You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@cocoon.apache.org by Leo Sutic <le...@inspireinfrastructure.com> on 2003/04/23 21:55:00 UTC

Stefano's changes

From
http://marc.theaimsgroup.com/?l=xml-cocoon-dev&m=104946515805696&w=2:
> 4) I also changed 'allow-reload' to false as default.

>From CocoonServlet.java:

        // get allow reload parameter, default is true
        value = conf.getInitParameter("allow-reload");
        this.allowReload = (value == null ||
value.equalsIgnoreCase("yes") || value.equalsIgnoreCase("true"));
        if (value == null) {
            if (log.isDebugEnabled()) {
                log.debug("allow-reload was not set - defaulting to
true");
            }
        }

The web.xml in the webapp included with Cocoon has:

    <init-param>
      <param-name>allow-reload</param-name>
      <param-value>yes</param-value>
    </init-param>

This seems to have gotten lost in the shuffle.

/LS

RE: Stefano's changes

Posted by Geoff Howard <co...@leverageweb.com>.

OK, I'll do my best to recover the logic:

It was part of Stefano's overhaul of the upload stuff - cvs 
comment (or was it in an email?) explained for security.  It  
does make sense even if it's a pain.  That's why Chris' (I 
think it was him) addition to the sample warning about the 
new setting default was necessary.

Stefano has an RT that he's waiting on until after 2.1 pushing 
toward what sounds like a control layer out in front of the 
processing that would give finer-grained control over things 
like uploads, webdav, etc. that require more raw access to the 
real request (and response?).  He mentioned it on list a few 
weeks ago.

Point of that is that for now there is no good solution that is 
both convenient and doesn't open up potential holes, so locked 
down is probably better even if some samples won't work with the 
default config.

Geoff

> -----Original Message-----
> From: Vadim Gritsenko [mailto:vadim.gritsenko@verizon.net]
> Sent: Sunday, April 27, 2003 2:12 PM
> To: cocoon-dev@xml.apache.org
> Subject: Re: Stefano's changes
> 
> 
> Geoff Howard wrote:
> 
> >huh? how will allow-reload break upload samples? 
> >  
> >
> 
> Good question. Me puzzled too  >8-O
> 
> 
> But how come that enable-uploads is false by default?
> 
> Vadim
> 
> 
> 
>

Re: Stefano's changes

Posted by Vadim Gritsenko <va...@verizon.net>.

Geoff Howard wrote:

>huh? how will allow-reload break upload samples? 
>  
>

Good question. Me puzzled too  >8-O


But how come that enable-uploads is false by default?

Vadim

RE: Stefano's changes

Posted by Geoff Howard <co...@leverageweb.com>.

huh? how will allow-reload break upload samples? 

btw, allow-uploads (which must be what you were thinkin of?) is already 
defaulted to false, which already "breaks" the upload samples, but I think 
Chris Haul made notice of that on the sample itself.

Geoff

> -----Original Message-----
> From: Vadim Gritsenko [mailto:vadim.gritsenko@verizon.net]
> Sent: Sunday, April 27, 2003 1:02 PM
> To: cocoon-dev@xml.apache.org
> Subject: Re: Stefano's changes
> 
> 
> Leo Sutic wrote:
> 
> >From
> >http://marc.theaimsgroup.com/?l=xml-cocoon-dev&m=104946515805696&w=2:
> >  
> >
> >>4) I also changed 'allow-reload' to false as default.
> >>    
> >>
> >
> >>From CocoonServlet.java:
> >
> >        // get allow reload parameter, default is true
> >        value = conf.getInitParameter("allow-reload");
> >        this.allowReload = (value == null ||
> >value.equalsIgnoreCase("yes") || value.equalsIgnoreCase("true"));
> >        if (value == null) {
> >            if (log.isDebugEnabled()) {
> >                log.debug("allow-reload was not set - defaulting to
> >true");
> >            }
> >        }
> >
> >The web.xml in the webapp included with Cocoon has:
> >
> >    <init-param>
> >      <param-name>allow-reload</param-name>
> >      <param-value>yes</param-value>
> >    </init-param>
> >  
> >
> 
> I've modified servlet but had not touched web.xml - this will break 
> upload sample(s)...
> 
> Vadim
> 
> 
> 
>

Re: Stefano's changes

Posted by Vadim Gritsenko <va...@verizon.net>.

Leo Sutic wrote:

>From
>http://marc.theaimsgroup.com/?l=xml-cocoon-dev&m=104946515805696&w=2:
>  
>
>>4) I also changed 'allow-reload' to false as default.
>>    
>>
>
>>>From CocoonServlet.java:
>
>        // get allow reload parameter, default is true
>        value = conf.getInitParameter("allow-reload");
>        this.allowReload = (value == null ||
>value.equalsIgnoreCase("yes") || value.equalsIgnoreCase("true"));
>        if (value == null) {
>            if (log.isDebugEnabled()) {
>                log.debug("allow-reload was not set - defaulting to
>true");
>            }
>        }
>
>The web.xml in the webapp included with Cocoon has:
>
>    <init-param>
>      <param-name>allow-reload</param-name>
>      <param-value>yes</param-value>
>    </init-param>
>  
>

I've modified servlet but had not touched web.xml - this will break 
upload sample(s)...

Vadim