Menu
▾
▴
[Exist-commits] eXist-1.0/src/org/exist/dom DocumentSet.java,1.10,1.11
|
From: Wolfgang M. M. <wol...@us...> - 2004-04-01 14:24:44
|
Update of /cvsroot/exist/eXist-1.0/src/org/exist/dom In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv23472/src/org/exist/dom Modified Files: DocumentSet.java Log Message: Security issues fixed: resources were included in the XQuery context though the user had no permission to read the resource. REST-style interface did not correctly check permissions; /db/system/users.xml could be retrieved by ordinary users. Index: DocumentSet.java =================================================================== RCS file: /cvsroot/exist/eXist-1.0/src/org/exist/dom/DocumentSet.java,v retrieving revision 1.10 retrieving revision 1.11 diff -C2 -d -r1.10 -r1.11 *** DocumentSet.java 2 Feb 2004 15:30:39 -0000 1.10 --- DocumentSet.java 1 Apr 2004 14:12:46 -0000 1.11 *************** *** 28,31 **** --- 28,33 ---- import org.apache.log4j.Category; import org.exist.collections.*; + import org.exist.security.Permission; + import org.exist.storage.DBBroker; import org.exist.util.hashtable.Int2ObjectHashMap; import org.w3c.dom.Node; *************** *** 100,108 **** * @param docs */ ! public void addAll(java.util.Collection docs) { DocumentImpl doc; for(Iterator i = docs.iterator(); i.hasNext(); ) { doc = (DocumentImpl)i.next(); ! if(!doc.isLockedForWrite()) put(doc.getDocId(), doc); } --- 102,110 ---- * @param docs */ ! public void addAll(DBBroker broker, java.util.Collection docs) { DocumentImpl doc; for(Iterator i = docs.iterator(); i.hasNext(); ) { doc = (DocumentImpl)i.next(); ! if((broker == null || doc.getPermissions().validate(broker.getUser(), Permission.READ)) && (!doc.isLockedForWrite())) put(doc.getDocId(), doc); } |
