Author: markt
Date: Fri Jun 19 13:03:42 2009
New Revision: 786490
URL: http://svn.apache.org/viewvc?rev=786490&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=38352
The JSPLoader needs to have read/write permission to the context's temp
directory, as per the spec.
Modified:
tomcat/trunk/java/org/apache/jasper/compiler/JspRuntimeContext.java
Modified: tomcat/trunk/java/org/apache/jasper/compiler/JspRuntimeContext.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/compiler/JspRuntimeContext.java?rev=786490&r1=786489&r2=786490&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/jasper/compiler/JspRuntimeContext.java
(original)
+++ tomcat/trunk/java/org/apache/jasper/compiler/JspRuntimeContext.java Fri Jun
19 13:03:42 2009
@@ -394,16 +394,19 @@
docBase = docBase + "-";
permissionCollection.add(new FilePermission(docBase,"read"));
- // Create a file read permission for web app tempdir (work)
- // directory
+ // Spec says apps should have read/write for their temp
+ // directory. This is fine, as no security sensitive files, at
+ // least any that the app doesn't have full control of anyway,
+ // will be written here.
String workDir = options.getScratchDir().toString();
if (!workDir.endsWith(File.separator)){
permissionCollection.add
- (new FilePermission(workDir,"read"));
+ (new FilePermission(workDir,"read,write"));
workDir = workDir + File.separator;
}
workDir = workDir + "-";
- permissionCollection.add(new FilePermission(workDir,"read"));
+ permissionCollection.add(new FilePermission(
+ workDir,"read,write,delete"));
// Allow the JSP to access
org.apache.jasper.runtime.HttpJspBase
permissionCollection.add( new RuntimePermission(
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
