- From: Thomas Gambet via cvs-syncmail <cvsmail@w3.org>
- Date: Fri, 21 Aug 2009 12:43:18 +0000
- To: www-validator-cvs@w3.org
Update of /sources/public/2006/unicorn/src/org/w3c/unicorn/action
In directory hutz:/tmp/cvs-serv29344/src/org/w3c/unicorn/action
Modified Files:
Tag: dev2
InitAction.java
Log Message:
added PROTECT_INIT_ACTION property to allow initialization only from localhost (=true) or from any IP (=false)
Index: InitAction.java
===================================================================
RCS file: /sources/public/2006/unicorn/src/org/w3c/unicorn/action/Attic/InitAction.java,v
retrieving revision 1.1.2.3
retrieving revision 1.1.2.4
diff -u -d -r1.1.2.3 -r1.1.2.4
--- InitAction.java 19 Aug 2009 17:42:04 -0000 1.1.2.3
+++ InitAction.java 21 Aug 2009 12:43:16 -0000 1.1.2.4
@@ -9,6 +9,7 @@
import javax.servlet.http.HttpServletResponse;
import org.w3c.unicorn.Framework;
+import org.w3c.unicorn.util.Property;
/**
* Servlet implementation class InitAction
@@ -27,7 +28,11 @@
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
- if (true) {//request.getRemoteAddr().equals("0:0:0:0:0:0:0:1") || request.getRemoteAddr().equals("127.0.0.1")) {
+ // If PROPERTY_INIT_ACTION is not set or set to true, InitAction is only accessible from localhost.
+ // If PROPERTY_INIT_ACTION is set to true, any IP can initialize Unicorn. This should not be set in production environment.
+ String isProtected = Property.get("PROTECT_INIT_ACTION");
+ if ((isProtected == null || isProtected.equals("true")) && (request.getRemoteAddr().equals("0:0:0:0:0:0:0:1") || request.getRemoteAddr().equals("127.0.0.1"))
+ || (isProtected != null && isProtected.equals("false"))) {
response.setContentType("text/plain");
PrintWriter out = response.getWriter();
out.write("Initializing core: ");
Received on Friday, 21 August 2009 12:43:26 UTC