Skip to content

Commit

Permalink
Fix backwards-compatibility issue introduced with PR#59/#60 (2nd amen…
Browse files Browse the repository at this point in the history 
…dment to previous commit)

- Restored original behaviour when accessing public static fields (backwards-compatible).
- Retained previous PR's access-controlled access to non-public static fields.
- Restored unit tests to original structure (indicating this PR does not break PR#59/#60 features).
- Adjusted declaration/assignment variables for 2 modules following feedback.
  • Loading branch information
@JCgH4164838Gh792C124B5
JCgH4164838Gh792C124B5 committed Jan 24, 2019
1 parent 1e48c3e commit c793add
Show file tree
Hide file tree
Showing 2 changed files with 34 additions and 18 deletions.
16 changes: 11 additions & 5 deletions src/java/ognl/ASTStaticField.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,15 +89,21 @@ public boolean isNodeConstant(OgnlContext context)
result = true;
} else
{
Field f = OgnlRuntime.getField(c, fieldName);
if (f == null) {
throw new NoSuchFieldException(fieldName);
Field f;
try {
f = c.getField(fieldName); // Public fields checked first (direct)
} catch (NoSuchFieldException nsfe) {
f = OgnlRuntime.getField(c, fieldName); // Non-public fields checked (access controlled)
if (f == null) {
throw new NoSuchFieldException(fieldName);
}
}
final int fModifiers = f.getModifiers();

if (!Modifier.isStatic(f.getModifiers()))
if (!Modifier.isStatic(fModifiers))
throw new OgnlException("Field " + fieldName + " of class " + className + " is not static");

result = Modifier.isFinal(f.getModifiers());
result = Modifier.isFinal(fModifiers);
}
} catch (ClassNotFoundException e) {
reason = e;
Expand Down
36 changes: 23 additions & 13 deletions src/java/ognl/OgnlRuntime.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2099,24 +2099,34 @@ public static Object getStaticField(OgnlContext context, String className, Strin
}
}

final Field f = getField(c, fieldName);
if (f == null) {
throw new NoSuchFieldException(fieldName);
Field f;
try {
f = c.getField(fieldName); // Public fields checked first (direct)
} catch (NoSuchFieldException nsfe) {
f = OgnlRuntime.getField(c, fieldName); // Non-public fields checked (access controlled)
if (f == null) {
throw new NoSuchFieldException(fieldName);
}
}
if (!Modifier.isStatic(f.getModifiers())) {
final int fModifiers = f.getModifiers();
if (!Modifier.isStatic(fModifiers)) {
throw new OgnlException("Field " + fieldName + " of class " + className + " is not static");
}
final Object result;

Object result = null;
if (context.getMemberAccess().isAccessible(context, null, f, null)) {
final Object state = context.getMemberAccess().setup(context, null, f, null);
try {
result = f.get(null);
} finally {
context.getMemberAccess().restore(context, null, f, null, state);
}
if (Modifier.isPublic(fModifiers)) {
result = f.get(null); // Valid static public field (no access check required)
} else {
throw new IllegalAccessException("Access to " + fieldName + " of class " + className + " is forbidden");
if (context.getMemberAccess().isAccessible(context, null, f, null)) {
final Object state = context.getMemberAccess().setup(context, null, f, null);
try {
result = f.get(null);
} finally {
context.getMemberAccess().restore(context, null, f, null, state);
}
} else {
throw new IllegalAccessException("Access to " + fieldName + " of class " + className + " is forbidden");
}
}

return result;
Expand Down

0 comments on commit c793add

Please sign in to comment.