xml-xalan-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ar...@apache.org
Subject cvs commit: xml-xalan/java/src/org/apache/xml/dtm ObjectFactory.java SecuritySupport.java SecuritySupport12.java DTMManager.java
Date Thu, 12 Feb 2004 09:50:54 GMT
aruny       2004/02/12 01:50:54

  Modified:    java/src/org/apache/xml/dtm Tag: jaxp12112003_branch
                        DTMManager.java
  Added:       java/src/org/apache/xml/dtm Tag: jaxp12112003_branch
                        ObjectFactory.java SecuritySupport.java
                        SecuritySupport12.java
  Log:
  ObjectFactory class exposes class loaders publicly which allow untrusted code to access
internal classes. Making following changes to fix it.
  
  1.Duplicating the ObjectFactory, SecuritySupport.java and SecuritySupport12.java class in
order to make it package private in each of the   packages that require its services.
  2.Using checkPackageAccess() to prevent access to internal packages of jdk(sun.*).
  
  Revision  Changes    Path
  No                   revision
  No                   revision
  1.16.4.1  +1 -1      xml-xalan/java/src/org/apache/xml/dtm/DTMManager.java
  
  Index: DTMManager.java
  ===================================================================
  RCS file: /home/cvs/xml-xalan/java/src/org/apache/xml/dtm/DTMManager.java,v
  retrieving revision 1.16
  retrieving revision 1.16.4.1
  diff -u -r1.16 -r1.16.4.1
  --- DTMManager.java	14 Aug 2003 16:27:44 -0000	1.16
  +++ DTMManager.java	12 Feb 2004 09:50:53 -0000	1.16.4.1
  @@ -58,7 +58,7 @@
   
   import org.apache.xml.res.XMLErrorResources;
   import org.apache.xml.res.XMLMessages;
  -import org.apache.xml.utils.ObjectFactory;
  +
   import org.apache.xml.utils.PrefixResolver;
   import org.apache.xml.utils.XMLStringFactory;
   
  
  
  
  No                   revision
  
  Index: DTMManager.java
  ===================================================================
  RCS file: /home/cvs/xml-xalan/java/src/org/apache/xml/dtm/DTMManager.java,v
  retrieving revision 1.16
  retrieving revision 1.16.4.1
  diff -u -r1.16 -r1.16.4.1
  --- DTMManager.java	14 Aug 2003 16:27:44 -0000	1.16
  +++ DTMManager.java	12 Feb 2004 09:50:53 -0000	1.16.4.1
  @@ -58,7 +58,7 @@
   
   import org.apache.xml.res.XMLErrorResources;
   import org.apache.xml.res.XMLMessages;
  -import org.apache.xml.utils.ObjectFactory;
  +
   import org.apache.xml.utils.PrefixResolver;
   import org.apache.xml.utils.XMLStringFactory;
   
  
  
  
  No                   revision
  
  Index: DTMManager.java
  ===================================================================
  RCS file: /home/cvs/xml-xalan/java/src/org/apache/xml/dtm/DTMManager.java,v
  retrieving revision 1.16
  retrieving revision 1.16.4.1
  diff -u -r1.16 -r1.16.4.1
  --- DTMManager.java	14 Aug 2003 16:27:44 -0000	1.16
  +++ DTMManager.java	12 Feb 2004 09:50:53 -0000	1.16.4.1
  @@ -58,7 +58,7 @@
   
   import org.apache.xml.res.XMLErrorResources;
   import org.apache.xml.res.XMLMessages;
  -import org.apache.xml.utils.ObjectFactory;
  +
   import org.apache.xml.utils.PrefixResolver;
   import org.apache.xml.utils.XMLStringFactory;
   
  
  
  
  1.1.2.1   +665 -0    xml-xalan/java/src/org/apache/xml/dtm/Attic/ObjectFactory.java
  
  
  
  
  1.4.2.1   +26 -8     xml-xalan/java/src/org/apache/xml/dtm/Attic/SecuritySupport.java
  
  
  
  
  1.4.2.1   +73 -23    xml-xalan/java/src/org/apache/xml/dtm/Attic/SecuritySupport12.java
  
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: xalan-cvs-unsubscribe@xml.apache.org
For additional commands, e-mail: xalan-cvs-help@xml.apache.org


Mime
View raw message