Musachy, you need to mark the box that lets anyone join the review as a reviewer. As it is now, no one can comment.
Don On Sat, Jul 19, 2008 at 12:47 AM, Musachy Barroso <[EMAIL PROTECTED]> wrote: > I opened a code review here: > > http://fisheye6.atlassian.com/cru/CR-9 > > I added a new interface ClearableValueStack, which if implemented will > make the OGNL parameter binding run in a clean context. > > musachy > > On Thu, Jul 17, 2008 at 5:46 PM, Musachy Barroso <[EMAIL PROTECTED]> wrote: >> I think it would be the same, we would just need to add a method to >> ValueStack, to clear the context. >> >> musachy >> >> On Thu, Jul 17, 2008 at 5:32 PM, Chris Pratt <[EMAIL PROTECTED]> wrote: >>> Will it be pluggable between the new-and-improved ValueStack and the >>> OGNL ValueStack so that we can make the transition as painless as >>> possible? >>> (*Chris*) >>> >>> On Thu, Jul 17, 2008 at 2:28 PM, Musachy Barroso <[EMAIL PROTECTED]> wrote: >>>> Yeah I am set to fix those security holes ;). Doing the change below, >>>> all tests pass, with the exception of some tests in >>>> ParameterInterceptorTest, that need to inject dependencies, and others >>>> that check for the order of the values added to the stack (new context >>>> is created here, so they fail) >>>> >>>> + ValueStack emptyStack = valueStackFactory.createValueStack(stack); >>>> + Map<String, Object> context = emptyStack.getContext(); >>>> + ((OgnlContext)context).getValues().clear(); /// THIS IS BAD >>>> + ReflectionContextState.setCreatingNullObjects(context, true); >>>> + ReflectionContextState.setDenyMethodExecution(context, true); >>>> + ReflectionContextState.setReportingConversionErrors(context, >>>> true); >>>> + >>>> for (Map.Entry<String, Object> entry : >>>> acceptableParameters.entrySet()) { >>>> String name = entry.getKey(); >>>> Object value = entry.getValue(); >>>> @@ -233,7 +265,7 @@ >>>> String name = entry.getKey(); >>>> Object value = entry.getValue(); >>>> try { >>>> - stack.setValue(name, value); >>>> + emptyStack.setValue(name, value); >>>> } catch (RuntimeException e) { >>>> if (devMode) { >>>> String developerNotification = >>>> LocalizedTextUtil.findText(ParametersInterceptor.class, >>>> "devmode.notification", ActionContext.getContext().getLocale(), >>>> "Developer Notification:\n{0}", new Object[]{ >>>> @@ -246,6 +278,9 @@ >>>> } >>>> } >>>> } >>>> + stack.getContext().putAll(acceptableParameters); >>>> + >>>> >>>> The 2 big things to be addressed are: >>>> >>>> 1. ((OgnlContext)context).getValues().clear(); >>>> >>>> I cannot just do context.clear(), because that method not only removes >>>> the values from the stack, but it clears the root, type converter and >>>> other stuff, so we will have to add another "clear" method to the >>>> OgnlContext, that just clears the values. >>>> >>>> 2. throwPropertyExceptions which needs to be the same in the new value >>>> stack, but I think it is getting cleared. >>>> >>>> what do you guys think? >>>> >>>> musachy >>>> -- >>>> "Hey you! Would you help me to carry the stone?" Pink Floyd >>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>>> For additional commands, e-mail: [EMAIL PROTECTED] >>>> >>>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>> For additional commands, e-mail: [EMAIL PROTECTED] >>> >>> >> >> >> >> -- >> "Hey you! Would you help me to carry the stone?" Pink Floyd >> > > > > -- > "Hey you! Would you help me to carry the stone?" Pink Floyd > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
