Author: markt
Date: Thu Apr 6 20:44:24 2017
New Revision: 1790460
URL: http://svn.apache.org/viewvc?rev=1790460&view=rev
Log:
Remove unnecessary privileged block from getAttributesScope.
I can't see anything in doGetAttributeScope that would trigger a security check.
Modified:
tomcat/trunk/java/org/apache/jasper/runtime/PageContextImpl.java
tomcat/trunk/java/org/apache/jasper/security/SecurityClassLoad.java
Modified: tomcat/trunk/java/org/apache/jasper/runtime/PageContextImpl.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/runtime/PageContextImpl.java?rev=1790460&r1=1790459&r2=1790460&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/jasper/runtime/PageContextImpl.java (original)
+++ tomcat/trunk/java/org/apache/jasper/runtime/PageContextImpl.java Thu Apr 6
20:44:24 2017
@@ -347,29 +347,16 @@ public class PageContextImpl extends Pag
public int getAttributesScope(final String name) {
if (name == null) {
- throw new NullPointerException(Localizer
- .getMessage("jsp.error.attribute.null_name"));
+ throw new
NullPointerException(Localizer.getMessage("jsp.error.attribute.null_name"));
}
- if (SecurityUtil.isPackageProtectionEnabled()) {
- return (AccessController
- .doPrivileged(new PrivilegedAction<Integer>() {
- @Override
- public Integer run() {
- return Integer.valueOf(doGetAttributeScope(name));
- }
- })).intValue();
- } else {
- return doGetAttributeScope(name);
- }
- }
-
- private int doGetAttributeScope(String name) {
- if (attributes.get(name) != null)
+ if (attributes.get(name) != null) {
return PAGE_SCOPE;
+ }
- if (request.getAttribute(name) != null)
+ if (request.getAttribute(name) != null) {
return REQUEST_SCOPE;
+ }
if (session != null) {
try {
@@ -381,8 +368,9 @@ public class PageContextImpl extends Pag
}
}
- if (context.getAttribute(name) != null)
+ if (context.getAttribute(name) != null) {
return APPLICATION_SCOPE;
+ }
return 0;
}
Modified: tomcat/trunk/java/org/apache/jasper/security/SecurityClassLoad.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/security/SecurityClassLoad.java?rev=1790460&r1=1790459&r2=1790460&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/jasper/security/SecurityClassLoad.java
(original)
+++ tomcat/trunk/java/org/apache/jasper/security/SecurityClassLoad.java Thu Apr
6 20:44:24 2017
@@ -56,7 +56,6 @@ public final class SecurityClassLoad {
loader.loadClass( basePackage + "runtime.PageContextImpl$3");
loader.loadClass( basePackage + "runtime.PageContextImpl$4");
loader.loadClass( basePackage + "runtime.PageContextImpl$5");
- loader.loadClass( basePackage + "runtime.PageContextImpl$6");
loader.loadClass( basePackage + "runtime.JspContextWrapper");
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
