Here is the changed version:
http://cr.openjdk.java.net/~uta/openjdk-webrevs/JDK-8016046/webrev.01/
On 6/7/2013 8:02 PM, Alan Bateman wrote:
On 07/06/2013 10:02, Alexey Utkin wrote:
Hi,
Please review the fix.
Bug description:
http://bugs.sun.com/view_bug.do?bug_id=8016046
https://jbs.oracle.com/bugs/browse/JDK-8016046
The suggested fix:
http://cr.openjdk.java.net/~uta/openjdk-webrevs/JDK-8016046/webrev.00/
Summary:
In absence of the Security Manager the verification procedure for
the command-line was restored as before the JDK-8012453 fix. That
suggests the ability of inline input/output redirection, piping,
simultaneous launching of several programs by single command, lost
spaces and etc.
The extended verification procedure is activated in presence of the
Security Manager or installing to "false" the
"jdk.lang.Process.allowAmbiguousCommands" Java property.
Given 15 years of sloppy usage of Runtime.exec on Windows then it was
always going to be difficult to switch to tighter checking by default.
So I think the solution is right and keeps existing code working. I
also agree that it's useful to have a property to opt-in to get
property checking of the input.
So the changes looks good to me. A minor comment on the test but in
checkOut then it could use Files.notExists. It would be useful to
expand the @bug to include the new bug ID too.
Done.
Regards,
-uta
