Thanks for that. I'll fix it right away.
On 02/11/2007, Caroline Maynard <[EMAIL PROTECTED]> wrote:
> A user has found a vulnerability in XMLHelperImpl::createDocument, the
> one with the const char * parameters. The problem being that the root
> element name is initialized with the parameter >before< the code which
> checks for the parameter being null. I'll add a guard for this in the
> PHP code, but really it should be fixed in Tuscany. Could someone apply
> this patch, please:
>
> Index:
> C:/dev/tuscany_sdo_pre2.1/sdo-cpp-pre2.1/runtime/core/src/commonj/sdo/XMLHelperImpl.cpp
> ===================================================================
> ---
> C:/dev/tuscany_sdo_pre2.1/sdo-cpp-pre2.1/runtime/core/src/commonj/sdo/XMLHelperImpl.cpp
> (revision 568508)
> +++
> C:/dev/tuscany_sdo_pre2.1/sdo-cpp-pre2.1/runtime/core/src/commonj/sdo/XMLHelperImpl.cpp
> (working copy)
> @@ -172,7 +172,7 @@
> const char* rootElementName)
> {
> SDOString uri;
> - SDOString name = rootElementName;
> + SDOString name;
> if (0 == rootElementURI)
> uri = "";
> else
>
> The patch was created against the branch, but the same code exists in
> the trunk.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
--
Pete
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
