remm 00/11/10 10:33:48
Modified: catalina/src/share/org/apache/catalina/servlets
DefaultServlet.java
Log:
- Fix for a security problem in the default configuration. The DefaultServlet
(and WebdavServlet) were set in read-write mode unless the readonly
parameter was explicitely specified in the web.xml (and obviously that's NOT
a good idea).
Revision Changes Path
1.14 +6 -5
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/servlets/DefaultServlet.java
Index: DefaultServlet.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/servlets/DefaultServlet.java,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- DefaultServlet.java 2000/11/09 18:56:10 1.13
+++ DefaultServlet.java 2000/11/10 18:33:48 1.14
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/servlets/DefaultServlet.java,v
1.13 2000/11/09 18:56:10 remm Exp $
- * $Revision: 1.13 $
- * $Date: 2000/11/09 18:56:10 $
+ * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/servlets/DefaultServlet.java,v
1.14 2000/11/10 18:33:48 remm Exp $
+ * $Revision: 1.14 $
+ * $Date: 2000/11/10 18:33:48 $
*
* ====================================================================
*
@@ -112,7 +112,7 @@
*
* @author Craig R. McClanahan
* @author Remy Maucherat
- * @version $Revision: 1.13 $ $Date: 2000/11/09 18:56:10 $
+ * @version $Revision: 1.14 $ $Date: 2000/11/10 18:33:48 $
*/
public class DefaultServlet
@@ -233,7 +233,8 @@
}
try {
value = getServletConfig().getInitParameter("readonly");
- readOnly = (new Boolean(value)).booleanValue();
+ if (value != null)
+ readOnly = (new Boolean(value)).booleanValue();
} catch (Throwable t) {
;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]