From fa85d699c40635b07a68e0423b145b9b53707563 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Fern=C3=A1ndez?= Date: Sun, 28 Nov 2021 02:41:53 +0100 Subject: [PATCH] Fixes thymeleaf/thymeleaf-spring#258 - SpringStandardDialect doesn't allow to use custom IStandardConversionService --- thymeleaf-spring3/ChangeLog.txt | 1 + .../spring3/dialect/SpringStandardDialect.java | 10 ++++++---- thymeleaf-spring4/ChangeLog.txt | 1 + .../spring4/dialect/SpringStandardDialect.java | 10 ++++++---- thymeleaf-spring5/ChangeLog.txt | 1 + .../spring5/dialect/SpringStandardDialect.java | 10 ++++++---- 6 files changed, 21 insertions(+), 12 deletions(-) diff --git a/thymeleaf-spring3/ChangeLog.txt b/thymeleaf-spring3/ChangeLog.txt index 06a3af01..c1ddaa98 100755 --- a/thymeleaf-spring3/ChangeLog.txt +++ b/thymeleaf-spring3/ChangeLog.txt @@ -2,6 +2,7 @@ ====== - Fixed CVE-2021-43466: Specific scenarios in template injection may lead to remote code execution. - Fixed incorrect double-unescaping of request parameters breaking processing of forms during restricted mode checks. +- Fixed SpringStandardDialect not allowing the use of a custom IStandardConversionService. 3.0.12 diff --git a/thymeleaf-spring3/src/main/java/org/thymeleaf/spring3/dialect/SpringStandardDialect.java b/thymeleaf-spring3/src/main/java/org/thymeleaf/spring3/dialect/SpringStandardDialect.java index 79b9812a..fb139d71 100755 --- a/thymeleaf-spring3/src/main/java/org/thymeleaf/spring3/dialect/SpringStandardDialect.java +++ b/thymeleaf-spring3/src/main/java/org/thymeleaf/spring3/dialect/SpringStandardDialect.java @@ -92,10 +92,6 @@ public class SpringStandardDialect extends StandardDialect { private boolean renderHiddenMarkersBeforeCheckboxes = DEFAULT_RENDER_HIDDEN_MARKERS_BEFORE_CHECKBOXES; - // These variables will be initialized lazily following the model applied in the extended StandardDialect. - private IExpressionObjectFactory expressionObjectFactory = null; - private IStandardConversionService conversionService = null; - @@ -174,6 +170,12 @@ public IStandardVariableExpressionEvaluator getVariableExpressionEvaluator() { return SPELVariableExpressionEvaluator.INSTANCE; } + @Override + public void setVariableExpressionEvaluator(final IStandardVariableExpressionEvaluator variableExpressionEvaluator) { + throw new UnsupportedOperationException( + "Variable Expression Evaluator cannot be modified in SpringStandardDialect"); + } + @Override diff --git a/thymeleaf-spring4/ChangeLog.txt b/thymeleaf-spring4/ChangeLog.txt index bc4a5190..b3e59bcb 100755 --- a/thymeleaf-spring4/ChangeLog.txt +++ b/thymeleaf-spring4/ChangeLog.txt @@ -2,6 +2,7 @@ ====== - Fixed CVE-2021-43466: Specific scenarios in template injection may lead to remote code execution. - Fixed incorrect double-unescaping of request parameters breaking processing of forms during restricted mode checks. +- Fixed SpringStandardDialect not allowing the use of a custom IStandardConversionService. 3.0.12 diff --git a/thymeleaf-spring4/src/main/java/org/thymeleaf/spring4/dialect/SpringStandardDialect.java b/thymeleaf-spring4/src/main/java/org/thymeleaf/spring4/dialect/SpringStandardDialect.java index 15710fcc..4a2943db 100755 --- a/thymeleaf-spring4/src/main/java/org/thymeleaf/spring4/dialect/SpringStandardDialect.java +++ b/thymeleaf-spring4/src/main/java/org/thymeleaf/spring4/dialect/SpringStandardDialect.java @@ -96,10 +96,6 @@ public class SpringStandardDialect extends StandardDialect { private boolean renderHiddenMarkersBeforeCheckboxes = DEFAULT_RENDER_HIDDEN_MARKERS_BEFORE_CHECKBOXES; - // These variables will be initialized lazily following the model applied in the extended StandardDialect. - private IExpressionObjectFactory expressionObjectFactory = null; - private IStandardConversionService conversionService = null; - public SpringStandardDialect() { @@ -231,6 +227,12 @@ public IStandardVariableExpressionEvaluator getVariableExpressionEvaluator() { return SPELVariableExpressionEvaluator.INSTANCE; } + @Override + public void setVariableExpressionEvaluator(final IStandardVariableExpressionEvaluator variableExpressionEvaluator) { + throw new UnsupportedOperationException( + "Variable Expression Evaluator cannot be modified in SpringStandardDialect"); + } + @Override diff --git a/thymeleaf-spring5/ChangeLog.txt b/thymeleaf-spring5/ChangeLog.txt index 8ea511aa..bc5a27ae 100755 --- a/thymeleaf-spring5/ChangeLog.txt +++ b/thymeleaf-spring5/ChangeLog.txt @@ -2,6 +2,7 @@ ====== - Fixed CVE-2021-43466: Specific scenarios in template injection may lead to remote code execution. - Fixed incorrect double-unescaping of request parameters breaking processing of forms during restricted mode checks. +- Fixed SpringStandardDialect not allowing the use of a custom IStandardConversionService. 3.0.12 diff --git a/thymeleaf-spring5/src/main/java/org/thymeleaf/spring5/dialect/SpringStandardDialect.java b/thymeleaf-spring5/src/main/java/org/thymeleaf/spring5/dialect/SpringStandardDialect.java index ea898927..c16bfdab 100755 --- a/thymeleaf-spring5/src/main/java/org/thymeleaf/spring5/dialect/SpringStandardDialect.java +++ b/thymeleaf-spring5/src/main/java/org/thymeleaf/spring5/dialect/SpringStandardDialect.java @@ -114,10 +114,6 @@ public class SpringStandardDialect extends StandardDialect { private static final String WEB_SESSION_EXECUTION_ATTRIBUTE_NAME = "ThymeleafReactiveModelAdditions:" + SpringContextUtils.WEB_SESSION_ATTRIBUTE_NAME; - // These variables will be initialized lazily following the model applied in the extended StandardDialect. - private IExpressionObjectFactory expressionObjectFactory = null; - private IStandardConversionService conversionService = null; - @@ -286,6 +282,12 @@ public IStandardVariableExpressionEvaluator getVariableExpressionEvaluator() { return SPELVariableExpressionEvaluator.INSTANCE; } + @Override + public void setVariableExpressionEvaluator(final IStandardVariableExpressionEvaluator variableExpressionEvaluator) { + throw new UnsupportedOperationException( + "Variable Expression Evaluator cannot be modified in SpringStandardDialect"); + } + @Override