Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[WW-4620] Improve XWorkListPropertyAccessor to against DOS attack #105

Merged
merged 2 commits into from
Aug 30, 2016
Merged

[WW-4620] Improve XWorkListPropertyAccessor to against DOS attack #105

merged 2 commits into from
Aug 30, 2016

Conversation

quaff
Copy link
Contributor

@quaff quaff commented Jun 28, 2016

No description provided.

aleksandr-m
aleksandr-m reviewed Jun 28, 2016
View reviewed changes
core/src/main/java/com/opensymphony/xwork2/ognl/accessor/XWorkListPropertyAccessor.java
@@ -36,6 +36,7 @@
* this class will create the necessary blank JavaBeans.
*
* @author Gabriel Zimmerman
* @author Yanming Zhou <zhouyanming@gmail.com>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please remove author tag. In general you should refrain from doing so. Why? Because.

lukaszlenart
lukaszlenart reviewed Jul 15, 2016
View reviewed changes
core/src/main/java/com/opensymphony/xwork2/ognl/accessor/XWorkListPropertyAccessor.java
@@ -45,6 +45,12 @@
private ObjectFactory objectFactory;
private ObjectTypeDeterminer objectTypeDeterminer;
private OgnlUtil ognlUtil;
private int autoGrowCollectionLimit = 255;

@Inject(value="java.util.Collection.autoGrowCollectionLimit", required = false)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it a predefined constant? I mean, does it exist somewhere?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It doesn't exists anywhere else.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm... I would add struts. prefix, though. The name suggests that it is something Java specific.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's OK.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's OK.

Do you mean you will change this?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I changed it with prefix "xwork"

@lukaszlenart
Copy link
Member

ping :)

@quaff
Rename constants name use prefix "xwork"
c7fdf7f 
I think prefix "xwork" better than "struts"
@asfgit asfgit merged commit c7fdf7f into apache:master Aug 30, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@quaff @lukaszlenart @aleksandr-m @asfgit