Author: markt Date: Fri Sep 17 11:05:39 2010 New Revision: 998071 URL: http://svn.apache.org/viewvc?rev=998071&view=rev Log: Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=49909 Re-enable JSTL. This was a regression in the fix for bz 47950
Modified: tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoader.java tomcat/trunk/webapps/docs/changelog.xml Modified: tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoader.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoader.java?rev=998071&r1=998070&r2=998071&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoader.java (original) +++ tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoader.java Fri Sep 17 11:05:39 2010 @@ -3217,7 +3217,7 @@ public class WebappClassLoader /** * Validate a classname. As per SRV.9.7.2, we must restrict loading of - * classes from J2SE (java.*) and classes of the servlet API + * classes from J2SE (java.*) and most classes of the servlet API * (javax.servlet.*). That should enhance robustness and prevent a number * of user error (where an older version of servlet.jar would be present * in /WEB-INF/lib). @@ -3227,13 +3227,25 @@ public class WebappClassLoader */ protected boolean validate(String name) { - if (name == null) + // Need to be careful with order here + if (name == null) { + // Can't load a class without a name return false; - if (name.startsWith("java.")) + } + if (name.startsWith("java.")) { + // Must never load java.* classes return false; - if (name.startsWith("javax.servlet.")) + } + if (name.startsWith("javax.servlet.jsp.jstl")) { + // OK for web apps to package JSTL + return true; + } + if (name.startsWith("javax.servlet.")) { + // Web apps should never package any other Servlet or JSP classes return false; + } + // Assume everything else is OK return true; } Modified: tomcat/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=998071&r1=998070&r2=998071&view=diff ============================================================================== --- tomcat/trunk/webapps/docs/changelog.xml (original) +++ tomcat/trunk/webapps/docs/changelog.xml Fri Sep 17 11:05:39 2010 @@ -140,7 +140,10 @@ and Contexts via JMX from a minimal server.xml that contains only a Server element. Based on a patch by Chamith Buddhika. (markt) </fix> - + <fix> + <bug>49909</bug>: Fix a regression introduced with the fix for + <bug>47950</bug> that prevented JSTL classes being loaded. (markt) + </fix> </changelog> </subsection> <subsection name="Coyote"> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org