diff options
| author | Gary D. Gregory <ggregory@apache.org> | 2014-03-25 17:47:08 +0000 |
|---|---|---|
| committer | Dave Daynard <nardholio@gmail.com> | 2014-10-19 16:42:46 -0400 |
| commit | 4eec0bdd992698a6c82b4afb11b6957d54a2b28b (patch) | |
| tree | 35eb1a09d0b8774009050768c365f7398d3bbff1 | |
| parent | 4df2280acaca0bcf7b25004a540291627787b387 (diff) | |
| download | apache-xml-4eec0bdd992698a6c82b4afb11b6957d54a2b28b.tar.gz | |
Adjustment to patch for secure processing for CVE-2014-0107 by Ryan Berg based on feedack from Emmanuel Bourg.
git-svn-id: https://svn.apache.org/repos/asf/xalan/java/branches/xalan-j_2_7_1_maint@1581426 13f79535-47bb-0310-9956-ffa450edef68
| -rw-r--r-- | src/main/java/org/apache/xpath/functions/FuncSystemProperty.java | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/src/main/java/org/apache/xpath/functions/FuncSystemProperty.java b/src/main/java/org/apache/xpath/functions/FuncSystemProperty.java index 2621d7a..0562311 100644 --- a/src/main/java/org/apache/xpath/functions/FuncSystemProperty.java +++ b/src/main/java/org/apache/xpath/functions/FuncSystemProperty.java @@ -101,13 +101,12 @@ public class FuncSystemProperty extends FunctionOneArg //if secure procession is enabled only handle required properties do not not map any valid system property if(!xctxt.isSecureProcessing()) { - result = System.getProperty(fullName); + result = System.getProperty(propName); } else { warn(xctxt, XPATHErrorResources.WG_SECURITY_EXCEPTION, new Object[]{ fullName }); //"SecurityException when trying to access XSL system property: "+fullName); - result = xsltInfo.getProperty(propName); } if (null == result) { @@ -136,7 +135,6 @@ public class FuncSystemProperty extends FunctionOneArg { warn(xctxt, XPATHErrorResources.WG_SECURITY_EXCEPTION, new Object[]{ fullName }); //"SecurityException when trying to access XSL system property: "+fullName); - result = xsltInfo.getProperty(propName); } if (null == result) { |