From 288834e1e235e35daf06d664ceebb837b933a40b Mon Sep 17 00:00:00 2001
From: hns <hannesw@gmail.com>
Date: Sun, 20 May 2001 18:07:48 +0000
Subject: [PATCH] disallow calling methods declared in java.lang.Object via the
 introspection invocation code.

---
 src/helma/xmlrpc/XmlRpcServer.java | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/helma/xmlrpc/XmlRpcServer.java b/src/helma/xmlrpc/XmlRpcServer.java
index e8d52adb..8182049c 100644
--- a/src/helma/xmlrpc/XmlRpcServer.java
+++ b/src/helma/xmlrpc/XmlRpcServer.java
@@ -263,7 +263,11 @@ class Invoker implements XmlRpcHandler {
 	catch (SecurityException s_e){			
 	    throw s_e;
 	}
-					
+
+	// our policy is to make all public methods callable except the ones defined in java.lang.Object
+	if (method.getDeclaringClass () == Class.forName ("java.lang.Object"))
+	    throw new XmlRpcException (0, "Invoker can't call methods defined in java.lang.Object");
+
 	// invoke
 	Object returnValue = null;
 	try {