duh..done :) On Sat, Jul 19, 2008 at 3:44 AM, Don Brown <[EMAIL PROTECTED]> wrote: > Musachy, you need to mark the box that lets anyone join the review as > a reviewer. As it is now, no one can comment. > > Don > > On Sat, Jul 19, 2008 at 12:47 AM, Musachy Barroso <[EMAIL PROTECTED]> wrote: >> I opened a code review here: >> >> http://fisheye6.atlassian.com/cru/CR-9 >> >> I added a new interface ClearableValueStack, which if implemented will >> make the OGNL parameter binding run in a clean context. >> >> musachy >> >> On Thu, Jul 17, 2008 at 5:46 PM, Musachy Barroso <[EMAIL PROTECTED]> wrote: >>> I think it would be the same, we would just need to add a method to >>> ValueStack, to clear the context. >>> >>> musachy >>> >>> On Thu, Jul 17, 2008 at 5:32 PM, Chris Pratt <[EMAIL PROTECTED]> wrote: >>>> Will it be pluggable between the new-and-improved ValueStack and the >>>> OGNL ValueStack so that we can make the transition as painless as >>>> possible? >>>> (*Chris*) >>>> >>>> On Thu, Jul 17, 2008 at 2:28 PM, Musachy Barroso <[EMAIL PROTECTED]> wrote: >>>>> Yeah I am set to fix those security holes ;). Doing the change below, >>>>> all tests pass, with the exception of some tests in >>>>> ParameterInterceptorTest, that need to inject dependencies, and others >>>>> that check for the order of the values added to the stack (new context >>>>> is created here, so they fail) >>>>> >>>>> + ValueStack emptyStack = >>>>> valueStackFactory.createValueStack(stack); >>>>> + Map<String, Object> context = emptyStack.getContext(); >>>>> + ((OgnlContext)context).getValues().clear(); /// THIS IS BAD >>>>> + ReflectionContextState.setCreatingNullObjects(context, true); >>>>> + ReflectionContextState.setDenyMethodExecution(context, true); >>>>> + ReflectionContextState.setReportingConversionErrors(context, >>>>> true); >>>>> + >>>>> for (Map.Entry<String, Object> entry : >>>>> acceptableParameters.entrySet()) { >>>>> String name = entry.getKey(); >>>>> Object value = entry.getValue(); >>>>> @@ -233,7 +265,7 @@ >>>>> String name = entry.getKey(); >>>>> Object value = entry.getValue(); >>>>> try { >>>>> - stack.setValue(name, value); >>>>> + emptyStack.setValue(name, value); >>>>> } catch (RuntimeException e) { >>>>> if (devMode) { >>>>> String developerNotification = >>>>> LocalizedTextUtil.findText(ParametersInterceptor.class, >>>>> "devmode.notification", ActionContext.getContext().getLocale(), >>>>> "Developer Notification:\n{0}", new Object[]{ >>>>> @@ -246,6 +278,9 @@ >>>>> } >>>>> } >>>>> } >>>>> + stack.getContext().putAll(acceptableParameters); >>>>> + >>>>> >>>>> The 2 big things to be addressed are: >>>>> >>>>> 1. ((OgnlContext)context).getValues().clear(); >>>>> >>>>> I cannot just do context.clear(), because that method not only removes >>>>> the values from the stack, but it clears the root, type converter and >>>>> other stuff, so we will have to add another "clear" method to the >>>>> OgnlContext, that just clears the values. >>>>> >>>>> 2. throwPropertyExceptions which needs to be the same in the new value >>>>> stack, but I think it is getting cleared. >>>>> >>>>> what do you guys think? >>>>> >>>>> musachy >>>>> -- >>>>> "Hey you! Would you help me to carry the stone?" Pink Floyd >>>>> >>>>> --------------------------------------------------------------------- >>>>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>>>> For additional commands, e-mail: [EMAIL PROTECTED] >>>>> >>>>> >>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>>> For additional commands, e-mail: [EMAIL PROTECTED] >>>> >>>> >>> >>> >>> >>> -- >>> "Hey you! Would you help me to carry the stone?" Pink Floyd >>> >> >> >> >> -- >> "Hey you! Would you help me to carry the stone?" Pink Floyd >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
-- "Hey you! Would you help me to carry the stone?" Pink Floyd --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
