You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@xerces.apache.org by mr...@apache.org on 2006/07/18 21:34:55 UTC
svn commit: r423220 - in /xerces/java/trunk/src/org/apache:
xerces/impl/XMLEntityManager.java xml/serialize/SerializerFactory.java
Author: mrglavas
Date: Tue Jul 18 12:34:55 2006
New Revision: 423220
URL: http://svn.apache.org/viewvc?rev=423220&view=rev
Log:
Always use an AccessController when getting system properties.
Modified:
xerces/java/trunk/src/org/apache/xerces/impl/XMLEntityManager.java
xerces/java/trunk/src/org/apache/xml/serialize/SerializerFactory.java
Modified: xerces/java/trunk/src/org/apache/xerces/impl/XMLEntityManager.java
URL: http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLEntityManager.java?rev=423220&r1=423219&r2=423220&view=diff
==============================================================================
--- xerces/java/trunk/src/org/apache/xerces/impl/XMLEntityManager.java (original)
+++ xerces/java/trunk/src/org/apache/xerces/impl/XMLEntityManager.java Tue Jul 18 12:34:55 2006
@@ -25,6 +25,8 @@
import java.net.HttpURLConnection;
import java.net.URL;
import java.net.URLConnection;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Locale;
@@ -1543,6 +1545,13 @@
gAfterEscaping2[ch] = gHexChs[ch & 0xf];
}
}
+
+ private static PrivilegedAction GET_USER_DIR_SYSTEM_PROPERTY = new PrivilegedAction() {
+ public Object run() {
+ return System.getProperty("user.dir");
+ }
+ };
+
// To escape the "user.dir" system property, by using %HH to represent
// special ASCII characters: 0x00~0x1F, 0x7F, ' ', '<', '>', '#', '%'
// and '"'. It's a static method, so needs to be synchronized.
@@ -1557,10 +1566,9 @@
// get the user.dir property
String userDir = "";
try {
- userDir = System.getProperty("user.dir");
- }
- catch (SecurityException se) {
+ userDir = (String) AccessController.doPrivileged(GET_USER_DIR_SYSTEM_PROPERTY);
}
+ catch (SecurityException se) {}
// return empty string if property value is empty string.
if (userDir.length() == 0)
Modified: xerces/java/trunk/src/org/apache/xml/serialize/SerializerFactory.java
URL: http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xml/serialize/SerializerFactory.java?rev=423220&r1=423219&r2=423220&view=diff
==============================================================================
--- xerces/java/trunk/src/org/apache/xml/serialize/SerializerFactory.java (original)
+++ xerces/java/trunk/src/org/apache/xml/serialize/SerializerFactory.java Tue Jul 18 12:34:55 2006
@@ -1,5 +1,5 @@
/*
- * Copyright 1999-2002,2004 The Apache Software Foundation.
+ * Copyright 1999-2002,2004,2006 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -14,10 +14,8 @@
* limitations under the License.
*/
-
package org.apache.xml.serialize;
-
import java.io.OutputStream;
import java.io.Writer;
import java.io.UnsupportedEncodingException;
@@ -25,22 +23,16 @@
import java.util.StringTokenizer;
/**
- *
- *
* @version $Revision$ $Date$
* @author <a href="mailto:Scott_Boag/CAM/Lotus@lotus.com">Scott Boag</a>
* @author <a href="mailto:arkin@intalio.com">Assaf Arkin</a>
*/
-public abstract class SerializerFactory
-{
-
-
+public abstract class SerializerFactory {
+
public static final String FactoriesProperty = "org.apache.xml.serialize.factories";
-
private static Hashtable _factories = new Hashtable();
-
static
{
SerializerFactory factory;
@@ -60,7 +52,8 @@
factory = new SerializerFactoryImpl( Method.TEXT );
registerSerializerFactory( factory );
- list = System.getProperty( FactoriesProperty );
+ SecuritySupport ss = SecuritySupport.getInstance();
+ list = ss.getSystemProperty( FactoriesProperty );
if ( list != null ) {
token = new StringTokenizer( list, " ;,:" );
while ( token.hasMoreTokens() ) {
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@xerces.apache.org
For additional commands, e-mail: commits-help@xerces.apache.org