Login | Register
My pages Projects Community openCollabNet

Discussions > cvs > CVS update: MODIFIED: security ...

Project highlights: Architectural Overview

joist
Discussion topic

Back to topic list

CVS update: MODIFIED: security ...

Author leonardr
Full name Leonard Richardson
Date 2001-08-08 11:34:51 PDT
Message User: leonardr
  Date: 01/08/08 11:34:51

  Modified: java/org/joist/security Tag: TIGRIS_1_0 UnsecureServlet.java
  Log:
  Always trap an endless ErrorPage redirect, not only in redirectToError.
  
  Revision Changes Path
  No revision
  
  http://joist.tigris.​org/source/browse/jo​ist/java/org/joist/s​ecurity/Tag:
  No revision
  
  http://joist.tigris.​org/source/browse/jo​ist/java/org/joist/s​ecurity/TIGRIS_1_0
  1.119.6.5 +9 -3 joist/java/org/joist​/security/UnsecureSe​rvlet.java
  
  http://joist.tigris.​org/source/browse/jo​ist/java/org/joist/s​ecurity/UnsecureServ​let.java.diff?r1=1.1​19.6.4&r2=1.119.​6.5
  
  (In the diff below, changes in quantity of whitespace are not shown.)
  
  Index: UnsecureServlet.java
  ====================​====================​====================​=======
  RCS file: /usr/local/tigris/da​ta/helm/cvs/reposito​ry/joist/java/org/jo​ist/security/Unsecur​eServlet.java,v
  retrieving revision 1.119.6.4
  retrieving revision 1.119.6.5
  diff -u -b -r1.119.6.4 -r1.119.6.5
  --- UnsecureServlet.java 2001/05/02 03:46:05 1.119.6.4
  +++ UnsecureServlet.java 2001/08/08 18:34:51 1.119.6.5
  @@ -80,7 +80,7 @@
    *
    * @author David C. Pellegrini <A HREF="mailto:davidp@​dataweb-systems.com"​>davidp@dataweb-s​ystems.com</A>​
    * @author <a href="mailto:dlr@col​lab.net">Daniel Rall</a>
  - * @version $Revision: 1.119.6.4 $
  + * @version $Revision: 1.119.6.5 $
    *
    * Copyright (c) 1999 dataweb systems, inc.
    * Copyright (c) 1999, 2000 CollabNet, Inc.
  @@ -302,6 +302,12 @@
                   String shortServletName = servletName;
                   context.put("redirec​tException", e);
   
  + if ("ErrorPage".equals(​getServletName())
  + && "ErrorPage".equals(s​ervletName))
  + {
  + throw new Error("Endless ErrorPage redirect detected!");
  + }
  +
                   // if we've got interesting info, show it
                   String dump = e.dump();
                   if (dump != null && !dump.equals(servletName)) {
  @@ -880,9 +886,9 @@
       throws RedirectException
       {
           if (DEBUG) Log.debug("Redirecting to error screen: " + message);
  - if (message != null && message.equals("ErrorPage"))
  + if ("ErrorPage".equals(message))
           {
  - throw new Error("Endless redirectToError detected!");
  + throw new Error("Endless ErrorPage redirect detected!");
           }
           else
           {
  
  
  

--------------------​--------------------​--------------------​---------
To unsubscribe, e-mail: cvs-unsubscribe@jois​t.tigris.org
For additional commands, e-mail: cvs-help at joist dot tigris dot org

« Previous message in topic | 1 of 1 | Next message in topic »

Messages

Show all messages in topic

CVS update: MODIFIED: security ... leonardr Leonard Richardson 2001-08-08 11:34:51 PDT
Messages per page: