Skip to content

Commit fa85d69

Browse files
danielfernandezdanielfernandez
committed
Fixes #258 - SpringStandardDialect doesn't allow to use custom IStandardConversionService
1 parent 4a04e37 commit fa85d69

File tree

6 files changed

+21
-12
lines changed

6 files changed

+21
-12
lines changed

thymeleaf-spring3/ChangeLog.txt

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@
22
======
33
- Fixed CVE-2021-43466: Specific scenarios in template injection may lead to remote code execution.
44
- Fixed incorrect double-unescaping of request parameters breaking processing of forms during restricted mode checks.
5+
- Fixed SpringStandardDialect not allowing the use of a custom IStandardConversionService.
56

67

78
3.0.12

thymeleaf-spring3/src/main/java/org/thymeleaf/spring3/dialect/SpringStandardDialect.java

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -92,10 +92,6 @@ public class SpringStandardDialect extends StandardDialect {
9292
private boolean renderHiddenMarkersBeforeCheckboxes = DEFAULT_RENDER_HIDDEN_MARKERS_BEFORE_CHECKBOXES;
9393

9494

95-
// These variables will be initialized lazily following the model applied in the extended StandardDialect.
96-
private IExpressionObjectFactory expressionObjectFactory = null;
97-
private IStandardConversionService conversionService = null;
98-
9995

10096

10197

@@ -174,6 +170,12 @@ public IStandardVariableExpressionEvaluator getVariableExpressionEvaluator() {
174170
return SPELVariableExpressionEvaluator.INSTANCE;
175171
}
176172

173+
@Override
174+
public void setVariableExpressionEvaluator(final IStandardVariableExpressionEvaluator variableExpressionEvaluator) {
175+
throw new UnsupportedOperationException(
176+
"Variable Expression Evaluator cannot be modified in SpringStandardDialect");
177+
}
178+
177179

178180

179181
@Override

thymeleaf-spring4/ChangeLog.txt

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@
22
======
33
- Fixed CVE-2021-43466: Specific scenarios in template injection may lead to remote code execution.
44
- Fixed incorrect double-unescaping of request parameters breaking processing of forms during restricted mode checks.
5+
- Fixed SpringStandardDialect not allowing the use of a custom IStandardConversionService.
56

67

78
3.0.12

thymeleaf-spring4/src/main/java/org/thymeleaf/spring4/dialect/SpringStandardDialect.java

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -96,10 +96,6 @@ public class SpringStandardDialect extends StandardDialect {
9696
private boolean renderHiddenMarkersBeforeCheckboxes = DEFAULT_RENDER_HIDDEN_MARKERS_BEFORE_CHECKBOXES;
9797

9898

99-
// These variables will be initialized lazily following the model applied in the extended StandardDialect.
100-
private IExpressionObjectFactory expressionObjectFactory = null;
101-
private IStandardConversionService conversionService = null;
102-
10399

104100

105101
public SpringStandardDialect() {
@@ -231,6 +227,12 @@ public IStandardVariableExpressionEvaluator getVariableExpressionEvaluator() {
231227
return SPELVariableExpressionEvaluator.INSTANCE;
232228
}
233229

230+
@Override
231+
public void setVariableExpressionEvaluator(final IStandardVariableExpressionEvaluator variableExpressionEvaluator) {
232+
throw new UnsupportedOperationException(
233+
"Variable Expression Evaluator cannot be modified in SpringStandardDialect");
234+
}
235+
234236

235237

236238
@Override

thymeleaf-spring5/ChangeLog.txt

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@
22
======
33
- Fixed CVE-2021-43466: Specific scenarios in template injection may lead to remote code execution.
44
- Fixed incorrect double-unescaping of request parameters breaking processing of forms during restricted mode checks.
5+
- Fixed SpringStandardDialect not allowing the use of a custom IStandardConversionService.
56

67

78
3.0.12

thymeleaf-spring5/src/main/java/org/thymeleaf/spring5/dialect/SpringStandardDialect.java

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -114,10 +114,6 @@ public class SpringStandardDialect extends StandardDialect {
114114
private static final String WEB_SESSION_EXECUTION_ATTRIBUTE_NAME =
115115
"ThymeleafReactiveModelAdditions:" + SpringContextUtils.WEB_SESSION_ATTRIBUTE_NAME;
116116

117-
// These variables will be initialized lazily following the model applied in the extended StandardDialect.
118-
private IExpressionObjectFactory expressionObjectFactory = null;
119-
private IStandardConversionService conversionService = null;
120-
121117

122118

123119

@@ -286,6 +282,12 @@ public IStandardVariableExpressionEvaluator getVariableExpressionEvaluator() {
286282
return SPELVariableExpressionEvaluator.INSTANCE;
287283
}
288284

285+
@Override
286+
public void setVariableExpressionEvaluator(final IStandardVariableExpressionEvaluator variableExpressionEvaluator) {
287+
throw new UnsupportedOperationException(
288+
"Variable Expression Evaluator cannot be modified in SpringStandardDialect");
289+
}
290+
289291

290292

291293
@Override

0 commit comments

Comments
 (0)