cvs commit: xml-axis/java/src/org/apache/axis/transport/http AxisServlet.java

Fri, 08 Mar 2002 08:14:23 -0800 

gdaniels    02/03/08 08:32:04

  Modified:    java/src/org/apache/axis/transport/http AxisServlet.java
  Log:
  Fix for fault code equality check,  submitted by Adam Leggett.
  
  Also remove print of configPath, which is a small but real security
  hole (gives away absolute paths on server).
  
  Revision  Changes    Path
  1.88      +4 -2      
xml-axis/java/src/org/apache/axis/transport/http/AxisServlet.java
  
  Index: AxisServlet.java
  ===================================================================
  RCS file: 
/home/cvs/xml-axis/java/src/org/apache/axis/transport/http/AxisServlet.java,v
  retrieving revision 1.87
  retrieving revision 1.88
  diff -u -r1.87 -r1.88
  --- AxisServlet.java  27 Feb 2002 18:29:35 -0000      1.87
  +++ AxisServlet.java  8 Mar 2002 16:32:04 -0000       1.88
  @@ -359,7 +359,6 @@
                       res.setContentType("text/html");
                       writer.println("<h1>" + req.getRequestURI() +
                               "</h1>");
  -                    writer.println(configPath);
                       writer.println(
                               "<p>" +
                               JavaUtils.getMessage("axisService00") + "</p>");
  @@ -548,7 +547,10 @@
               log.debug(e);
               if ( e instanceof AxisFault ) {
                   AxisFault  af = (AxisFault) e ;
  -                if ( "Server.Unauthorized".equals( af.getFaultCode() ) )
  +                // Should really be doing this with explicit AxisFault
  +                // sublcasses... --Glen
  +                if ( "Server.Unauthorized".equals(
  +                        af.getFaultCode().getLocalPart() ) )
                       res.setStatus( HttpServletResponse.SC_UNAUTHORIZED );
                   else
                       res.setStatus( HttpServletResponse.SC_INTERNAL_SERVER_ERROR );

Reply via email to