aruny 2004/02/12 01:49:34
Modified: java/src/org/apache/xalan/xslt Tag: jaxp12112003_branch
Process.java EnvironmentCheck.java
Added: java/src/org/apache/xalan/xslt Tag: jaxp12112003_branch
ObjectFactory.java SecuritySupport.java
SecuritySupport12.java
Log:
ObjectFactory class exposes class loaders publicly which allow untrusted code
to access internal classes. Making following changes to fix it.
1.Duplicating the ObjectFactory, SecuritySupport.java and
SecuritySupport12.java class in order to make it package private in each of the
packages that require its services.
2.Using checkPackageAccess() to prevent access to internal packages of
jdk(sun.*).
Revision Changes Path
No revision
No revision
1.60.2.1 +1 -1 xml-xalan/java/src/org/apache/xalan/xslt/Process.java
Index: Process.java
===================================================================
RCS file: /home/cvs/xml-xalan/java/src/org/apache/xalan/xslt/Process.java,v
retrieving revision 1.60
retrieving revision 1.60.2.1
diff -u -r1.60 -r1.60.2.1
--- Process.java 17 Oct 2003 20:59:31 -0000 1.60
+++ Process.java 12 Feb 2004 09:49:34 -0000 1.60.2.1
@@ -90,7 +90,7 @@
import org.apache.xalan.trace.TraceManager;
import org.apache.xalan.transformer.XalanProperties;
import org.apache.xml.utils.DefaultErrorHandler;
-import org.apache.xml.utils.ObjectFactory;
+
import org.w3c.dom.Document;
import org.w3c.dom.Node;
1.23.2.1 +4 -4
xml-xalan/java/src/org/apache/xalan/xslt/EnvironmentCheck.java
Index: EnvironmentCheck.java
===================================================================
RCS file:
/home/cvs/xml-xalan/java/src/org/apache/xalan/xslt/EnvironmentCheck.java,v
retrieving revision 1.23
retrieving revision 1.23.2.1
diff -u -r1.23 -r1.23.2.1
--- EnvironmentCheck.java 23 Oct 2003 21:18:33 -0000 1.23
+++ EnvironmentCheck.java 12 Feb 2004 09:49:34 -0000 1.23.2.1
@@ -66,7 +66,7 @@
import java.util.StringTokenizer;
import java.util.Vector;
-import org.apache.xml.utils.ObjectFactory;
+
import org.w3c.dom.Document;
import org.w3c.dom.Element;
No revision
Index: EnvironmentCheck.java
===================================================================
RCS file:
/home/cvs/xml-xalan/java/src/org/apache/xalan/xslt/EnvironmentCheck.java,v
retrieving revision 1.23
retrieving revision 1.23.2.1
diff -u -r1.23 -r1.23.2.1
--- EnvironmentCheck.java 23 Oct 2003 21:18:33 -0000 1.23
+++ EnvironmentCheck.java 12 Feb 2004 09:49:34 -0000 1.23.2.1
@@ -66,7 +66,7 @@
import java.util.StringTokenizer;
import java.util.Vector;
-import org.apache.xml.utils.ObjectFactory;
+
import org.w3c.dom.Document;
import org.w3c.dom.Element;
No revision
Index: EnvironmentCheck.java
===================================================================
RCS file:
/home/cvs/xml-xalan/java/src/org/apache/xalan/xslt/EnvironmentCheck.java,v
retrieving revision 1.23
retrieving revision 1.23.2.1
diff -u -r1.23 -r1.23.2.1
--- EnvironmentCheck.java 23 Oct 2003 21:18:33 -0000 1.23
+++ EnvironmentCheck.java 12 Feb 2004 09:49:34 -0000 1.23.2.1
@@ -66,7 +66,7 @@
import java.util.StringTokenizer;
import java.util.Vector;
-import org.apache.xml.utils.ObjectFactory;
+
import org.w3c.dom.Document;
import org.w3c.dom.Element;
1.1.2.1 +665 -0
xml-xalan/java/src/org/apache/xalan/xslt/Attic/ObjectFactory.java
1.1.2.1 +159 -0
xml-xalan/java/src/org/apache/xalan/xslt/Attic/SecuritySupport.java
1.1.2.1 +180 -0
xml-xalan/java/src/org/apache/xalan/xslt/Attic/SecuritySupport12.java
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
