svn commit: r786490 - /tomcat/trunk/java/org/apache/jasper/compiler/JspRuntimeContext.java

Fri, 19 Jun 2009 06:04:10 -0700 

Author: markt
Date: Fri Jun 19 13:03:42 2009
New Revision: 786490

URL: http://svn.apache.org/viewvc?rev=786490&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=38352
The JSPLoader needs to have read/write permission to the context's temp 
directory, as per the spec.

Modified:
    tomcat/trunk/java/org/apache/jasper/compiler/JspRuntimeContext.java

Modified: tomcat/trunk/java/org/apache/jasper/compiler/JspRuntimeContext.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/compiler/JspRuntimeContext.java?rev=786490&r1=786489&r2=786490&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/jasper/compiler/JspRuntimeContext.java 
(original)
+++ tomcat/trunk/java/org/apache/jasper/compiler/JspRuntimeContext.java Fri Jun 
19 13:03:42 2009
@@ -394,16 +394,19 @@
                 docBase = docBase + "-";
                 permissionCollection.add(new FilePermission(docBase,"read"));
 
-                // Create a file read permission for web app tempdir (work)
-                // directory
+                // Spec says apps should have read/write for their temp
+                // directory. This is fine, as no security sensitive files, at
+                // least any that the app doesn't have full control of anyway,
+                // will be written here.
                 String workDir = options.getScratchDir().toString();
                 if (!workDir.endsWith(File.separator)){
                     permissionCollection.add
-                        (new FilePermission(workDir,"read"));
+                        (new FilePermission(workDir,"read,write"));
                     workDir = workDir + File.separator;
                 }
                 workDir = workDir + "-";
-                permissionCollection.add(new FilePermission(workDir,"read"));
+                permissionCollection.add(new FilePermission(
+                        workDir,"read,write,delete"));
 
                 // Allow the JSP to access 
org.apache.jasper.runtime.HttpJspBase
                 permissionCollection.add( new RuntimePermission(



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to