Menu
▾
▴
[Exist-commits] eXist-1.0/src/org/exist/soap QuerySoapBindingImpl.java,1.19,1.20
|
From: Wolfgang M. M. <wol...@us...> - 2004-04-01 14:24:44
|
Update of /cvsroot/exist/eXist-1.0/src/org/exist/soap In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv23472/src/org/exist/soap Modified Files: QuerySoapBindingImpl.java Log Message: Security issues fixed: resources were included in the XQuery context though the user had no permission to read the resource. REST-style interface did not correctly check permissions; /db/system/users.xml could be retrieved by ordinary users. Index: QuerySoapBindingImpl.java =================================================================== RCS file: /cvsroot/exist/eXist-1.0/src/org/exist/soap/QuerySoapBindingImpl.java,v retrieving revision 1.19 retrieving revision 1.20 diff -C2 -d -r1.19 -r1.20 *** QuerySoapBindingImpl.java 25 Mar 2004 12:50:51 -0000 1.19 --- QuerySoapBindingImpl.java 1 Apr 2004 14:12:46 -0000 1.20 *************** *** 215,219 **** int p; String resource; ! for (Iterator i = collection.iterator(); i.hasNext(); j++) { resource = ((DocumentImpl) i.next()).getFileName(); p = resource.lastIndexOf('/'); --- 215,219 ---- int p; String resource; ! for (Iterator i = collection.iterator(broker); i.hasNext(); j++) { resource = ((DocumentImpl) i.next()).getFileName(); p = resource.lastIndexOf('/'); |
