kusalk commented on code in PR #664:
URL: https://github.com/apache/struts/pull/664#discussion_r1122578610
##########
core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java:
##########
@@ -95,6 +96,12 @@ public boolean isAccessible(Map context, Object target,
Member member, String pr
LOG.debug("Checking access for [target: {}, member: {}, property:
{}]", target, member, propertyName);
final int memberModifiers = member.getModifiers();
+ final Class<?> memberClass = member.getDeclaringClass();
+ // target can be null in case of accessing static fields, since OGNL
3.2.8
+ final Class<?> targetClass = Modifier.isStatic(memberModifiers) ?
memberClass : target.getClass();
+ if (!memberClass.isAssignableFrom(targetClass)) {
Review Comment:
Added some validation here and in `#isPackageExcluded` to ensure unit tests
made sense
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
