Author: jleroux
Date: Tue Mar 12 08:29:37 2019
New Revision: 1855287
URL:
http://svn.apache.org/viewvc?rev=1855287&view=revLog:
Improved: Improve ObjectInputStream class
(OFBIZ-10837)
The white list was still not complete as reported by Rohit at OFBIZ-10573
This adds FlexibleStringExpander
It seems the warning in SafeObjectInputStream::resolveClass is not enough.
Anyway I'll not change it.
Thanks: Rohit Koushal
Modified:
ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilObject.java
Modified: ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilObject.java
URL:
http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilObject.java?rev=1855287&r1=1855286&r2=1855287&view=diff==============================================================================
--- ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilObject.java (original)
+++ ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilObject.java Tue Mar 12 08:29:37 2019
@@ -142,8 +142,9 @@ public final class UtilObject {
try (ByteArrayInputStream bis = new ByteArrayInputStream(bytes);
SafeObjectInputStream wois = new SafeObjectInputStream(bis,
Thread.currentThread().getContextClassLoader(),
- java.util.Arrays.asList("byte\\[\\]", "Number", "Long", "foo", "SerializationInjector", "java.util.HashMap", "Boolean", "Number", "Integer"));
- ) { // byte[] used in EntityCrypto::doDecrypt, all others used in UtilObjectTests::testGetObject
+ java.util.Arrays.asList("byte\\[\\]", "Number", "Long", "foo", "SerializationInjector",
+ "java.util.HashMap", "Boolean", "Number", "Integer", "FlexibleStringExpander"));) {
+ // byte[] used in EntityCrypto::doDecrypt, all others used in UtilObjectTests::testGetObject
return wois.readObject();
}
}
Locked
