markt 2004/11/19 12:52:02
Modified: catalina/src/share/org/apache/catalina/core
StandardContext.java
catalina/src/share/org/apache/catalina/mbeans
mbeans-descriptors.xml
webapps/tomcat-docs/config context.xml resources.xml
Log:
Fix bug 21818. allowLinking now remembered across web app reload.
Also remembers caseSensitive, cached, and cacheTTL. Added new
attributes to docs.
- based a Remy's patch for a similar issue in TC5
Revision Changes Path
1.126 +80 -2
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core/StandardContext.java
Index: StandardContext.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core/StandardContext.java,v
retrieving revision 1.125
retrieving revision 1.126
diff -u -r1.125 -r1.126
--- StandardContext.java 26 Aug 2004 21:32:20 -0000 1.125
+++ StandardContext.java 19 Nov 2004 20:52:02 -0000 1.126
@@ -134,7 +134,6 @@
*/
private boolean available = false;
-
/**
* The Locale to character set mapper for this application.
*/
@@ -417,6 +416,24 @@
/**
+ * Case sensitivity.
+ */
+ protected boolean caseSensitive = true;
+
+
+ /**
+ * Allow linking.
+ */
+ protected boolean allowLinking = false;
+
+
+ /**
+ * Cache TTL in ms.
+ */
+ protected int cacheTTL = 5000;
+
+
+ /**
* Caching allowed flag.
*/
protected boolean cachingAllowed = true;
@@ -427,6 +444,7 @@
*/
protected DirContext webappResources = null;
+
// ----------------------------------------------------- Context
Properties
@@ -447,6 +465,55 @@
}
+
+ /**
+ * Set case sensitivity.
+ */
+ public void setCaseSensitive(boolean caseSensitive) {
+ this.caseSensitive = caseSensitive;
+ }
+
+
+ /**
+ * Is case sensitive ?
+ */
+ public boolean isCaseSensitive() {
+ return caseSensitive;
+ }
+
+
+ /**
+ * Set allow linking.
+ */
+ public void setAllowLinking(boolean allowLinking) {
+ this.allowLinking = allowLinking;
+ }
+
+
+ /**
+ * Is linking allowed.
+ */
+ public boolean isAllowLinking() {
+ return allowLinking;
+ }
+
+
+ /**
+ * Set cache TTL.
+ */
+ public void setCacheTTL(int cacheTTL) {
+ this.cacheTTL = cacheTTL;
+ }
+
+
+ /**
+ * Get cache TTL.
+ */
+ public int getCacheTTL() {
+ return cacheTTL;
+ }
+
+
/**
* Returns true if the internal naming support is used.
*/
@@ -3281,8 +3348,19 @@
try {
ProxyDirContext proxyDirContext =
new ProxyDirContext(env, webappResources);
+ if (webappResources instanceof FileDirContext) {
+ filesystemBased = true;
+ ((FileDirContext) webappResources).setCaseSensitive
+ (isCaseSensitive());
+ ((FileDirContext) webappResources).setAllowLinking
+ (isAllowLinking());
+ }
+
if (webappResources instanceof BaseDirContext) {
((BaseDirContext) webappResources).setDocBase(getBasePath());
+ ((BaseDirContext) webappResources).setCached
+ (isCachingAllowed());
+ ((BaseDirContext)
webappResources).setCacheTTL(getCacheTTL());
((BaseDirContext) webappResources).allocate();
}
this.resources = proxyDirContext;
1.83 +18 -4
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/mbeans/mbeans-descriptors.xml
Index: mbeans-descriptors.xml
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/mbeans/mbeans-descriptors.xml,v
retrieving revision 1.82
retrieving revision 1.83
diff -u -r1.82 -r1.83
--- mbeans-descriptors.xml 25 Jan 2004 23:07:16 -0000 1.82
+++ mbeans-descriptors.xml 19 Nov 2004 20:52:02 -0000 1.83
@@ -2072,9 +2072,23 @@
group="Context"
type="org.apache.catalina.core.StandardContext">
- <attribute name="cookies"
- description="Should we attempt to use cookies for session id
- communication?"
+ <attribute name="allowLinking"
+ description="Allow symlinking to outside the webapp root
directory, if the webapp is an exploded directory"
+ is="true"
+ type="boolean"/>
+
+ <attribute name="cacheTTL"
+ description="Time interval in ms between cache refeshes"
+ type="int"/>
+
+ <attribute name="cachingAllowed"
+ description="Should we cache static resources for this webapp"
+ is="true"
+ type="boolean"/>
+
+ <attribute name="caseSensitive"
+ description="Should case sensitivity checks be performed"
+ is="true"
type="boolean"/>
<attribute name="cookies"
1.14 +27 -0 jakarta-tomcat-4.0/webapps/tomcat-docs/config/context.xml
Index: context.xml
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-4.0/webapps/tomcat-docs/config/context.xml,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- context.xml 16 Mar 2004 23:23:33 -0000 1.13
+++ context.xml 19 Nov 2004 20:52:02 -0000 1.14
@@ -169,11 +169,38 @@
<attributes>
+ <attribute name="allowLinking" required="false">
+ <p>If the value of this flag is <code>true</code>, symlinks will be
+ allowed inside the web application, pointing to resources outside the
+ web application base path. If not specified, the default value
+ of the flag is <code>false</code>.</p>
+ <p><b>NOTE: This flag MUST NOT be set to true on the Windows platform
+ (or any other OS which does not have a case sensitive filesystem),
+ as it will disable case sensitivity checks, allowing JSP source code
+ disclosure, among other security problems.</b></p>
+ </attribute>
+
+ <attribute name="cacheTTL" required="false">
+ <p>Amount of time in milliseconds between cache entries revalidation.
+ If not specified, the default value is <code>5000</code>
+ (5 seconds).</p>
+ </attribute>
+
<attribute name="cachingAllowed" required="false">
<p>This boolean flag indicates if the resources may be cached. It
defaults to <code>true</code>. If set to <code>false</code>, this
flag overrides the <em>cached</em> attribute of any contained
<a href="resources.html">Resources</a>
element.</p>
+ </attribute>
+
+ <attribute name="caseSensitive" required="false">
+ <p>If the value of this flag is <code>true</code>, all case
sensitivity
+ checks will be disabled. If not
+ specified, the default value of the flag is <code>true</code>.</p>
+ <p><b>NOTE: This flag MUST NOT be set to false on the Windows
platform
+ (or any other OS which does not have a case sensitive filesystem),
+ as it will disable case sensitivity checks, allowing JSP source code
+ disclosure, among other security problems.</b></p>
</attribute>
<attribute name="debug" required="false">
1.4 +2 -2
jakarta-tomcat-4.0/webapps/tomcat-docs/config/resources.xml
Index: resources.xml
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-4.0/webapps/tomcat-docs/config/resources.xml,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- resources.xml 16 Mar 2004 23:23:33 -0000 1.3
+++ resources.xml 19 Nov 2004 20:52:02 -0000 1.4
@@ -84,8 +84,8 @@
</attribute>
<attribute name="caseSensitive" required="false">
- <p>This boolean flag toggles case sensitivity for resourceson
- the Windows platform. Defaults to <code>true</code>.</p>
+ <p>This is the functional equivalent to the <em>caseSensitive</em>
+ of a <a href="context.html">Context</a>.</p>
</attribute>
<attribute name="docBase" required="false">
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
