Author: markt Date: Wed Nov 9 11:50:47 2005 New Revision: 332127 URL: http://svn.apache.org/viewcvs?rev=332127&view=rev Log: Fix bug 37150. Turn off directory listings by default and add a warning to the docs.
Modified: tomcat/container/tc5.5.x/catalina/src/conf/web.xml tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/servlets/DefaultServlet.java tomcat/container/tc5.5.x/webapps/docs/changelog.xml tomcat/container/tc5.5.x/webapps/docs/default-servlet.xml Modified: tomcat/container/tc5.5.x/catalina/src/conf/web.xml URL: http://svn.apache.org/viewcvs/tomcat/container/tc5.5.x/catalina/src/conf/web.xml?rev=332127&r1=332126&r2=332127&view=diff ============================================================================== --- tomcat/container/tc5.5.x/catalina/src/conf/web.xml (original) +++ tomcat/container/tc5.5.x/catalina/src/conf/web.xml Wed Nov 9 11:50:47 2005 @@ -34,7 +34,10 @@ <!-- resources to be served. [2048] --> <!-- --> <!-- listings Should directory listings be produced if there --> - <!-- is no welcome file in this directory? [true] --> + <!-- is no welcome file in this directory? [false] --> + <!-- WARNING: Listings for directories with many --> + <!-- entries can be slow and may consume --> + <!-- significant proportions of server resources. --> <!-- --> <!-- output Output buffer size (in bytes) when writing --> <!-- resources to be served. [2048] --> @@ -74,7 +77,7 @@ </init-param> <init-param> <param-name>listings</param-name> - <param-value>true</param-value> + <param-value>false</param-value> </init-param> <load-on-startup>1</load-on-startup> </servlet> Modified: tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/servlets/DefaultServlet.java URL: http://svn.apache.org/viewcvs/tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/servlets/DefaultServlet.java?rev=332127&r1=332126&r2=332127&view=diff ============================================================================== --- tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/servlets/DefaultServlet.java (original) +++ tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/servlets/DefaultServlet.java Wed Nov 9 11:50:47 2005 @@ -94,7 +94,7 @@ /** * Should we generate directory listings? */ - protected boolean listings = true; + protected boolean listings = false; /** Modified: tomcat/container/tc5.5.x/webapps/docs/changelog.xml URL: http://svn.apache.org/viewcvs/tomcat/container/tc5.5.x/webapps/docs/changelog.xml?rev=332127&r1=332126&r2=332127&view=diff ============================================================================== --- tomcat/container/tc5.5.x/webapps/docs/changelog.xml (original) +++ tomcat/container/tc5.5.x/webapps/docs/changelog.xml Wed Nov 9 11:50:47 2005 @@ -64,6 +64,10 @@ <bug>37264</bug>: JNDI resources were no longer available when stopping listeners, submitted by Bogdan Calmac (remm) </fix> + <fix> + <bug>37150</bug>: Turn off directory listing by default and add a warning + regarding enabling listing of directories with many entries. (markt) + </fix> </changelog> </subsection> <subsection name="Coyote"> Modified: tomcat/container/tc5.5.x/webapps/docs/default-servlet.xml URL: http://svn.apache.org/viewcvs/tomcat/container/tc5.5.x/webapps/docs/default-servlet.xml?rev=332127&r1=332126&r2=332127&view=diff ============================================================================== --- tomcat/container/tc5.5.x/webapps/docs/default-servlet.xml (original) +++ tomcat/container/tc5.5.x/webapps/docs/default-servlet.xml Wed Nov 9 11:50:47 2005 @@ -89,6 +89,10 @@ value may be <b>true</b> or <b>false</b> <br /> Welcome files are part of the servlet api. + <br /> + <b>WARNING:</b> Listings of directories containing many entries are + expensive. Multiple requests for large directory listings can consume + significant proportions of server resources. </td> </tr> <tr> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]