diff options
author | Narayan Kamath <narayan@google.com> | 2014-10-24 12:02:53 +0000 |
---|---|---|
committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2014-10-24 12:02:53 +0000 |
commit | b6f1a009193f13433cc8b00f27b84733845f3a4d (patch) | |
tree | 35eb1a09d0b8774009050768c365f7398d3bbff1 | |
parent | 03cfec986fd7c17789b9153076f7dcc98d9d9d3b (diff) | |
parent | 4eec0bdd992698a6c82b4afb11b6957d54a2b28b (diff) | |
download | apache-xml-b6f1a009193f13433cc8b00f27b84733845f3a4d.tar.gz |
Merge "Adjustment to patch for secure processing for CVE-2014-0107 by Ryan Berg based on feedack from Emmanuel Bourg."
-rw-r--r-- | src/main/java/org/apache/xpath/functions/FuncSystemProperty.java | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/src/main/java/org/apache/xpath/functions/FuncSystemProperty.java b/src/main/java/org/apache/xpath/functions/FuncSystemProperty.java index 2621d7a..0562311 100644 --- a/src/main/java/org/apache/xpath/functions/FuncSystemProperty.java +++ b/src/main/java/org/apache/xpath/functions/FuncSystemProperty.java @@ -101,13 +101,12 @@ public class FuncSystemProperty extends FunctionOneArg //if secure procession is enabled only handle required properties do not not map any valid system property if(!xctxt.isSecureProcessing()) { - result = System.getProperty(fullName); + result = System.getProperty(propName); } else { warn(xctxt, XPATHErrorResources.WG_SECURITY_EXCEPTION, new Object[]{ fullName }); //"SecurityException when trying to access XSL system property: "+fullName); - result = xsltInfo.getProperty(propName); } if (null == result) { @@ -136,7 +135,6 @@ public class FuncSystemProperty extends FunctionOneArg { warn(xctxt, XPATHErrorResources.WG_SECURITY_EXCEPTION, new Object[]{ fullName }); //"SecurityException when trying to access XSL system property: "+fullName); - result = xsltInfo.getProperty(propName); } if (null == result) { |