You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cocoon.apache.org by Leo Sutic <le...@inspireinfrastructure.com> on 2003/04/23 21:55:00 UTC
Stefano's changes
From
http://marc.theaimsgroup.com/?l=xml-cocoon-dev&m=104946515805696&w=2:
> 4) I also changed 'allow-reload' to false as default.
>From CocoonServlet.java:
// get allow reload parameter, default is true
value = conf.getInitParameter("allow-reload");
this.allowReload = (value == null ||
value.equalsIgnoreCase("yes") || value.equalsIgnoreCase("true"));
if (value == null) {
if (log.isDebugEnabled()) {
log.debug("allow-reload was not set - defaulting to
true");
}
}
The web.xml in the webapp included with Cocoon has:
<init-param>
<param-name>allow-reload</param-name>
<param-value>yes</param-value>
</init-param>
This seems to have gotten lost in the shuffle.
/LS
RE: Stefano's changes
Posted by Geoff Howard <co...@leverageweb.com>.
OK, I'll do my best to recover the logic:
It was part of Stefano's overhaul of the upload stuff - cvs
comment (or was it in an email?) explained for security. It
does make sense even if it's a pain. That's why Chris' (I
think it was him) addition to the sample warning about the
new setting default was necessary.
Stefano has an RT that he's waiting on until after 2.1 pushing
toward what sounds like a control layer out in front of the
processing that would give finer-grained control over things
like uploads, webdav, etc. that require more raw access to the
real request (and response?). He mentioned it on list a few
weeks ago.
Point of that is that for now there is no good solution that is
both convenient and doesn't open up potential holes, so locked
down is probably better even if some samples won't work with the
default config.
Geoff
> -----Original Message-----
> From: Vadim Gritsenko [mailto:vadim.gritsenko@verizon.net]
> Sent: Sunday, April 27, 2003 2:12 PM
> To: cocoon-dev@xml.apache.org
> Subject: Re: Stefano's changes
>
>
> Geoff Howard wrote:
>
> >huh? how will allow-reload break upload samples?
> >
> >
>
> Good question. Me puzzled too >8-O
>
>
> But how come that enable-uploads is false by default?
>
> Vadim
>
>
>
>
Re: Stefano's changes
Posted by Vadim Gritsenko <va...@verizon.net>.
Geoff Howard wrote:
>huh? how will allow-reload break upload samples?
>
>
Good question. Me puzzled too >8-O
But how come that enable-uploads is false by default?
Vadim
RE: Stefano's changes
Posted by Geoff Howard <co...@leverageweb.com>.
huh? how will allow-reload break upload samples?
btw, allow-uploads (which must be what you were thinkin of?) is already
defaulted to false, which already "breaks" the upload samples, but I think
Chris Haul made notice of that on the sample itself.
Geoff
> -----Original Message-----
> From: Vadim Gritsenko [mailto:vadim.gritsenko@verizon.net]
> Sent: Sunday, April 27, 2003 1:02 PM
> To: cocoon-dev@xml.apache.org
> Subject: Re: Stefano's changes
>
>
> Leo Sutic wrote:
>
> >From
> >http://marc.theaimsgroup.com/?l=xml-cocoon-dev&m=104946515805696&w=2:
> >
> >
> >>4) I also changed 'allow-reload' to false as default.
> >>
> >>
> >
> >>From CocoonServlet.java:
> >
> > // get allow reload parameter, default is true
> > value = conf.getInitParameter("allow-reload");
> > this.allowReload = (value == null ||
> >value.equalsIgnoreCase("yes") || value.equalsIgnoreCase("true"));
> > if (value == null) {
> > if (log.isDebugEnabled()) {
> > log.debug("allow-reload was not set - defaulting to
> >true");
> > }
> > }
> >
> >The web.xml in the webapp included with Cocoon has:
> >
> > <init-param>
> > <param-name>allow-reload</param-name>
> > <param-value>yes</param-value>
> > </init-param>
> >
> >
>
> I've modified servlet but had not touched web.xml - this will break
> upload sample(s)...
>
> Vadim
>
>
>
>
Re: Stefano's changes
Posted by Vadim Gritsenko <va...@verizon.net>.
Leo Sutic wrote:
>From
>http://marc.theaimsgroup.com/?l=xml-cocoon-dev&m=104946515805696&w=2:
>
>
>>4) I also changed 'allow-reload' to false as default.
>>
>>
>
>>>From CocoonServlet.java:
>
> // get allow reload parameter, default is true
> value = conf.getInitParameter("allow-reload");
> this.allowReload = (value == null ||
>value.equalsIgnoreCase("yes") || value.equalsIgnoreCase("true"));
> if (value == null) {
> if (log.isDebugEnabled()) {
> log.debug("allow-reload was not set - defaulting to
>true");
> }
> }
>
>The web.xml in the webapp included with Cocoon has:
>
> <init-param>
> <param-name>allow-reload</param-name>
> <param-value>yes</param-value>
> </init-param>
>
>
I've modified servlet but had not touched web.xml - this will break
upload sample(s)...
Vadim