View | Details | Raw Unified | Return to bug 48960
Collapse All | Expand All

(-)new/SSIFilter.java (-10 / +1 lines)
Lines 59-66 Link Here
59
	/** default pattern for ssi filter content type matching */
59
	/** default pattern for ssi filter content type matching */
60
	protected Pattern shtmlRegEx =
60
	protected Pattern shtmlRegEx =
61
        Pattern.compile("text/x-server-parsed-html(;.*)?");
61
        Pattern.compile("text/x-server-parsed-html(;.*)?");
62
    /** Unsafe operation (exec cmd) */
63
    protected boolean allow_exec = false ;
64
62
65
63
66
    //----------------- Public methods.
64
    //----------------- Public methods.
Lines 86-98 Link Here
86
        isVirtualWebappRelative = 
84
        isVirtualWebappRelative = 
87
            Boolean.parseBoolean(config.getInitParameter("isVirtualWebappRelative"));
85
            Boolean.parseBoolean(config.getInitParameter("isVirtualWebappRelative"));
88
86
89
        allow_exec = 
90
            Boolean.parseBoolean(config.getInitParameter("allowExec"));
91
92
		if ( allow_exec ) {
93
            config.getServletContext().log("SSIServlet.init() SSI invoker started with 'allow_exec' - allowing unsafe exec/include");
94
		} ;
95
96
        if (config.getInitParameter("expires") != null)
87
        if (config.getInitParameter("expires") != null)
97
            expires = Long.valueOf(config.getInitParameter("expires"));
88
            expires = Long.valueOf(config.getInitParameter("expires"));
98
89
Lines 134-140 Link Here
134
                new SSIServletExternalResolver(config.getServletContext(), req,
125
                new SSIServletExternalResolver(config.getServletContext(), req,
135
                        res, isVirtualWebappRelative, debug, encoding);
126
                        res, isVirtualWebappRelative, debug, encoding);
136
            SSIProcessor ssiProcessor = new SSIProcessor(ssiExternalResolver,
127
            SSIProcessor ssiProcessor = new SSIProcessor(ssiExternalResolver,
137
                    debug, allow_exec);
128
                    debug);
138
            
129
            
139
            // prepare readers/writers
130
            // prepare readers/writers
140
            Reader reader =
131
            Reader reader =
(-)new/SSIProcessor.java (-8 / +4 lines)
Lines 44-60 Link Here
44
    protected int debug;
44
    protected int debug;
45
45
46
46
47
    public SSIProcessor(SSIExternalResolver ssiExternalResolver, int debug, boolean allow_exec) {
47
    public SSIProcessor(SSIExternalResolver ssiExternalResolver, int debug) {
48
        this.ssiExternalResolver = ssiExternalResolver;
48
        this.ssiExternalResolver = ssiExternalResolver;
49
        this.debug = debug;
49
        this.debug = debug;
50
        addBuiltinCommands();
50
        addBuiltinCommands();
51
		if ( allow_exec ) addExecCommands() ;
52
    }
51
    }
53
52
54
53
55
    protected void addBuiltinCommands() {
54
    protected void addBuiltinCommands() {
56
        addCommand("config", new SSIConfig());
55
        addCommand("config", new SSIConfig());
57
        addCommand("echo", new SSIEcho());
56
        addCommand("echo", new SSIEcho());
57
        addCommand("exec", new SSIExec());
58
        addCommand("include", new SSIInclude());
58
        addCommand("include", new SSIInclude());
59
        addCommand("flastmod", new SSIFlastmod());
59
        addCommand("flastmod", new SSIFlastmod());
60
        addCommand("fsize", new SSIFsize());
60
        addCommand("fsize", new SSIFsize());
Lines 63-76 Link Here
63
        SSIConditional ssiConditional = new SSIConditional();
63
        SSIConditional ssiConditional = new SSIConditional();
64
        addCommand("if", ssiConditional);
64
        addCommand("if", ssiConditional);
65
        addCommand("elif", ssiConditional);
65
        addCommand("elif", ssiConditional);
66
        addCommand("else", ssiConditional);
67
        addCommand("endif", ssiConditional);
66
        addCommand("endif", ssiConditional);
67
        addCommand("else", ssiConditional);
68
    }
68
    }
69
69
70
    protected void addExecCommands() {
71
        addCommand("exec", new SSIExec());
72
	} ;
73
74
70
75
    public void addCommand(String name, SSICommand command) {
71
    public void addCommand(String name, SSICommand command) {
76
        commands.put(name, command);
72
        commands.put(name, command);
Lines 325-328 Link Here
325
    protected boolean isQuote(char c) {
321
    protected boolean isQuote(char c) {
326
        return c == '\'' || c == '\"' || c == '`';
322
        return c == '\'' || c == '\"' || c == '`';
327
    }
323
    }
328
}
324
}
(-)new/SSIServlet.java (-11 / +2 lines)
Lines 54-61 Link Here
54
    protected String inputEncoding = null;
54
    protected String inputEncoding = null;
55
    /** Output encoding. If not specified, uses platform default */
55
    /** Output encoding. If not specified, uses platform default */
56
    protected String outputEncoding = "UTF-8";
56
    protected String outputEncoding = "UTF-8";
57
    /** Unsafe operation (exec cmd) */
58
    protected boolean allow_exec = false ;
59
57
60
58
61
    //----------------- Public methods.
59
    //----------------- Public methods.
Lines 73-85 Link Here
73
        isVirtualWebappRelative = 
71
        isVirtualWebappRelative = 
74
            Boolean.parseBoolean(getServletConfig().getInitParameter("isVirtualWebappRelative"));
72
            Boolean.parseBoolean(getServletConfig().getInitParameter("isVirtualWebappRelative"));
75
        
73
        
76
        allow_exec = 
77
            Boolean.parseBoolean(getServletConfig().getInitParameter("allowExec"));
78
79
		if ( allow_exec ) {
80
            log("SSIServlet.init() SSI invoker started with 'allow_exec' - allowing unsafe exec/include");
81
		} ;
82
        
83
        if (getServletConfig().getInitParameter("expires") != null)
74
        if (getServletConfig().getInitParameter("expires") != null)
84
            expires = Long.valueOf(getServletConfig().getInitParameter("expires"));
75
            expires = Long.valueOf(getServletConfig().getInitParameter("expires"));
85
        
76
        
Lines 185-191 Link Here
185
            new SSIServletExternalResolver(getServletContext(), req, res,
176
            new SSIServletExternalResolver(getServletContext(), req, res,
186
                    isVirtualWebappRelative, debug, inputEncoding);
177
                    isVirtualWebappRelative, debug, inputEncoding);
187
        SSIProcessor ssiProcessor = new SSIProcessor(ssiExternalResolver,
178
        SSIProcessor ssiProcessor = new SSIProcessor(ssiExternalResolver,
188
                debug, allow_exec);
179
                debug);
189
        PrintWriter printWriter = null;
180
        PrintWriter printWriter = null;
190
        StringWriter stringWriter = null;
181
        StringWriter stringWriter = null;
191
        if (buffered) {
182
        if (buffered) {
Lines 221-224 Link Here
221
        }
212
        }
222
        bufferedReader.close();
213
        bufferedReader.close();
223
    }
214
    }
224
}
215
}

Return to bug 48960