markt 2004/11/19 12:52:02 Modified: catalina/src/share/org/apache/catalina/core StandardContext.java catalina/src/share/org/apache/catalina/mbeans mbeans-descriptors.xml webapps/tomcat-docs/config context.xml resources.xml Log: Fix bug 21818. allowLinking now remembered across web app reload. Also remembers caseSensitive, cached, and cacheTTL. Added new attributes to docs. - based a Remy's patch for a similar issue in TC5 Revision Changes Path 1.126 +80 -2 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core/StandardContext.java Index: StandardContext.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core/StandardContext.java,v retrieving revision 1.125 retrieving revision 1.126 diff -u -r1.125 -r1.126 --- StandardContext.java 26 Aug 2004 21:32:20 -0000 1.125 +++ StandardContext.java 19 Nov 2004 20:52:02 -0000 1.126 @@ -134,7 +134,6 @@ */ private boolean available = false; - /** * The Locale to character set mapper for this application. */ @@ -417,6 +416,24 @@ /** + * Case sensitivity. + */ + protected boolean caseSensitive = true; + + + /** + * Allow linking. + */ + protected boolean allowLinking = false; + + + /** + * Cache TTL in ms. + */ + protected int cacheTTL = 5000; + + + /** * Caching allowed flag. */ protected boolean cachingAllowed = true; @@ -427,6 +444,7 @@ */ protected DirContext webappResources = null; + // ----------------------------------------------------- Context Properties @@ -447,6 +465,55 @@ } + + /** + * Set case sensitivity. + */ + public void setCaseSensitive(boolean caseSensitive) { + this.caseSensitive = caseSensitive; + } + + + /** + * Is case sensitive ? + */ + public boolean isCaseSensitive() { + return caseSensitive; + } + + + /** + * Set allow linking. + */ + public void setAllowLinking(boolean allowLinking) { + this.allowLinking = allowLinking; + } + + + /** + * Is linking allowed. + */ + public boolean isAllowLinking() { + return allowLinking; + } + + + /** + * Set cache TTL. + */ + public void setCacheTTL(int cacheTTL) { + this.cacheTTL = cacheTTL; + } + + + /** + * Get cache TTL. + */ + public int getCacheTTL() { + return cacheTTL; + } + + /** * Returns true if the internal naming support is used. */ @@ -3281,8 +3348,19 @@ try { ProxyDirContext proxyDirContext = new ProxyDirContext(env, webappResources); + if (webappResources instanceof FileDirContext) { + filesystemBased = true; + ((FileDirContext) webappResources).setCaseSensitive + (isCaseSensitive()); + ((FileDirContext) webappResources).setAllowLinking + (isAllowLinking()); + } + if (webappResources instanceof BaseDirContext) { ((BaseDirContext) webappResources).setDocBase(getBasePath()); + ((BaseDirContext) webappResources).setCached + (isCachingAllowed()); + ((BaseDirContext) webappResources).setCacheTTL(getCacheTTL()); ((BaseDirContext) webappResources).allocate(); } this.resources = proxyDirContext; 1.83 +18 -4 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/mbeans/mbeans-descriptors.xml Index: mbeans-descriptors.xml =================================================================== RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/mbeans/mbeans-descriptors.xml,v retrieving revision 1.82 retrieving revision 1.83 diff -u -r1.82 -r1.83 --- mbeans-descriptors.xml 25 Jan 2004 23:07:16 -0000 1.82 +++ mbeans-descriptors.xml 19 Nov 2004 20:52:02 -0000 1.83 @@ -2072,9 +2072,23 @@ group="Context" type="org.apache.catalina.core.StandardContext"> - <attribute name="cookies" - description="Should we attempt to use cookies for session id - communication?" + <attribute name="allowLinking" + description="Allow symlinking to outside the webapp root directory, if the webapp is an exploded directory" + is="true" + type="boolean"/> + + <attribute name="cacheTTL" + description="Time interval in ms between cache refeshes" + type="int"/> + + <attribute name="cachingAllowed" + description="Should we cache static resources for this webapp" + is="true" + type="boolean"/> + + <attribute name="caseSensitive" + description="Should case sensitivity checks be performed" + is="true" type="boolean"/> <attribute name="cookies" 1.14 +27 -0 jakarta-tomcat-4.0/webapps/tomcat-docs/config/context.xml Index: context.xml =================================================================== RCS file: /home/cvs/jakarta-tomcat-4.0/webapps/tomcat-docs/config/context.xml,v retrieving revision 1.13 retrieving revision 1.14 diff -u -r1.13 -r1.14 --- context.xml 16 Mar 2004 23:23:33 -0000 1.13 +++ context.xml 19 Nov 2004 20:52:02 -0000 1.14 @@ -169,11 +169,38 @@ <attributes> + <attribute name="allowLinking" required="false"> + <p>If the value of this flag is <code>true</code>, symlinks will be + allowed inside the web application, pointing to resources outside the + web application base path. If not specified, the default value + of the flag is <code>false</code>.</p> + <p><b>NOTE: This flag MUST NOT be set to true on the Windows platform + (or any other OS which does not have a case sensitive filesystem), + as it will disable case sensitivity checks, allowing JSP source code + disclosure, among other security problems.</b></p> + </attribute> + + <attribute name="cacheTTL" required="false"> + <p>Amount of time in milliseconds between cache entries revalidation. + If not specified, the default value is <code>5000</code> + (5 seconds).</p> + </attribute> + <attribute name="cachingAllowed" required="false"> <p>This boolean flag indicates if the resources may be cached. It defaults to <code>true</code>. If set to <code>false</code>, this flag overrides the <em>cached</em> attribute of any contained <a href="resources.html">Resources</a> element.</p> + </attribute> + + <attribute name="caseSensitive" required="false"> + <p>If the value of this flag is <code>true</code>, all case sensitivity + checks will be disabled. If not + specified, the default value of the flag is <code>true</code>.</p> + <p><b>NOTE: This flag MUST NOT be set to false on the Windows platform + (or any other OS which does not have a case sensitive filesystem), + as it will disable case sensitivity checks, allowing JSP source code + disclosure, among other security problems.</b></p> </attribute> <attribute name="debug" required="false"> 1.4 +2 -2 jakarta-tomcat-4.0/webapps/tomcat-docs/config/resources.xml Index: resources.xml =================================================================== RCS file: /home/cvs/jakarta-tomcat-4.0/webapps/tomcat-docs/config/resources.xml,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- resources.xml 16 Mar 2004 23:23:33 -0000 1.3 +++ resources.xml 19 Nov 2004 20:52:02 -0000 1.4 @@ -84,8 +84,8 @@ </attribute> <attribute name="caseSensitive" required="false"> - <p>This boolean flag toggles case sensitivity for resourceson - the Windows platform. Defaults to <code>true</code>.</p> + <p>This is the functional equivalent to the <em>caseSensitive</em> + of a <a href="context.html">Context</a>.</p> </attribute> <attribute name="docBase" required="false">
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]