Only in new: META-INF diff -u new/SSIFilter.java old/SSIFilter.java --- new/SSIFilter.java 2010-07-13 15:43:49.000045000 -0400 +++ old/SSIFilter.java 2010-07-13 15:47:09.000024000 -0400 @@ -59,8 +59,6 @@ /** default pattern for ssi filter content type matching */ protected Pattern shtmlRegEx = Pattern.compile("text/x-server-parsed-html(;.*)?"); - /** Unsafe operation (exec cmd) */ - protected boolean allow_exec = false ; //----------------- Public methods. @@ -86,13 +84,6 @@ isVirtualWebappRelative = Boolean.parseBoolean(config.getInitParameter("isVirtualWebappRelative")); - allow_exec = - Boolean.parseBoolean(config.getInitParameter("allowExec")); - - if ( allow_exec ) { - config.getServletContext().log("SSIServlet.init() SSI invoker started with 'allow_exec' - allowing unsafe exec/include"); - } ; - if (config.getInitParameter("expires") != null) expires = Long.valueOf(config.getInitParameter("expires")); @@ -134,7 +125,7 @@ new SSIServletExternalResolver(config.getServletContext(), req, res, isVirtualWebappRelative, debug, encoding); SSIProcessor ssiProcessor = new SSIProcessor(ssiExternalResolver, - debug, allow_exec); + debug); // prepare readers/writers Reader reader = diff -u new/SSIProcessor.java old/SSIProcessor.java --- new/SSIProcessor.java 2010-07-13 15:43:49.000041000 -0400 +++ old/SSIProcessor.java 2010-07-13 15:47:09.000029000 -0400 @@ -44,17 +44,17 @@ protected int debug; - public SSIProcessor(SSIExternalResolver ssiExternalResolver, int debug, boolean allow_exec) { + public SSIProcessor(SSIExternalResolver ssiExternalResolver, int debug) { this.ssiExternalResolver = ssiExternalResolver; this.debug = debug; addBuiltinCommands(); - if ( allow_exec ) addExecCommands() ; } protected void addBuiltinCommands() { addCommand("config", new SSIConfig()); addCommand("echo", new SSIEcho()); + addCommand("exec", new SSIExec()); addCommand("include", new SSIInclude()); addCommand("flastmod", new SSIFlastmod()); addCommand("fsize", new SSIFsize()); @@ -63,14 +63,10 @@ SSIConditional ssiConditional = new SSIConditional(); addCommand("if", ssiConditional); addCommand("elif", ssiConditional); - addCommand("else", ssiConditional); addCommand("endif", ssiConditional); + addCommand("else", ssiConditional); } - protected void addExecCommands() { - addCommand("exec", new SSIExec()); - } ; - public void addCommand(String name, SSICommand command) { commands.put(name, command); @@ -325,4 +321,4 @@ protected boolean isQuote(char c) { return c == '\'' || c == '\"' || c == '`'; } -} +} \ No newline at end of file diff -u new/SSIServlet.java old/SSIServlet.java --- new/SSIServlet.java 2010-07-13 15:43:49.000036000 -0400 +++ old/SSIServlet.java 2010-07-13 15:47:09.000033000 -0400 @@ -54,8 +54,6 @@ protected String inputEncoding = null; /** Output encoding. If not specified, uses platform default */ protected String outputEncoding = "UTF-8"; - /** Unsafe operation (exec cmd) */ - protected boolean allow_exec = false ; //----------------- Public methods. @@ -73,13 +71,6 @@ isVirtualWebappRelative = Boolean.parseBoolean(getServletConfig().getInitParameter("isVirtualWebappRelative")); - allow_exec = - Boolean.parseBoolean(getServletConfig().getInitParameter("allowExec")); - - if ( allow_exec ) { - log("SSIServlet.init() SSI invoker started with 'allow_exec' - allowing unsafe exec/include"); - } ; - if (getServletConfig().getInitParameter("expires") != null) expires = Long.valueOf(getServletConfig().getInitParameter("expires")); @@ -185,7 +176,7 @@ new SSIServletExternalResolver(getServletContext(), req, res, isVirtualWebappRelative, debug, inputEncoding); SSIProcessor ssiProcessor = new SSIProcessor(ssiExternalResolver, - debug, allow_exec); + debug); PrintWriter printWriter = null; StringWriter stringWriter = null; if (buffered) { @@ -221,4 +212,4 @@ } bufferedReader.close(); } -} +} \ No newline at end of file