Author: kkolinko
Date: Wed Feb 5 12:43:49 2014
New Revision: 1564747
URL: http://svn.apache.org/r1564747
Log:
Merged revisions r1562597,r1564742-r1564746 from tomcat/trunk:
Make the xmlBlockExternal option in Catalina and Jasper to be true by default.
Modified:
tomcat/tc7.0.x/trunk/ (props changed)
tomcat/tc7.0.x/trunk/java/org/apache/catalina/core/ApplicationContext.java
tomcat/tc7.0.x/trunk/java/org/apache/catalina/core/StandardContext.java
tomcat/tc7.0.x/trunk/java/org/apache/jasper/JspC.java
tomcat/tc7.0.x/trunk/java/org/apache/jasper/compiler/ImplicitTagLibraryInfo.java
tomcat/tc7.0.x/trunk/java/org/apache/jasper/compiler/JspConfig.java
tomcat/tc7.0.x/trunk/java/org/apache/jasper/compiler/JspDocumentParser.java
tomcat/tc7.0.x/trunk/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java
tomcat/tc7.0.x/trunk/java/org/apache/jasper/compiler/TagPluginManager.java
tomcat/tc7.0.x/trunk/java/org/apache/jasper/compiler/TldLocationsCache.java
tomcat/tc7.0.x/trunk/test/org/apache/catalina/core/TesterContext.java
tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
tomcat/tc7.0.x/trunk/webapps/docs/config/context.xml
tomcat/tc7.0.x/trunk/webapps/docs/security-howto.xml
Propchange: tomcat/tc7.0.x/trunk/
------------------------------------------------------------------------------
Merged /tomcat/trunk:r1562597,1564742-1564746
Modified:
tomcat/tc7.0.x/trunk/java/org/apache/catalina/core/ApplicationContext.java
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/core/ApplicationContext.java?rev=1564747&r1=1564746&r2=1564747&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/catalina/core/ApplicationContext.java
(original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/core/ApplicationContext.java
Wed Feb 5 12:43:49 2014
@@ -325,9 +325,7 @@ public class ApplicationContext
return "true";
}
if (Globals.JASPER_XML_BLOCK_EXTERNAL_INIT_PARAM.equals(name)) {
- if (context.getXmlBlockExternal()) {
- return "true";
- } else if (Globals.IS_SECURITY_ENABLED) {
+ if (!context.getXmlBlockExternal()) {
// System admin has explicitly changed the default
return "false";
}
@@ -349,7 +347,7 @@ public class ApplicationContext
if (context.getTldValidation()) {
names.add(Globals.JASPER_XML_VALIDATION_TLD_INIT_PARAM);
}
- if (context.getXmlBlockExternal() || Globals.IS_SECURITY_ENABLED) {
+ if (!context.getXmlBlockExternal()) {
names.add(Globals.JASPER_XML_BLOCK_EXTERNAL_INIT_PARAM);
}
return Collections.enumeration(names);
Modified:
tomcat/tc7.0.x/trunk/java/org/apache/catalina/core/StandardContext.java
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/core/StandardContext.java?rev=1564747&r1=1564746&r2=1564747&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/catalina/core/StandardContext.java
(original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/core/StandardContext.java Wed
Feb 5 12:43:49 2014
@@ -700,7 +700,7 @@ public class StandardContext extends Con
/**
* Attribute used to turn on/off the use of external entities.
*/
- private boolean xmlBlockExternal = Globals.IS_SECURITY_ENABLED;
+ private boolean xmlBlockExternal = true;
/**
Modified: tomcat/tc7.0.x/trunk/java/org/apache/jasper/JspC.java
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/jasper/JspC.java?rev=1564747&r1=1564746&r2=1564747&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/jasper/JspC.java (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/jasper/JspC.java Wed Feb 5 12:43:49
2014
@@ -128,6 +128,7 @@ public class JspC extends Task implement
protected static final String SWITCH_DUMP_SMAP = "-dumpsmap";
protected static final String SWITCH_VALIDATE_TLD = "-validateTld";
protected static final String SWITCH_BLOCK_EXTERNAL = "-blockExternal";
+ protected static final String SWITCH_NO_BLOCK_EXTERNAL =
"-no-blockExternal";
protected static final String SHOW_SUCCESS ="-s";
protected static final String LIST_ERRORS = "-l";
protected static final int INC_WEBXML = 10;
@@ -159,7 +160,7 @@ public class JspC extends Task implement
protected boolean trimSpaces = false;
protected boolean genStringAsCharArray = false;
protected boolean validateTld;
- protected boolean blockExternal;
+ protected boolean blockExternal = true;
protected boolean xpoweredBy;
protected boolean mappedFile = false;
protected boolean poolingEnabled = true;
@@ -371,6 +372,8 @@ public class JspC extends Task implement
setValidateTld(true);
} else if (tok.equals(SWITCH_BLOCK_EXTERNAL)) {
setBlockExternal(true);
+ } else if (tok.equals(SWITCH_NO_BLOCK_EXTERNAL)) {
+ setBlockExternal(false);
} else {
if (tok.startsWith("-")) {
throw new JasperException("Unrecognized option: " + tok +
@@ -1447,9 +1450,8 @@ public class JspC extends Task implement
if (isValidateTld()) {
context.setInitParameter(Constants.XML_VALIDATION_TLD_INIT_PARAM,
"true");
}
- if (isBlockExternal()) {
- context.setInitParameter(Constants.XML_BLOCK_EXTERNAL_INIT_PARAM,
"true");
- }
+ context.setInitParameter(Constants.XML_BLOCK_EXTERNAL_INIT_PARAM,
+ String.valueOf(isBlockExternal()));
rctxt = new JspRuntimeContext(context, this);
jspConfig = new JspConfig(context);
Modified:
tomcat/tc7.0.x/trunk/java/org/apache/jasper/compiler/ImplicitTagLibraryInfo.java
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/jasper/compiler/ImplicitTagLibraryInfo.java?rev=1564747&r1=1564746&r2=1564747&view=diff
==============================================================================
---
tomcat/tc7.0.x/trunk/java/org/apache/jasper/compiler/ImplicitTagLibraryInfo.java
(original)
+++
tomcat/tc7.0.x/trunk/java/org/apache/jasper/compiler/ImplicitTagLibraryInfo.java
Wed Feb 5 12:43:49 2014
@@ -134,7 +134,7 @@ class ImplicitTagLibraryInfo extends Tag
Constants.XML_BLOCK_EXTERNAL_INIT_PARAM);
boolean blockExternal;
if (blockExternalString == null) {
- blockExternal = Constants.IS_SECURITY_ENABLED;
+ blockExternal = true;
} else {
blockExternal =
Boolean.parseBoolean(blockExternalString);
}
Modified: tomcat/tc7.0.x/trunk/java/org/apache/jasper/compiler/JspConfig.java
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/jasper/compiler/JspConfig.java?rev=1564747&r1=1564746&r2=1564747&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/jasper/compiler/JspConfig.java
(original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/jasper/compiler/JspConfig.java Wed Feb
5 12:43:49 2014
@@ -84,7 +84,7 @@ public class JspConfig {
ctxt.getInitParameter(Constants.XML_BLOCK_EXTERNAL_INIT_PARAM);
boolean blockExternal;
if (blockExternalString == null) {
- blockExternal = Constants.IS_SECURITY_ENABLED;
+ blockExternal = true;
} else {
blockExternal = Boolean.parseBoolean(blockExternalString);
}
Modified:
tomcat/tc7.0.x/trunk/java/org/apache/jasper/compiler/JspDocumentParser.java
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/jasper/compiler/JspDocumentParser.java?rev=1564747&r1=1564746&r2=1564747&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/jasper/compiler/JspDocumentParser.java
(original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/jasper/compiler/JspDocumentParser.java
Wed Feb 5 12:43:49 2014
@@ -129,7 +129,7 @@ class JspDocumentParser
Constants.XML_BLOCK_EXTERNAL_INIT_PARAM);
boolean blockExternal;
if (blockExternalString == null) {
- blockExternal = Constants.IS_SECURITY_ENABLED;
+ blockExternal = true;
} else {
blockExternal = Boolean.parseBoolean(blockExternalString);
}
Modified:
tomcat/tc7.0.x/trunk/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java?rev=1564747&r1=1564746&r2=1564747&view=diff
==============================================================================
---
tomcat/tc7.0.x/trunk/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java
(original)
+++
tomcat/tc7.0.x/trunk/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java
Wed Feb 5 12:43:49 2014
@@ -221,7 +221,7 @@ class TagLibraryInfoImpl extends TagLibr
Constants.XML_BLOCK_EXTERNAL_INIT_PARAM);
boolean blockExternal;
if (blockExternalString == null) {
- blockExternal = Constants.IS_SECURITY_ENABLED;
+ blockExternal = true;
} else {
blockExternal = Boolean.parseBoolean(blockExternalString);
}
Modified:
tomcat/tc7.0.x/trunk/java/org/apache/jasper/compiler/TagPluginManager.java
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/jasper/compiler/TagPluginManager.java?rev=1564747&r1=1564746&r2=1564747&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/jasper/compiler/TagPluginManager.java
(original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/jasper/compiler/TagPluginManager.java
Wed Feb 5 12:43:49 2014
@@ -124,7 +124,7 @@ public class TagPluginManager {
Constants.XML_BLOCK_EXTERNAL_INIT_PARAM);
boolean blockExternal;
if (blockExternalString == null) {
- blockExternal = Constants.IS_SECURITY_ENABLED;
+ blockExternal = true;
} else {
blockExternal = Boolean.parseBoolean(blockExternalString);
}
Modified:
tomcat/tc7.0.x/trunk/java/org/apache/jasper/compiler/TldLocationsCache.java
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/jasper/compiler/TldLocationsCache.java?rev=1564747&r1=1564746&r2=1564747&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/jasper/compiler/TldLocationsCache.java
(original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/jasper/compiler/TldLocationsCache.java
Wed Feb 5 12:43:49 2014
@@ -293,7 +293,7 @@ public class TldLocationsCache {
Constants.XML_BLOCK_EXTERNAL_INIT_PARAM);
boolean blockExternal;
if (blockExternalString == null) {
- blockExternal = Constants.IS_SECURITY_ENABLED;
+ blockExternal = true;
} else {
blockExternal = Boolean.parseBoolean(blockExternalString);
}
@@ -512,7 +512,7 @@ public class TldLocationsCache {
Constants.XML_BLOCK_EXTERNAL_INIT_PARAM);
boolean blockExternal;
if (blockExternalString == null) {
- blockExternal = Constants.IS_SECURITY_ENABLED;
+ blockExternal = true;
} else {
blockExternal = Boolean.parseBoolean(blockExternalString);
}
Modified: tomcat/tc7.0.x/trunk/test/org/apache/catalina/core/TesterContext.java
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/test/org/apache/catalina/core/TesterContext.java?rev=1564747&r1=1564746&r2=1564747&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/test/org/apache/catalina/core/TesterContext.java
(original)
+++ tomcat/tc7.0.x/trunk/test/org/apache/catalina/core/TesterContext.java Wed
Feb 5 12:43:49 2014
@@ -637,7 +637,7 @@ public class TesterContext implements Co
@Override
public boolean getXmlBlockExternal() {
- return false;
+ return true;
}
@Override
Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1564747&r1=1564746&r2=1564747&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Wed Feb 5 12:43:49 2014
@@ -141,6 +141,10 @@
deployment descriptor and with annotation then the one specified in the
web deployment descriptor is with priority. (violetagg)
</fix>
+ <fix>
+ Change default value of <code>xmlBlockExternal</code> attribute of
+ Context. It is <code>true</code> now. (kkolinko)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
@@ -204,6 +208,12 @@
<fix>
Correct several errors in jspxml Schema and DTD. (kkolinko)
</fix>
+ <fix>
+ Change default value of the <code>blockExternal</code> attribute of
+ JspC task. The default value is <code>true</code>. Add support for
+ <code>-no-blockExternal</code> switch when JspC is run as a
+ standalone application. (kkolinko)
+ </fix>
</changelog>
</subsection>
<subsection name="Cluster">
Modified: tomcat/tc7.0.x/trunk/webapps/docs/config/context.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/config/context.xml?rev=1564747&r1=1564746&r2=1564747&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/config/context.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/config/context.xml Wed Feb 5 12:43:49
2014
@@ -538,9 +538,8 @@
<code>web.xml</code>, <code>web-fragment.xml</code>,
<code>*.tld</code>,
<code>*.jspx</code>, <code>*.tagx</code> and
<code>tagPlugins.xml</code>
files for this web application will not permit external entities to be
- loaded. If a <code>SecurityManager</code> is configured then the
default
- value of this attribute will be <code>true</code>, else the default
- value will be <code>false</code>.</p>
+ loaded. If not specified, the default value of <code>true</code> will
+ be used.</p>
</attribute>
<attribute name="xmlNamespaceAware" required="false">
Modified: tomcat/tc7.0.x/trunk/webapps/docs/security-howto.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/security-howto.xml?rev=1564747&r1=1564746&r2=1564747&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/security-howto.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/security-howto.xml Wed Feb 5 12:43:49
2014
@@ -179,9 +179,6 @@
<ul>
<li>The default value for the <strong>deployXML</strong> attribute of the
<strong>Host</strong> element is changed to <code>false</code>.</li>
- <li>The default value for the <strong>xmlBlockExternal</strong> attribute
- of the <strong>Context</strong> element is changed to <code>true</code>.
- </li>
</ul>
</section>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
