From: markt Date: Fri, 19 Jun 2009 13:03:42 +0000 (+0000) Subject: Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=38352 X-Git-Url: https://git.internetallee.de/?a=commitdiff_plain;h=8a04edab6ef058765948832580275dac89db0808;p=tomcat7.0 Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=38352 The JSPLoader needs to have read/write permission to the context's temp directory, as per the spec. git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@786490 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/java/org/apache/jasper/compiler/JspRuntimeContext.java b/java/org/apache/jasper/compiler/JspRuntimeContext.java index aac6c55e8..af728b785 100644 --- a/java/org/apache/jasper/compiler/JspRuntimeContext.java +++ b/java/org/apache/jasper/compiler/JspRuntimeContext.java @@ -394,16 +394,19 @@ public final class JspRuntimeContext { docBase = docBase + "-"; permissionCollection.add(new FilePermission(docBase,"read")); - // Create a file read permission for web app tempdir (work) - // directory + // Spec says apps should have read/write for their temp + // directory. This is fine, as no security sensitive files, at + // least any that the app doesn't have full control of anyway, + // will be written here. String workDir = options.getScratchDir().toString(); if (!workDir.endsWith(File.separator)){ permissionCollection.add - (new FilePermission(workDir,"read")); + (new FilePermission(workDir,"read,write")); workDir = workDir + File.separator; } workDir = workDir + "-"; - permissionCollection.add(new FilePermission(workDir,"read")); + permissionCollection.add(new FilePermission( + workDir,"read,write,delete")); // Allow the JSP to access org.apache.jasper.runtime.HttpJspBase permissionCollection.add( new RuntimePermission(