AGentooCat/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Packages Projects Releases Wiki Activity

* Jetty: Turn on checkAliases

Browse Source
This commit is contained in:
zzz
2010-01-29 13:55:16 +00:00
parent 0a93466999
commit 63d3685652
2 changed files with 19 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
installer/resources/wrapper.config
View File

@@ -57,18 +57,23 @@ wrapper.java.library.path.2=$INSTALL_PATH/lib
# Numbers must be consecutive (except for stripquotes)
wrapper.java.additional.1=-DloggerFilenameOverride=logs/log-router-@.txt
wrapper.java.additional.2=-Dorg.mortbay.http.Version.paranoid=true
wrapper.java.additional.3=-Dorg.mortbay.util.FileResource.checkAliases=false
wrapper.java.additional.4=-Dorg.mortbay.xml.XmlParser.NotValidating=true
wrapper.java.additional.5=-Di2p.dir.base="$INSTALL_PATH"
wrapper.java.additional.5.stripquotes=TRUE
wrapper.java.additional.3=-Dorg.mortbay.xml.XmlParser.NotValidating=true
wrapper.java.additional.4=-Di2p.dir.base="$INSTALL_PATH"
wrapper.java.additional.4.stripquotes=TRUE
# Jetty says this is a security risk
# Uncommenting this won't help as the router forces it to true
# If you really need this, you have to set it in jetty.xml
# somehow - not sure exactly but here's a clue:
# org.mortbay.util.FileResource.setCheckAliases(false)
# wrapper.java.additional.5=-Dorg.mortbay.util.FileResource.checkAliases=false
# PORTABLE installation:
# uncomment the following
#wrapper.java.additional.6=-Di2p.dir.pid="$INSTALL_PATH"
#wrapper.java.additional.5=-Di2p.dir.pid="$INSTALL_PATH"
#wrapper.java.additional.5.stripquotes=TRUE
#wrapper.java.additional.6=-Di2p.dir.temp="$INSTALL_PATH"
#wrapper.java.additional.6.stripquotes=TRUE
#wrapper.java.additional.7=-Di2p.dir.temp="$INSTALL_PATH"
#wrapper.java.additional.7=-Di2p.dir.config="$INSTALL_PATH"
#wrapper.java.additional.7.stripquotes=TRUE
#wrapper.java.additional.8=-Di2p.dir.config="$INSTALL_PATH"
#wrapper.java.additional.8.stripquotes=TRUE
#
# Uncomment this for better performance.
# If it doesn't work, server mode is not available in your JVM.

6
router/java/src/net/i2p/router/Router.java
View File

@@ -105,6 +105,12 @@ public class Router {
System.setProperty("user.timezone", "GMT");
// just in case, lets make it explicit...
TimeZone.setDefault(TimeZone.getTimeZone("GMT"));
// https://www.kb.cert.org/vuls/id/402580
// http://docs.codehaus.org/display/JETTY/SystemProperties
// Fixed in Jetty 5.1.15 but we are running 5.1.12
// The default is true, unfortunately it was previously
// set to false in wrapper.config thru 0.7.10 so we must set it back here.
System.setProperty("Dorg.mortbay.util.FileResource.checkAliases", "true");
}
public Router() { this(null, null); }