Commits

plightbo  committed d1ad98f

some various bug fixes

git-svn-id: http://svn.opensymphony.com/svn/xwork/trunk@144e221344d-f017-0410-9bd5-d282ab1896d7

  • Participants
  • Parent commits 98bf282

Comments (0)

Files changed (6)

File src/java/com/opensymphony/xwork/ActionSupport.java

 
     //~ Instance fields ////////////////////////////////////////////////////////
 
-    private final TextProvider textProvider = new TextProviderSupport(getClass(), this);
+    private transient final TextProvider textProvider = new TextProviderSupport(getClass(), this);
     private final ValidationAware validationAware = new ValidationAwareSupport();
 
     //~ Methods ////////////////////////////////////////////////////////////////

File src/java/com/opensymphony/xwork/ValidationAware.java

 
 import java.util.Collection;
 import java.util.Map;
+import java.io.Serializable;
 
 
 /**
  * @author $author$
  * @version $Revision$
  */
-public interface ValidationAware {
+public interface ValidationAware extends Serializable {
     //~ Methods ////////////////////////////////////////////////////////////////
 
     /**

File src/java/com/opensymphony/xwork/interceptor/ParametersInterceptor.java

 import com.opensymphony.xwork.util.InstantiatingNullHandler;
 import com.opensymphony.xwork.util.OgnlValueStack;
 import com.opensymphony.xwork.util.XWorkConverter;
+import com.opensymphony.xwork.util.XWorkMethodAccessor;
 
 import java.util.Iterator;
 import java.util.Map;
 
             try {
                 InstantiatingNullHandler.setState(true);
+                XWorkMethodAccessor.setState(true);
                 invocation.getInvocationContext().put(XWorkConverter.REPORT_CONVERSION_ERRORS, Boolean.TRUE);
 
                 if (parameters != null) {
             } finally {
                 invocation.getInvocationContext().put(XWorkConverter.REPORT_CONVERSION_ERRORS, Boolean.FALSE);
                 InstantiatingNullHandler.setState(false);
+                XWorkMethodAccessor.setState(false);
             }
         }
     }

File src/java/com/opensymphony/xwork/util/OgnlValueStack.java

         OgnlRuntime.setPropertyAccessor(CompoundRoot.class, accessor);
         OgnlRuntime.setPropertyAccessor(Iterator.class, new XWorkIteratorPropertyAccessor());
         OgnlRuntime.setPropertyAccessor(Enumeration.class, new XWorkEnumerationAcccessor());
+        OgnlRuntime.setMethodAccessor(Object.class, new XWorkMethodAccessor());
         OgnlRuntime.setMethodAccessor(CompoundRoot.class, accessor);
         OgnlRuntime.setNullHandler(Object.class, new InstantiatingNullHandler());
     }

File src/java/com/opensymphony/xwork/util/XWorkMethodAccessor.java

+package com.opensymphony.xwork.util;
+
+import ognl.ObjectMethodAccessor;
+import ognl.MethodFailedException;
+
+import java.util.Map;
+
+/**
+ * User: plightbo
+ * Date: Dec 28, 2003
+ * Time: 8:34:20 PM
+ */
+public class XWorkMethodAccessor extends ObjectMethodAccessor {
+    private static ThreadLocal state = new ThreadLocal();
+
+    public static void setState(boolean on) {
+        if (on) {
+            state.set(Boolean.TRUE);
+        } else {
+            state.set(null);
+        }
+    }
+
+    public Object callMethod(Map map, Object object, String string, Object[] objects) throws MethodFailedException {
+        if (state.get() == null) {
+            return super.callMethod(map, object, string, objects);
+        } else {
+            return null;
+        }
+    }
+
+    public Object callStaticMethod(Map map, Class aClass, String string, Object[] objects) throws MethodFailedException {
+        if (state.get() == null) {
+            return super.callStaticMethod(map, aClass, string, objects);
+        } else {
+            return null;
+        }
+    }
+}

File src/test/com/opensymphony/xwork/interceptor/ParametersInterceptorTest.java

         }
     }
 
+    public void testDoesNotAllowMethodInvocations() {
+        Map params = new HashMap();
+        params.put("@java.lang.System@exit(1).dummy", "dumb value");
+
+        HashMap extraContext = new HashMap();
+        extraContext.put(ActionContext.PARAMETERS, params);
+
+        try {
+            ActionProxy proxy = ActionProxyFactory.getFactory().createActionProxy("", MockConfigurationProvider.MODEL_DRIVEN_PARAM_TEST, extraContext);
+            assertEquals(Action.SUCCESS, proxy.execute());
+
+            ModelDrivenAction action = (ModelDrivenAction) proxy.getAction();
+            TestBean model = (TestBean) action.getModel();
+
+            String property = System.getProperty("webwork.security.test");
+            assertNull(property);
+        } catch (Exception e) {
+            e.printStackTrace();
+            fail();
+        }
+
+    }
+
     protected void setUp() throws Exception {
         ConfigurationManager.clearConfigurationProviders();
         ConfigurationManager.addConfigurationProvider(new MockConfigurationProvider());