You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2017/04/06 20:29:14 UTC
svn commit: r1790455 - in /tomcat/trunk/java/org/apache/jasper:
runtime/PageContextImpl.java security/SecurityClassLoad.java
Author: markt
Date: Thu Apr 6 20:29:13 2017
New Revision: 1790455
URL: http://svn.apache.org/viewvc?rev=1790455&view=rev
Log:
Remove unnecessary privileged block from findAttribute.
I can't see anything in doFindAttribute that would trigger a security check.
Modified:
tomcat/trunk/java/org/apache/jasper/runtime/PageContextImpl.java
tomcat/trunk/java/org/apache/jasper/security/SecurityClassLoad.java
Modified: tomcat/trunk/java/org/apache/jasper/runtime/PageContextImpl.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/runtime/PageContextImpl.java?rev=1790455&r1=1790454&r2=1790455&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/jasper/runtime/PageContextImpl.java (original)
+++ tomcat/trunk/java/org/apache/jasper/runtime/PageContextImpl.java Thu Apr 6 20:29:13 2017
@@ -390,32 +390,18 @@ public class PageContextImpl extends Pag
@Override
public Object findAttribute(final String name) {
if (name == null) {
- throw new NullPointerException(Localizer
- .getMessage("jsp.error.attribute.null_name"));
+ throw new NullPointerException(Localizer.getMessage("jsp.error.attribute.null_name"));
}
- if (SecurityUtil.isPackageProtectionEnabled()) {
- return AccessController.doPrivileged(
- new PrivilegedAction<Object>() {
- @Override
- public Object run() {
- return doFindAttribute(name);
- }
- });
- } else {
- return doFindAttribute(name);
- }
- }
-
- private Object doFindAttribute(String name) {
-
Object o = attributes.get(name);
- if (o != null)
+ if (o != null) {
return o;
+ }
o = request.getAttribute(name);
- if (o != null)
+ if (o != null) {
return o;
+ }
if (session != null) {
try {
@@ -424,8 +410,9 @@ public class PageContextImpl extends Pag
// Session has been invalidated.
// Ignore and fall through to application scope.
}
- if (o != null)
+ if (o != null) {
return o;
+ }
}
return context.getAttribute(name);
Modified: tomcat/trunk/java/org/apache/jasper/security/SecurityClassLoad.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/security/SecurityClassLoad.java?rev=1790455&r1=1790454&r2=1790455&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/jasper/security/SecurityClassLoad.java (original)
+++ tomcat/trunk/java/org/apache/jasper/security/SecurityClassLoad.java Thu Apr 6 20:29:13 2017
@@ -59,7 +59,6 @@ public final class SecurityClassLoad {
loader.loadClass( basePackage + "runtime.PageContextImpl$6");
loader.loadClass( basePackage + "runtime.PageContextImpl$7");
loader.loadClass( basePackage + "runtime.PageContextImpl$8");
- loader.loadClass( basePackage + "runtime.PageContextImpl$9");
loader.loadClass( basePackage + "runtime.JspContextWrapper");
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org