).getValues().clear(); /// THIS IS BAD
>>> + ReflectionContextState.setCreatingNullObjects(context, true);
>>> + ReflectionContextState.setDenyMethodExecution(context, true);
>>> + ReflectionContextState.setReportingConversionErrors(context, true);
>>> +
>>> for (Map.Entry<String, Object> entry :
>>> acceptableParameters.entrySet()) {
>>> String name = entry.getKey();
>>> Object value = entry.getValue();
>>> @@ -233,7 +265,7 @@
>>> String name = entry.getKey();
>>> Object value = entry.getValue();
>>> try {
>>> - stack.setValue(name, value);
>>> + emptyStack.setValue(name, value);
>>> } catch (RuntimeException e) {
>>> if (devMode) {
>>> String developerNotification =
>>> LocalizedTextUtil.findText(ParametersInterceptor.class,
>>> "devmode.notification", ActionContext.getContext().getLocale(),
>>> "Developer Notification:\n{0}", new Object[]{
>>> @@ -246,6 +278,9 @@
>>> }
>>> }
>>> }
>>> + stack.getContext().putAll(acceptableParameters);
>>> +
>>>
>>> The 2 big things to be addressed are:
>>>
>>> 1. ((OgnlContext)context).getValues().clear();
>>>
>>> I cannot just do context.clear(), because that method not only removes
>>> the values from the stack, but it clears the root, type converter and
>>> other stuff, so we will have to add another "clear" method to the
>>> OgnlContext, that just clears the values.
>>>
>>> 2. throwPropertyExceptions which needs to be the same in the new value
>>> stack, but I think it is getting cleared.
>>>
>>> what do you guys think?
>>>
>>> musachy
>>> --
>>> "Hey you! Would you help me to carry the stone?" Pink Floyd
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>>> For additional commands, e-mail: [EMAIL PROTECTED]
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>
>
>
> --
> "Hey you! Would you help me to carry the stone?" Pink Floyd
>
--
"Hey you! Would you help me to carry the stone?" Pink Floyd
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
