Andrew McIntyre <[EMAIL PROTECTED]> writes: > On 2/6/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: >> Author: djd >> Date: Tue Feb 6 20:15:59 2007 >> New Revision: 504430 >> >> URL: http://svn.apache.org/viewvc?view=rev&rev=504430 >> Log: >> Fix security bug in JDBCDisplayUtil where system properties were accessed >> through >> Boolean.getBoolean() without being wrapped in a privileged block. >> >> </snip> >> >> + >> + /** >> + * Get an ij boolean system property. >> + * >> + * @param name name of the property >> + */ >> + private static boolean getSystemBoolean(final String name) { >> + >> + return ((boolean) ((Boolean) AccessController >> + .doPrivileged(new java.security.PrivilegedAction() { >> + >> + public Object run() { >> + return Boolean.valueOf(Boolean.getBoolean(name)); >> + >> + } >> + >> + })).booleanValue()); >> + } >> } > > I'm getting an error compiling JDBCDisplayUtil after this update: > > [javac] > /Users/andrewm/eclipse_ws/derby_trunk/java/tools/org/apache/derby/tools/JDBCDisplayUtil.java:1220: > valueOf(java.lang.String) in java.lang.Boolean cannot be applied to > (boolean) > [javac] return > Boolean.valueOf(Boolean.getBoolean(name));
I'm also getting this error. I think Boolean.valueOf(boolean) was added in Java 1.4, but JDBCDisplayUtil is compiled with 1.3. I checked in a fix with revision 504454. -- Knut Anders
