Author: kkolinko
Date: Wed Jan 29 21:19:57 2014
New Revision: 1562597
URL: http://svn.apache.org/r1562597
Log:
Make the xmlBlockExternal option in Catalina and Jasper to be true by default.
Modified:
tomcat/trunk/java/org/apache/catalina/core/StandardContext.java
tomcat/trunk/java/org/apache/jasper/JspC.java
tomcat/trunk/java/org/apache/jasper/compiler/ImplicitTagLibraryInfo.java
tomcat/trunk/java/org/apache/jasper/compiler/JspDocumentParser.java
tomcat/trunk/java/org/apache/jasper/compiler/TagPluginManager.java
tomcat/trunk/java/org/apache/jasper/compiler/TldCache.java
tomcat/trunk/java/org/apache/jasper/servlet/JasperInitializer.java
tomcat/trunk/java/org/apache/jasper/servlet/JspCServletContext.java
tomcat/trunk/webapps/docs/changelog.xml
tomcat/trunk/webapps/docs/config/context.xml
tomcat/trunk/webapps/docs/security-howto.xml
Modified: tomcat/trunk/java/org/apache/catalina/core/StandardContext.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/core/StandardContext.java?rev=1562597&r1=1562596&r2=1562597&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/core/StandardContext.java (original)
+++ tomcat/trunk/java/org/apache/catalina/core/StandardContext.java Wed Jan 29
21:19:57 2014
@@ -675,7 +675,7 @@ public class StandardContext extends Con
/**
* Attribute used to turn on/off the use of external entities.
*/
- private boolean xmlBlockExternal = Globals.IS_SECURITY_ENABLED;
+ private boolean xmlBlockExternal = true;
/**
Modified: tomcat/trunk/java/org/apache/jasper/JspC.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/JspC.java?rev=1562597&r1=1562596&r2=1562597&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/jasper/JspC.java (original)
+++ tomcat/trunk/java/org/apache/jasper/JspC.java Wed Jan 29 21:19:57 2014
@@ -135,6 +135,7 @@ public class JspC extends Task implement
protected static final String SWITCH_DUMP_SMAP = "-dumpsmap";
protected static final String SWITCH_VALIDATE_TLD = "-validateTld";
protected static final String SWITCH_BLOCK_EXTERNAL = "-blockExternal";
+ protected static final String SWITCH_NO_BLOCK_EXTERNAL =
"-no-blockExternal";
protected static final String SHOW_SUCCESS ="-s";
protected static final String LIST_ERRORS = "-l";
protected static final int INC_WEBXML = 10;
@@ -166,7 +167,7 @@ public class JspC extends Task implement
protected boolean trimSpaces = false;
protected boolean genStringAsCharArray = false;
protected boolean validateTld;
- protected boolean blockExternal;
+ protected boolean blockExternal = true;
protected boolean xpoweredBy;
protected boolean mappedFile = false;
protected boolean poolingEnabled = true;
@@ -377,6 +378,8 @@ public class JspC extends Task implement
setValidateTld(true);
} else if (tok.equals(SWITCH_BLOCK_EXTERNAL)) {
setBlockExternal(true);
+ } else if (tok.equals(SWITCH_NO_BLOCK_EXTERNAL)) {
+ setBlockExternal(false);
} else {
if (tok.startsWith("-")) {
throw new JasperException("Unrecognized option: " + tok +
@@ -1452,9 +1455,8 @@ public class JspC extends Task implement
if (isValidateTld()) {
context.setInitParameter(Constants.XML_VALIDATION_TLD_INIT_PARAM,
"true");
}
- if (isBlockExternal()) {
- context.setInitParameter(Constants.XML_BLOCK_EXTERNAL_INIT_PARAM,
"true");
- }
+ context.setInitParameter(Constants.XML_BLOCK_EXTERNAL_INIT_PARAM,
+ String.valueOf(isBlockExternal()));
TldScanner scanner = new TldScanner(
context, true, isValidateTld(), isBlockExternal());
Modified:
tomcat/trunk/java/org/apache/jasper/compiler/ImplicitTagLibraryInfo.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/compiler/ImplicitTagLibraryInfo.java?rev=1562597&r1=1562596&r2=1562597&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/jasper/compiler/ImplicitTagLibraryInfo.java
(original)
+++ tomcat/trunk/java/org/apache/jasper/compiler/ImplicitTagLibraryInfo.java
Wed Jan 29 21:19:57 2014
@@ -128,7 +128,7 @@ class ImplicitTagLibraryInfo extends Tag
Constants.XML_BLOCK_EXTERNAL_INIT_PARAM);
boolean blockExternal;
if (blockExternalString == null) {
- blockExternal = Constants.IS_SECURITY_ENABLED;
+ blockExternal = true;
} else {
blockExternal =
Boolean.parseBoolean(blockExternalString);
}
Modified: tomcat/trunk/java/org/apache/jasper/compiler/JspDocumentParser.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/compiler/JspDocumentParser.java?rev=1562597&r1=1562596&r2=1562597&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/jasper/compiler/JspDocumentParser.java
(original)
+++ tomcat/trunk/java/org/apache/jasper/compiler/JspDocumentParser.java Wed Jan
29 21:19:57 2014
@@ -129,7 +129,7 @@ class JspDocumentParser
Constants.XML_BLOCK_EXTERNAL_INIT_PARAM);
boolean blockExternal;
if (blockExternalString == null) {
- blockExternal = Constants.IS_SECURITY_ENABLED;
+ blockExternal = true;
} else {
blockExternal = Boolean.parseBoolean(blockExternalString);
}
Modified: tomcat/trunk/java/org/apache/jasper/compiler/TagPluginManager.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/compiler/TagPluginManager.java?rev=1562597&r1=1562596&r2=1562597&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/jasper/compiler/TagPluginManager.java
(original)
+++ tomcat/trunk/java/org/apache/jasper/compiler/TagPluginManager.java Wed Jan
29 21:19:57 2014
@@ -66,7 +66,7 @@ public class TagPluginManager {
Constants.XML_BLOCK_EXTERNAL_INIT_PARAM);
boolean blockExternal;
if (blockExternalString == null) {
- blockExternal = Constants.IS_SECURITY_ENABLED;
+ blockExternal = true;
} else {
blockExternal = Boolean.parseBoolean(blockExternalString);
}
Modified: tomcat/trunk/java/org/apache/jasper/compiler/TldCache.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/compiler/TldCache.java?rev=1562597&r1=1562596&r2=1562597&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/jasper/compiler/TldCache.java (original)
+++ tomcat/trunk/java/org/apache/jasper/compiler/TldCache.java Wed Jan 29
21:19:57 2014
@@ -78,7 +78,7 @@ public class TldCache {
Constants.XML_BLOCK_EXTERNAL_INIT_PARAM);
boolean blockExternal;
if (blockExternalString == null) {
- blockExternal = Constants.IS_SECURITY_ENABLED;
+ blockExternal = true;
} else {
blockExternal = Boolean.parseBoolean(blockExternalString);
}
Modified: tomcat/trunk/java/org/apache/jasper/servlet/JasperInitializer.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/servlet/JasperInitializer.java?rev=1562597&r1=1562596&r2=1562597&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/jasper/servlet/JasperInitializer.java
(original)
+++ tomcat/trunk/java/org/apache/jasper/servlet/JasperInitializer.java Wed Jan
29 21:19:57 2014
@@ -84,7 +84,7 @@ public class JasperInitializer implement
Constants.XML_BLOCK_EXTERNAL_INIT_PARAM);
boolean blockExternal;
if (blockExternalString == null) {
- blockExternal = Constants.IS_SECURITY_ENABLED;
+ blockExternal = true;
} else {
blockExternal = Boolean.parseBoolean(blockExternalString);
}
Modified: tomcat/trunk/java/org/apache/jasper/servlet/JspCServletContext.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/servlet/JspCServletContext.java?rev=1562597&r1=1562596&r2=1562597&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/jasper/servlet/JspCServletContext.java
(original)
+++ tomcat/trunk/java/org/apache/jasper/servlet/JspCServletContext.java Wed Jan
29 21:19:57 2014
@@ -136,7 +136,7 @@ public class JspCServletContext implemen
Constants.XML_BLOCK_EXTERNAL_INIT_PARAM);
boolean blockExternal;
if (blockExternalString == null) {
- blockExternal = Constants.IS_SECURITY_ENABLED;
+ blockExternal = true;
} else {
blockExternal = Boolean.parseBoolean(blockExternalString);
}
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1562597&r1=1562596&r2=1562597&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Wed Jan 29 21:19:57 2014
@@ -45,6 +45,14 @@
issues to not "pop up" wrt. others).
-->
<section name="Tomcat 8.0.1 (markt)">
+ <subsection name="Catalina">
+ <changelog>
+ <fix>
+ Change default value of <code>xmlBlockExternal</code> attribute of
+ Context. It is <code>true</code> now. (kkolinko)
+ </fix>
+ </changelog>
+ </subsection>
<subsection name="Coyote">
<changelog>
<fix>
@@ -53,6 +61,16 @@
</fix>
</changelog>
</subsection>
+ <subsection name="Jasper">
+ <changelog>
+ <fix>
+ Change default value of the <code>blockExternal</code> attribute of
+ JspC task. The default value is <code>true</code>. Add support for
+ <code>-no-blockExternal</code> switch when JspC is run as a
+ standalone application. (kkolinko)
+ </fix>
+ </changelog>
+ </subsection>
<subsection name="WebSocket">
<changelog>
<fix>
Modified: tomcat/trunk/webapps/docs/config/context.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/context.xml?rev=1562597&r1=1562596&r2=1562597&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/context.xml (original)
+++ tomcat/trunk/webapps/docs/config/context.xml Wed Jan 29 21:19:57 2014
@@ -538,9 +538,8 @@
<code>web.xml</code>, <code>web-fragment.xml</code>,
<code>*.tld</code>,
<code>*.jspx</code>, <code>*.tagx</code> and
<code>tagPlugins.xml</code>
files for this web application will not permit external entities to be
- loaded. If a <code>SecurityManager</code> is configured then the
default
- value of this attribute will be <code>true</code>, else the default
- value will be <code>false</code>.</p>
+ loaded. If not specified, the default value of <code>true</code> will
+ be used.</p>
</attribute>
<attribute name="xmlNamespaceAware" required="false">
Modified: tomcat/trunk/webapps/docs/security-howto.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/security-howto.xml?rev=1562597&r1=1562596&r2=1562597&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/security-howto.xml (original)
+++ tomcat/trunk/webapps/docs/security-howto.xml Wed Jan 29 21:19:57 2014
@@ -179,9 +179,6 @@
<ul>
<li>The default value for the <strong>deployXML</strong> attribute of the
<strong>Host</strong> element is changed to <code>false</code>.</li>
- <li>The default value for the <strong>xmlBlockExternal</strong> attribute
- of the <strong>Context</strong> element is changed to <code>true</code>.
- </li>
</ul>
</section>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
