inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-07 17:49:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix for ALF-2512 - ability to execute JavaScript via cmd servlet by a non-admin user disabled by default.

Browse Source 
- user script execution privileges can be reactivated if required via web-client-config flag <allow-user-script-execute>

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@19933 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Kevin Roast
2010-04-21 12:11:40 +00:00
parent 82dc2c6ab5
commit 4cae5cd7e7
4 changed files with 55 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
source/java/org/alfresco/web/config/ClientElementReader.java
View File

@@ -22,11 +22,11 @@ package org.alfresco.web.config;
import java.util.ArrayList;
import java.util.List;
import org.alfresco.service.namespace.QName;
import org.dom4j.Element;
import org.springframework.extensions.config.ConfigElement;
import org.springframework.extensions.config.ConfigException;
import org.springframework.extensions.config.xml.elementreader.ConfigElementReader;
import org.alfresco.service.namespace.QName;
import org.dom4j.Element;
/**
* Custom element reader to parse config for client config values
@@ -66,7 +66,8 @@ public class ClientElementReader implements ConfigElementReader
public static final String ELEMENT_USERGROUPADMIN = "user-group-admin";
public static final String ELEMENT_ALLOWUSERCONFIG = "allow-user-config";
public static final String ELEMENT_PICKERSEARCHMINIMUM = "picker-search-minimum";
public static final String ELEMENT_CHECKCONTEXTPATH = "check-context-against-path";
public static final String ELEMENT_CHECKCONTEXTPATH = "check-context-against-path";
public static final String ELEMENT_ALLOWUSERSCRIPTEXECUTE = "allow-user-script-execute";
/**
@@ -325,7 +326,14 @@ public class ClientElementReader implements ConfigElementReader
if (checkContextAgainstPath != null)
{
configElement.setCheckContextAgainstPath(Boolean.parseBoolean(checkContextAgainstPath.getTextTrim()));
}
}
// get allow any user to execute javascript via the command servlet
Element allowUserScriptExecute = element.element(ELEMENT_ALLOWUSERSCRIPTEXECUTE);
if (allowUserScriptExecute != null)
{
configElement.setAllowUserScriptExecute(Boolean.parseBoolean(allowUserScriptExecute.getTextTrim()));
}
}
return configElement;