Skip to content

Commit

Permalink
Fixes #258 - SpringStandardDialect doesn't allow to use custom IStand…
Browse files Browse the repository at this point in the history 
…ardConversionService
  • Loading branch information
@danielfernandez
danielfernandez committed Nov 28, 2021
1 parent 4a04e37 commit fa85d69
Show file tree
Hide file tree
Showing 6 changed files with 21 additions and 12 deletions.
1 change: 1 addition & 0 deletions thymeleaf-spring3/ChangeLog.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
======
- Fixed CVE-2021-43466: Specific scenarios in template injection may lead to remote code execution.
- Fixed incorrect double-unescaping of request parameters breaking processing of forms during restricted mode checks.
- Fixed SpringStandardDialect not allowing the use of a custom IStandardConversionService.


3.0.12
Expand Down
10 changes: 6 additions & 4 deletions thymeleaf-spring3/src/main/java/org/thymeleaf/spring3/dialect/SpringStandardDialect.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,10 +92,6 @@ public class SpringStandardDialect extends StandardDialect {
private boolean renderHiddenMarkersBeforeCheckboxes = DEFAULT_RENDER_HIDDEN_MARKERS_BEFORE_CHECKBOXES;


// These variables will be initialized lazily following the model applied in the extended StandardDialect.
private IExpressionObjectFactory expressionObjectFactory = null;
private IStandardConversionService conversionService = null;




Expand Down Expand Up @@ -174,6 +170,12 @@ public IStandardVariableExpressionEvaluator getVariableExpressionEvaluator() {
return SPELVariableExpressionEvaluator.INSTANCE;
}

@Override
public void setVariableExpressionEvaluator(final IStandardVariableExpressionEvaluator variableExpressionEvaluator) {
throw new UnsupportedOperationException(
"Variable Expression Evaluator cannot be modified in SpringStandardDialect");
}



@Override
Expand Down
1 change: 1 addition & 0 deletions thymeleaf-spring4/ChangeLog.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
======
- Fixed CVE-2021-43466: Specific scenarios in template injection may lead to remote code execution.
- Fixed incorrect double-unescaping of request parameters breaking processing of forms during restricted mode checks.
- Fixed SpringStandardDialect not allowing the use of a custom IStandardConversionService.


3.0.12
Expand Down
10 changes: 6 additions & 4 deletions thymeleaf-spring4/src/main/java/org/thymeleaf/spring4/dialect/SpringStandardDialect.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,10 +96,6 @@ public class SpringStandardDialect extends StandardDialect {
private boolean renderHiddenMarkersBeforeCheckboxes = DEFAULT_RENDER_HIDDEN_MARKERS_BEFORE_CHECKBOXES;


// These variables will be initialized lazily following the model applied in the extended StandardDialect.
private IExpressionObjectFactory expressionObjectFactory = null;
private IStandardConversionService conversionService = null;



public SpringStandardDialect() {
Expand Down Expand Up @@ -231,6 +227,12 @@ public IStandardVariableExpressionEvaluator getVariableExpressionEvaluator() {
return SPELVariableExpressionEvaluator.INSTANCE;
}

@Override
public void setVariableExpressionEvaluator(final IStandardVariableExpressionEvaluator variableExpressionEvaluator) {
throw new UnsupportedOperationException(
"Variable Expression Evaluator cannot be modified in SpringStandardDialect");
}



@Override
Expand Down
1 change: 1 addition & 0 deletions thymeleaf-spring5/ChangeLog.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
======
- Fixed CVE-2021-43466: Specific scenarios in template injection may lead to remote code execution.
- Fixed incorrect double-unescaping of request parameters breaking processing of forms during restricted mode checks.
- Fixed SpringStandardDialect not allowing the use of a custom IStandardConversionService.


3.0.12
Expand Down
10 changes: 6 additions & 4 deletions thymeleaf-spring5/src/main/java/org/thymeleaf/spring5/dialect/SpringStandardDialect.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -114,10 +114,6 @@ public class SpringStandardDialect extends StandardDialect {
private static final String WEB_SESSION_EXECUTION_ATTRIBUTE_NAME =
"ThymeleafReactiveModelAdditions:" + SpringContextUtils.WEB_SESSION_ATTRIBUTE_NAME;

// These variables will be initialized lazily following the model applied in the extended StandardDialect.
private IExpressionObjectFactory expressionObjectFactory = null;
private IStandardConversionService conversionService = null;




Expand Down Expand Up @@ -286,6 +282,12 @@ public IStandardVariableExpressionEvaluator getVariableExpressionEvaluator() {
return SPELVariableExpressionEvaluator.INSTANCE;
}

@Override
public void setVariableExpressionEvaluator(final IStandardVariableExpressionEvaluator variableExpressionEvaluator) {
throw new UnsupportedOperationException(
"Variable Expression Evaluator cannot be modified in SpringStandardDialect");
}



@Override
Expand Down

0 comments on commit fa85d69

Please sign in to comment.