Fix backwards-compatibility issue introduced with PR#59/#60 #67
Conversation
|
I'm not sure if this a good solution, OGNL shouldn't have such control flags and as far I recall this will be the first flag ever. |
|
Hello @lukaszlenart . If using a control flag for the behaviour is not desirable, what do you think about a "partial return" to the original behaviour when dealing with Such a scheme would have a couple of advantages:
Tradeoffs:
I could amend this commit to match the above so that you can take a look. Would you like this PR to be an example of that strategy instead ? |
JCgH4164838Gh792C124B5
force-pushed
the
localOGNL_3_1B1
branch
from
e3a01ff to
3939c61
Compare
|
Hello. |
|
Nice work, looks far better 👍 |
I tested it, it is ok 👍 . |
|
|
||
| if (!Modifier.isStatic(f.getModifiers())) |
There was a problem hiding this comment.
Hello @aleksandr-m .
It was just a minor optimization (equivalent to one already used in OgnlRuntime) to replace two calls to f.getModifiers():
.. if (!Modifier.isStatic(f.getModifiers())) / result = Modifier.isFinal(f.getModifiers());
with a single call/assignment for the field modifiers fModifiers = f.getModifiers():
.. if (!Modifier.isStatic(fModifiers)) / result = Modifier.isFinal(fModifiers).
There was a problem hiding this comment.
getModifiers() is just a getter it is ok to use it directly. If you want to keep fModifiers then declaration and assignment can be moved to the same line, currently it looks very odd.
There was a problem hiding this comment.
Hello @aleksandr-m .
Thanks for the feed-back and suggestion.
The declaration/assignment for fModifiers has been moved to the same line in both modules (and the declaration of one variable moved closer to its usage point). Hopefully it looks a little cleaner now ?
…(2nd amendment to previous commit) - Restored original behaviour when accessing public static fields (backwards-compatible). - Retained previous PR's access-controlled access to non-public static fields. - Restored unit tests to original structure (indicating this PR does not break PR#59/orphan-oss#60 features). - Adjusted declaration/assignment variables for 2 modules following feedback.
JCgH4164838Gh792C124B5
force-pushed
the
localOGNL_3_1B1
branch
from
3939c61 to
c793add
Compare
|
Looks good. 👍 |
|
Ok, no objections so let's merge and release a new version :) |
|
What do you think about putting this back in OGNL 3.2.x (checking access to static fields) and add an additional flag to Struts 2.6 to enable/disable such checking in |
|
Hello @lukaszlenart . I guess the question for OGNL 3.2.x is whether it is preferable to:
Choice 1) would be more consistent (as 3.2.7/earlier also provided that behaviour), but choice 2) would provide more "fine-grained" control over access. I'll put together a PR matching choice 1 for now and it can be accepted/rejected depending on what direction you (and others) think it should go. An additional flag or flag(s) in Struts 2.6 to enable/disable checks in |
|
I opt for 2) - I prefer to control access, we can then consider adding a flag or not. |
|
Hello @lukaszlenart . OK, sounds good. In that case doesn't that mean that the current access check flows for the OGNL 3.2.x code should remain in place (as with 3.2.8+), if I'm understanding correctly ? If so, then maybe the only things that could change would be updates to ASTStaticField and OgnlRuntime that restore the type-of-exception thrown if the field is non-static (throw |
|
Yes, you are right. I would like to keep the checks in place in case of OGNL 3.2.x. I think throwing |
Fix backwards-compatibility issue introduced with PR#59/#60
context).