Uploaded image for project: 'Commons OGNL (Dormant)'
  1. Commons OGNL (Dormant)
  2. OGNL-146

Ognl.setValue() does not perform access checks when setting fields

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • None
    • PropertyAccessors
    • None

    Description

      Each of OgnlRuntime.getMethodValue(), OgnlRuntime.setMethodValue(), OgnlRuntime.getFieldValue() have an overload that indicates whether to check access using the context's MemberAccess. But OgnlRuntime.setFieldValue() does not have this overload, and never performs any access check. Thus, ObjectPropertyAccessor.setPossibleProperty() will not honour the MemberAccess when setting the value of a member field.

      AFAICT this bug is still in the CVS head.

      Attachments

        Activity

          People

            jkuhnert Jesse Kuhnert
            gbmvdd Warn that this is public during the signup process
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated: