You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@xalan.apache.org by ar...@apache.org on 2004/02/12 10:46:17 UTC
cvs commit: xml-xalan/java/src/org/apache/xalan/xsltc/trax ObjectFactory.java SecuritySupport.java SecuritySupport12.java SmartTransformerFactoryImpl.java TemplatesImpl.java TransformerFactoryImpl.java
aruny 2004/02/12 01:46:17
Modified: java/src/org/apache/xalan/xsltc/trax Tag:
jaxp12112003_branch
SmartTransformerFactoryImpl.java TemplatesImpl.java
TransformerFactoryImpl.java
Added: java/src/org/apache/xalan/xsltc/trax Tag:
jaxp12112003_branch ObjectFactory.java
SecuritySupport.java SecuritySupport12.java
Log:
O
ObjectFactory class exposes class loaders publicly which allow untrusted code to access internal classes. Making following changes to fix it.
1.Duplicating the ObjectFactory, SecuritySupport.java and SecuritySupport12.java class in order to make it package private in each of the packages that require its services.
2.Using checkPackageAccess() to prevent access to internal packages of jdk(sun.*).
Revision Changes Path
No revision
No revision
1.9.4.1 +2 -2 xml-xalan/java/src/org/apache/xalan/xsltc/trax/SmartTransformerFactoryImpl.java
Index: SmartTransformerFactoryImpl.java
===================================================================
RCS file: /home/cvs/xml-xalan/java/src/org/apache/xalan/xsltc/trax/SmartTransformerFactoryImpl.java,v
retrieving revision 1.9
retrieving revision 1.9.4.1
diff -u -r1.9 -r1.9.4.1
--- SmartTransformerFactoryImpl.java 14 Aug 2003 16:27:43 -0000 1.9
+++ SmartTransformerFactoryImpl.java 12 Feb 2004 09:46:17 -0000 1.9.4.1
@@ -80,7 +80,7 @@
import javax.xml.transform.stream.StreamResult;
import javax.xml.transform.stream.StreamSource;
-import org.apache.xml.utils.ObjectFactory;
+
import org.xml.sax.XMLFilter;
/**
1.32.2.1 +2 -2 xml-xalan/java/src/org/apache/xalan/xsltc/trax/TemplatesImpl.java
Index: TemplatesImpl.java
===================================================================
RCS file: /home/cvs/xml-xalan/java/src/org/apache/xalan/xsltc/trax/TemplatesImpl.java,v
retrieving revision 1.32
retrieving revision 1.32.2.1
diff -u -r1.32 -r1.32.2.1
--- TemplatesImpl.java 4 Dec 2003 20:59:37 -0000 1.32
+++ TemplatesImpl.java 12 Feb 2004 09:46:17 -0000 1.32.2.1
@@ -83,7 +83,7 @@
import org.apache.xalan.xsltc.compiler.util.ErrorMsg;
import org.apache.xalan.xsltc.runtime.AbstractTranslet;
import org.apache.xalan.xsltc.runtime.Hashtable;
-import org.apache.xml.utils.ObjectFactory;
+
public final class TemplatesImpl implements Templates, Serializable {
1.70.2.1 +2 -2 xml-xalan/java/src/org/apache/xalan/xsltc/trax/TransformerFactoryImpl.java
Index: TransformerFactoryImpl.java
===================================================================
RCS file: /home/cvs/xml-xalan/java/src/org/apache/xalan/xsltc/trax/TransformerFactoryImpl.java,v
retrieving revision 1.70
retrieving revision 1.70.2.1
diff -u -r1.70 -r1.70.2.1
--- TransformerFactoryImpl.java 4 Dec 2003 16:44:56 -0000 1.70
+++ TransformerFactoryImpl.java 12 Feb 2004 09:46:17 -0000 1.70.2.1
@@ -108,7 +108,7 @@
import org.apache.xalan.xsltc.compiler.util.ErrorMsg;
import org.apache.xalan.xsltc.dom.XSLTCDTMManager;
-import org.apache.xml.utils.ObjectFactory;
+
import org.xml.sax.InputSource;
import org.xml.sax.XMLFilter;
No revision
Index: TransformerFactoryImpl.java
===================================================================
RCS file: /home/cvs/xml-xalan/java/src/org/apache/xalan/xsltc/trax/TransformerFactoryImpl.java,v
retrieving revision 1.70
retrieving revision 1.70.2.1
diff -u -r1.70 -r1.70.2.1
--- TransformerFactoryImpl.java 4 Dec 2003 16:44:56 -0000 1.70
+++ TransformerFactoryImpl.java 12 Feb 2004 09:46:17 -0000 1.70.2.1
@@ -108,7 +108,7 @@
import org.apache.xalan.xsltc.compiler.util.ErrorMsg;
import org.apache.xalan.xsltc.dom.XSLTCDTMManager;
-import org.apache.xml.utils.ObjectFactory;
+
import org.xml.sax.InputSource;
import org.xml.sax.XMLFilter;
No revision
Index: TransformerFactoryImpl.java
===================================================================
RCS file: /home/cvs/xml-xalan/java/src/org/apache/xalan/xsltc/trax/TransformerFactoryImpl.java,v
retrieving revision 1.70
retrieving revision 1.70.2.1
diff -u -r1.70 -r1.70.2.1
--- TransformerFactoryImpl.java 4 Dec 2003 16:44:56 -0000 1.70
+++ TransformerFactoryImpl.java 12 Feb 2004 09:46:17 -0000 1.70.2.1
@@ -108,7 +108,7 @@
import org.apache.xalan.xsltc.compiler.util.ErrorMsg;
import org.apache.xalan.xsltc.dom.XSLTCDTMManager;
-import org.apache.xml.utils.ObjectFactory;
+
import org.xml.sax.InputSource;
import org.xml.sax.XMLFilter;
1.1.2.1 +665 -0 xml-xalan/java/src/org/apache/xalan/xsltc/trax/Attic/ObjectFactory.java
1.1.2.1 +159 -0 xml-xalan/java/src/org/apache/xalan/xsltc/trax/Attic/SecuritySupport.java
1.1.2.1 +180 -0 xml-xalan/java/src/org/apache/xalan/xsltc/trax/Attic/SecuritySupport12.java
---------------------------------------------------------------------
To unsubscribe, e-mail: xalan-cvs-unsubscribe@xml.apache.org
For additional commands, e-mail: xalan-cvs-help@xml.apache.org