inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-07 17:49:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix for ALF-2512 - ability to execute JavaScript via cmd servlet by a non-admin user disabled by default.

Browse Source 
- user script execution privileges can be reactivated if required via web-client-config flag <allow-user-script-execute>

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@19933 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Kevin Roast
2010-04-21 12:11:40 +00:00
parent 82dc2c6ab5
commit 4cae5cd7e7
4 changed files with 55 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
source/java/org/alfresco/web/config/ClientConfigElement.java
View File

@@ -23,15 +23,15 @@ import java.util.List;
import javax.faces.context.FacesContext;
import org.springframework.extensions.config.ConfigElement;
import org.alfresco.config.JNDIConstants;
import org.springframework.extensions.config.element.ConfigElementAdapter;
import org.alfresco.mbeans.VirtServerRegistry;
import org.alfresco.service.namespace.QName;
import org.alfresco.util.ExpiringValueCache;
import org.alfresco.web.bean.repository.Repository;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.extensions.config.ConfigElement;
import org.springframework.extensions.config.element.ConfigElementAdapter;
/**
* Custom config element that represents config values for the client
@@ -82,7 +82,8 @@ public class ClientConfigElement extends ConfigElementAdapter
private boolean userGroupAdmin = true;
private boolean allowUserConfig = true;
private int pickerSearchMinimum = 2;
private boolean checkContextAgainstPath = false;
private boolean checkContextAgainstPath = false;
private boolean allowUserScriptExecute = false;
/**
@@ -312,8 +313,13 @@ public class ClientConfigElement extends ConfigElementAdapter
if (newElement.getCheckContextAgainstPath() != combinedElement.getCheckContextAgainstPath())
{
combinedElement.setCheckContextAgainstPath(newElement.getCheckContextAgainstPath());
}
if (newElement.getAllowUserScriptExecute() != combinedElement.getAllowUserScriptExecute())
{
combinedElement.setAllowUserScriptExecute(newElement.getAllowUserScriptExecute());
}
return combinedElement;
}
@@ -890,5 +896,21 @@ public class ClientConfigElement extends ConfigElementAdapter
/*package*/ void setCheckContextAgainstPath(boolean checkContextAgainstPath)
{
this.checkContextAgainstPath = checkContextAgainstPath;
}
/**
* @return true if any user can execute JavaScript via the command servlet
*/
public boolean getAllowUserScriptExecute()
{
return this.allowUserScriptExecute;
}
/**
* @param allowUserScriptExecute true to allow any user to execute JavaScript via the command servlet
*/
/*package*/ void setAllowUserScriptExecute(boolean allowUserScriptExecute)
{
this.allowUserScriptExecute = allowUserScriptExecute;
}
}