cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Leszek Gawron <lgaw...@mobilebox.pl>
Subject Re: Possible security problem with flowscript
Date Thu, 02 Dec 2004 15:38:09 GMT
Johan Stuyts wrote:
> Hi,
> 
> Sorry about reacting to this thread after one month of inactivity, but we recently switched
to a Cocoon version which includes this fix. I have tried refactoring our application, but
it was more work than I expected.
> 
> Having an option to turn this behaviour on or off would really make things easier for
me. Our application can run as it is and from the warnings in the log I can determine what
should be changed. Using these warnings I can gradually make our application compliant with
sitemap-bound continuations.
> 
> I propose to change the current code in ContinuationsManagerImpl to this code. As you
can see the warnings will always be added to the log as an incentive to make changes to code
which still uses shared continuations:
>     public WebContinuation lookupWebContinuation(String id, String interpreterId) {
>         WebContinuation kont = (WebContinuation) idToWebCont.get(id);
>         if ( kont != null ) {
>             boolean interpreterMatches = kont.interpreterMatches(interpreterId);
>             if (!interpreterMatches && getLogger().isWarnEnabled()) {
>                 getLogger().warn("WK: Continuation (" + kont.getId() 
>                                  + ") lookup for wrong interpreter. Bound to: " 
>                                  + kont.getInterpreterId() + ", looked up for: " 
>                                  + interpreterId);
>             }
> 
>>>>>       return interpreterMatches || allowBackwardCompatibleContinuationSharing
? kont : null;
> 
>         }
>         return null;
>     }
> 
> 'allowBackwardCompatibleContinuationSharing' will be a configuration option which defaults
to 'false'.
> 
> If nobody objects I will make the changes, create patches and add a new bug for this.

Fine for me. What I do not like is the 
allowBackwardCompatibleContinuationSharing as it indicates that backward 
imcompatible change was made while this was a bugfix really.

I will patch the code as soon as you open the issue.

-- 
Leszek Gawron                                      lgawron@mobilebox.pl
Project Manager                                    MobileBox sp. z o.o.
+48 (61) 855 06 67                              http://www.mobilebox.pl
mobile: +48 (501) 720 812                       fax: +48 (61) 853 29 65

Mime
View raw message