You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by sk...@apache.org on 2008/11/10 15:41:47 UTC
svn commit: r712667 - in
/myfaces/orchestra/trunk/core/src/main/java/org/apache/myfaces/orchestra:
conversation/ConversationRequestParameterProvider.java
viewController/spring/SpringViewControllerScope.java
Author: skitching
Date: Mon Nov 10 06:41:47 2008
New Revision: 712667
URL: http://svn.apache.org/viewvc?rev=712667&view=rev
Log:
Add some minor comments
Modified:
myfaces/orchestra/trunk/core/src/main/java/org/apache/myfaces/orchestra/conversation/ConversationRequestParameterProvider.java
myfaces/orchestra/trunk/core/src/main/java/org/apache/myfaces/orchestra/viewController/spring/SpringViewControllerScope.java
Modified: myfaces/orchestra/trunk/core/src/main/java/org/apache/myfaces/orchestra/conversation/ConversationRequestParameterProvider.java
URL: http://svn.apache.org/viewvc/myfaces/orchestra/trunk/core/src/main/java/org/apache/myfaces/orchestra/conversation/ConversationRequestParameterProvider.java?rev=712667&r1=712666&r2=712667&view=diff
==============================================================================
--- myfaces/orchestra/trunk/core/src/main/java/org/apache/myfaces/orchestra/conversation/ConversationRequestParameterProvider.java (original)
+++ myfaces/orchestra/trunk/core/src/main/java/org/apache/myfaces/orchestra/conversation/ConversationRequestParameterProvider.java Mon Nov 10 06:41:47 2008
@@ -88,6 +88,11 @@
return Long.toString(ctx.getId(), Character.MAX_RADIX);
}
+ //TODO: theoretical security problem here as something can call this method then
+ // modify the 0th element of the returned array. If this library is deployed at the
+ // "shared" level, that means that one webapp can cause a "denial of service" or
+ // similar against other webapps in the container by changing this critical field.
+ // Not a very important flaw, but nevertheless...
public String[] getFields()
{
if (isInSeparationMode())
Modified: myfaces/orchestra/trunk/core/src/main/java/org/apache/myfaces/orchestra/viewController/spring/SpringViewControllerScope.java
URL: http://svn.apache.org/viewvc/myfaces/orchestra/trunk/core/src/main/java/org/apache/myfaces/orchestra/viewController/spring/SpringViewControllerScope.java?rev=712667&r1=712666&r2=712667&view=diff
==============================================================================
--- myfaces/orchestra/trunk/core/src/main/java/org/apache/myfaces/orchestra/viewController/spring/SpringViewControllerScope.java (original)
+++ myfaces/orchestra/trunk/core/src/main/java/org/apache/myfaces/orchestra/viewController/spring/SpringViewControllerScope.java Mon Nov 10 06:41:47 2008
@@ -63,6 +63,7 @@
*/
public class SpringViewControllerScope extends AbstractSpringOrchestraScope
{
+ // should this really be static? Are all the classes it references really static?
private final static ViewControllerManager DEFAULT_VCM = new DefaultViewControllerManager();
public SpringViewControllerScope()