You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@cocoon.apache.org by cz...@apache.org on 2001/04/03 08:26:22 UTC

cvs commit: xml-cocoon/webapp/WEB-INF web.xml

cziegeler    01/04/02 23:26:22

  Modified:    src/org/apache/cocoon/servlet Tag: xml-cocoon2
                        CocoonServlet.java
               webapp/WEB-INF Tag: xml-cocoon2 web.xml
  Log:
  Added allow-reload to the servlet configuration parameters to prevent from DoS attacks
  
  Revision  Changes    Path
  No                   revision
  
  
  No                   revision
  
  
  1.1.4.75  +11 -3     xml-cocoon/src/org/apache/cocoon/servlet/Attic/CocoonServlet.java
  
  Index: CocoonServlet.java
  ===================================================================
  RCS file: /home/cvs/xml-cocoon/src/org/apache/cocoon/servlet/Attic/CocoonServlet.java,v
  retrieving revision 1.1.4.74
  retrieving revision 1.1.4.75
  diff -u -r1.1.4.74 -r1.1.4.75
  --- CocoonServlet.java	2001/04/02 14:37:14	1.1.4.74
  +++ CocoonServlet.java	2001/04/03 06:26:20	1.1.4.75
  @@ -62,7 +62,7 @@
    * @author <a href="mailto:stefano@apache.org">Stefano Mazzocchi</a>
    * @author <a href="mailto:nicolaken@supereva.it">Nicola Ken Barozzi</a> Aisa
    * @author <a href="mailto:bloritsch@apache.org">Berin Loritsch</a>
  - * @version CVS $Revision: 1.1.4.74 $ $Date: 2001/04/02 14:37:14 $
  + * @version CVS $Revision: 1.1.4.75 $ $Date: 2001/04/03 06:26:20 $
    */
   
   public class CocoonServlet extends HttpServlet {
  @@ -77,6 +77,8 @@
       protected Cocoon cocoon;
       protected Exception exception;
       protected DefaultContext appContext = new DefaultContext();
  +    /** Allow reloading of cocoon by specifying the cocoon-reload parameter with a request */
  +    protected boolean allowReload;
   
       private static final boolean ALLOW_OVERWRITE = false;
       private static final boolean SILENTLY_RENAME = true;
  @@ -136,6 +138,12 @@
   
           this.appContext.put(Constants.CONTEXT_ROOT_PATH, context.getRealPath("/"));
   
  +        String value = conf.getInitParameter("allow-reload");
  +        if (value == null || value.equals("yes") == true) {
  +            this.allowReload = true;
  +        } else {
  +            this.allowReload = false;
  +        }
           this.createCocoon();
       }
   
  @@ -557,12 +565,12 @@
                   log.info("Configuration changed reload attempt");
                   this.createCocoon();
                   return this.cocoon;
  -            } else if ((pathInfo == null) && (reloadParam != null)) {
  +            } else if ((pathInfo == null) && (this.allowReload == true) && (reloadParam != null)) {
                   log.info("Forced reload attempt");
                   this.createCocoon();
                   return this.cocoon;
               }
  -        } else if ((pathInfo == null) && (reloadParam != null)) {
  +        } else if ((pathInfo == null) && (this.allowReload == true) && (reloadParam != null)) {
               log.info("Invalid configurations reload");
               this.createCocoon();
               return this.cocoon;
  
  
  
  No                   revision
  
  
  No                   revision
  
  
  1.1.2.15  +4 -0      xml-cocoon/webapp/WEB-INF/Attic/web.xml
  
  Index: web.xml
  ===================================================================
  RCS file: /home/cvs/xml-cocoon/webapp/WEB-INF/Attic/web.xml,v
  retrieving revision 1.1.2.14
  retrieving revision 1.1.2.15
  diff -u -r1.1.2.14 -r1.1.2.15
  --- web.xml	2001/02/20 13:26:50	1.1.2.14
  +++ web.xml	2001/04/03 06:26:21	1.1.2.15
  @@ -27,6 +27,10 @@
      <param-name>log-level</param-name>
      <param-value>DEBUG</param-value>
     </init-param>
  +  <init-param>
  +   <param-name>allow-reload</param-name>
  +   <param-value>yes</param-value>
  +  </init-param>
       <init-param>
         <param-name>load-class</param-name>
         <param-value>
  
  
  

----------------------------------------------------------------------
In case of troubles, e-mail:     webmaster@xml.apache.org
To unsubscribe, e-mail:          cocoon-cvs-unsubscribe@xml.apache.org
For additional commands, e-mail: cocoon-cvs-help@xml.apache.org

Re: cvs commit: xml-cocoon/webapp/WEB-INF web.xml

Posted by "Peter C. Verhage" <pe...@zeelandnet.nl>.

Giacomo wrote:
: Why are you writing the last statement that way? Would it be better to
write it
: like
:
:      if ("yes".equals(value) == true) {
:
: That way you don't need the additional test against null.

That's true, but, why are you comparing the result of the equals test with
true? Because the equals method returns a boolean. So even more efficiently
would be:

    if ("yes".equals(value)) {

:))

Peter


---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-dev-unsubscribe@xml.apache.org
For additional commands, email: cocoon-dev-help@xml.apache.org

Re: AW: cvs commit: xml-cocoon/webapp/WEB-INF web.xml

Posted by Giacomo Pati <gi...@apache.org>.

Quoting Carsten Ziegeler <cz...@sundn.de>:

> > Giacomo Pati wrote:
> > Quoting cziegeler@apache.org:
> > 
> > >   +        String value = conf.getInitParameter("allow-reload");
> > >   +        if (value == null || value.equals("yes") == true) {
> > 
> > Why are you writing the last statement that way? Would it be better to
> > write it
> > like
> > 
> >      if ("yes".equals(value) == true) {
> > 
> > That way you don't need the additional test against null.
> > 
> Yes, you're right,
> 
> I accidentally used our company coding style. 
> Sorry for that, I will change it as soon as my cvs works again.

This has nothing to do with coding style. It's only simpler code IMHO.

Giacomo

> 
> Carsten
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: cocoon-dev-unsubscribe@xml.apache.org
> For additional commands, email: cocoon-dev-help@xml.apache.org
> 
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-dev-unsubscribe@xml.apache.org
For additional commands, email: cocoon-dev-help@xml.apache.org

AW: cvs commit: xml-cocoon/webapp/WEB-INF web.xml

Posted by Carsten Ziegeler <cz...@sundn.de>.

> Giacomo Pati wrote:
> Quoting cziegeler@apache.org:
> 
> >   +        String value = conf.getInitParameter("allow-reload");
> >   +        if (value == null || value.equals("yes") == true) {
> 
> Why are you writing the last statement that way? Would it be better to
> write it
> like
> 
>      if ("yes".equals(value) == true) {
> 
> That way you don't need the additional test against null.
> 
Yes, you're right,

I accidentally used our company coding style. 
Sorry for that, I will change it as soon as my cvs works again.

Carsten


---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-dev-unsubscribe@xml.apache.org
For additional commands, email: cocoon-dev-help@xml.apache.org

Re: cvs commit: xml-cocoon/webapp/WEB-INF web.xml

Posted by Giacomo Pati <gi...@apache.org>.

Quoting cziegeler@apache.org:

>   +        String value = conf.getInitParameter("allow-reload");
>   +        if (value == null || value.equals("yes") == true) {

Why are you writing the last statement that way? Would it be better to write it 
like 

     if ("yes".equals(value) == true) {

That way you don't need the additional test against null.

Giacomo

---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-dev-unsubscribe@xml.apache.org
For additional commands, email: cocoon-dev-help@xml.apache.org