You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@cocoon.apache.org by cz...@apache.org on 2001/04/03 08:26:22 UTC
cvs commit: xml-cocoon/webapp/WEB-INF web.xml
cziegeler 01/04/02 23:26:22
Modified: src/org/apache/cocoon/servlet Tag: xml-cocoon2
CocoonServlet.java
webapp/WEB-INF Tag: xml-cocoon2 web.xml
Log:
Added allow-reload to the servlet configuration parameters to prevent from DoS attacks
Revision Changes Path
No revision
No revision
1.1.4.75 +11 -3 xml-cocoon/src/org/apache/cocoon/servlet/Attic/CocoonServlet.java
Index: CocoonServlet.java
===================================================================
RCS file: /home/cvs/xml-cocoon/src/org/apache/cocoon/servlet/Attic/CocoonServlet.java,v
retrieving revision 1.1.4.74
retrieving revision 1.1.4.75
diff -u -r1.1.4.74 -r1.1.4.75
--- CocoonServlet.java 2001/04/02 14:37:14 1.1.4.74
+++ CocoonServlet.java 2001/04/03 06:26:20 1.1.4.75
@@ -62,7 +62,7 @@
* @author <a href="mailto:stefano@apache.org">Stefano Mazzocchi</a>
* @author <a href="mailto:nicolaken@supereva.it">Nicola Ken Barozzi</a> Aisa
* @author <a href="mailto:bloritsch@apache.org">Berin Loritsch</a>
- * @version CVS $Revision: 1.1.4.74 $ $Date: 2001/04/02 14:37:14 $
+ * @version CVS $Revision: 1.1.4.75 $ $Date: 2001/04/03 06:26:20 $
*/
public class CocoonServlet extends HttpServlet {
@@ -77,6 +77,8 @@
protected Cocoon cocoon;
protected Exception exception;
protected DefaultContext appContext = new DefaultContext();
+ /** Allow reloading of cocoon by specifying the cocoon-reload parameter with a request */
+ protected boolean allowReload;
private static final boolean ALLOW_OVERWRITE = false;
private static final boolean SILENTLY_RENAME = true;
@@ -136,6 +138,12 @@
this.appContext.put(Constants.CONTEXT_ROOT_PATH, context.getRealPath("/"));
+ String value = conf.getInitParameter("allow-reload");
+ if (value == null || value.equals("yes") == true) {
+ this.allowReload = true;
+ } else {
+ this.allowReload = false;
+ }
this.createCocoon();
}
@@ -557,12 +565,12 @@
log.info("Configuration changed reload attempt");
this.createCocoon();
return this.cocoon;
- } else if ((pathInfo == null) && (reloadParam != null)) {
+ } else if ((pathInfo == null) && (this.allowReload == true) && (reloadParam != null)) {
log.info("Forced reload attempt");
this.createCocoon();
return this.cocoon;
}
- } else if ((pathInfo == null) && (reloadParam != null)) {
+ } else if ((pathInfo == null) && (this.allowReload == true) && (reloadParam != null)) {
log.info("Invalid configurations reload");
this.createCocoon();
return this.cocoon;
No revision
No revision
1.1.2.15 +4 -0 xml-cocoon/webapp/WEB-INF/Attic/web.xml
Index: web.xml
===================================================================
RCS file: /home/cvs/xml-cocoon/webapp/WEB-INF/Attic/web.xml,v
retrieving revision 1.1.2.14
retrieving revision 1.1.2.15
diff -u -r1.1.2.14 -r1.1.2.15
--- web.xml 2001/02/20 13:26:50 1.1.2.14
+++ web.xml 2001/04/03 06:26:21 1.1.2.15
@@ -27,6 +27,10 @@
<param-name>log-level</param-name>
<param-value>DEBUG</param-value>
</init-param>
+ <init-param>
+ <param-name>allow-reload</param-name>
+ <param-value>yes</param-value>
+ </init-param>
<init-param>
<param-name>load-class</param-name>
<param-value>
----------------------------------------------------------------------
In case of troubles, e-mail: webmaster@xml.apache.org
To unsubscribe, e-mail: cocoon-cvs-unsubscribe@xml.apache.org
For additional commands, e-mail: cocoon-cvs-help@xml.apache.org
Re: cvs commit: xml-cocoon/webapp/WEB-INF web.xml
Posted by "Peter C. Verhage" <pe...@zeelandnet.nl>.
Giacomo wrote:
: Why are you writing the last statement that way? Would it be better to
write it
: like
:
: if ("yes".equals(value) == true) {
:
: That way you don't need the additional test against null.
That's true, but, why are you comparing the result of the equals test with
true? Because the equals method returns a boolean. So even more efficiently
would be:
if ("yes".equals(value)) {
:))
Peter
---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-dev-unsubscribe@xml.apache.org
For additional commands, email: cocoon-dev-help@xml.apache.org
Re: AW: cvs commit: xml-cocoon/webapp/WEB-INF web.xml
Posted by Giacomo Pati <gi...@apache.org>.
Quoting Carsten Ziegeler <cz...@sundn.de>:
> > Giacomo Pati wrote:
> > Quoting cziegeler@apache.org:
> >
> > > + String value = conf.getInitParameter("allow-reload");
> > > + if (value == null || value.equals("yes") == true) {
> >
> > Why are you writing the last statement that way? Would it be better to
> > write it
> > like
> >
> > if ("yes".equals(value) == true) {
> >
> > That way you don't need the additional test against null.
> >
> Yes, you're right,
>
> I accidentally used our company coding style.
> Sorry for that, I will change it as soon as my cvs works again.
This has nothing to do with coding style. It's only simpler code IMHO.
Giacomo
>
> Carsten
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: cocoon-dev-unsubscribe@xml.apache.org
> For additional commands, email: cocoon-dev-help@xml.apache.org
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-dev-unsubscribe@xml.apache.org
For additional commands, email: cocoon-dev-help@xml.apache.org
AW: cvs commit: xml-cocoon/webapp/WEB-INF web.xml
Posted by Carsten Ziegeler <cz...@sundn.de>.
> Giacomo Pati wrote:
> Quoting cziegeler@apache.org:
>
> > + String value = conf.getInitParameter("allow-reload");
> > + if (value == null || value.equals("yes") == true) {
>
> Why are you writing the last statement that way? Would it be better to
> write it
> like
>
> if ("yes".equals(value) == true) {
>
> That way you don't need the additional test against null.
>
Yes, you're right,
I accidentally used our company coding style.
Sorry for that, I will change it as soon as my cvs works again.
Carsten
---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-dev-unsubscribe@xml.apache.org
For additional commands, email: cocoon-dev-help@xml.apache.org
Re: cvs commit: xml-cocoon/webapp/WEB-INF web.xml
Posted by Giacomo Pati <gi...@apache.org>.
Quoting cziegeler@apache.org:
> + String value = conf.getInitParameter("allow-reload");
> + if (value == null || value.equals("yes") == true) {
Why are you writing the last statement that way? Would it be better to write it
like
if ("yes".equals(value) == true) {
That way you don't need the additional test against null.
Giacomo
---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-dev-unsubscribe@xml.apache.org
For additional commands, email: cocoon-dev-help@xml.apache.org