glenn 2003/03/08 06:19:48 Modified: jasper2/src/share/org/apache/jasper/compiler Tag: tomcat_4_branch JspRuntimeContext.java Log: Fix bug #17775 Make sure web applications are granted a FilePermission to read the web application context directory in addition to its contents. Minor refactoring and cleanup of code for adding FilePermission's. Revision Changes Path No revision No revision 1.4.2.5 +24 -12 jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspRuntimeContext.java Index: JspRuntimeContext.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspRuntimeContext.java,v retrieving revision 1.4.2.4 retrieving revision 1.4.2.5 diff -u -r1.4.2.4 -r1.4.2.5 --- JspRuntimeContext.java 28 Dec 2002 01:46:59 -0000 1.4.2.4 +++ JspRuntimeContext.java 8 Mar 2003 14:19:48 -0000 1.4.2.5 @@ -373,25 +373,37 @@ if( docBase == null ) { docBase = options.getScratchDir().toString(); } - if (!docBase.endsWith(File.separator)){ - docBase = docBase + File.separator; + String codeBase = docBase; + if (!codeBase.endsWith(File.separator)){ + codeBase = codeBase + File.separator; } - File contextDir = new File(docBase); + File contextDir = new File(codeBase); URL url = contextDir.getCanonicalFile().toURL(); codeSource = new CodeSource(url,null); permissionCollection = policy.getPermissions(codeSource); // Create a file read permission for web app context directory + if (!docBase.endsWith(File.separator)){ + permissionCollection.add + (new FilePermission(docBase,"read")); + docBase = docBase + File.separator; + } else { + permissionCollection.add + (new FilePermission + (docBase.substring(0,docBase.length() - 1),"read")); + } docBase = docBase + "-"; permissionCollection.add(new FilePermission(docBase,"read")); - // Create a file read permission for web app tempdir (work) directory + // Create a file read permission for web app tempdir (work) + // directory String workDir = options.getScratchDir().toString(); - if (workDir.endsWith(File.separator)) { - workDir = workDir + "-"; - } else { - workDir = workDir + File.separator + "-"; + if (!workDir.endsWith(File.separator)){ + permissionCollection.add + (new FilePermission(workDir,"read")); + workDir = workDir + File.separator; } + workDir = workDir + "-"; permissionCollection.add(new FilePermission(workDir,"read")); // Allow the JSP to access org.apache.jasper.runtime.HttpJspBase
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]