cvs commit: jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler JspRuntimeContext.java

Sat, 08 Mar 2003 06:18:35 -0800 

glenn       2003/03/08 06:19:48

  Modified:    jasper2/src/share/org/apache/jasper/compiler Tag:
                        tomcat_4_branch JspRuntimeContext.java
  Log:
  Fix bug #17775
  
  Make sure web applications are granted a FilePermission to
  read the web application context directory in addition to
  its contents.
  
  Minor refactoring and cleanup of code for adding FilePermission's.
  
  Revision  Changes    Path
  No                   revision
  
  
  No                   revision
  
  
  1.4.2.5   +24 -12    
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspRuntimeContext.java
  
  Index: JspRuntimeContext.java
  ===================================================================
  RCS file: 
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspRuntimeContext.java,v
  retrieving revision 1.4.2.4
  retrieving revision 1.4.2.5
  diff -u -r1.4.2.4 -r1.4.2.5
  --- JspRuntimeContext.java    28 Dec 2002 01:46:59 -0000      1.4.2.4
  +++ JspRuntimeContext.java    8 Mar 2003 14:19:48 -0000       1.4.2.5
  @@ -373,25 +373,37 @@
                   if( docBase == null ) {
                       docBase = options.getScratchDir().toString();
                   }
  -                if (!docBase.endsWith(File.separator)){
  -                    docBase = docBase + File.separator;
  +                String codeBase = docBase;
  +                if (!codeBase.endsWith(File.separator)){
  +                    codeBase = codeBase + File.separator;
                   }
  -                File contextDir = new File(docBase);
  +                File contextDir = new File(codeBase);
                   URL url = contextDir.getCanonicalFile().toURL();
                   codeSource = new CodeSource(url,null);
                   permissionCollection = policy.getPermissions(codeSource);
   
                   // Create a file read permission for web app context directory
  +                if (!docBase.endsWith(File.separator)){
  +                    permissionCollection.add
  +                        (new FilePermission(docBase,"read"));
  +                    docBase = docBase + File.separator;
  +                } else {
  +                    permissionCollection.add
  +                        (new FilePermission
  +                            (docBase.substring(0,docBase.length() - 1),"read"));
  +                }
                   docBase = docBase + "-";
                   permissionCollection.add(new FilePermission(docBase,"read"));
   
  -                // Create a file read permission for web app tempdir (work) 
directory
  +                // Create a file read permission for web app tempdir (work)
  +                // directory
                   String workDir = options.getScratchDir().toString();
  -                if (workDir.endsWith(File.separator)) {
  -                    workDir = workDir + "-";
  -                } else {
  -                    workDir = workDir + File.separator + "-";
  +                if (!workDir.endsWith(File.separator)){
  +                    permissionCollection.add
  +                        (new FilePermission(workDir,"read"));
  +                    workDir = workDir + File.separator;
                   }
  +                workDir = workDir + "-";
                   permissionCollection.add(new FilePermission(workDir,"read"));
   
                   // Allow the JSP to access org.apache.jasper.runtime.HttpJspBase
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to