# HG changeset patch # User andrew # Date 1366292290 -3600 # Node ID 3ce1593f819e0c137d69e69598d2305e15de51ad # Parent 691f82a0de0b1d3d6d68411bcd6a72406f5d91bc 6657673: Issues with JAXP Reviewed-by: alanb, lancea, ahgross, mullan diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/bcel/internal/classfile/JavaClass.java --- a/sources/jaxp_src/src/com/sun/org/apache/bcel/internal/classfile/JavaClass.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/bcel/internal/classfile/JavaClass.java Thu Apr 18 14:38:10 2013 +0100 @@ -63,6 +63,7 @@ import com.sun.org.apache.bcel.internal.util.ClassVector; import com.sun.org.apache.bcel.internal.util.ClassQueue; import com.sun.org.apache.bcel.internal.generic.Type; +import com.sun.org.apache.xalan.internal.utils.SecuritySupport; import java.io.*; import java.util.StringTokenizer; @@ -77,6 +78,7 @@ * class file. Those interested in programatically generating classes * should see the ClassGen class. + * @version $Id: JavaClass.java,v 1.4 2007-07-19 04:34:42 ofung Exp $ * @see com.sun.org.apache.bcel.internal.generic.ClassGen * @author M. Dahm */ @@ -451,9 +453,9 @@ String debug = null, sep = null; try { - debug = System.getProperty("JavaClass.debug"); + debug = SecuritySupport.getSystemProperty("JavaClass.debug"); // Get path separator either / or \ usually - sep = System.getProperty("file.separator"); + sep = SecuritySupport.getSystemProperty("file.separator"); } catch (SecurityException e) { // falls through diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/bcel/internal/util/Class2HTML.java --- a/sources/jaxp_src/src/com/sun/org/apache/bcel/internal/util/Class2HTML.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/bcel/internal/util/Class2HTML.java Thu Apr 18 14:38:10 2013 +0100 @@ -82,6 +82,7 @@ * method in the Method's frame will jump to the appropiate method in * the Code frame. * + * @version $Id: Class2HTML.java,v 1.3 2007-07-19 04:34:52 ofung Exp $ * @author M. Dahm */ public class Class2HTML implements Constants @@ -137,7 +138,7 @@ ClassParser parser=null; JavaClass java_class=null; String zip_file = null; - char sep = System.getProperty("file.separator").toCharArray()[0]; + char sep = SecuritySupport.getSystemProperty("file.separator").toCharArray()[0]; String dir = "." + sep; // Where to store HTML files try { diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/bcel/internal/util/ClassPath.java --- a/sources/jaxp_src/src/com/sun/org/apache/bcel/internal/util/ClassPath.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/bcel/internal/util/ClassPath.java Thu Apr 18 14:38:10 2013 +0100 @@ -66,6 +66,7 @@ * Responsible for loading (class) files from the CLASSPATH. Inspired by * sun.tools.ClassPath. * + * @version $Id: ClassPath.java,v 1.4 2007-07-19 04:34:52 ofung Exp $ * @author M. Dahm */ public class ClassPath implements Serializable { @@ -83,7 +84,7 @@ ArrayList vec = new ArrayList(); for(StringTokenizer tok=new StringTokenizer(class_path, - System.getProperty("path.separator")); + SecuritySupport.getSystemProperty("path.separator")); tok.hasMoreTokens();) { String path = tok.nextToken(); @@ -92,7 +93,7 @@ File file = new File(path); try { - if(file.exists()) { + if(SecuritySupport.getFileExists(file)) { if(file.isDirectory()) vec.add(new Dir(path)); else @@ -143,8 +144,9 @@ String name = tok.nextToken(); File file = new File(name); - if(file.exists()) + if(SecuritySupport.getFileExists(file)) { list.add(name); + } } } } @@ -159,9 +161,9 @@ String class_path, boot_path, ext_path; try { - class_path = System.getProperty("java.class.path"); - boot_path = System.getProperty("sun.boot.class.path"); - ext_path = System.getProperty("java.ext.dirs"); + class_path = SecuritySupport.getSystemProperty("java.class.path"); + boot_path = SecuritySupport.getSystemProperty("sun.boot.class.path"); + ext_path = SecuritySupport.getSystemProperty("java.ext.dirs"); } catch (SecurityException e) { return ""; @@ -176,8 +178,8 @@ getPathComponents(ext_path, dirs); for(Iterator e = dirs.iterator(); e.hasNext(); ) { - File ext_dir = new File((String)e.next()); - String[] extensions = ext_dir.list(new FilenameFilter() { + File ext_dir = new File((String)e.next()); + String[] extensions = SecuritySupport.getFileList(ext_dir, new FilenameFilter() { public boolean accept(File dir, String name) { name = name.toLowerCase(); return name.endsWith(".zip") || name.endsWith(".jar"); @@ -342,7 +344,7 @@ final File file = new File(dir + File.separatorChar + name.replace('.', File.separatorChar) + suffix); - return file.exists()? new ClassFile() { + return SecuritySupport.getFileExists(file)? new ClassFile() { public InputStream getInputStream() throws IOException { return new FileInputStream(file); } public String getPath() { try { diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/bcel/internal/util/JavaWrapper.java --- a/sources/jaxp_src/src/com/sun/org/apache/bcel/internal/util/JavaWrapper.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/bcel/internal/util/JavaWrapper.java Thu Apr 18 14:38:10 2013 +0100 @@ -72,6 +72,7 @@ * 
java com.sun.org.apache.bcel.internal.util.JavaWrapper -Dbcel.classloader=foo.MyLoader <real.class.name> [arguments]
*

* + * @version $Id: JavaWrapper.java,v 1.3 2007-07-19 04:34:52 ofung Exp $ * @author M. Dahm * @see ClassLoader */ @@ -79,7 +80,7 @@ private java.lang.ClassLoader loader; private static java.lang.ClassLoader getClassLoader() { - String s = System.getProperty("bcel.classloader"); + String s = SecuritySupport.getSystemProperty("bcel.classloader"); if((s == null) || "".equals(s)) s = "com.sun.org.apache.bcel.internal.util.ClassLoader"; diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLMessages.java --- a/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLMessages.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLMessages.java Thu Apr 18 14:38:10 2013 +0100 @@ -22,68 +22,72 @@ */ package com.sun.org.apache.xalan.internal.res; +import com.sun.org.apache.xalan.internal.utils.SecuritySupport; import java.util.ListResourceBundle; import com.sun.org.apache.xpath.internal.res.XPATHMessages; /** - * Sets things up for issuing error messages. This class is misnamed, and - * should be called XalanMessages, or some such. + * Sets things up for issuing error messages. This class is misnamed, and should + * be called XalanMessages, or some such. + * * @xsl.usage internal */ -public class XSLMessages extends XPATHMessages -{ +public class XSLMessages extends XPATHMessages { - /** The language specific resource object for Xalan messages. */ - private static ListResourceBundle XSLTBundle = null; - - /** The class name of the Xalan error message string table. */ - private static final String XSLT_ERROR_RESOURCES = - "com.sun.org.apache.xalan.internal.res.XSLTErrorResources"; + /** + * The language specific resource object for Xalan messages. + */ + private static ListResourceBundle XSLTBundle = null; + /** + * The class name of the Xalan error message string table. + */ + private static final String XSLT_ERROR_RESOURCES = + "com.sun.org.apache.xalan.internal.res.XSLTErrorResources"; - /** - * Creates a message from the specified key and replacement - * arguments, localized to the given locale. - * - * @param msgKey The key for the message text. - * @param args The arguments to be used as replacement text - * in the message created. - * - * @return The formatted message string. - */ - public static final String createMessage(String msgKey, Object args[]) //throws Exception - { - if (XSLTBundle == null) - XSLTBundle = loadResourceBundle(XSLT_ERROR_RESOURCES); - - if (XSLTBundle != null) + /** + * Creates a message from the specified key and replacement arguments, + * localized to the given locale. + * + * @param msgKey The key for the message text. + * @param args The arguments to be used as replacement text in the message + * created. + * + * @return The formatted message string. + */ + public static String createMessage(String msgKey, Object args[]) //throws Exception { - return createMsg(XSLTBundle, msgKey, args); + if (XSLTBundle == null) { + XSLTBundle = SecuritySupport.getResourceBundle(XSLT_ERROR_RESOURCES); + } + + if (XSLTBundle != null) { + return createMsg(XSLTBundle, msgKey, args); + } else { + return "Could not load any resource bundles."; + } } - else - return "Could not load any resource bundles."; - } - /** - * Creates a message from the specified key and replacement - * arguments, localized to the given locale. - * - * @param msgKey The key for the message text. - * @param args The arguments to be used as replacement text - * in the message created. - * - * @return The formatted warning string. - */ - public static final String createWarning(String msgKey, Object args[]) //throws Exception - { - if (XSLTBundle == null) - XSLTBundle = loadResourceBundle(XSLT_ERROR_RESOURCES); + /** + * Creates a message from the specified key and replacement arguments, + * localized to the given locale. + * + * @param msgKey The key for the message text. + * @param args The arguments to be used as replacement text in the message + * created. + * + * @return The formatted warning string. + */ + public static String createWarning(String msgKey, Object args[]) //throws Exception + { + if (XSLTBundle == null) { + XSLTBundle = SecuritySupport.getResourceBundle(XSLT_ERROR_RESOURCES); + } - if (XSLTBundle != null) - { - return createMsg(XSLTBundle, msgKey, args); + if (XSLTBundle != null) { + return createMsg(XSLTBundle, msgKey, args); + } else { + return "Could not load any resource bundles."; + } } - else - return "Could not load any resource bundles."; - } } diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources.java --- a/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources.java Thu Apr 18 14:38:10 2013 +0100 @@ -1448,68 +1448,4 @@ public static final String QUERY_HEADER = "PATTERN "; - /** - * Return a named ResourceBundle for a particular locale. This method mimics the behavior - * of ResourceBundle.getBundle(). - * - * @param className the name of the class that implements the resource bundle. - * @return the ResourceBundle - * @throws MissingResourceException - */ - public static final XSLTErrorResources loadResourceBundle(String className) - throws MissingResourceException - { - - Locale locale = Locale.getDefault(); - String suffix = getResourceSuffix(locale); - - try - { - - // first try with the given locale - return (XSLTErrorResources) ResourceBundle.getBundle(className - + suffix, locale); } - catch (MissingResourceException e) - { - try // try to fall back to en_US if we can't load - { - - // Since we can't find the localized property file, - // fall back to en_US. - return (XSLTErrorResources) ResourceBundle.getBundle(className, - new Locale("en", "US")); - } - catch (MissingResourceException e2) - { - - // Now we are really in trouble. - // very bad, definitely very bad...not going to get very far - throw new MissingResourceException( - "Could not load any resource bundles.", className, ""); - } - } - } - - /** - * Return the resource file suffic for the indicated locale - * For most locales, this will be based the language code. However - * for Chinese, we do distinguish between Taiwan and PRC - * - * @param locale the locale - * @return an String suffix which canbe appended to a resource name - */ - private static final String getResourceSuffix(Locale locale) - { - - String suffix = "_" + locale.getLanguage(); - String country = locale.getCountry(); - - if (country.equals("TW")) - suffix += "_" + country; - - return suffix; - } - - -} diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_de.java --- a/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_de.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_de.java Thu Apr 18 14:38:10 2013 +0100 @@ -1448,68 +1448,4 @@ public static final String QUERY_HEADER = "PATTERN "; - /** - * Return a named ResourceBundle for a particular locale. This method mimics the behavior - * of ResourceBundle.getBundle(). - * - * @param className the name of the class that implements the resource bundle. - * @return the ResourceBundle - * @throws MissingResourceException - */ - public static final XSLTErrorResources loadResourceBundle(String className) - throws MissingResourceException - { - - Locale locale = Locale.getDefault(); - String suffix = getResourceSuffix(locale); - - try - { - - // first try with the given locale - return (XSLTErrorResources) ResourceBundle.getBundle(className - + suffix, locale); } - catch (MissingResourceException e) - { - try // try to fall back to en_US if we can't load - { - - // Since we can't find the localized property file, - // fall back to en_US. - return (XSLTErrorResources) ResourceBundle.getBundle(className, - new Locale("en", "US")); - } - catch (MissingResourceException e2) - { - - // Now we are really in trouble. - // very bad, definitely very bad...not going to get very far - throw new MissingResourceException( - "Could not load any resource bundles.", className, ""); - } - } - } - - /** - * Return the resource file suffic for the indicated locale - * For most locales, this will be based the language code. However - * for Chinese, we do distinguish between Taiwan and PRC - * - * @param locale the locale - * @return an String suffix which canbe appended to a resource name - */ - private static final String getResourceSuffix(Locale locale) - { - - String suffix = "_" + locale.getLanguage(); - String country = locale.getCountry(); - - if (country.equals("TW")) - suffix += "_" + country; - - return suffix; - } - - -} diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_es.java --- a/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_es.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_es.java Thu Apr 18 14:38:10 2013 +0100 @@ -1448,68 +1448,4 @@ public static final String QUERY_HEADER = "PATTERN "; - /** - * Return a named ResourceBundle for a particular locale. This method mimics the behavior - * of ResourceBundle.getBundle(). - * - * @param className the name of the class that implements the resource bundle. - * @return the ResourceBundle - * @throws MissingResourceException - */ - public static final XSLTErrorResources loadResourceBundle(String className) - throws MissingResourceException - { - - Locale locale = Locale.getDefault(); - String suffix = getResourceSuffix(locale); - - try - { - - // first try with the given locale - return (XSLTErrorResources) ResourceBundle.getBundle(className - + suffix, locale); } - catch (MissingResourceException e) - { - try // try to fall back to en_US if we can't load - { - - // Since we can't find the localized property file, - // fall back to en_US. - return (XSLTErrorResources) ResourceBundle.getBundle(className, - new Locale("en", "US")); - } - catch (MissingResourceException e2) - { - - // Now we are really in trouble. - // very bad, definitely very bad...not going to get very far - throw new MissingResourceException( - "Could not load any resource bundles.", className, ""); - } - } - } - - /** - * Return the resource file suffic for the indicated locale - * For most locales, this will be based the language code. However - * for Chinese, we do distinguish between Taiwan and PRC - * - * @param locale the locale - * @return an String suffix which canbe appended to a resource name - */ - private static final String getResourceSuffix(Locale locale) - { - - String suffix = "_" + locale.getLanguage(); - String country = locale.getCountry(); - - if (country.equals("TW")) - suffix += "_" + country; - - return suffix; - } - - -} diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_fr.java --- a/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_fr.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_fr.java Thu Apr 18 14:38:10 2013 +0100 @@ -1448,68 +1448,4 @@ public static final String QUERY_HEADER = "PATTERN "; - /** - * Return a named ResourceBundle for a particular locale. This method mimics the behavior - * of ResourceBundle.getBundle(). - * - * @param className the name of the class that implements the resource bundle. - * @return the ResourceBundle - * @throws MissingResourceException - */ - public static final XSLTErrorResources loadResourceBundle(String className) - throws MissingResourceException - { - - Locale locale = Locale.getDefault(); - String suffix = getResourceSuffix(locale); - - try - { - - // first try with the given locale - return (XSLTErrorResources) ResourceBundle.getBundle(className - + suffix, locale); } - catch (MissingResourceException e) - { - try // try to fall back to en_US if we can't load - { - - // Since we can't find the localized property file, - // fall back to en_US. - return (XSLTErrorResources) ResourceBundle.getBundle(className, - new Locale("en", "US")); - } - catch (MissingResourceException e2) - { - - // Now we are really in trouble. - // very bad, definitely very bad...not going to get very far - throw new MissingResourceException( - "Could not load any resource bundles.", className, ""); - } - } - } - - /** - * Return the resource file suffic for the indicated locale - * For most locales, this will be based the language code. However - * for Chinese, we do distinguish between Taiwan and PRC - * - * @param locale the locale - * @return an String suffix which canbe appended to a resource name - */ - private static final String getResourceSuffix(Locale locale) - { - - String suffix = "_" + locale.getLanguage(); - String country = locale.getCountry(); - - if (country.equals("TW")) - suffix += "_" + country; - - return suffix; - } - - -} diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_it.java --- a/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_it.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_it.java Thu Apr 18 14:38:10 2013 +0100 @@ -1448,68 +1448,4 @@ public static final String QUERY_HEADER = "PATTERN "; - /** - * Return a named ResourceBundle for a particular locale. This method mimics the behavior - * of ResourceBundle.getBundle(). - * - * @param className the name of the class that implements the resource bundle. - * @return the ResourceBundle - * @throws MissingResourceException - */ - public static final XSLTErrorResources loadResourceBundle(String className) - throws MissingResourceException - { - - Locale locale = Locale.getDefault(); - String suffix = getResourceSuffix(locale); - - try - { - - // first try with the given locale - return (XSLTErrorResources) ResourceBundle.getBundle(className - + suffix, locale); } - catch (MissingResourceException e) - { - try // try to fall back to en_US if we can't load - { - - // Since we can't find the localized property file, - // fall back to en_US. - return (XSLTErrorResources) ResourceBundle.getBundle(className, - new Locale("en", "US")); - } - catch (MissingResourceException e2) - { - - // Now we are really in trouble. - // very bad, definitely very bad...not going to get very far - throw new MissingResourceException( - "Could not load any resource bundles.", className, ""); - } - } - } - - /** - * Return the resource file suffic for the indicated locale - * For most locales, this will be based the language code. However - * for Chinese, we do distinguish between Taiwan and PRC - * - * @param locale the locale - * @return an String suffix which canbe appended to a resource name - */ - private static final String getResourceSuffix(Locale locale) - { - - String suffix = "_" + locale.getLanguage(); - String country = locale.getCountry(); - - if (country.equals("TW")) - suffix += "_" + country; - - return suffix; - } - - -} diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_ja.java --- a/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_ja.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_ja.java Thu Apr 18 14:38:10 2013 +0100 @@ -1448,68 +1448,4 @@ public static final String QUERY_HEADER = "PATTERN "; - /** - * Return a named ResourceBundle for a particular locale. This method mimics the behavior - * of ResourceBundle.getBundle(). - * - * @param className the name of the class that implements the resource bundle. - * @return the ResourceBundle - * @throws MissingResourceException - */ - public static final XSLTErrorResources loadResourceBundle(String className) - throws MissingResourceException - { - - Locale locale = Locale.getDefault(); - String suffix = getResourceSuffix(locale); - - try - { - - // first try with the given locale - return (XSLTErrorResources) ResourceBundle.getBundle(className - + suffix, locale); } - catch (MissingResourceException e) - { - try // try to fall back to en_US if we can't load - { - - // Since we can't find the localized property file, - // fall back to en_US. - return (XSLTErrorResources) ResourceBundle.getBundle(className, - new Locale("en", "US")); - } - catch (MissingResourceException e2) - { - - // Now we are really in trouble. - // very bad, definitely very bad...not going to get very far - throw new MissingResourceException( - "Could not load any resource bundles.", className, ""); - } - } - } - - /** - * Return the resource file suffic for the indicated locale - * For most locales, this will be based the language code. However - * for Chinese, we do distinguish between Taiwan and PRC - * - * @param locale the locale - * @return an String suffix which canbe appended to a resource name - */ - private static final String getResourceSuffix(Locale locale) - { - - String suffix = "_" + locale.getLanguage(); - String country = locale.getCountry(); - - if (country.equals("TW")) - suffix += "_" + country; - - return suffix; - } - - -} diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_ko.java --- a/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_ko.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_ko.java Thu Apr 18 14:38:10 2013 +0100 @@ -1448,68 +1448,4 @@ public static final String QUERY_HEADER = "PATTERN "; - /** - * Return a named ResourceBundle for a particular locale. This method mimics the behavior - * of ResourceBundle.getBundle(). - * - * @param className the name of the class that implements the resource bundle. - * @return the ResourceBundle - * @throws MissingResourceException - */ - public static final XSLTErrorResources loadResourceBundle(String className) - throws MissingResourceException - { - - Locale locale = Locale.getDefault(); - String suffix = getResourceSuffix(locale); - - try - { - - // first try with the given locale - return (XSLTErrorResources) ResourceBundle.getBundle(className - + suffix, locale); } - catch (MissingResourceException e) - { - try // try to fall back to en_US if we can't load - { - - // Since we can't find the localized property file, - // fall back to en_US. - return (XSLTErrorResources) ResourceBundle.getBundle(className, - new Locale("en", "US")); - } - catch (MissingResourceException e2) - { - - // Now we are really in trouble. - // very bad, definitely very bad...not going to get very far - throw new MissingResourceException( - "Could not load any resource bundles.", className, ""); - } - } - } - - /** - * Return the resource file suffic for the indicated locale - * For most locales, this will be based the language code. However - * for Chinese, we do distinguish between Taiwan and PRC - * - * @param locale the locale - * @return an String suffix which canbe appended to a resource name - */ - private static final String getResourceSuffix(Locale locale) - { - - String suffix = "_" + locale.getLanguage(); - String country = locale.getCountry(); - - if (country.equals("TW")) - suffix += "_" + country; - - return suffix; - } - - -} diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_pt_BR.java --- a/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_pt_BR.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_pt_BR.java Thu Apr 18 14:38:10 2013 +0100 @@ -1449,68 +1449,5 @@ public static final String QUERY_HEADER = "PATTERN "; - /** - * Return a named ResourceBundle for a particular locale. This method mimics the behavior - * of ResourceBundle.getBundle(). - * - * @param className the name of the class that implements the resource bundle. - * @return the ResourceBundle - * @throws MissingResourceException - */ - public static final XSLTErrorResources loadResourceBundle(String className) - throws MissingResourceException - { - - Locale locale = Locale.getDefault(); - String suffix = getResourceSuffix(locale); - - try - { - - // first try with the given locale - return (XSLTErrorResources) ResourceBundle.getBundle(className - + suffix, locale); - } - catch (MissingResourceException e) - { - try // try to fall back to en_US if we can't load - { - - // Since we can't find the localized property file, - // fall back to en_US. - return (XSLTErrorResources) ResourceBundle.getBundle(className, - new Locale("en", "US")); - } - catch (MissingResourceException e2) - { - - // Now we are really in trouble. - // very bad, definitely very bad...not going to get very far - throw new MissingResourceException( - "Could not load any resource bundles.", className, ""); - } - } - } - - /** - * Return the resource file suffic for the indicated locale - * For most locales, this will be based the language code. However - * for Chinese, we do distinguish between Taiwan and PRC - * - * @param locale the locale - * @return an String suffix which canbe appended to a resource name - */ - private static final String getResourceSuffix(Locale locale) - { - - String suffix = "_" + locale.getLanguage(); - String country = locale.getCountry(); - - if (country.equals("TW")) - suffix += "_" + country; - - return suffix; - } - } diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_sv.java --- a/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_sv.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_sv.java Thu Apr 18 14:38:10 2013 +0100 @@ -1448,68 +1448,4 @@ public static final String QUERY_HEADER = "PATTERN "; - /** - * Return a named ResourceBundle for a particular locale. This method mimics the behavior - * of ResourceBundle.getBundle(). - * - * @param className the name of the class that implements the resource bundle. - * @return the ResourceBundle - * @throws MissingResourceException - */ - public static final XSLTErrorResources loadResourceBundle(String className) - throws MissingResourceException - { - - Locale locale = Locale.getDefault(); - String suffix = getResourceSuffix(locale); - - try - { - - // first try with the given locale - return (XSLTErrorResources) ResourceBundle.getBundle(className - + suffix, locale); } - catch (MissingResourceException e) - { - try // try to fall back to en_US if we can't load - { - - // Since we can't find the localized property file, - // fall back to en_US. - return (XSLTErrorResources) ResourceBundle.getBundle(className, - new Locale("en", "US")); - } - catch (MissingResourceException e2) - { - - // Now we are really in trouble. - // very bad, definitely very bad...not going to get very far - throw new MissingResourceException( - "Could not load any resource bundles.", className, ""); - } - } - } - - /** - * Return the resource file suffic for the indicated locale - * For most locales, this will be based the language code. However - * for Chinese, we do distinguish between Taiwan and PRC - * - * @param locale the locale - * @return an String suffix which canbe appended to a resource name - */ - private static final String getResourceSuffix(Locale locale) - { - - String suffix = "_" + locale.getLanguage(); - String country = locale.getCountry(); - - if (country.equals("TW")) - suffix += "_" + country; - - return suffix; - } - - -} diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_zh_CN.java --- a/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_zh_CN.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_zh_CN.java Thu Apr 18 14:38:10 2013 +0100 @@ -1448,68 +1448,4 @@ public static final String QUERY_HEADER = "PATTERN "; - /** - * Return a named ResourceBundle for a particular locale. This method mimics the behavior - * of ResourceBundle.getBundle(). - * - * @param className the name of the class that implements the resource bundle. - * @return the ResourceBundle - * @throws MissingResourceException - */ - public static final XSLTErrorResources loadResourceBundle(String className) - throws MissingResourceException - { - - Locale locale = Locale.getDefault(); - String suffix = getResourceSuffix(locale); - - try - { - - // first try with the given locale - return (XSLTErrorResources) ResourceBundle.getBundle(className - + suffix, locale); } - catch (MissingResourceException e) - { - try // try to fall back to en_US if we can't load - { - - // Since we can't find the localized property file, - // fall back to en_US. - return (XSLTErrorResources) ResourceBundle.getBundle(className, - new Locale("en", "US")); - } - catch (MissingResourceException e2) - { - - // Now we are really in trouble. - // very bad, definitely very bad...not going to get very far - throw new MissingResourceException( - "Could not load any resource bundles.", className, ""); - } - } - } - - /** - * Return the resource file suffic for the indicated locale - * For most locales, this will be based the language code. However - * for Chinese, we do distinguish between Taiwan and PRC - * - * @param locale the locale - * @return an String suffix which canbe appended to a resource name - */ - private static final String getResourceSuffix(Locale locale) - { - - String suffix = "_" + locale.getLanguage(); - String country = locale.getCountry(); - - if (country.equals("TW")) - suffix += "_" + country; - - return suffix; - } - - -} diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_zh_TW.java --- a/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_zh_TW.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_zh_TW.java Thu Apr 18 14:38:10 2013 +0100 @@ -1448,68 +1448,4 @@ public static final String QUERY_HEADER = "PATTERN "; - /** - * Return a named ResourceBundle for a particular locale. This method mimics the behavior - * of ResourceBundle.getBundle(). - * - * @param className the name of the class that implements the resource bundle. - * @return the ResourceBundle - * @throws MissingResourceException - */ - public static final XSLTErrorResources loadResourceBundle(String className) - throws MissingResourceException - { - - Locale locale = Locale.getDefault(); - String suffix = getResourceSuffix(locale); - - try - { - - // first try with the given locale - return (XSLTErrorResources) ResourceBundle.getBundle(className - + suffix, locale); } - catch (MissingResourceException e) - { - try // try to fall back to en_US if we can't load - { - - // Since we can't find the localized property file, - // fall back to en_US. - return (XSLTErrorResources) ResourceBundle.getBundle(className, - new Locale("en", "US")); - } - catch (MissingResourceException e2) - { - - // Now we are really in trouble. - // very bad, definitely very bad...not going to get very far - throw new MissingResourceException( - "Could not load any resource bundles.", className, ""); - } - } - } - - /** - * Return the resource file suffic for the indicated locale - * For most locales, this will be based the language code. However - * for Chinese, we do distinguish between Taiwan and PRC - * - * @param locale the locale - * @return an String suffix which canbe appended to a resource name - */ - private static final String getResourceSuffix(Locale locale) - { - - String suffix = "_" + locale.getLanguage(); - String country = locale.getCountry(); - - if (country.equals("TW")) - suffix += "_" + country; - - return suffix; - } - - -} diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xslt/EnvironmentCheck.java --- a/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xslt/EnvironmentCheck.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xslt/EnvironmentCheck.java Thu Apr 18 14:38:10 2013 +0100 @@ -22,6 +22,8 @@ */ package com.sun.org.apache.xalan.internal.xslt; +import com.sun.org.apache.xalan.internal.utils.SecuritySupport; + import java.io.File; import java.io.FileWriter; import java.io.PrintWriter; @@ -572,7 +574,7 @@ // Grab java version for later use try { - String javaVersion = System.getProperty("java.version"); + String javaVersion = SecuritySupport.getSystemProperty("java.version"); h.put("java.version", javaVersion); } @@ -591,7 +593,7 @@ { // This is present in all JVM's - String cp = System.getProperty("java.class.path"); + String cp = SecuritySupport.getSystemProperty("java.class.path"); h.put("java.class.path", cp); @@ -601,7 +603,7 @@ h.put(FOUNDCLASSES + "java.class.path", classpathJars); // Also check for JDK 1.2+ type classpaths - String othercp = System.getProperty("sun.boot.class.path"); + String othercp = SecuritySupport.getSystemProperty("sun.boot.class.path"); if (null != othercp) { @@ -615,7 +617,7 @@ //@todo NOTE: We don't actually search java.ext.dirs for // *.jar files therein! This should be updated - othercp = System.getProperty("java.ext.dirs"); + othercp = SecuritySupport.getSystemProperty("java.ext.dirs"); if (null != othercp) { @@ -1012,7 +1014,7 @@ Class clazz = ObjectFactory.findProviderClass( DOM_CLASS, ObjectFactory.findClassLoader(), true); - Method method = clazz.getMethod(DOM_LEVEL3_METHOD, null); + Method method = clazz.getMethod(DOM_LEVEL3_METHOD, (Class[])null); // If we succeeded, we have loaded interfaces from a // level 3 DOM somewhere diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xslt/Process.java --- a/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xslt/Process.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xslt/Process.java Thu Apr 18 14:38:10 2013 +0100 @@ -55,6 +55,8 @@ import com.sun.org.apache.xalan.internal.Version; import com.sun.org.apache.xalan.internal.res.XSLMessages; import com.sun.org.apache.xalan.internal.res.XSLTErrorResources; +import com.sun.org.apache.xalan.internal.utils.ConfigurationError; +import com.sun.org.apache.xalan.internal.utils.SecuritySupport; //J2SE does not support Xalan interpretive /* @@ -178,7 +180,7 @@ java.io.PrintWriter diagnosticsWriter = new PrintWriter(System.err, true); java.io.PrintWriter dumpWriter = diagnosticsWriter; ResourceBundle resbundle = - (XSLMessages.loadResourceBundle( + (SecuritySupport.getResourceBundle( com.sun.org.apache.xml.internal.utils.res.XResourceBundle.ERROR_RESOURCES)); String flavor = "s2s"; @@ -462,7 +464,7 @@ tfactory.setURIResolver(uriResolver); } - catch (ObjectFactory.ConfigurationError cnfe) + catch (ConfigurationError cnfe) { msg = XSLMessages.createMessage( XSLTErrorResources.ER_CLASS_NOT_FOUND_FOR_OPTION, diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/compiler/Parser.java --- a/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/compiler/Parser.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/compiler/Parser.java Thu Apr 18 14:38:10 2013 +0100 @@ -400,7 +400,7 @@ } } catch (TypeCheckError e) { - reportError(ERROR, new ErrorMsg(e)); + reportError(ERROR, new ErrorMsg(ErrorMsg.JAXP_COMPILE_ERR, e)); } } @@ -420,7 +420,7 @@ } catch (IOException e) { if (_xsltc.debug()) e.printStackTrace(); - reportError(ERROR,new ErrorMsg(e)); + reportError(ERROR,new ErrorMsg(ErrorMsg.JAXP_COMPILE_ERR, e)); } catch (SAXException e) { Throwable ex = e.getException(); @@ -428,15 +428,15 @@ e.printStackTrace(); if (ex != null) ex.printStackTrace(); } - reportError(ERROR, new ErrorMsg(e)); + reportError(ERROR, new ErrorMsg(ErrorMsg.JAXP_COMPILE_ERR, e)); } catch (CompilerException e) { if (_xsltc.debug()) e.printStackTrace(); - reportError(ERROR, new ErrorMsg(e)); + reportError(ERROR, new ErrorMsg(ErrorMsg.JAXP_COMPILE_ERR, e)); } catch (Exception e) { if (_xsltc.debug()) e.printStackTrace(); - reportError(ERROR, new ErrorMsg(e)); + reportError(ERROR, new ErrorMsg(ErrorMsg.JAXP_COMPILE_ERR, e)); } return null; } diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/compiler/XSLTC.java --- a/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/compiler/XSLTC.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/compiler/XSLTC.java Thu Apr 18 14:38:10 2013 +0100 @@ -41,10 +41,12 @@ import java.util.jar.Manifest; import com.sun.org.apache.bcel.internal.classfile.JavaClass; +import com.sun.org.apache.xalan.internal.utils.SecuritySupport; import com.sun.org.apache.xalan.internal.xsltc.compiler.util.ErrorMsg; import com.sun.org.apache.xalan.internal.xsltc.compiler.util.Util; import com.sun.org.apache.xml.internal.dtm.DTM; +import com.sun.org.apache.xalan.internal.utils.SecuritySupport; import org.xml.sax.InputSource; import org.xml.sax.XMLReader; @@ -257,7 +259,7 @@ return compile(input, _className); } catch (IOException e) { - _parser.reportError(Constants.FATAL, new ErrorMsg(e)); + _parser.reportError(Constants.FATAL, new ErrorMsg(ErrorMsg.JAXP_COMPILE_ERR, e)); return false; } } @@ -276,7 +278,7 @@ return compile(input, name); } catch (IOException e) { - _parser.reportError(Constants.FATAL, new ErrorMsg(e)); + _parser.reportError(Constants.FATAL, new ErrorMsg(ErrorMsg.JAXP_COMPILE_ERR, e)); return false; } } @@ -361,11 +363,11 @@ } catch (Exception e) { /*if (_debug)*/ e.printStackTrace(); - _parser.reportError(Constants.FATAL, new ErrorMsg(e)); + _parser.reportError(Constants.FATAL, new ErrorMsg(ErrorMsg.JAXP_COMPILE_ERR, e)); } catch (Error e) { if (_debug) e.printStackTrace(); - _parser.reportError(Constants.FATAL, new ErrorMsg(e)); + _parser.reportError(Constants.FATAL, new ErrorMsg(ErrorMsg.JAXP_COMPILE_ERR, e)); } finally { _reader = null; // reset this here to be sure it is not re-used @@ -573,7 +575,7 @@ */ public boolean setDestDirectory(String dstDirName) { final File dir = new File(dstDirName); - if (dir.exists() || dir.mkdirs()) { + if (SecuritySupport.getFileExists(dir) || dir.mkdirs()) { _destDir = dir; return true; } @@ -746,7 +748,7 @@ String parentDir = outFile.getParent(); if (parentDir != null) { File parentFile = new File(parentDir); - if (!parentFile.exists()) + if (!SecuritySupport.getFileExists(parentFile)) parentFile.mkdirs(); } } diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMessages.java --- a/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMessages.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMessages.java Thu Apr 18 14:38:10 2013 +0100 @@ -941,7 +941,13 @@ "Cannot set the feature ''{0}'' on this TransformerFactory."}, {ErrorMsg.JAXP_SECUREPROCESSING_FEATURE, - "FEATURE_SECURE_PROCESSING: Cannot set the feature to false when security manager is present."} + "FEATURE_SECURE_PROCESSING: Cannot set the feature to false when security manager is present."}, + + {ErrorMsg.DESERIALIZE_TRANSLET_ERR, "When Java security is enabled, " + + "support for deserializing TemplatesImpl is disabled." + + "This can be overridden by setting the jdk.xml.enableTemplatesImplDeserialization" + + " system property to true."} + }; /** Get the lookup table for error messages. diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMsg.java --- a/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMsg.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMsg.java Thu Apr 18 14:38:10 2013 +0100 @@ -23,6 +23,7 @@ package com.sun.org.apache.xalan.internal.xsltc.compiler.util; +import com.sun.org.apache.xalan.internal.utils.SecuritySupport; import java.text.MessageFormat; import java.util.Locale; import java.util.ResourceBundle; @@ -46,6 +47,8 @@ Object[] _params = null; private boolean _isWarningError; + Throwable _cause; + // Compiler error messages public static final String MULTIPLE_STYLESHEET_ERR = "MULTIPLE_STYLESHEET_ERR"; public static final String TEMPLATE_REDEF_ERR = "TEMPLATE_REDEF_ERR"; @@ -157,6 +160,8 @@ public static final String INVALID_NCNAME_ERR = "INVALID_NCNAME_ERR"; public static final String INVALID_METHOD_IN_OUTPUT = "INVALID_METHOD_IN_OUTPUT"; + public static final String DESERIALIZE_TRANSLET_ERR = "DESERIALIZE_TEMPLATES_ERR"; + // All error messages are localized and are stored in resource bundles. // This array and the following 4 strings are read from that bundle. private static ResourceBundle _bundle; @@ -167,7 +172,7 @@ public final static String RUNTIME_ERROR_KEY = "RUNTIME_ERROR_KEY"; static { - _bundle = ResourceBundle.getBundle( + _bundle = SecuritySupport.getResourceBundle( "com.sun.org.apache.xalan.internal.xsltc.compiler.util.ErrorMessages", Locale.getDefault()); } @@ -177,10 +182,11 @@ _line = 0; } - public ErrorMsg(Throwable e) { - _code = null; + public ErrorMsg(String code, Throwable e) { + _code = code; _message = e.getMessage(); _line = 0; + _cause = e; } public ErrorMsg(String message, int line) { @@ -232,6 +238,10 @@ _params[1] = param2; } + public Throwable getCause() { + return _cause; + } + private String getFileName(SyntaxTreeNode node) { Stylesheet stylesheet = node.getStylesheet(); if (stylesheet != null) diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/Util.java --- a/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/Util.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/Util.java Thu Apr 18 14:38:10 2013 +0100 @@ -26,6 +26,7 @@ import java.util.StringTokenizer; import com.sun.org.apache.bcel.internal.generic.Type; +import com.sun.org.apache.xalan.internal.utils.SecuritySupport; import com.sun.org.apache.xalan.internal.xsltc.compiler.Constants; import com.sun.org.apache.xml.internal.utils.XML11Char; @@ -37,7 +38,7 @@ private static char filesep; static { - String temp = System.getProperty("file.separator", "/"); + String temp = SecuritySupport.getSystemProperty("file.separator", "/"); filesep = temp.charAt(0); } diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/dom/NodeSortRecord.java --- a/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/dom/NodeSortRecord.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/dom/NodeSortRecord.java Thu Apr 18 14:38:10 2013 +0100 @@ -32,6 +32,7 @@ import com.sun.org.apache.xalan.internal.xsltc.TransletException; import com.sun.org.apache.xalan.internal.xsltc.runtime.AbstractTranslet; import com.sun.org.apache.xml.internal.utils.StringComparable; +import com.sun.org.apache.xalan.internal.utils.SecuritySupport; /** * Base class for sort records containing application specific sort keys @@ -111,7 +112,7 @@ try { // -- W. Eliot Kimber (eliot@isogen.com) colFactClassname = - System.getProperty("com.sun.org.apache.xalan.internal.xsltc.COLLATOR_FACTORY"); + SecuritySupport.getSystemProperty("com.sun.org.apache.xalan.internal.xsltc.COLLATOR_FACTORY"); } catch (SecurityException e) { // If we can't read the propery, just use default collator diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/runtime/BasisLibrary.java --- a/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/runtime/BasisLibrary.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/runtime/BasisLibrary.java Thu Apr 18 14:38:10 2013 +0100 @@ -23,6 +23,7 @@ package com.sun.org.apache.xalan.internal.xsltc.runtime; +import com.sun.org.apache.xalan.internal.utils.SecuritySupport; import java.text.DecimalFormat; import java.text.DecimalFormatSymbols; import java.text.FieldPosition; @@ -1518,7 +1519,7 @@ static { String resource = "com.sun.org.apache.xalan.internal.xsltc.runtime.ErrorMessages"; - m_bundle = ResourceBundle.getBundle(resource); + m_bundle = SecuritySupport.getResourceBundle(resource); } /** diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/runtime/output/WriterOutputBuffer.java --- a/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/runtime/output/WriterOutputBuffer.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/runtime/output/WriterOutputBuffer.java Thu Apr 18 14:38:10 2013 +0100 @@ -23,6 +23,7 @@ package com.sun.org.apache.xalan.internal.xsltc.runtime.output; +import com.sun.org.apache.xalan.internal.utils.SecuritySupport; import java.io.BufferedWriter; import java.io.IOException; import java.io.Writer; @@ -36,7 +37,7 @@ static { // Set a larger buffer size for Solaris - final String osName = System.getProperty("os.name"); + final String osName = SecuritySupport.getSystemProperty("os.name"); if (osName.equalsIgnoreCase("solaris")) { BUFFER_SIZE = 32 * KB; } diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/trax/TemplatesImpl.java --- a/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/trax/TemplatesImpl.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/trax/TemplatesImpl.java Thu Apr 18 14:38:10 2013 +0100 @@ -42,6 +42,8 @@ import com.sun.org.apache.xalan.internal.xsltc.compiler.util.ErrorMsg; import com.sun.org.apache.xalan.internal.xsltc.runtime.AbstractTranslet; import com.sun.org.apache.xalan.internal.xsltc.runtime.Hashtable; +import com.sun.org.apache.xalan.internal.utils.ObjectFactory; +import com.sun.org.apache.xalan.internal.utils.SecuritySupport; /** * @author Morten Jorgensen @@ -51,6 +53,8 @@ */ public final class TemplatesImpl implements Templates, Serializable { static final long serialVersionUID = 673094361519270707L; + public final static String DESERIALIZE_TRANSLET = "jdk.xml.enableTemplatesImplDeserialization"; + /** * Name of the superclass of all translets. This is needed to * determine which, among all classes comprising a translet, @@ -181,6 +185,15 @@ private void readObject(ObjectInputStream is) throws IOException, ClassNotFoundException { + SecurityManager security = System.getSecurityManager(); + if (security != null){ + String temp = SecuritySupport.getSystemProperty(DESERIALIZE_TRANSLET); + if (temp == null || !(temp.length()==0 || temp.equalsIgnoreCase("true"))) { + ErrorMsg err = new ErrorMsg(ErrorMsg.DESERIALIZE_TRANSLET_ERR); + throw new UnsupportedOperationException(err.toString()); + } + } + is.defaultReadObject(); if (is.readBoolean()) { _uriResolver = (URIResolver) is.readObject(); diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/trax/TransformerFactoryImpl.java --- a/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/trax/TransformerFactoryImpl.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/trax/TransformerFactoryImpl.java Thu Apr 18 14:38:10 2013 +0100 @@ -69,6 +69,7 @@ import com.sun.org.apache.xalan.internal.xsltc.compiler.XSLTC; import com.sun.org.apache.xalan.internal.xsltc.compiler.util.ErrorMsg; import com.sun.org.apache.xalan.internal.xsltc.dom.XSLTCDTMManager; +import com.sun.org.apache.xalan.internal.utils.SecuritySupport; import org.xml.sax.InputSource; @@ -839,8 +840,14 @@ // Check that the transformation went well before returning if (bytecodes == null) { - ErrorMsg err = new ErrorMsg(ErrorMsg.JAXP_COMPILE_ERR); - TransformerConfigurationException exc = new TransformerConfigurationException(err.toString()); + Vector errs = xsltc.getErrors(); + ErrorMsg err = null; + if (errs != null) { + err = (ErrorMsg)errs.get(errs.size()-1); + } else { + err = new ErrorMsg(ErrorMsg.JAXP_COMPILE_ERR); + } + TransformerConfigurationException exc = new TransformerConfigurationException(err.toString(), err.getCause()); // Pass compiler errors to the error listener if (_errorListener != null) { @@ -1187,7 +1194,7 @@ // Find the parent directory of the translet. String transletParentDir = transletFile.getParent(); if (transletParentDir == null) - transletParentDir = System.getProperty("user.dir"); + transletParentDir = SecuritySupport.getSystemProperty("user.dir"); File transletParentFile = new File(transletParentDir); diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xerces/internal/dom/DOMMessageFormatter.java --- a/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/dom/DOMMessageFormatter.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/dom/DOMMessageFormatter.java Thu Apr 18 14:38:10 2013 +0100 @@ -20,10 +20,10 @@ package com.sun.org.apache.xerces.internal.dom; +import com.sun.org.apache.xerces.internal.utils.SecuritySupport; import java.util.Locale; import java.util.MissingResourceException; import java.util.ResourceBundle; -import java.util.PropertyResourceBundle; /** * Used to format DOM error messages, using the system locale. @@ -31,6 +31,7 @@ * @xerces.internal * * @author Sandy Gao, IBM + * @version $Id: DOMMessageFormatter.java,v 1.6 2010-11-01 04:39:38 joehw Exp $ */ public class DOMMessageFormatter { public static final String DOM_DOMAIN = "http://www.w3.org/dom/DOMTR"; @@ -122,13 +123,13 @@ */ public static void init(){ if (locale != null) { - domResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.DOMMessages", locale); - serResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLSerializerMessages", locale); - xmlResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages", locale); + domResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.DOMMessages", locale); + serResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLSerializerMessages", locale); + xmlResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages", locale); }else{ - domResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.DOMMessages"); - serResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLSerializerMessages"); - xmlResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages"); + domResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.DOMMessages"); + serResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLSerializerMessages"); + xmlResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages"); } } diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/XMLEntityManager.java --- a/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/XMLEntityManager.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/XMLEntityManager.java Thu Apr 18 14:38:10 2013 +0100 @@ -51,6 +51,7 @@ import com.sun.org.apache.xerces.internal.xni.XNIException; import com.sun.org.apache.xerces.internal.xni.parser.*; import com.sun.org.apache.xerces.internal.impl.Constants; +import com.sun.org.apache.xerces.internal.utils.SecuritySupport; import com.sun.xml.internal.stream.Entity; import com.sun.org.apache.xerces.internal.xni.Augmentations; @@ -623,7 +624,7 @@ if (reader == null) { stream = xmlInputSource.getByteStream(); if (stream == null) { - URL location = new URL(escapeNonUSAscii(expandedSystemId)); + URL location = new URL(expandedSystemId); URLConnection connect = location.openConnection(); if (!(connect instanceof HttpURLConnection)) { stream = connect.getInputStream(); @@ -1760,7 +1761,7 @@ // get the user.dir property String userDir = ""; try { - userDir = System.getProperty("user.dir"); + userDir = SecuritySupport.getSystemProperty("user.dir"); } catch (SecurityException se) { } @@ -2619,64 +2620,6 @@ } // fixURI(String):String - /** - * Escape invalid URI characters. - * - * Passed a URI that contains invalid characters (like spaces, non-ASCII Unicode characters, and the like), - * this function percent encodes the invalid characters per the URI specification (i.e., as a sequence of - * %-encoded UTF-8 octets). - * - * N.B. There are two problems. If the URI contains a '%' character, that might be an indication that - * the URI has already been escaped by the author, or it might be an invalid '%'. In the former case, - * it's important not to escape it, or we'll wind up with invalid, doubly-escaped '%'s. In the latter, - * the URI is broken if we don't encode it. Similarly, a '#' character might be the start of a fragment - * identifier or it might be an invalid '#'. - * - * Given that the former is vastly more likely than the latter in each case (most users are familiar with - * the magic status of '%' and '#' and they occur relatively infrequently in filenames, and if the user parses - * a proper Java File, we will already have %-escaped the URI), we simply assume that %'s and #'s are legit. - * - * Very rarely, we may be wrong. If so, tell the user to fix the clearly broken URI. - */ - protected static String escapeNonUSAscii(String str) { - if (str == null) { - return str; - } - - // get UTF-8 bytes for the string - StringBuffer buffer = new StringBuffer(); - byte[] bytes = null; - byte b; - try { - bytes = str.getBytes("UTF-8"); - } catch (java.io.UnsupportedEncodingException e) { - // should never happen - return str; - } - int len = bytes.length; - int ch; - - // for each byte - for (int i = 0; i < len; i++) { - b = bytes[i]; - // for non-ascii character: make it positive, then escape - if (b < 0) { - ch = b + 256; - buffer.append('%'); - buffer.append(gHexChs[ch >> 4]); - buffer.append(gHexChs[ch & 0xf]); - } - else if (b != '%' && b != '#' && gNeedEscaping[b]) { - buffer.append('%'); - buffer.append(gAfterEscaping1[b]); - buffer.append(gAfterEscaping2[b]); - } - else { - buffer.append((char)b); - } - } - return buffer.toString(); - } // // Package visible methods diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/dv/DatatypeException.java --- a/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/dv/DatatypeException.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/dv/DatatypeException.java Thu Apr 18 14:38:10 2013 +0100 @@ -20,6 +20,7 @@ package com.sun.org.apache.xerces.internal.impl.dv; +import com.sun.org.apache.xerces.internal.utils.SecuritySupport; import java.util.ResourceBundle; import java.util.PropertyResourceBundle; import java.util.MissingResourceException; @@ -34,6 +35,7 @@ * * @author Sandy Gao, IBM * + * @version $Id: DatatypeException.java,v 1.6 2010-11-01 04:39:43 joehw Exp $ */ public class DatatypeException extends Exception { @@ -84,7 +86,7 @@ */ public String getMessage() { ResourceBundle resourceBundle = null; - resourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLSchemaMessages"); + resourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLSchemaMessages"); if (resourceBundle == null) throw new MissingResourceException("Property file not found!", "com.sun.org.apache.xerces.internal.impl.msg.XMLSchemaMessages", key); diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter.java --- a/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter.java Thu Apr 18 14:38:10 2013 +0100 @@ -20,12 +20,11 @@ package com.sun.org.apache.xerces.internal.impl.msg; +import com.sun.org.apache.xerces.internal.util.MessageFormatter; +import com.sun.org.apache.xerces.internal.utils.SecuritySupport; import java.util.Locale; import java.util.MissingResourceException; import java.util.ResourceBundle; -import java.util.PropertyResourceBundle; - -import com.sun.org.apache.xerces.internal.util.MessageFormatter; /** * XMLMessageFormatter provides error messages for the XML 1.0 Recommendation and for @@ -34,7 +33,7 @@ * @xerces.internal * * @author Eric Ye, IBM - * @version $Id: XMLMessageFormatter.java 3020 2011-02-28 23:51:33Z joehw $ + * @version $Id: XMLMessageFormatter.java 3094 2012-03-21 05:50:01Z joehw $ * */ public class XMLMessageFormatter implements MessageFormatter { @@ -72,12 +71,12 @@ if (fResourceBundle == null || locale != fLocale) { if (locale != null) { - fResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages", locale); + fResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages", locale); // memorize the most-recent locale fLocale = locale; } if (fResourceBundle == null) - fResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages"); + fResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages"); } // format message diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_de.java --- a/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_de.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_de.java Thu Apr 18 14:38:10 2013 +0100 @@ -26,6 +26,7 @@ import java.util.PropertyResourceBundle; import com.sun.org.apache.xerces.internal.util.MessageFormatter; +import com.sun.org.apache.xerces.internal.utils.SecuritySupport; /** * XMLMessageFormatter provides error messages for the XML 1.0 Recommendation and for @@ -34,7 +35,7 @@ * @xerces.internal * * @author Eric Ye, IBM - * @version $Id: XMLMessageFormatter_de.java 3021 2011-03-01 00:12:28Z joehw $ + * @version $Id: XMLMessageFormatter_de.java 3094 2012-03-21 05:50:01Z joehw $ * */ public class XMLMessageFormatter_de implements MessageFormatter { @@ -72,12 +73,12 @@ if (fResourceBundle == null || locale != fLocale) { if (locale != null) { - fResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages", locale); + fResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages", locale); // memorize the most-recent locale fLocale = locale; } if (fResourceBundle == null) - fResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages"); + fResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages"); } // format message diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_es.java --- a/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_es.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_es.java Thu Apr 18 14:38:10 2013 +0100 @@ -26,6 +26,7 @@ import java.util.PropertyResourceBundle; import com.sun.org.apache.xerces.internal.util.MessageFormatter; +import com.sun.org.apache.xerces.internal.utils.SecuritySupport; /** * XMLMessageFormatter provides error messages for the XML 1.0 Recommendation and for @@ -34,7 +35,7 @@ * @xerces.internal * * @author Eric Ye, IBM - * @version $Id: XMLMessageFormatter_es.java 3021 2011-03-01 00:12:28Z joehw $ + * @version $Id: XMLMessageFormatter_es.java 3094 2012-03-21 05:50:01Z joehw $ * */ public class XMLMessageFormatter_es implements MessageFormatter { @@ -72,12 +73,12 @@ if (fResourceBundle == null || locale != fLocale) { if (locale != null) { - fResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages", locale); + fResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages", locale); // memorize the most-recent locale fLocale = locale; } if (fResourceBundle == null) - fResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages"); + fResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages"); } // format message diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_fr.java --- a/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_fr.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_fr.java Thu Apr 18 14:38:10 2013 +0100 @@ -26,6 +26,7 @@ import java.util.PropertyResourceBundle; import com.sun.org.apache.xerces.internal.util.MessageFormatter; +import com.sun.org.apache.xerces.internal.utils.SecuritySupport; /** * XMLMessageFormatter provides error messages for the XML 1.0 Recommendation and for @@ -34,7 +35,7 @@ * @xerces.internal * * @author Eric Ye, IBM - * @version $Id: XMLMessageFormatter_fr.java 3021 2011-03-01 00:12:28Z joehw $ + * @version $Id: XMLMessageFormatter_fr.java 3094 2012-03-21 05:50:01Z joehw $ * */ public class XMLMessageFormatter_fr implements MessageFormatter { @@ -72,12 +73,12 @@ if (fResourceBundle == null || locale != fLocale) { if (locale != null) { - fResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages", locale); + fResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages", locale); // memorize the most-recent locale fLocale = locale; } if (fResourceBundle == null) - fResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages"); + fResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages"); } // format message diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_it.java --- a/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_it.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_it.java Thu Apr 18 14:38:10 2013 +0100 @@ -26,6 +26,7 @@ import java.util.PropertyResourceBundle; import com.sun.org.apache.xerces.internal.util.MessageFormatter; +import com.sun.org.apache.xerces.internal.utils.SecuritySupport; /** * XMLMessageFormatter provides error messages for the XML 1.0 Recommendation and for @@ -34,7 +35,7 @@ * @xerces.internal * * @author Eric Ye, IBM - * @version $Id: XMLMessageFormatter_it.java 3021 2011-03-01 00:12:28Z joehw $ + * @version $Id: XMLMessageFormatter_it.java 3094 2012-03-21 05:50:01Z joehw $ * */ public class XMLMessageFormatter_it implements MessageFormatter { @@ -72,12 +73,12 @@ if (fResourceBundle == null || locale != fLocale) { if (locale != null) { - fResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages", locale); + fResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages", locale); // memorize the most-recent locale fLocale = locale; } if (fResourceBundle == null) - fResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages"); + fResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages"); } // format message diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_ja.java --- a/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_ja.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_ja.java Thu Apr 18 14:38:10 2013 +0100 @@ -26,6 +26,7 @@ import java.util.PropertyResourceBundle; import com.sun.org.apache.xerces.internal.util.MessageFormatter; +import com.sun.org.apache.xerces.internal.utils.SecuritySupport; /** * XMLMessageFormatter provides error messages for the XML 1.0 Recommendation and for @@ -34,7 +35,7 @@ * @xerces.internal * * @author Eric Ye, IBM - * @version $Id: XMLMessageFormatter_ja.java 3021 2011-03-01 00:12:28Z joehw $ + * @version $Id: XMLMessageFormatter_ja.java 3094 2012-03-21 05:50:01Z joehw $ * */ public class XMLMessageFormatter_ja implements MessageFormatter { @@ -72,12 +73,12 @@ if (fResourceBundle == null || locale != fLocale) { if (locale != null) { - fResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages", locale); + fResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages", locale); // memorize the most-recent locale fLocale = locale; } if (fResourceBundle == null) - fResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages"); + fResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages"); } // format message diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_ko.java --- a/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_ko.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_ko.java Thu Apr 18 14:38:10 2013 +0100 @@ -26,6 +26,7 @@ import java.util.PropertyResourceBundle; import com.sun.org.apache.xerces.internal.util.MessageFormatter; +import com.sun.org.apache.xerces.internal.utils.SecuritySupport; /** * XMLMessageFormatter provides error messages for the XML 1.0 Recommendation and for @@ -34,7 +35,7 @@ * @xerces.internal * * @author Eric Ye, IBM - * @version $Id: XMLMessageFormatter_ko.java 3021 2011-03-01 00:12:28Z joehw $ + * @version $Id: XMLMessageFormatter_ko.java 3094 2012-03-21 05:50:01Z joehw $ * */ public class XMLMessageFormatter_ko implements MessageFormatter { @@ -72,12 +73,12 @@ if (fResourceBundle == null || locale != fLocale) { if (locale != null) { - fResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages", locale); + fResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages", locale); // memorize the most-recent locale fLocale = locale; } if (fResourceBundle == null) - fResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages"); + fResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages"); } // format message diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_pt_BR.java --- a/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_pt_BR.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_pt_BR.java Thu Apr 18 14:38:10 2013 +0100 @@ -26,6 +26,7 @@ import java.util.PropertyResourceBundle; import com.sun.org.apache.xerces.internal.util.MessageFormatter; +import com.sun.org.apache.xerces.internal.utils.SecuritySupport; /** * XMLMessageFormatter provides error messages for the XML 1.0 Recommendation and for @@ -34,7 +35,7 @@ * @xerces.internal * * @author Eric Ye, IBM - * @version $Id: XMLMessageFormatter_pt_BR.java 3021 2011-03-01 00:12:28Z joehw $ + * @version $Id: XMLMessageFormatter_pt_BR.java 3094 2012-03-21 05:50:01Z joehw $ * */ public class XMLMessageFormatter_pt_BR implements MessageFormatter { @@ -72,12 +73,12 @@ if (fResourceBundle == null || locale != fLocale) { if (locale != null) { - fResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages", locale); + fResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages", locale); // memorize the most-recent locale fLocale = locale; } if (fResourceBundle == null) - fResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages"); + fResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages"); } // format message diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_sv.java --- a/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_sv.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_sv.java Thu Apr 18 14:38:10 2013 +0100 @@ -26,6 +26,7 @@ import java.util.PropertyResourceBundle; import com.sun.org.apache.xerces.internal.util.MessageFormatter; +import com.sun.org.apache.xerces.internal.utils.SecuritySupport; /** * XMLMessageFormatter provides error messages for the XML 1.0 Recommendation and for @@ -34,7 +35,7 @@ * @xerces.internal * * @author Eric Ye, IBM - * @version $Id: XMLMessageFormatter_sv.java 3021 2011-03-01 00:12:28Z joehw $ + * @version $Id: XMLMessageFormatter_sv.java 3094 2012-03-21 05:50:01Z joehw $ * */ public class XMLMessageFormatter_sv implements MessageFormatter { @@ -72,12 +73,12 @@ if (fResourceBundle == null || locale != fLocale) { if (locale != null) { - fResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages", locale); + fResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages", locale); // memorize the most-recent locale fLocale = locale; } if (fResourceBundle == null) - fResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages"); + fResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages"); } // format message diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_zh_CN.java --- a/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_zh_CN.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_zh_CN.java Thu Apr 18 14:38:10 2013 +0100 @@ -26,6 +26,7 @@ import java.util.PropertyResourceBundle; import com.sun.org.apache.xerces.internal.util.MessageFormatter; +import com.sun.org.apache.xerces.internal.utils.SecuritySupport; /** * XMLMessageFormatter provides error messages for the XML 1.0 Recommendation and for @@ -34,7 +35,7 @@ * @xerces.internal * * @author Eric Ye, IBM - * @version $Id: XMLMessageFormatter_zh_CN.java 3021 2011-03-01 00:12:28Z joehw $ + * @version $Id: XMLMessageFormatter_zh_CN.java 3094 2012-03-21 05:50:01Z joehw $ * */ public class XMLMessageFormatter_zh_CN implements MessageFormatter { @@ -72,12 +73,12 @@ if (fResourceBundle == null || locale != fLocale) { if (locale != null) { - fResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages", locale); + fResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages", locale); // memorize the most-recent locale fLocale = locale; } if (fResourceBundle == null) - fResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages"); + fResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages"); } // format message diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_zh_TW.java --- a/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_zh_TW.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_zh_TW.java Thu Apr 18 14:38:10 2013 +0100 @@ -26,6 +26,7 @@ import java.util.PropertyResourceBundle; import com.sun.org.apache.xerces.internal.util.MessageFormatter; +import com.sun.org.apache.xerces.internal.utils.SecuritySupport; /** * XMLMessageFormatter provides error messages for the XML 1.0 Recommendation and for @@ -34,7 +35,7 @@ * @xerces.internal * * @author Eric Ye, IBM - * @version $Id: XMLMessageFormatter_zh_TW.java 3021 2011-03-01 00:12:28Z joehw $ + * @version $Id: XMLMessageFormatter_zh_TW.java 3094 2012-03-21 05:50:01Z joehw $ * */ public class XMLMessageFormatter_zh_TW implements MessageFormatter { @@ -72,12 +73,12 @@ if (fResourceBundle == null || locale != fLocale) { if (locale != null) { - fResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages", locale); + fResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages", locale); // memorize the most-recent locale fLocale = locale; } if (fResourceBundle == null) - fResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages"); + fResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages"); } // format message diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/xpath/regex/RegexParser.java --- a/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/xpath/regex/RegexParser.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/xpath/regex/RegexParser.java Thu Apr 18 14:38:10 2013 +0100 @@ -20,6 +20,7 @@ package com.sun.org.apache.xerces.internal.impl.xpath.regex; +import com.sun.org.apache.xerces.internal.utils.SecuritySupport; import java.util.Locale; import java.util.MissingResourceException; import java.util.ResourceBundle; @@ -95,10 +96,10 @@ public void setLocale(Locale locale) { try { if (locale != null) { - this.resources = ResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.xpath.regex.message", locale); + this.resources = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.xpath.regex.message", locale); } else { - this.resources = ResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.xpath.regex.message"); + this.resources = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.xpath.regex.message"); } } catch (MissingResourceException mre) { diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/xs/XSMessageFormatter.java --- a/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/xs/XSMessageFormatter.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/xs/XSMessageFormatter.java Thu Apr 18 14:38:10 2013 +0100 @@ -20,11 +20,11 @@ package com.sun.org.apache.xerces.internal.impl.xs; +import com.sun.org.apache.xerces.internal.util.MessageFormatter; +import com.sun.org.apache.xerces.internal.utils.SecuritySupport; import java.util.Locale; import java.util.MissingResourceException; import java.util.ResourceBundle; -import java.util.PropertyResourceBundle; -import com.sun.org.apache.xerces.internal.util.MessageFormatter; /** @@ -34,6 +34,7 @@ * @xerces.internal * * @author Elena Litani, IBM + * @version $Id: XSMessageFormatter.java,v 1.6 2010-11-01 04:39:55 joehw Exp $ */ public class XSMessageFormatter implements MessageFormatter { /** @@ -66,12 +67,12 @@ if (fResourceBundle == null || locale != fLocale) { if (locale != null) { - fResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLSchemaMessages", locale); + fResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLSchemaMessages", locale); // memorize the most-recent locale fLocale = locale; } if (fResourceBundle == null) - fResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLSchemaMessages"); + fResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLSchemaMessages"); } String msg = fResourceBundle.getString(key); diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xerces/internal/jaxp/validation/JAXPValidationMessageFormatter.java --- a/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/jaxp/validation/JAXPValidationMessageFormatter.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/jaxp/validation/JAXPValidationMessageFormatter.java Thu Apr 18 14:38:10 2013 +0100 @@ -20,15 +20,16 @@ package com.sun.org.apache.xerces.internal.jaxp.validation; +import com.sun.org.apache.xerces.internal.utils.SecuritySupport; import java.util.Locale; import java.util.MissingResourceException; import java.util.ResourceBundle; -import java.util.PropertyResourceBundle; /** *

Used to format JAXP Validation API error messages using a specified locale.

* * @author Michael Glavassevich, IBM + * @version $Id: JAXPValidationMessageFormatter.java,v 1.5 2010-11-01 04:40:08 joehw Exp $ */ final class JAXPValidationMessageFormatter { @@ -54,11 +55,11 @@ ResourceBundle resourceBundle = null; if (locale != null) { resourceBundle = - PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.JAXPValidationMessages", locale); + SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.JAXPValidationMessages", locale); } else { resourceBundle = - PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.JAXPValidationMessages"); + SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.JAXPValidationMessages"); } // format message diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xerces/internal/util/DatatypeMessageFormatter.java --- a/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/util/DatatypeMessageFormatter.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/util/DatatypeMessageFormatter.java Thu Apr 18 14:38:10 2013 +0100 @@ -20,15 +20,16 @@ package com.sun.org.apache.xerces.internal.util; +import com.sun.org.apache.xerces.internal.utils.SecuritySupport; import java.util.Locale; import java.util.MissingResourceException; -import java.util.PropertyResourceBundle; import java.util.ResourceBundle; /** *

Used to format JAXP 1.3 Datatype API error messages using a specified locale.

* * @author Neeraj Bajaj, Sun Microsystems + * @version $Id: DatatypeMessageFormatter.java,v 1.6 2010-11-01 04:40:14 joehw Exp $ */ public class DatatypeMessageFormatter { @@ -56,11 +57,11 @@ ResourceBundle resourceBundle = null; if (locale != null) { resourceBundle = - PropertyResourceBundle.getBundle(BASE_NAME, locale); + SecuritySupport.getResourceBundle(BASE_NAME, locale); } else { resourceBundle = - PropertyResourceBundle.getBundle(BASE_NAME); + SecuritySupport.getResourceBundle(BASE_NAME); } // format message diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xerces/internal/util/SAXMessageFormatter.java --- a/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/util/SAXMessageFormatter.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/util/SAXMessageFormatter.java Thu Apr 18 14:38:10 2013 +0100 @@ -19,16 +19,17 @@ */ package com.sun.org.apache.xerces.internal.util; +import com.sun.org.apache.xerces.internal.utils.SecuritySupport; import java.util.Locale; import java.util.MissingResourceException; import java.util.ResourceBundle; -import java.util.PropertyResourceBundle; /** * Used to format SAX error messages using a specified locale. * * @author Michael Glavassevich, IBM * + * @version $Id: SAXMessageFormatter.java,v 1.6 2010-11-01 04:40:14 joehw Exp $ */ public class SAXMessageFormatter { @@ -54,11 +55,11 @@ ResourceBundle resourceBundle = null; if (locale != null) { resourceBundle = - PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.SAXMessages", locale); + SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.SAXMessages", locale); } else { resourceBundle = - PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.SAXMessages"); + SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.SAXMessages"); } // format message diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xerces/internal/util/SecurityManager.java --- a/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/util/SecurityManager.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/util/SecurityManager.java Thu Apr 18 14:38:10 2013 +0100 @@ -61,6 +61,8 @@ package com.sun.org.apache.xerces.internal.util; import com.sun.org.apache.xerces.internal.impl.Constants; +import java.security.AccessController; +import java.security.PrivilegedAction; /** * This class is a container for parser settings that relate to * security, or more specifically, it is intended to be used to prevent denial-of-service @@ -77,6 +79,7 @@ * * @author Neil Graham, IBM * + * @version $Id: SecurityManager.java,v 1.5 2010-11-01 04:40:14 joehw Exp $ */ public final class SecurityManager { @@ -176,41 +179,48 @@ private void readSystemProperties(){ - //TODO: also read SYSTEM_PROPERTY_ELEMENT_ATTRIBUTE_LIMIT - try { - String value = System.getProperty(Constants.ENTITY_EXPANSION_LIMIT); - if(value != null && !value.equals("")){ - entityExpansionLimit = Integer.parseInt(value); - if (entityExpansionLimit < 0) - entityExpansionLimit = DEFAULT_ENTITY_EXPANSION_LIMIT; - } - else - entityExpansionLimit = DEFAULT_ENTITY_EXPANSION_LIMIT; - }catch(Exception ex){} + //TODO: also read SYSTEM_PROPERTY_ELEMENT_ATTRIBUTE_LIMIT + try { + String value = getSystemProperty(Constants.ENTITY_EXPANSION_LIMIT); + if(value != null && !value.equals("")){ + entityExpansionLimit = Integer.parseInt(value); + if (entityExpansionLimit < 0) + entityExpansionLimit = DEFAULT_ENTITY_EXPANSION_LIMIT; + } + else + entityExpansionLimit = DEFAULT_ENTITY_EXPANSION_LIMIT; + }catch(Exception ex){} - try { - String value = System.getProperty(Constants.MAX_OCCUR_LIMIT); - if(value != null && !value.equals("")){ - maxOccurLimit = Integer.parseInt(value); - if (maxOccurLimit < 0) - maxOccurLimit = DEFAULT_MAX_OCCUR_NODE_LIMIT; - } - else - maxOccurLimit = DEFAULT_MAX_OCCUR_NODE_LIMIT; - }catch(Exception ex){} + try { + String value = getSystemProperty(Constants.MAX_OCCUR_LIMIT); + if(value != null && !value.equals("")){ + maxOccurLimit = Integer.parseInt(value); + if (maxOccurLimit < 0) + maxOccurLimit = DEFAULT_MAX_OCCUR_NODE_LIMIT; + } + else + maxOccurLimit = DEFAULT_MAX_OCCUR_NODE_LIMIT; + }catch(Exception ex){} - try { - String value = System.getProperty(Constants.SYSTEM_PROPERTY_ELEMENT_ATTRIBUTE_LIMIT); - if(value != null && !value.equals("")){ - fElementAttributeLimit = Integer.parseInt(value); - if ( fElementAttributeLimit < 0) - fElementAttributeLimit = DEFAULT_ELEMENT_ATTRIBUTE_LIMIT; - } - else - fElementAttributeLimit = DEFAULT_ELEMENT_ATTRIBUTE_LIMIT; + try { + String value = getSystemProperty(Constants.SYSTEM_PROPERTY_ELEMENT_ATTRIBUTE_LIMIT); + if(value != null && !value.equals("")){ + fElementAttributeLimit = Integer.parseInt(value); + if ( fElementAttributeLimit < 0) + fElementAttributeLimit = DEFAULT_ELEMENT_ATTRIBUTE_LIMIT; + } + else + fElementAttributeLimit = DEFAULT_ELEMENT_ATTRIBUTE_LIMIT; }catch(Exception ex){} } + private String getSystemProperty(final String propName) { + return AccessController.doPrivileged(new PrivilegedAction() { + public String run() { + return System.getProperty(propName); + } + }); + } } // class SecurityManager diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xerces/internal/xinclude/XIncludeMessageFormatter.java --- a/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/xinclude/XIncludeMessageFormatter.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/xinclude/XIncludeMessageFormatter.java Thu Apr 18 14:38:10 2013 +0100 @@ -20,11 +20,11 @@ package com.sun.org.apache.xerces.internal.xinclude; +import com.sun.org.apache.xerces.internal.util.MessageFormatter; +import com.sun.org.apache.xerces.internal.utils.SecuritySupport; import java.util.Locale; import java.util.MissingResourceException; import java.util.ResourceBundle; -import java.util.PropertyResourceBundle; -import com.sun.org.apache.xerces.internal.util.MessageFormatter; // TODO: fix error messages in XIncludeMessages.properties /** @@ -32,6 +32,7 @@ * * @author Peter McCracken, IBM * + * @version $Id: XIncludeMessageFormatter.java,v 1.7 2010-11-01 04:40:18 joehw Exp $ */ public class XIncludeMessageFormatter implements MessageFormatter { @@ -61,12 +62,12 @@ if (fResourceBundle == null || locale != fLocale) { if (locale != null) { - fResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XIncludeMessages", locale); + fResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XIncludeMessages", locale); // memorize the most-recent locale fLocale = locale; } if (fResourceBundle == null) - fResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XIncludeMessages"); + fResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XIncludeMessages"); } String msg = fResourceBundle.getString(key); diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xerces/internal/xpointer/XPointerMessageFormatter.java --- a/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/xpointer/XPointerMessageFormatter.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/xpointer/XPointerMessageFormatter.java Thu Apr 18 14:38:10 2013 +0100 @@ -24,6 +24,7 @@ import java.util.ResourceBundle; import java.util.PropertyResourceBundle; import com.sun.org.apache.xerces.internal.util.MessageFormatter; +import com.sun.org.apache.xerces.internal.utils.SecuritySupport; /** * XPointerMessageFormatter provides error messages for the XPointer Framework @@ -31,6 +32,7 @@ * * @xerces.internal * + * @version $Id: XPointerMessageFormatter.java,v 1.5 2010-11-01 04:40:26 joehw Exp $ */ class XPointerMessageFormatter implements MessageFormatter { @@ -64,14 +66,14 @@ if (fResourceBundle == null || locale != fLocale) { if (locale != null) { - fResourceBundle = PropertyResourceBundle.getBundle( + fResourceBundle = SecuritySupport.getResourceBundle( "com.sun.org.apache.xerces.internal.impl.msg.XPointerMessages", locale); // memorize the most-recent locale fLocale = locale; } if (fResourceBundle == null) - fResourceBundle = PropertyResourceBundle - .getBundle("com.sun.org.apache.xerces.internal.impl.msg.XPointerMessages"); + fResourceBundle = SecuritySupport.getResourceBundle( + "com.sun.org.apache.xerces.internal.impl.msg.XPointerMessages"); } String msg = fResourceBundle.getString(key); diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xml/internal/dtm/DTMManager.java --- a/sources/jaxp_src/src/com/sun/org/apache/xml/internal/dtm/DTMManager.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xml/internal/dtm/DTMManager.java Thu Apr 18 14:38:10 2013 +0100 @@ -26,6 +26,9 @@ import com.sun.org.apache.xml.internal.res.XMLMessages; import com.sun.org.apache.xml.internal.utils.PrefixResolver; import com.sun.org.apache.xml.internal.utils.XMLStringFactory; +import com.sun.org.apache.xalan.internal.utils.ConfigurationError; +import com.sun.org.apache.xalan.internal.utils.ObjectFactory; +import com.sun.org.apache.xalan.internal.utils.SecuritySupport; /** * A DTMManager instance can be used to create DTM and @@ -139,7 +142,7 @@ factoryImpl = (DTMManager) ObjectFactory .createObject(defaultPropName, defaultClassName); } - catch (ObjectFactory.ConfigurationError e) + catch (ConfigurationError e) { throw new DTMConfigurationException(XMLMessages.createXMLMessage( XMLErrorResources.ER_NO_DEFAULT_IMPL, null), e.getException()); @@ -358,7 +361,7 @@ { try { - debug = System.getProperty("dtm.debug") != null; + debug = SecuritySupport.getSystemProperty("dtm.debug") != null; } catch (SecurityException ex){} } diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xml/internal/res/XMLErrorResources.java --- a/sources/jaxp_src/src/com/sun/org/apache/xml/internal/res/XMLErrorResources.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xml/internal/res/XMLErrorResources.java Thu Apr 18 14:38:10 2013 +0100 @@ -24,9 +24,6 @@ import java.util.ListResourceBundle; -import java.util.Locale; -import java.util.MissingResourceException; -import java.util.ResourceBundle; /** * Set up error messages. @@ -453,67 +450,4 @@ return contents; } - /** - * Return a named ResourceBundle for a particular locale. This method mimics the behavior - * of ResourceBundle.getBundle(). - * - * @param className the name of the class that implements the resource bundle. - * @return the ResourceBundle - * @throws MissingResourceException - */ - public static final XMLErrorResources loadResourceBundle(String className) - throws MissingResourceException - { - - Locale locale = Locale.getDefault(); - String suffix = getResourceSuffix(locale); - - try - { - - // first try with the given locale - return (XMLErrorResources) ResourceBundle.getBundle(className - + suffix, locale); - } - catch (MissingResourceException e) - { - try // try to fall back to en_US if we can't load - { - - // Since we can't find the localized property file, - // fall back to en_US. - return (XMLErrorResources) ResourceBundle.getBundle(className, - new Locale("en", "US")); - } - catch (MissingResourceException e2) - { - - // Now we are really in trouble. - // very bad, definitely very bad...not going to get very far - throw new MissingResourceException( - "Could not load any resource bundles.", className, ""); - } - } - } - - /** - * Return the resource file suffic for the indicated locale - * For most locales, this will be based the language code. However - * for Chinese, we do distinguish between Taiwan and PRC - * - * @param locale the locale - * @return an String suffix which canbe appended to a resource name - */ - private static final String getResourceSuffix(Locale locale) - { - - String suffix = "_" + locale.getLanguage(); - String country = locale.getCountry(); - - if (country.equals("TW")) - suffix += "_" + country; - - return suffix; - } - } diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xml/internal/res/XMLErrorResources_ca.java --- a/sources/jaxp_src/src/com/sun/org/apache/xml/internal/res/XMLErrorResources_ca.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xml/internal/res/XMLErrorResources_ca.java Thu Apr 18 14:38:10 2013 +0100 @@ -24,9 +24,6 @@ import java.util.ListResourceBundle; -import java.util.Locale; -import java.util.MissingResourceException; -import java.util.ResourceBundle; /** * Set up error messages. @@ -443,67 +440,4 @@ return _contents; } - /** - * Return a named ResourceBundle for a particular locale. This method mimics the behavior - * of ResourceBundle.getBundle(). - * - * @param className the name of the class that implements the resource bundle. - * @return the ResourceBundle - * @throws MissingResourceException - */ - public static final XMLErrorResources loadResourceBundle(String className) - throws MissingResourceException - { - - Locale locale = Locale.getDefault(); - String suffix = getResourceSuffix(locale); - - try - { - - // first try with the given locale - return (XMLErrorResources) ResourceBundle.getBundle(className - + suffix, locale); - } - catch (MissingResourceException e) - { - try // try to fall back to en_US if we can't load - { - - // Since we can't find the localized property file, - // fall back to en_US. - return (XMLErrorResources) ResourceBundle.getBundle(className, - new Locale("ca", "ES")); - } - catch (MissingResourceException e2) - { - - // Now we are really in trouble. - // very bad, definitely very bad...not going to get very far - throw new MissingResourceException( - "Could not load any resource bundles.", className, ""); - } - } - } - - /** - * Return the resource file suffic for the indicated locale - * For most locales, this will be based the language code. However - * for Chinese, we do distinguish between Taiwan and PRC - * - * @param locale the locale - * @return an String suffix which canbe appended to a resource name - */ - private static final String getResourceSuffix(Locale locale) - { - - String suffix = "_" + locale.getLanguage(); - String country = locale.getCountry(); - - if (country.equals("TW")) - suffix += "_" + country; - - return suffix; - } - } diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xml/internal/res/XMLErrorResources_cs.java --- a/sources/jaxp_src/src/com/sun/org/apache/xml/internal/res/XMLErrorResources_cs.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xml/internal/res/XMLErrorResources_cs.java Thu Apr 18 14:38:10 2013 +0100 @@ -24,9 +24,6 @@ import java.util.ListResourceBundle; -import java.util.Locale; -import java.util.MissingResourceException; -import java.util.ResourceBundle; /** * Set up error messages. @@ -443,67 +440,4 @@ return _contents; } - /** - * Return a named ResourceBundle for a particular locale. This method mimics the behavior - * of ResourceBundle.getBundle(). - * - * @param className the name of the class that implements the resource bundle. - * @return the ResourceBundle - * @throws MissingResourceException - */ - public static final XMLErrorResources loadResourceBundle(String className) - throws MissingResourceException - { - - Locale locale = Locale.getDefault(); - String suffix = getResourceSuffix(locale); - - try - { - - // first try with the given locale - return (XMLErrorResources) ResourceBundle.getBundle(className - + suffix, locale); - } - catch (MissingResourceException e) - { - try // try to fall back to en_US if we can't load - { - - // Since we can't find the localized property file, - // fall back to en_US. - return (XMLErrorResources) ResourceBundle.getBundle(className, - new Locale("cs", "CZ")); - } - catch (MissingResourceException e2) - { - - // Now we are really in trouble. - // very bad, definitely very bad...not going to get very far - throw new MissingResourceException( - "Could not load any resource bundles.", className, ""); - } - } - } - - /** - * Return the resource file suffic for the indicated locale - * For most locales, this will be based the language code. However - * for Chinese, we do distinguish between Taiwan and PRC - * - * @param locale the locale - * @return an String suffix which canbe appended to a resource name - */ - private static final String getResourceSuffix(Locale locale) - { - - String suffix = "_" + locale.getLanguage(); - String country = locale.getCountry(); - - if (country.equals("TW")) - suffix += "_" + country; - - return suffix; - } - } diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xml/internal/res/XMLErrorResources_de.java --- a/sources/jaxp_src/src/com/sun/org/apache/xml/internal/res/XMLErrorResources_de.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xml/internal/res/XMLErrorResources_de.java Thu Apr 18 14:38:10 2013 +0100 @@ -24,9 +24,6 @@ import java.util.ListResourceBundle; -import java.util.Locale; -import java.util.MissingResourceException; -import java.util.ResourceBundle; /** * Set up error messages. @@ -453,67 +450,4 @@ return _contents; } - /** - * Return a named ResourceBundle for a particular locale. This method mimics the behavior - * of ResourceBundle.getBundle(). - * - * @param className the name of the class that implements the resource bundle. - * @return the ResourceBundle - * @throws MissingResourceException - */ - public static final XMLErrorResources loadResourceBundle(String className) - throws MissingResourceException - { - - Locale locale = Locale.getDefault(); - String suffix = getResourceSuffix(locale); - - try - { - - // first try with the given locale - return (XMLErrorResources) ResourceBundle.getBundle(className - + suffix, locale); - } - catch (MissingResourceException e) - { - try // try to fall back to en_US if we can't load - { - - // Since we can't find the localized property file, - // fall back to en_US. - return (XMLErrorResources) ResourceBundle.getBundle(className, - new Locale("en", "US")); - } - catch (MissingResourceException e2) - { - - // Now we are really in trouble. - // very bad, definitely very bad...not going to get very far - throw new MissingResourceException( - "Could not load any resource bundles.", className, ""); - } - } - } - - /** - * Return the resource file suffic for the indicated locale - * For most locales, this will be based the language code. However - * for Chinese, we do distinguish between Taiwan and PRC - * - * @param locale the locale - * @return an String suffix which canbe appended to a resource name - */ - private static final String getResourceSuffix(Locale locale) - { - - String suffix = "_" + locale.getLanguage(); - String country = locale.getCountry(); - - if (country.equals("TW")) - suffix += "_" + country; - - return suffix; - } - } diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xml/internal/res/XMLErrorResources_es.java --- a/sources/jaxp_src/src/com/sun/org/apache/xml/internal/res/XMLErrorResources_es.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xml/internal/res/XMLErrorResources_es.java Thu Apr 18 14:38:10 2013 +0100 @@ -24,9 +24,6 @@ import java.util.ListResourceBundle; -import java.util.Locale; -import java.util.MissingResourceException; -import java.util.ResourceBundle; /** * Set up error messages. @@ -453,67 +450,4 @@ return _contents; } - /** - * Return a named ResourceBundle for a particular locale. This method mimics the behavior - * of ResourceBundle.getBundle(). - * - * @param className the name of the class that implements the resource bundle. - * @return the ResourceBundle - * @throws MissingResourceException - */ - public static final XMLErrorResources loadResourceBundle(String className) - throws MissingResourceException - { - - Locale locale = Locale.getDefault(); - String suffix = getResourceSuffix(locale); - - try - { - - // first try with the given locale - return (XMLErrorResources) ResourceBundle.getBundle(className - + suffix, locale); - } - catch (MissingResourceException e) - { - try // try to fall back to en_US if we can't load - { - - // Since we can't find the localized property file, - // fall back to en_US. - return (XMLErrorResources) ResourceBundle.getBundle(className, - new Locale("en", "US")); - } - catch (MissingResourceException e2) - { - - // Now we are really in trouble. - // very bad, definitely very bad...not going to get very far - throw new MissingResourceException( - "Could not load any resource bundles.", className, ""); - } - } - } - - /** - * Return the resource file suffic for the indicated locale - * For most locales, this will be based the language code. However - * for Chinese, we do distinguish between Taiwan and PRC - * - * @param locale the locale - * @return an String suffix which canbe appended to a resource name - */ - private static final String getResourceSuffix(Locale locale) - { - - String suffix = "_" + locale.getLanguage(); - String country = locale.getCountry(); - - if (country.equals("TW")) - suffix += "_" + country; - - return suffix; - } - } diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xml/internal/res/XMLErrorResources_fr.java --- a/sources/jaxp_src/src/com/sun/org/apache/xml/internal/res/XMLErrorResources_fr.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xml/internal/res/XMLErrorResources_fr.java Thu Apr 18 14:38:10 2013 +0100 @@ -24,9 +24,6 @@ import java.util.ListResourceBundle; -import java.util.Locale; -import java.util.MissingResourceException; -import java.util.ResourceBundle; /** * Set up error messages. @@ -453,67 +450,4 @@ return _contents; } - /** - * Return a named ResourceBundle for a particular locale. This method mimics the behavior - * of ResourceBundle.getBundle(). - * - * @param className the name of the class that implements the resource bundle. - * @return the ResourceBundle - * @throws MissingResourceException - */ - public static final XMLErrorResources loadResourceBundle(String className) - throws MissingResourceException - { - - Locale locale = Locale.getDefault(); - String suffix = getResourceSuffix(locale); - - try - { - - // first try with the given locale - return (XMLErrorResources) ResourceBundle.getBundle(className - + suffix, locale); - } - catch (MissingResourceException e) - { - try // try to fall back to en_US if we can't load - { - - // Since we can't find the localized property file, - // fall back to en_US. - return (XMLErrorResources) ResourceBundle.getBundle(className, - new Locale("en", "US")); - } - catch (MissingResourceException e2) - { - - // Now we are really in trouble. - // very bad, definitely very bad...not going to get very far - throw new MissingResourceException( - "Could not load any resource bundles.", className, ""); - } - } - } - - /** - * Return the resource file suffic for the indicated locale - * For most locales, this will be based the language code. However - * for Chinese, we do distinguish between Taiwan and PRC - * - * @param locale the locale - * @return an String suffix which canbe appended to a resource name - */ - private static final String getResourceSuffix(Locale locale) - { - - String suffix = "_" + locale.getLanguage(); - String country = locale.getCountry(); - - if (country.equals("TW")) - suffix += "_" + country; - - return suffix; - } - } diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xml/internal/res/XMLErrorResources_it.java --- a/sources/jaxp_src/src/com/sun/org/apache/xml/internal/res/XMLErrorResources_it.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xml/internal/res/XMLErrorResources_it.java Thu Apr 18 14:38:10 2013 +0100 @@ -24,9 +24,6 @@ import java.util.ListResourceBundle; -import java.util.Locale; -import java.util.MissingResourceException; -import java.util.ResourceBundle; /** * Set up error messages. @@ -453,67 +450,4 @@ return _contents; } - /** - * Return a named ResourceBundle for a particular locale. This method mimics the behavior - * of ResourceBundle.getBundle(). - * - * @param className the name of the class that implements the resource bundle. - * @return the ResourceBundle - * @throws MissingResourceException - */ - public static final XMLErrorResources loadResourceBundle(String className) - throws MissingResourceException - { - - Locale locale = Locale.getDefault(); - String suffix = getResourceSuffix(locale); - - try - { - - // first try with the given locale - return (XMLErrorResources) ResourceBundle.getBundle(className - + suffix, locale); - } - catch (MissingResourceException e) - { - try // try to fall back to en_US if we can't load - { - - // Since we can't find the localized property file, - // fall back to en_US. - return (XMLErrorResources) ResourceBundle.getBundle(className, - new Locale("en", "US")); - } - catch (MissingResourceException e2) - { - - // Now we are really in trouble. - // very bad, definitely very bad...not going to get very far - throw new MissingResourceException( - "Could not load any resource bundles.", className, ""); - } - } - } - - /** - * Return the resource file suffic for the indicated locale - * For most locales, this will be based the language code. However - * for Chinese, we do distinguish between Taiwan and PRC - * - * @param locale the locale - * @return an String suffix which canbe appended to a resource name - */ - private static final String getResourceSuffix(Locale locale) - { - - String suffix = "_" + locale.getLanguage(); - String country = locale.getCountry(); - - if (country.equals("TW")) - suffix += "_" + country; - - return suffix; - } - } diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xml/internal/res/XMLErrorResources_ja.java --- a/sources/jaxp_src/src/com/sun/org/apache/xml/internal/res/XMLErrorResources_ja.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xml/internal/res/XMLErrorResources_ja.java Thu Apr 18 14:38:10 2013 +0100 @@ -24,9 +24,6 @@ import java.util.ListResourceBundle; -import java.util.Locale; -import java.util.MissingResourceException; -import java.util.ResourceBundle; /** * Set up error messages. @@ -453,67 +450,4 @@ return _contents; } - /** - * Return a named ResourceBundle for a particular locale. This method mimics the behavior - * of ResourceBundle.getBundle(). - * - * @param className the name of the class that implements the resource bundle. - * @return the ResourceBundle - * @throws MissingResourceException - */ - public static final XMLErrorResources loadResourceBundle(String className) - throws MissingResourceException - { - - Locale locale = Locale.getDefault(); - String suffix = getResourceSuffix(locale); - - try - { - - // first try with the given locale - return (XMLErrorResources) ResourceBundle.getBundle(className - + suffix, locale); - } - catch (MissingResourceException e) - { - try // try to fall back to en_US if we can't load - { - - // Since we can't find the localized property file, - // fall back to en_US. - return (XMLErrorResources) ResourceBundle.getBundle(className, - new Locale("en", "US")); - } - catch (MissingResourceException e2) - { - - // Now we are really in trouble. - // very bad, definitely very bad...not going to get very far - throw new MissingResourceException( - "Could not load any resource bundles.", className, ""); - } - } - } - - /** - * Return the resource file suffic for the indicated locale - * For most locales, this will be based the language code. However - * for Chinese, we do distinguish between Taiwan and PRC - * - * @param locale the locale - * @return an String suffix which canbe appended to a resource name - */ - private static final String getResourceSuffix(Locale locale) - { - - String suffix = "_" + locale.getLanguage(); - String country = locale.getCountry(); - - if (country.equals("TW")) - suffix += "_" + country; - - return suffix; - } - } diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xml/internal/res/XMLErrorResources_ko.java --- a/sources/jaxp_src/src/com/sun/org/apache/xml/internal/res/XMLErrorResources_ko.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xml/internal/res/XMLErrorResources_ko.java Thu Apr 18 14:38:10 2013 +0100 @@ -24,9 +24,6 @@ import java.util.ListResourceBundle; -import java.util.Locale; -import java.util.MissingResourceException; -import java.util.ResourceBundle; /** * Set up error messages. @@ -453,67 +450,4 @@ return _contents; } - /** - * Return a named ResourceBundle for a particular locale. This method mimics the behavior - * of ResourceBundle.getBundle(). - * - * @param className the name of the class that implements the resource bundle. - * @return the ResourceBundle - * @throws MissingResourceException - */ - public static final XMLErrorResources loadResourceBundle(String className) - throws MissingResourceException - { - - Locale locale = Locale.getDefault(); - String suffix = getResourceSuffix(locale); - - try - { - - // first try with the given locale - return (XMLErrorResources) ResourceBundle.getBundle(className - + suffix, locale); - } - catch (MissingResourceException e) - { - try // try to fall back to en_US if we can't load - { - - // Since we can't find the localized property file, - // fall back to en_US. - return (XMLErrorResources) ResourceBundle.getBundle(className, - new Locale("en", "US")); - } - catch (MissingResourceException e2) - { - - // Now we are really in trouble. - // very bad, definitely very bad...not going to get very far - throw new MissingResourceException( - "Could not load any resource bundles.", className, ""); - } - } - } - - /** - * Return the resource file suffic for the indicated locale - * For most locales, this will be based the language code. However - * for Chinese, we do distinguish between Taiwan and PRC - * - * @param locale the locale - * @return an String suffix which canbe appended to a resource name - */ - private static final String getResourceSuffix(Locale locale) - { - - String suffix = "_" + locale.getLanguage(); - String country = locale.getCountry(); - - if (country.equals("TW")) - suffix += "_" + country; - - return suffix; - } - } diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xml/internal/res/XMLErrorResources_pt_BR.java --- a/sources/jaxp_src/src/com/sun/org/apache/xml/internal/res/XMLErrorResources_pt_BR.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xml/internal/res/XMLErrorResources_pt_BR.java Thu Apr 18 14:38:10 2013 +0100 @@ -25,9 +25,6 @@ import java.util.ListResourceBundle; -import java.util.Locale; -import java.util.MissingResourceException; -import java.util.ResourceBundle; /** * Set up error messages. @@ -463,67 +460,4 @@ return msgCopy; } - /** - * Return a named ResourceBundle for a particular locale. This method mimics the behavior - * of ResourceBundle.getBundle(). - * - * @param className the name of the class that implements the resource bundle. - * @return the ResourceBundle - * @throws MissingResourceException - */ - public static final XMLErrorResources loadResourceBundle(String className) - throws MissingResourceException - { - - Locale locale = Locale.getDefault(); - String suffix = getResourceSuffix(locale); - - try - { - - // first try with the given locale - return (XMLErrorResources) ResourceBundle.getBundle(className - + suffix, locale); - } - catch (MissingResourceException e) - { - try // try to fall back to en_US if we can't load - { - - // Since we can't find the localized property file, - // fall back to en_US. - return (XMLErrorResources) ResourceBundle.getBundle(className, - new Locale("en", "US")); - } - catch (MissingResourceException e2) - { - - // Now we are really in trouble. - // very bad, definitely very bad...not going to get very far - throw new MissingResourceException( - "Could not load any resource bundles.", className, ""); - } - } - } - - /** - * Return the resource file suffic for the indicated locale - * For most locales, this will be based the language code. However - * for Chinese, we do distinguish between Taiwan and PRC - * - * @param locale the locale - * @return an String suffix which canbe appended to a resource name - */ - private static final String getResourceSuffix(Locale locale) - { - - String suffix = "_" + locale.getLanguage(); - String country = locale.getCountry(); - - if (country.equals("TW")) - suffix += "_" + country; - - return suffix; - } - } diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xml/internal/res/XMLErrorResources_sk.java --- a/sources/jaxp_src/src/com/sun/org/apache/xml/internal/res/XMLErrorResources_sk.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xml/internal/res/XMLErrorResources_sk.java Thu Apr 18 14:38:10 2013 +0100 @@ -24,9 +24,6 @@ import java.util.ListResourceBundle; -import java.util.Locale; -import java.util.MissingResourceException; -import java.util.ResourceBundle; /** * Set up error messages. @@ -443,67 +440,4 @@ return _contents; } - /** - * Return a named ResourceBundle for a particular locale. This method mimics the behavior - * of ResourceBundle.getBundle(). - * - * @param className the name of the class that implements the resource bundle. - * @return the ResourceBundle - * @throws MissingResourceException - */ - public static final XMLErrorResources loadResourceBundle(String className) - throws MissingResourceException - { - - Locale locale = Locale.getDefault(); - String suffix = getResourceSuffix(locale); - - try - { - - // first try with the given locale - return (XMLErrorResources) ResourceBundle.getBundle(className - + suffix, locale); - } - catch (MissingResourceException e) - { - try // try to fall back to en_US if we can't load - { - - // Since we can't find the localized property file, - // fall back to en_US. - return (XMLErrorResources) ResourceBundle.getBundle(className, - new Locale("en", "US")); - } - catch (MissingResourceException e2) - { - - // Now we are really in trouble. - // very bad, definitely very bad...not going to get very far - throw new MissingResourceException( - "Could not load any resource bundles.", className, ""); - } - } - } - - /** - * Return the resource file suffic for the indicated locale - * For most locales, this will be based the language code. However - * for Chinese, we do distinguish between Taiwan and PRC - * - * @param locale the locale - * @return an String suffix which canbe appended to a resource name - */ - private static final String getResourceSuffix(Locale locale) - { - - String suffix = "_" + locale.getLanguage(); - String country = locale.getCountry(); - - if (country.equals("TW")) - suffix += "_" + country; - - return suffix; - } - } diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xml/internal/res/XMLErrorResources_sv.java --- a/sources/jaxp_src/src/com/sun/org/apache/xml/internal/res/XMLErrorResources_sv.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xml/internal/res/XMLErrorResources_sv.java Thu Apr 18 14:38:10 2013 +0100 @@ -24,9 +24,6 @@ import java.util.ListResourceBundle; -import java.util.Locale; -import java.util.MissingResourceException; -import java.util.ResourceBundle; /** * Set up error messages. @@ -452,68 +449,4 @@ protected Object[][] getContents() { return _contents; } - - /** - * Return a named ResourceBundle for a particular locale. This method mimics the behavior - * of ResourceBundle.getBundle(). - * - * @param className the name of the class that implements the resource bundle. - * @return the ResourceBundle - * @throws MissingResourceException - */ - public static final XMLErrorResources loadResourceBundle(String className) - throws MissingResourceException - { - - Locale locale = Locale.getDefault(); - String suffix = getResourceSuffix(locale); - - try - { - - // first try with the given locale - return (XMLErrorResources) ResourceBundle.getBundle(className - + suffix, locale); - } - catch (MissingResourceException e) - { - try // try to fall back to en_US if we can't load - { - - // Since we can't find the localized property file, - // fall back to en_US. - return (XMLErrorResources) ResourceBundle.getBundle(className, - new Locale("en", "US")); - } - catch (MissingResourceException e2) - { - - // Now we are really in trouble. - // very bad, definitely very bad...not going to get very far - throw new MissingResourceException( - "Could not load any resource bundles.", className, ""); - } - } - } - - /** - * Return the resource file suffic for the indicated locale - * For most locales, this will be based the language code. However - * for Chinese, we do distinguish between Taiwan and PRC - * - * @param locale the locale - * @return an String suffix which canbe appended to a resource name - */ - private static final String getResourceSuffix(Locale locale) - { - - String suffix = "_" + locale.getLanguage(); - String country = locale.getCountry(); - - if (country.equals("TW")) - suffix += "_" + country; - - return suffix; - } - } diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xml/internal/res/XMLErrorResources_tr.java --- a/sources/jaxp_src/src/com/sun/org/apache/xml/internal/res/XMLErrorResources_tr.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xml/internal/res/XMLErrorResources_tr.java Thu Apr 18 14:38:10 2013 +0100 @@ -24,9 +24,6 @@ import java.util.ListResourceBundle; -import java.util.Locale; -import java.util.MissingResourceException; -import java.util.ResourceBundle; /** * Set up error messages. @@ -443,67 +440,4 @@ return _contents; } - /** - * Return a named ResourceBundle for a particular locale. This method mimics the behavior - * of ResourceBundle.getBundle(). - * - * @param className the name of the class that implements the resource bundle. - * @return the ResourceBundle - * @throws MissingResourceException - */ - public static final XMLErrorResources loadResourceBundle(String className) - throws MissingResourceException - { - - Locale locale = Locale.getDefault(); - String suffix = getResourceSuffix(locale); - - try - { - - // first try with the given locale - return (XMLErrorResources) ResourceBundle.getBundle(className - + suffix, locale); - } - catch (MissingResourceException e) - { - try // try to fall back to en_US if we can't load - { - - // Since we can't find the localized property file, - // fall back to en_US. - return (XMLErrorResources) ResourceBundle.getBundle(className, - new Locale("tr", "TR")); - } - catch (MissingResourceException e2) - { - - // Now we are really in trouble. - // very bad, definitely very bad...not going to get very far - throw new MissingResourceException( - "Could not load any resource bundles.", className, ""); - } - } - } - - /** - * Return the resource file suffic for the indicated locale - * For most locales, this will be based the language code. However - * for Chinese, we do distinguish between Taiwan and PRC - * - * @param locale the locale - * @return an String suffix which canbe appended to a resource name - */ - private static final String getResourceSuffix(Locale locale) - { - - String suffix = "_" + locale.getLanguage(); - String country = locale.getCountry(); - - if (country.equals("TW")) - suffix += "_" + country; - - return suffix; - } - } diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xml/internal/res/XMLErrorResources_zh_CN.java --- a/sources/jaxp_src/src/com/sun/org/apache/xml/internal/res/XMLErrorResources_zh_CN.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xml/internal/res/XMLErrorResources_zh_CN.java Thu Apr 18 14:38:10 2013 +0100 @@ -24,9 +24,6 @@ import java.util.ListResourceBundle; -import java.util.Locale; -import java.util.MissingResourceException; -import java.util.ResourceBundle; /** * Set up error messages. @@ -453,67 +450,4 @@ return _contents; } - /** - * Return a named ResourceBundle for a particular locale. This method mimics the behavior - * of ResourceBundle.getBundle(). - * - * @param className the name of the class that implements the resource bundle. - * @return the ResourceBundle - * @throws MissingResourceException - */ - public static final XMLErrorResources loadResourceBundle(String className) - throws MissingResourceException - { - - Locale locale = Locale.getDefault(); - String suffix = getResourceSuffix(locale); - - try - { - - // first try with the given locale - return (XMLErrorResources) ResourceBundle.getBundle(className - + suffix, locale); - } - catch (MissingResourceException e) - { - try // try to fall back to en_US if we can't load - { - - // Since we can't find the localized property file, - // fall back to en_US. - return (XMLErrorResources) ResourceBundle.getBundle(className, - new Locale("en", "US")); - } - catch (MissingResourceException e2) - { - - // Now we are really in trouble. - // very bad, definitely very bad...not going to get very far - throw new MissingResourceException( - "Could not load any resource bundles.", className, ""); - } - } - } - - /** - * Return the resource file suffic for the indicated locale - * For most locales, this will be based the language code. However - * for Chinese, we do distinguish between Taiwan and PRC - * - * @param locale the locale - * @return an String suffix which canbe appended to a resource name - */ - private static final String getResourceSuffix(Locale locale) - { - - String suffix = "_" + locale.getLanguage(); - String country = locale.getCountry(); - - if (country.equals("TW")) - suffix += "_" + country; - - return suffix; - } - } diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xml/internal/res/XMLErrorResources_zh_TW.java --- a/sources/jaxp_src/src/com/sun/org/apache/xml/internal/res/XMLErrorResources_zh_TW.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xml/internal/res/XMLErrorResources_zh_TW.java Thu Apr 18 14:38:10 2013 +0100 @@ -24,9 +24,6 @@ import java.util.ListResourceBundle; -import java.util.Locale; -import java.util.MissingResourceException; -import java.util.ResourceBundle; /** * Set up error messages. @@ -453,67 +450,4 @@ return _contents; } - /** - * Return a named ResourceBundle for a particular locale. This method mimics the behavior - * of ResourceBundle.getBundle(). - * - * @param className the name of the class that implements the resource bundle. - * @return the ResourceBundle - * @throws MissingResourceException - */ - public static final XMLErrorResources loadResourceBundle(String className) - throws MissingResourceException - { - - Locale locale = Locale.getDefault(); - String suffix = getResourceSuffix(locale); - - try - { - - // first try with the given locale - return (XMLErrorResources) ResourceBundle.getBundle(className - + suffix, locale); - } - catch (MissingResourceException e) - { - try // try to fall back to en_US if we can't load - { - - // Since we can't find the localized property file, - // fall back to en_US. - return (XMLErrorResources) ResourceBundle.getBundle(className, - new Locale("en", "US")); - } - catch (MissingResourceException e2) - { - - // Now we are really in trouble. - // very bad, definitely very bad...not going to get very far - throw new MissingResourceException( - "Could not load any resource bundles.", className, ""); - } - } - } - - /** - * Return the resource file suffic for the indicated locale - * For most locales, this will be based the language code. However - * for Chinese, we do distinguish between Taiwan and PRC - * - * @param locale the locale - * @return an String suffix which canbe appended to a resource name - */ - private static final String getResourceSuffix(Locale locale) - { - - String suffix = "_" + locale.getLanguage(); - String country = locale.getCountry(); - - if (country.equals("TW")) - suffix += "_" + country; - - return suffix; - } - } diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xml/internal/res/XMLMessages.java --- a/sources/jaxp_src/src/com/sun/org/apache/xml/internal/res/XMLMessages.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xml/internal/res/XMLMessages.java Thu Apr 18 14:38:10 2013 +0100 @@ -22,10 +22,9 @@ */ package com.sun.org.apache.xml.internal.res; +import com.sun.org.apache.xalan.internal.utils.SecuritySupport; import java.util.ListResourceBundle; import java.util.Locale; -import java.util.MissingResourceException; -import java.util.ResourceBundle; /** * A utility class for issuing XML error messages. @@ -82,8 +81,9 @@ */ public static final String createXMLMessage(String msgKey, Object args[]) { - if (XMLBundle == null) - XMLBundle = loadResourceBundle(XML_ERROR_RESOURCES); + if (XMLBundle == null) { + XMLBundle = SecuritySupport.getResourceBundle(XML_ERROR_RESOURCES); + } if (XMLBundle != null) { @@ -156,61 +156,4 @@ return fmsg; } - /** - * Return a named ResourceBundle for a particular locale. This method mimics the behavior - * of ResourceBundle.getBundle(). - * - * @param className The class name of the resource bundle. - * @return the ResourceBundle - * @throws MissingResourceException - */ - public static ListResourceBundle loadResourceBundle(String className) - throws MissingResourceException - { - Locale locale = Locale.getDefault(); - - try - { - return (ListResourceBundle)ResourceBundle.getBundle(className, locale); - } - catch (MissingResourceException e) - { - try // try to fall back to en_US if we can't load - { - - // Since we can't find the localized property file, - // fall back to en_US. - return (ListResourceBundle)ResourceBundle.getBundle( - className, new Locale("en", "US")); - } - catch (MissingResourceException e2) - { - - // Now we are really in trouble. - // very bad, definitely very bad...not going to get very far - throw new MissingResourceException( - "Could not load any resource bundles." + className, className, ""); - } - } - } - - /** - * Return the resource file suffic for the indicated locale - * For most locales, this will be based the language code. However - * for Chinese, we do distinguish between Taiwan and PRC - * - * @param locale the locale - * @return an String suffix which can be appended to a resource name - */ - protected static String getResourceSuffix(Locale locale) - { - - String suffix = "_" + locale.getLanguage(); - String country = locale.getCountry(); - - if (country.equals("TW")) - suffix += "_" + country; - - return suffix; - } } diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xml/internal/resolver/Catalog.java --- a/sources/jaxp_src/src/com/sun/org/apache/xml/internal/resolver/Catalog.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xml/internal/resolver/Catalog.java Thu Apr 18 14:38:10 2013 +0100 @@ -23,6 +23,8 @@ package com.sun.org.apache.xml.internal.resolver; +import com.sun.org.apache.xerces.internal.utils.SecuritySupport; + import java.io.IOException; import java.io.FileNotFoundException; import java.io.InputStream; @@ -819,7 +821,7 @@ // tack on a basename because URLs point to files not dirs catalogCwd = FileURL.makeURL("basename"); } catch (MalformedURLException e) { - String userdir = System.getProperty("user.dir"); + String userdir = SecuritySupport.getSystemProperty("user.dir"); userdir.replace('\\', '/'); catalogManager.debug.message(1, "Malformed URL on cwd", userdir); catalogCwd = null; @@ -1715,7 +1717,7 @@ protected String resolveLocalSystem(String systemId) throws MalformedURLException, IOException { - String osname = System.getProperty("os.name"); + String osname = SecuritySupport.getSystemProperty("os.name"); boolean windows = (osname.indexOf("Windows") >= 0); Enumeration en = catalogEntries.elements(); while (en.hasMoreElements()) { diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xml/internal/resolver/CatalogManager.java --- a/sources/jaxp_src/src/com/sun/org/apache/xml/internal/resolver/CatalogManager.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xml/internal/resolver/CatalogManager.java Thu Apr 18 14:38:10 2013 +0100 @@ -23,6 +23,7 @@ package com.sun.org.apache.xml.internal.resolver; +import com.sun.org.apache.xerces.internal.utils.SecuritySupport; import java.io.InputStream; import java.net.URL; @@ -141,8 +142,8 @@ /** Flag to ignore missing property files and/or properties */ private boolean ignoreMissingProperties - = (System.getProperty(pIgnoreMissing) != null - || System.getProperty(pFiles) != null); + = (SecuritySupport.getSystemProperty(pIgnoreMissing) != null + || SecuritySupport.getSystemProperty(pFiles) != null); /** Holds the resources after they are loaded from the file. */ private ResourceBundle resources; @@ -331,7 +332,7 @@ private int queryVerbosity () { String defaultVerbStr = Integer.toString(defaultVerbosity); - String verbStr = System.getProperty(pVerbosity); + String verbStr = SecuritySupport.getSystemProperty(pVerbosity); if (verbStr == null) { if (resources==null) readProperties(); @@ -466,7 +467,7 @@ * @return A semicolon delimited list of catlog file URIs */ private String queryCatalogFiles () { - String catalogList = System.getProperty(pFiles); + String catalogList = SecuritySupport.getSystemProperty(pFiles); fromPropertiesFile = false; if (catalogList == null) { @@ -551,7 +552,7 @@ * defaultPreferSetting. */ private boolean queryPreferPublic () { - String prefer = System.getProperty(pPrefer); + String prefer = SecuritySupport.getSystemProperty(pPrefer); if (prefer == null) { if (resources==null) readProperties(); @@ -610,7 +611,7 @@ * defaultUseStaticCatalog. */ private boolean queryUseStaticCatalog () { - String staticCatalog = System.getProperty(pStatic); + String staticCatalog = SecuritySupport.getSystemProperty(pStatic); if (staticCatalog == null) { if (resources==null) readProperties(); @@ -741,7 +742,7 @@ * defaultOasisXMLCatalogPI. */ public boolean queryAllowOasisXMLCatalogPI () { - String allow = System.getProperty(pAllowPI); + String allow = SecuritySupport.getSystemProperty(pAllowPI); if (allow == null) { if (resources==null) readProperties(); @@ -794,7 +795,7 @@ * */ public String queryCatalogClassName () { - String className = System.getProperty(pClassname); + String className = SecuritySupport.getSystemProperty(pClassname); if (className == null) { if (resources==null) readProperties(); diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xml/internal/resolver/Resolver.java --- a/sources/jaxp_src/src/com/sun/org/apache/xml/internal/resolver/Resolver.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xml/internal/resolver/Resolver.java Thu Apr 18 14:38:10 2013 +0100 @@ -23,6 +23,8 @@ package com.sun.org.apache.xml.internal.resolver; +import com.sun.org.apache.xerces.internal.utils.SecuritySupport; + import java.io.IOException; import java.io.InputStream; import java.io.FileNotFoundException; @@ -521,7 +523,7 @@ */ private Vector resolveAllLocalSystem(String systemId) { Vector map = new Vector(); - String osname = System.getProperty("os.name"); + String osname = SecuritySupport.getSystemProperty("os.name"); boolean windows = (osname.indexOf("Windows") >= 0); Enumeration en = catalogEntries.elements(); while (en.hasMoreElements()) { @@ -549,7 +551,7 @@ */ private Vector resolveLocalSystemReverse(String systemId) { Vector map = new Vector(); - String osname = System.getProperty("os.name"); + String osname = SecuritySupport.getSystemProperty("os.name"); boolean windows = (osname.indexOf("Windows") >= 0); Enumeration en = catalogEntries.elements(); while (en.hasMoreElements()) { diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xml/internal/serialize/SerializerFactory.java --- a/sources/jaxp_src/src/com/sun/org/apache/xml/internal/serialize/SerializerFactory.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xml/internal/serialize/SerializerFactory.java Thu Apr 18 14:38:10 2013 +0100 @@ -21,6 +21,8 @@ package com.sun.org.apache.xml.internal.serialize; +import com.sun.org.apache.xerces.internal.utils.ObjectFactory; +import com.sun.org.apache.xerces.internal.utils.SecuritySupport; import java.io.OutputStream; import java.io.Writer; @@ -63,7 +65,7 @@ factory = new SerializerFactoryImpl( Method.TEXT ); registerSerializerFactory( factory ); - list = System.getProperty( FactoriesProperty ); + list = SecuritySupport.getSystemProperty( FactoriesProperty ); if ( list != null ) { token = new StringTokenizer( list, " ;,:" ); while ( token.hasMoreTokens() ) { diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xml/internal/serializer/Encodings.java --- a/sources/jaxp_src/src/com/sun/org/apache/xml/internal/serializer/Encodings.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xml/internal/serializer/Encodings.java Thu Apr 18 14:38:10 2013 +0100 @@ -34,6 +34,7 @@ import java.util.Properties; import java.util.StringTokenizer; +import com.sun.org.apache.xalan.internal.utils.SecuritySupport; /** * Provides information about encodings. Depends on the Java runtime @@ -218,7 +219,7 @@ // Get the default system character encoding. This may be // incorrect if they passed in a writer, but right now there // seems to be no way to get the encoding from a writer. - encoding = System.getProperty("file.encoding", "UTF8"); + encoding = SecuritySupport.getSystemProperty("file.encoding", "UTF8"); if (null != encoding) { @@ -312,7 +313,7 @@ try { - urlString = System.getProperty(ENCODINGS_PROP, ""); + urlString = SecuritySupport.getSystemProperty(ENCODINGS_PROP, ""); } catch (SecurityException e) { diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xml/internal/serializer/OutputPropertiesFactory.java --- a/sources/jaxp_src/src/com/sun/org/apache/xml/internal/serializer/OutputPropertiesFactory.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xml/internal/serializer/OutputPropertiesFactory.java Thu Apr 18 14:38:10 2013 +0100 @@ -22,6 +22,7 @@ */ package com.sun.org.apache.xml.internal.serializer; +import com.sun.org.apache.xalan.internal.utils.SecuritySupport; import java.io.BufferedInputStream; import java.io.IOException; import java.io.InputStream; @@ -451,7 +452,7 @@ String value = null; try { - value = System.getProperty(key); + value = SecuritySupport.getSystemProperty(key); } catch (SecurityException se) { @@ -464,7 +465,7 @@ String newValue = null; try { - newValue = System.getProperty(newKey); + newValue = SecuritySupport.getSystemProperty(newKey); } catch (SecurityException se) { diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xml/internal/serializer/ToStream.java --- a/sources/jaxp_src/src/com/sun/org/apache/xml/internal/serializer/ToStream.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xml/internal/serializer/ToStream.java Thu Apr 18 14:38:10 2013 +0100 @@ -22,6 +22,7 @@ */ package com.sun.org.apache.xml.internal.serializer; +import com.sun.org.apache.xalan.internal.utils.SecuritySupport; import java.io.IOException; import java.io.OutputStream; import java.io.UnsupportedEncodingException; @@ -140,7 +141,7 @@ * extension attribute xalan:line-separator. */ protected char[] m_lineSep = - System.getProperty("line.separator").toCharArray(); + SecuritySupport.getSystemProperty("line.separator").toCharArray(); /** * True if the the system line separator is to be used. diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xml/internal/serializer/TreeWalker.java --- a/sources/jaxp_src/src/com/sun/org/apache/xml/internal/serializer/TreeWalker.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xml/internal/serializer/TreeWalker.java Thu Apr 18 14:38:10 2013 +0100 @@ -22,6 +22,7 @@ */ package com.sun.org.apache.xml.internal.serializer; +import com.sun.org.apache.xalan.internal.utils.SecuritySupport; import java.io.File; import com.sun.org.apache.xml.internal.serializer.utils.AttList; @@ -104,7 +105,7 @@ else { try { // Bug see Bugzilla 26741 - m_locator.setSystemId(System.getProperty("user.dir") + File.separator + "dummy.xsl"); + m_locator.setSystemId(SecuritySupport.getSystemProperty("user.dir") + File.separator + "dummy.xsl"); } catch (SecurityException se) {// user.dir not accessible from applet } @@ -115,7 +116,7 @@ m_contentHandler.setDocumentLocator(m_locator); try { // Bug see Bugzilla 26741 - m_locator.setSystemId(System.getProperty("user.dir") + File.separator + "dummy.xsl"); + m_locator.setSystemId(SecuritySupport.getSystemProperty("user.dir") + File.separator + "dummy.xsl"); } catch (SecurityException se){// user.dir not accessible from applet diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xml/internal/serializer/utils/Messages.java --- a/sources/jaxp_src/src/com/sun/org/apache/xml/internal/serializer/utils/Messages.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xml/internal/serializer/utils/Messages.java Thu Apr 18 14:38:10 2013 +0100 @@ -22,6 +22,7 @@ */ package com.sun.org.apache.xml.internal.serializer.utils; +import com.sun.org.apache.xalan.internal.utils.SecuritySupport; import java.util.ListResourceBundle; import java.util.Locale; import java.util.MissingResourceException; @@ -87,9 +88,6 @@ * can have the Message strings translated in an alternate language * in a errorResourceClass with a language suffix. * - * More sophisticated use of this class would be to pass null - * when contructing it, but then call loadResourceBundle() - * before creating any messages. * * This class is not a public API, it is only public because it is * used in com.sun.org.apache.xml.internal.serializer. @@ -126,18 +124,6 @@ m_resourceBundleName = resourceBundle; } - /* - * Set the Locale object to use. If this method is not called the - * default locale is used. This method needs to be called before - * loadResourceBundle(). - * - * @param locale non-null reference to Locale object. - * @xsl.usage internal - */ -// public void setLocale(Locale locale) -// { -// m_locale = locale; -// } /** * Get the Locale object that is being used. @@ -151,16 +137,6 @@ } /** - * Get the ListResourceBundle being used by this Messages instance which was - * previously set by a call to loadResourceBundle(className) - * @xsl.usage internal - */ - private ListResourceBundle getResourceBundle() - { - return m_resourceBundle; - } - - /** * Creates a message from the specified key and replacement * arguments, localized to the given locale. * @@ -174,7 +150,7 @@ public final String createMessage(String msgKey, Object args[]) { if (m_resourceBundle == null) - m_resourceBundle = loadResourceBundle(m_resourceBundleName); + m_resourceBundle = SecuritySupport.getResourceBundle(m_resourceBundleName); if (m_resourceBundle != null) { @@ -293,76 +269,4 @@ return fmsg; } - /** - * Return a named ResourceBundle for a particular locale. This method mimics the behavior - * of ResourceBundle.getBundle(). - * - * @param className the name of the class that implements ListResourceBundle, - * without language suffix. - * @return the ResourceBundle - * @throws MissingResourceException - * @xsl.usage internal - */ - private ListResourceBundle loadResourceBundle(String resourceBundle) - throws MissingResourceException - { - m_resourceBundleName = resourceBundle; - Locale locale = getLocale(); - - ListResourceBundle lrb; - - try - { - - ResourceBundle rb = - ResourceBundle.getBundle(m_resourceBundleName, locale); - lrb = (ListResourceBundle) rb; - } - catch (MissingResourceException e) - { - try // try to fall back to en_US if we can't load - { - - // Since we can't find the localized property file, - // fall back to en_US. - lrb = - (ListResourceBundle) ResourceBundle.getBundle( - m_resourceBundleName, - new Locale("en", "US")); - } - catch (MissingResourceException e2) - { - - // Now we are really in trouble. - // very bad, definitely very bad...not going to get very far - throw new MissingResourceException( - "Could not load any resource bundles." + m_resourceBundleName, - m_resourceBundleName, - ""); - } - } - m_resourceBundle = lrb; - return lrb; - } - - /** - * Return the resource file suffic for the indicated locale - * For most locales, this will be based the language code. However - * for Chinese, we do distinguish between Taiwan and PRC - * - * @param locale the locale - * @return an String suffix which can be appended to a resource name - * @xsl.usage internal - */ - private static String getResourceSuffix(Locale locale) - { - - String suffix = "_" + locale.getLanguage(); - String country = locale.getCountry(); - - if (country.equals("TW")) - suffix += "_" + country; - - return suffix; - } } diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xml/internal/utils/TreeWalker.java --- a/sources/jaxp_src/src/com/sun/org/apache/xml/internal/utils/TreeWalker.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xml/internal/utils/TreeWalker.java Thu Apr 18 14:38:10 2013 +0100 @@ -22,6 +22,7 @@ */ package com.sun.org.apache.xml.internal.utils; +import com.sun.org.apache.xalan.internal.utils.SecuritySupport; import java.io.File; import org.w3c.dom.Comment; @@ -93,7 +94,7 @@ else { try { // Bug see Bugzilla 26741 - m_locator.setSystemId(System.getProperty("user.dir") + File.separator + "dummy.xsl"); + m_locator.setSystemId(SecuritySupport.getSystemProperty("user.dir") + File.separator + "dummy.xsl"); } catch (SecurityException se) {// user.dir not accessible from applet } @@ -112,7 +113,7 @@ m_contentHandler.setDocumentLocator(m_locator); try { // Bug see Bugzilla 26741 - m_locator.setSystemId(System.getProperty("user.dir") + File.separator + "dummy.xsl"); + m_locator.setSystemId(SecuritySupport.getSystemProperty("user.dir") + File.separator + "dummy.xsl"); } catch (SecurityException se){// user.dir not accessible from applet } @@ -131,7 +132,7 @@ m_contentHandler.setDocumentLocator(m_locator); try { // Bug see Bugzilla 26741 - m_locator.setSystemId(System.getProperty("user.dir") + File.separator + "dummy.xsl"); + m_locator.setSystemId(SecuritySupport.getSystemProperty("user.dir") + File.separator + "dummy.xsl"); } catch (SecurityException se){// user.dir not accessible from applet diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xml/internal/utils/res/XResourceBundle.java --- a/sources/jaxp_src/src/com/sun/org/apache/xml/internal/utils/res/XResourceBundle.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xml/internal/utils/res/XResourceBundle.java Thu Apr 18 14:38:10 2013 +0100 @@ -22,6 +22,8 @@ */ package com.sun.org.apache.xml.internal.utils.res; +import java.security.AccessController; +import java.security.PrivilegedAction; import java.util.ListResourceBundle; import java.util.Locale; import java.util.MissingResourceException; @@ -29,114 +31,45 @@ /** * The default (english) resource bundle. + * * @xsl.usage internal */ -public class XResourceBundle extends ListResourceBundle -{ - - /** Error resource constants */ - public static final String ERROR_RESOURCES = - "com.sun.org.apache.xalan.internal.res.XSLTErrorResources", XSLT_RESOURCE = - "com.sun.org.apache.xml.internal.utils.res.XResourceBundle", LANG_BUNDLE_NAME = - "com.sun.org.apache.xml.internal.utils.res.XResources", MULT_ORDER = - "multiplierOrder", MULT_PRECEDES = "precedes", MULT_FOLLOWS = - "follows", LANG_ORIENTATION = "orientation", LANG_RIGHTTOLEFT = - "rightToLeft", LANG_LEFTTORIGHT = "leftToRight", LANG_NUMBERING = - "numbering", LANG_ADDITIVE = "additive", LANG_MULT_ADD = - "multiplicative-additive", LANG_MULTIPLIER = - "multiplier", LANG_MULTIPLIER_CHAR = - "multiplierChar", LANG_NUMBERGROUPS = "numberGroups", LANG_NUM_TABLES = - "tables", LANG_ALPHABET = "alphabet", LANG_TRAD_ALPHABET = "tradAlphabet"; +public class XResourceBundle extends ListResourceBundle { - /** - * Return a named ResourceBundle for a particular locale. This method mimics the behavior - * of ResourceBundle.getBundle(). - * - * @param className Name of local-specific subclass. - * @param locale the locale to prefer when searching for the bundle - */ - public static final XResourceBundle loadResourceBundle( - String className, Locale locale) throws MissingResourceException - { - - String suffix = getResourceSuffix(locale); - - //System.out.println("resource " + className + suffix); - try - { + /** + * Error resource constants + */ + public static final String ERROR_RESOURCES = + "com.sun.org.apache.xalan.internal.res.XSLTErrorResources", XSLT_RESOURCE = + "com.sun.org.apache.xml.internal.utils.res.XResourceBundle", LANG_BUNDLE_NAME = + "com.sun.org.apache.xml.internal.utils.res.XResources", MULT_ORDER = + "multiplierOrder", MULT_PRECEDES = "precedes", MULT_FOLLOWS = + "follows", LANG_ORIENTATION = "orientation", LANG_RIGHTTOLEFT = + "rightToLeft", LANG_LEFTTORIGHT = "leftToRight", LANG_NUMBERING = + "numbering", LANG_ADDITIVE = "additive", LANG_MULT_ADD = + "multiplicative-additive", LANG_MULTIPLIER = + "multiplier", LANG_MULTIPLIER_CHAR = + "multiplierChar", LANG_NUMBERGROUPS = "numberGroups", LANG_NUM_TABLES = + "tables", LANG_ALPHABET = "alphabet", LANG_TRAD_ALPHABET = "tradAlphabet"; - // first try with the given locale - String resourceName = className + suffix; - return (XResourceBundle) ResourceBundle.getBundle(resourceName, locale); - } - catch (MissingResourceException e) - { - try // try to fall back to en_US if we can't load - { - - // Since we can't find the localized property file, - // fall back to en_US. - return (XResourceBundle) ResourceBundle.getBundle( - XSLT_RESOURCE, new Locale("en", "US")); - } - catch (MissingResourceException e2) - { - // Now we are really in trouble. - // very bad, definitely very bad...not going to get very far - throw new MissingResourceException( - "Could not load any resource bundles.", className, ""); - } + /** + * Get the association list. + * + * @return The association list. + */ + public Object[][] getContents() { + return new Object[][]{ + {"ui_language", "en"}, {"help_language", "en"}, {"language", "en"}, + {"alphabet", new CharArrayWrapper(new char[]{'A', 'B', 'C', 'D', 'E', 'F', 'G', + 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', + 'V', 'W', 'X', 'Y', 'Z'})}, + {"tradAlphabet", new CharArrayWrapper(new char[]{'A', 'B', 'C', 'D', 'E', 'F', + 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', + 'U', 'V', 'W', 'X', 'Y', 'Z'})}, + //language orientation + {"orientation", "LeftToRight"}, + //language numbering + {"numbering", "additive"},}; } - } - - /** - * Return the resource file suffic for the indicated locale - * For most locales, this will be based the language code. However - * for Chinese, we do distinguish between Taiwan and PRC - * - * @param locale the locale - * @return an String suffix which canbe appended to a resource name - */ - private static final String getResourceSuffix(Locale locale) - { - - String lang = locale.getLanguage(); - String country = locale.getCountry(); - String variant = locale.getVariant(); - String suffix = "_" + locale.getLanguage(); - - if (lang.equals("zh")) - suffix += "_" + country; - - if (country.equals("JP")) - suffix += "_" + country + "_" + variant; - - return suffix; - } - - /** - * Get the association list. - * - * @return The association list. - */ - public Object[][] getContents() - { - return new Object[][] - { - { "ui_language", "en" }, { "help_language", "en" }, { "language", "en" }, - { "alphabet", new CharArrayWrapper(new char[]{ 'A', 'B', 'C', 'D', 'E', 'F', 'G', - 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', - 'V', 'W', 'X', 'Y', 'Z' })}, - { "tradAlphabet", new CharArrayWrapper(new char[]{ 'A', 'B', 'C', 'D', 'E', 'F', - 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', - 'U', 'V', 'W', 'X', 'Y', 'Z' }) }, - - //language orientation - { "orientation", "LeftToRight" }, - - //language numbering - { "numbering", "additive" }, - }; - } } diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xpath/internal/functions/FuncSystemProperty.java --- a/sources/jaxp_src/src/com/sun/org/apache/xpath/internal/functions/FuncSystemProperty.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xpath/internal/functions/FuncSystemProperty.java Thu Apr 18 14:38:10 2013 +0100 @@ -31,6 +31,8 @@ import com.sun.org.apache.xpath.internal.objects.XObject; import com.sun.org.apache.xpath.internal.objects.XString; import com.sun.org.apache.xpath.internal.res.XPATHErrorResources; +import com.sun.org.apache.xalan.internal.utils.ObjectFactory; +import com.sun.org.apache.xalan.internal.utils.SecuritySupport; /** * Execute the SystemProperty() function. @@ -100,7 +102,7 @@ try { - result = System.getProperty(propName); + result = SecuritySupport.getSystemProperty(propName); if (null == result) { @@ -122,7 +124,7 @@ { try { - result = System.getProperty(fullName); + result = SecuritySupport.getSystemProperty(fullName); if (null == result) { diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xpath/internal/res/XPATHErrorResources.java --- a/sources/jaxp_src/src/com/sun/org/apache/xpath/internal/res/XPATHErrorResources.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xpath/internal/res/XPATHErrorResources.java Thu Apr 18 14:38:10 2013 +0100 @@ -23,9 +23,6 @@ package com.sun.org.apache.xpath.internal.res; import java.util.ListResourceBundle; -import java.util.Locale; -import java.util.MissingResourceException; -import java.util.ResourceBundle; /** * Set up error messages. @@ -939,68 +936,4 @@ /** Field QUERY_HEADER */ public static final String QUERY_HEADER = "PATTERN "; - - /** - * Return a named ResourceBundle for a particular locale. This method mimics the behavior - * of ResourceBundle.getBundle(). - * - * @param className Name of local-specific subclass. - * @return the ResourceBundle - * @throws MissingResourceException - */ - public static final XPATHErrorResources loadResourceBundle(String className) - throws MissingResourceException - { - - Locale locale = Locale.getDefault(); - String suffix = getResourceSuffix(locale); - - try - { - - // first try with the given locale - return (XPATHErrorResources) ResourceBundle.getBundle(className - + suffix, locale); - } - catch (MissingResourceException e) - { - try // try to fall back to en_US if we can't load - { - - // Since we can't find the localized property file, - // fall back to en_US. - return (XPATHErrorResources) ResourceBundle.getBundle(className, - new Locale("en", "US")); - } - catch (MissingResourceException e2) - { - - // Now we are really in trouble. - // very bad, definitely very bad...not going to get very far - throw new MissingResourceException( - "Could not load any resource bundles.", className, ""); - } - } - } - - /** - * Return the resource file suffic for the indicated locale - * For most locales, this will be based the language code. However - * for Chinese, we do distinguish between Taiwan and PRC - * - * @param locale the locale - * @return an String suffix which canbe appended to a resource name - */ - private static final String getResourceSuffix(Locale locale) - { - - String suffix = "_" + locale.getLanguage(); - String country = locale.getCountry(); - - if (country.equals("TW")) - suffix += "_" + country; - - return suffix; - } - } diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xpath/internal/res/XPATHErrorResources_de.java --- a/sources/jaxp_src/src/com/sun/org/apache/xpath/internal/res/XPATHErrorResources_de.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xpath/internal/res/XPATHErrorResources_de.java Thu Apr 18 14:38:10 2013 +0100 @@ -23,9 +23,6 @@ package com.sun.org.apache.xpath.internal.res; import java.util.ListResourceBundle; -import java.util.Locale; -import java.util.MissingResourceException; -import java.util.ResourceBundle; /** * Set up error messages. @@ -939,68 +936,4 @@ /** Field QUERY_HEADER */ public static final String QUERY_HEADER = "PATTERN "; - - /** - * Return a named ResourceBundle for a particular locale. This method mimics the behavior - * of ResourceBundle.getBundle(). - * - * @param className Name of local-specific subclass. - * @return the ResourceBundle - * @throws MissingResourceException - */ - public static final XPATHErrorResources loadResourceBundle(String className) - throws MissingResourceException - { - - Locale locale = Locale.getDefault(); - String suffix = getResourceSuffix(locale); - - try - { - - // first try with the given locale - return (XPATHErrorResources) ResourceBundle.getBundle(className - + suffix, locale); - } - catch (MissingResourceException e) - { - try // try to fall back to en_US if we can't load - { - - // Since we can't find the localized property file, - // fall back to en_US. - return (XPATHErrorResources) ResourceBundle.getBundle(className, - new Locale("en", "US")); - } - catch (MissingResourceException e2) - { - - // Now we are really in trouble. - // very bad, definitely very bad...not going to get very far - throw new MissingResourceException( - "Could not load any resource bundles.", className, ""); - } - } - } - - /** - * Return the resource file suffic for the indicated locale - * For most locales, this will be based the language code. However - * for Chinese, we do distinguish between Taiwan and PRC - * - * @param locale the locale - * @return an String suffix which canbe appended to a resource name - */ - private static final String getResourceSuffix(Locale locale) - { - - String suffix = "_" + locale.getLanguage(); - String country = locale.getCountry(); - - if (country.equals("TW")) - suffix += "_" + country; - - return suffix; - } - } diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xpath/internal/res/XPATHErrorResources_es.java --- a/sources/jaxp_src/src/com/sun/org/apache/xpath/internal/res/XPATHErrorResources_es.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xpath/internal/res/XPATHErrorResources_es.java Thu Apr 18 14:38:10 2013 +0100 @@ -23,9 +23,6 @@ package com.sun.org.apache.xpath.internal.res; import java.util.ListResourceBundle; -import java.util.Locale; -import java.util.MissingResourceException; -import java.util.ResourceBundle; /** * Set up error messages. @@ -939,68 +936,4 @@ /** Field QUERY_HEADER */ public static final String QUERY_HEADER = "PATTERN "; - - /** - * Return a named ResourceBundle for a particular locale. This method mimics the behavior - * of ResourceBundle.getBundle(). - * - * @param className Name of local-specific subclass. - * @return the ResourceBundle - * @throws MissingResourceException - */ - public static final XPATHErrorResources loadResourceBundle(String className) - throws MissingResourceException - { - - Locale locale = Locale.getDefault(); - String suffix = getResourceSuffix(locale); - - try - { - - // first try with the given locale - return (XPATHErrorResources) ResourceBundle.getBundle(className - + suffix, locale); - } - catch (MissingResourceException e) - { - try // try to fall back to en_US if we can't load - { - - // Since we can't find the localized property file, - // fall back to en_US. - return (XPATHErrorResources) ResourceBundle.getBundle(className, - new Locale("en", "US")); - } - catch (MissingResourceException e2) - { - - // Now we are really in trouble. - // very bad, definitely very bad...not going to get very far - throw new MissingResourceException( - "Could not load any resource bundles.", className, ""); - } - } - } - - /** - * Return the resource file suffic for the indicated locale - * For most locales, this will be based the language code. However - * for Chinese, we do distinguish between Taiwan and PRC - * - * @param locale the locale - * @return an String suffix which canbe appended to a resource name - */ - private static final String getResourceSuffix(Locale locale) - { - - String suffix = "_" + locale.getLanguage(); - String country = locale.getCountry(); - - if (country.equals("TW")) - suffix += "_" + country; - - return suffix; - } - } diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xpath/internal/res/XPATHErrorResources_fr.java --- a/sources/jaxp_src/src/com/sun/org/apache/xpath/internal/res/XPATHErrorResources_fr.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xpath/internal/res/XPATHErrorResources_fr.java Thu Apr 18 14:38:10 2013 +0100 @@ -23,9 +23,6 @@ package com.sun.org.apache.xpath.internal.res; import java.util.ListResourceBundle; -import java.util.Locale; -import java.util.MissingResourceException; -import java.util.ResourceBundle; /** * Set up error messages. @@ -939,68 +936,4 @@ /** Field QUERY_HEADER */ public static final String QUERY_HEADER = "PATTERN "; - - /** - * Return a named ResourceBundle for a particular locale. This method mimics the behavior - * of ResourceBundle.getBundle(). - * - * @param className Name of local-specific subclass. - * @return the ResourceBundle - * @throws MissingResourceException - */ - public static final XPATHErrorResources loadResourceBundle(String className) - throws MissingResourceException - { - - Locale locale = Locale.getDefault(); - String suffix = getResourceSuffix(locale); - - try - { - - // first try with the given locale - return (XPATHErrorResources) ResourceBundle.getBundle(className - + suffix, locale); - } - catch (MissingResourceException e) - { - try // try to fall back to en_US if we can't load - { - - // Since we can't find the localized property file, - // fall back to en_US. - return (XPATHErrorResources) ResourceBundle.getBundle(className, - new Locale("en", "US")); - } - catch (MissingResourceException e2) - { - - // Now we are really in trouble. - // very bad, definitely very bad...not going to get very far - throw new MissingResourceException( - "Could not load any resource bundles.", className, ""); - } - } - } - - /** - * Return the resource file suffic for the indicated locale - * For most locales, this will be based the language code. However - * for Chinese, we do distinguish between Taiwan and PRC - * - * @param locale the locale - * @return an String suffix which canbe appended to a resource name - */ - private static final String getResourceSuffix(Locale locale) - { - - String suffix = "_" + locale.getLanguage(); - String country = locale.getCountry(); - - if (country.equals("TW")) - suffix += "_" + country; - - return suffix; - } - } diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xpath/internal/res/XPATHErrorResources_it.java --- a/sources/jaxp_src/src/com/sun/org/apache/xpath/internal/res/XPATHErrorResources_it.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xpath/internal/res/XPATHErrorResources_it.java Thu Apr 18 14:38:10 2013 +0100 @@ -23,9 +23,6 @@ package com.sun.org.apache.xpath.internal.res; import java.util.ListResourceBundle; -import java.util.Locale; -import java.util.MissingResourceException; -import java.util.ResourceBundle; /** * Set up error messages. @@ -939,68 +936,4 @@ /** Field QUERY_HEADER */ public static final String QUERY_HEADER = "PATTERN "; - - /** - * Return a named ResourceBundle for a particular locale. This method mimics the behavior - * of ResourceBundle.getBundle(). - * - * @param className Name of local-specific subclass. - * @return the ResourceBundle - * @throws MissingResourceException - */ - public static final XPATHErrorResources loadResourceBundle(String className) - throws MissingResourceException - { - - Locale locale = Locale.getDefault(); - String suffix = getResourceSuffix(locale); - - try - { - - // first try with the given locale - return (XPATHErrorResources) ResourceBundle.getBundle(className - + suffix, locale); - } - catch (MissingResourceException e) - { - try // try to fall back to en_US if we can't load - { - - // Since we can't find the localized property file, - // fall back to en_US. - return (XPATHErrorResources) ResourceBundle.getBundle(className, - new Locale("en", "US")); - } - catch (MissingResourceException e2) - { - - // Now we are really in trouble. - // very bad, definitely very bad...not going to get very far - throw new MissingResourceException( - "Could not load any resource bundles.", className, ""); - } - } - } - - /** - * Return the resource file suffic for the indicated locale - * For most locales, this will be based the language code. However - * for Chinese, we do distinguish between Taiwan and PRC - * - * @param locale the locale - * @return an String suffix which canbe appended to a resource name - */ - private static final String getResourceSuffix(Locale locale) - { - - String suffix = "_" + locale.getLanguage(); - String country = locale.getCountry(); - - if (country.equals("TW")) - suffix += "_" + country; - - return suffix; - } - } diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xpath/internal/res/XPATHErrorResources_ja.java --- a/sources/jaxp_src/src/com/sun/org/apache/xpath/internal/res/XPATHErrorResources_ja.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xpath/internal/res/XPATHErrorResources_ja.java Thu Apr 18 14:38:10 2013 +0100 @@ -23,9 +23,6 @@ package com.sun.org.apache.xpath.internal.res; import java.util.ListResourceBundle; -import java.util.Locale; -import java.util.MissingResourceException; -import java.util.ResourceBundle; /** * Set up error messages. @@ -939,68 +936,4 @@ /** Field QUERY_HEADER */ public static final String QUERY_HEADER = "PATTERN "; - - /** - * Return a named ResourceBundle for a particular locale. This method mimics the behavior - * of ResourceBundle.getBundle(). - * - * @param className Name of local-specific subclass. - * @return the ResourceBundle - * @throws MissingResourceException - */ - public static final XPATHErrorResources loadResourceBundle(String className) - throws MissingResourceException - { - - Locale locale = Locale.getDefault(); - String suffix = getResourceSuffix(locale); - - try - { - - // first try with the given locale - return (XPATHErrorResources) ResourceBundle.getBundle(className - + suffix, locale); - } - catch (MissingResourceException e) - { - try // try to fall back to en_US if we can't load - { - - // Since we can't find the localized property file, - // fall back to en_US. - return (XPATHErrorResources) ResourceBundle.getBundle(className, - new Locale("en", "US")); - } - catch (MissingResourceException e2) - { - - // Now we are really in trouble. - // very bad, definitely very bad...not going to get very far - throw new MissingResourceException( - "Could not load any resource bundles.", className, ""); - } - } - } - - /** - * Return the resource file suffic for the indicated locale - * For most locales, this will be based the language code. However - * for Chinese, we do distinguish between Taiwan and PRC - * - * @param locale the locale - * @return an String suffix which canbe appended to a resource name - */ - private static final String getResourceSuffix(Locale locale) - { - - String suffix = "_" + locale.getLanguage(); - String country = locale.getCountry(); - - if (country.equals("TW")) - suffix += "_" + country; - - return suffix; - } - } diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xpath/internal/res/XPATHErrorResources_ko.java --- a/sources/jaxp_src/src/com/sun/org/apache/xpath/internal/res/XPATHErrorResources_ko.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xpath/internal/res/XPATHErrorResources_ko.java Thu Apr 18 14:38:10 2013 +0100 @@ -23,9 +23,6 @@ package com.sun.org.apache.xpath.internal.res; import java.util.ListResourceBundle; -import java.util.Locale; -import java.util.MissingResourceException; -import java.util.ResourceBundle; /** * Set up error messages. @@ -939,68 +936,4 @@ /** Field QUERY_HEADER */ public static final String QUERY_HEADER = "PATTERN "; - - /** - * Return a named ResourceBundle for a particular locale. This method mimics the behavior - * of ResourceBundle.getBundle(). - * - * @param className Name of local-specific subclass. - * @return the ResourceBundle - * @throws MissingResourceException - */ - public static final XPATHErrorResources loadResourceBundle(String className) - throws MissingResourceException - { - - Locale locale = Locale.getDefault(); - String suffix = getResourceSuffix(locale); - - try - { - - // first try with the given locale - return (XPATHErrorResources) ResourceBundle.getBundle(className - + suffix, locale); - } - catch (MissingResourceException e) - { - try // try to fall back to en_US if we can't load - { - - // Since we can't find the localized property file, - // fall back to en_US. - return (XPATHErrorResources) ResourceBundle.getBundle(className, - new Locale("en", "US")); - } - catch (MissingResourceException e2) - { - - // Now we are really in trouble. - // very bad, definitely very bad...not going to get very far - throw new MissingResourceException( - "Could not load any resource bundles.", className, ""); - } - } - } - - /** - * Return the resource file suffic for the indicated locale - * For most locales, this will be based the language code. However - * for Chinese, we do distinguish between Taiwan and PRC - * - * @param locale the locale - * @return an String suffix which canbe appended to a resource name - */ - private static final String getResourceSuffix(Locale locale) - { - - String suffix = "_" + locale.getLanguage(); - String country = locale.getCountry(); - - if (country.equals("TW")) - suffix += "_" + country; - - return suffix; - } - } diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xpath/internal/res/XPATHErrorResources_pt_BR.java --- a/sources/jaxp_src/src/com/sun/org/apache/xpath/internal/res/XPATHErrorResources_pt_BR.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xpath/internal/res/XPATHErrorResources_pt_BR.java Thu Apr 18 14:38:10 2013 +0100 @@ -24,9 +24,6 @@ package com.sun.org.apache.xpath.internal.res; import java.util.ListResourceBundle; -import java.util.Locale; -import java.util.MissingResourceException; -import java.util.ResourceBundle; /** * Set up error messages. @@ -940,68 +937,4 @@ /** Field QUERY_HEADER */ public static final String QUERY_HEADER = "PATTERN "; - - /** - * Return a named ResourceBundle for a particular locale. This method mimics the behavior - * of ResourceBundle.getBundle(). - * - * @param className Name of local-specific subclass. - * @return the ResourceBundle - * @throws MissingResourceException - */ - public static final XPATHErrorResources loadResourceBundle(String className) - throws MissingResourceException - { - - Locale locale = Locale.getDefault(); - String suffix = getResourceSuffix(locale); - - try - { - - // first try with the given locale - return (XPATHErrorResources) ResourceBundle.getBundle(className - + suffix, locale); - } - catch (MissingResourceException e) - { - try // try to fall back to en_US if we can't load - { - - // Since we can't find the localized property file, - // fall back to en_US. - return (XPATHErrorResources) ResourceBundle.getBundle(className, - new Locale("en", "US")); - } - catch (MissingResourceException e2) - { - - // Now we are really in trouble. - // very bad, definitely very bad...not going to get very far - throw new MissingResourceException( - "Could not load any resource bundles.", className, ""); - } - } - } - - /** - * Return the resource file suffic for the indicated locale - * For most locales, this will be based the language code. However - * for Chinese, we do distinguish between Taiwan and PRC - * - * @param locale the locale - * @return an String suffix which canbe appended to a resource name - */ - private static final String getResourceSuffix(Locale locale) - { - - String suffix = "_" + locale.getLanguage(); - String country = locale.getCountry(); - - if (country.equals("TW")) - suffix += "_" + country; - - return suffix; - } - } diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xpath/internal/res/XPATHErrorResources_sv.java --- a/sources/jaxp_src/src/com/sun/org/apache/xpath/internal/res/XPATHErrorResources_sv.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xpath/internal/res/XPATHErrorResources_sv.java Thu Apr 18 14:38:10 2013 +0100 @@ -23,9 +23,6 @@ package com.sun.org.apache.xpath.internal.res; import java.util.ListResourceBundle; -import java.util.Locale; -import java.util.MissingResourceException; -import java.util.ResourceBundle; /** * Set up error messages. @@ -939,68 +936,4 @@ /** Field QUERY_HEADER */ public static final String QUERY_HEADER = "PATTERN "; - - /** - * Return a named ResourceBundle for a particular locale. This method mimics the behavior - * of ResourceBundle.getBundle(). - * - * @param className Name of local-specific subclass. - * @return the ResourceBundle - * @throws MissingResourceException - */ - public static final XPATHErrorResources loadResourceBundle(String className) - throws MissingResourceException - { - - Locale locale = Locale.getDefault(); - String suffix = getResourceSuffix(locale); - - try - { - - // first try with the given locale - return (XPATHErrorResources) ResourceBundle.getBundle(className - + suffix, locale); - } - catch (MissingResourceException e) - { - try // try to fall back to en_US if we can't load - { - - // Since we can't find the localized property file, - // fall back to en_US. - return (XPATHErrorResources) ResourceBundle.getBundle(className, - new Locale("en", "US")); - } - catch (MissingResourceException e2) - { - - // Now we are really in trouble. - // very bad, definitely very bad...not going to get very far - throw new MissingResourceException( - "Could not load any resource bundles.", className, ""); - } - } - } - - /** - * Return the resource file suffic for the indicated locale - * For most locales, this will be based the language code. However - * for Chinese, we do distinguish between Taiwan and PRC - * - * @param locale the locale - * @return an String suffix which canbe appended to a resource name - */ - private static final String getResourceSuffix(Locale locale) - { - - String suffix = "_" + locale.getLanguage(); - String country = locale.getCountry(); - - if (country.equals("TW")) - suffix += "_" + country; - - return suffix; - } - } diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xpath/internal/res/XPATHErrorResources_zh_CN.java --- a/sources/jaxp_src/src/com/sun/org/apache/xpath/internal/res/XPATHErrorResources_zh_CN.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xpath/internal/res/XPATHErrorResources_zh_CN.java Thu Apr 18 14:38:10 2013 +0100 @@ -23,9 +23,6 @@ package com.sun.org.apache.xpath.internal.res; import java.util.ListResourceBundle; -import java.util.Locale; -import java.util.MissingResourceException; -import java.util.ResourceBundle; /** * Set up error messages. @@ -939,68 +936,4 @@ /** Field QUERY_HEADER */ public static final String QUERY_HEADER = "PATTERN "; - - /** - * Return a named ResourceBundle for a particular locale. This method mimics the behavior - * of ResourceBundle.getBundle(). - * - * @param className Name of local-specific subclass. - * @return the ResourceBundle - * @throws MissingResourceException - */ - public static final XPATHErrorResources loadResourceBundle(String className) - throws MissingResourceException - { - - Locale locale = Locale.getDefault(); - String suffix = getResourceSuffix(locale); - - try - { - - // first try with the given locale - return (XPATHErrorResources) ResourceBundle.getBundle(className - + suffix, locale); - } - catch (MissingResourceException e) - { - try // try to fall back to en_US if we can't load - { - - // Since we can't find the localized property file, - // fall back to en_US. - return (XPATHErrorResources) ResourceBundle.getBundle(className, - new Locale("en", "US")); - } - catch (MissingResourceException e2) - { - - // Now we are really in trouble. - // very bad, definitely very bad...not going to get very far - throw new MissingResourceException( - "Could not load any resource bundles.", className, ""); - } - } - } - - /** - * Return the resource file suffic for the indicated locale - * For most locales, this will be based the language code. However - * for Chinese, we do distinguish between Taiwan and PRC - * - * @param locale the locale - * @return an String suffix which canbe appended to a resource name - */ - private static final String getResourceSuffix(Locale locale) - { - - String suffix = "_" + locale.getLanguage(); - String country = locale.getCountry(); - - if (country.equals("TW")) - suffix += "_" + country; - - return suffix; - } - } diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xpath/internal/res/XPATHErrorResources_zh_TW.java --- a/sources/jaxp_src/src/com/sun/org/apache/xpath/internal/res/XPATHErrorResources_zh_TW.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xpath/internal/res/XPATHErrorResources_zh_TW.java Thu Apr 18 14:38:10 2013 +0100 @@ -23,9 +23,6 @@ package com.sun.org.apache.xpath.internal.res; import java.util.ListResourceBundle; -import java.util.Locale; -import java.util.MissingResourceException; -import java.util.ResourceBundle; /** * Set up error messages. @@ -939,68 +936,4 @@ /** Field QUERY_HEADER */ public static final String QUERY_HEADER = "PATTERN "; - - /** - * Return a named ResourceBundle for a particular locale. This method mimics the behavior - * of ResourceBundle.getBundle(). - * - * @param className Name of local-specific subclass. - * @return the ResourceBundle - * @throws MissingResourceException - */ - public static final XPATHErrorResources loadResourceBundle(String className) - throws MissingResourceException - { - - Locale locale = Locale.getDefault(); - String suffix = getResourceSuffix(locale); - - try - { - - // first try with the given locale - return (XPATHErrorResources) ResourceBundle.getBundle(className - + suffix, locale); - } - catch (MissingResourceException e) - { - try // try to fall back to en_US if we can't load - { - - // Since we can't find the localized property file, - // fall back to en_US. - return (XPATHErrorResources) ResourceBundle.getBundle(className, - new Locale("en", "US")); - } - catch (MissingResourceException e2) - { - - // Now we are really in trouble. - // very bad, definitely very bad...not going to get very far - throw new MissingResourceException( - "Could not load any resource bundles.", className, ""); - } - } - } - - /** - * Return the resource file suffic for the indicated locale - * For most locales, this will be based the language code. However - * for Chinese, we do distinguish between Taiwan and PRC - * - * @param locale the locale - * @return an String suffix which canbe appended to a resource name - */ - private static final String getResourceSuffix(Locale locale) - { - - String suffix = "_" + locale.getLanguage(); - String country = locale.getCountry(); - - if (country.equals("TW")) - suffix += "_" + country; - - return suffix; - } - } diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xpath/internal/res/XPATHMessages.java --- a/sources/jaxp_src/src/com/sun/org/apache/xpath/internal/res/XPATHMessages.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xpath/internal/res/XPATHMessages.java Thu Apr 18 14:38:10 2013 +0100 @@ -22,130 +22,128 @@ */ package com.sun.org.apache.xpath.internal.res; +import com.sun.org.apache.bcel.internal.util.SecuritySupport; +import com.sun.org.apache.xml.internal.res.XMLMessages; import java.util.ListResourceBundle; -import com.sun.org.apache.xml.internal.res.XMLMessages; - /** * A utility class for issuing XPath error messages. + * * @xsl.usage internal */ -public class XPATHMessages extends XMLMessages -{ - /** The language specific resource object for XPath messages. */ - private static ListResourceBundle XPATHBundle = null; +public class XPATHMessages extends XMLMessages { - /** The class name of the XPath error message string table. */ - private static final String XPATH_ERROR_RESOURCES = - "com.sun.org.apache.xpath.internal.res.XPATHErrorResources"; + /** + * The language specific resource object for XPath messages. + */ + private static ListResourceBundle XPATHBundle = null; + /** + * The class name of the XPath error message string table. + */ + private static final String XPATH_ERROR_RESOURCES = + "com.sun.org.apache.xpath.internal.res.XPATHErrorResources"; - /** - * Creates a message from the specified key and replacement - * arguments, localized to the given locale. - * - * @param msgKey The key for the message text. - * @param args The arguments to be used as replacement text - * in the message created. - * - * @return The formatted message string. - */ - public static final String createXPATHMessage(String msgKey, Object args[]) //throws Exception - { - if (XPATHBundle == null) - XPATHBundle = loadResourceBundle(XPATH_ERROR_RESOURCES); - - if (XPATHBundle != null) + /** + * Creates a message from the specified key and replacement arguments, + * localized to the given locale. + * + * @param msgKey The key for the message text. + * @param args The arguments to be used as replacement text in the message + * created. + * + * @return The formatted message string. + */ + public static final String createXPATHMessage(String msgKey, Object args[]) //throws Exception { - return createXPATHMsg(XPATHBundle, msgKey, args); - } - else - return "Could not load any resource bundles."; - } + if (XPATHBundle == null) { + XPATHBundle = SecuritySupport.getResourceBundle(XPATH_ERROR_RESOURCES); + } - /** - * Creates a message from the specified key and replacement - * arguments, localized to the given locale. - * - * @param msgKey The key for the message text. - * @param args The arguments to be used as replacement text - * in the message created. - * - * @return The formatted warning string. - */ - public static final String createXPATHWarning(String msgKey, Object args[]) //throws Exception - { - if (XPATHBundle == null) - XPATHBundle = loadResourceBundle(XPATH_ERROR_RESOURCES); - - if (XPATHBundle != null) - { - return createXPATHMsg(XPATHBundle, msgKey, args); + if (XPATHBundle != null) { + return createXPATHMsg(XPATHBundle, msgKey, args); + } else { + return "Could not load any resource bundles."; + } } - else - return "Could not load any resource bundles."; - } - /** - * Creates a message from the specified key and replacement - * arguments, localized to the given locale. - * - * @param fResourceBundle The resource bundle to use. - * @param msgKey The message key to use. - * @param args The arguments to be used as replacement text - * in the message created. - * - * @return The formatted message string. - */ - public static final String createXPATHMsg(ListResourceBundle fResourceBundle, - String msgKey, Object args[]) //throws Exception - { + /** + * Creates a message from the specified key and replacement arguments, + * localized to the given locale. + * + * @param msgKey The key for the message text. + * @param args The arguments to be used as replacement text in the message + * created. + * + * @return The formatted warning string. + */ + public static final String createXPATHWarning(String msgKey, Object args[]) //throws Exception + { + if (XPATHBundle == null) { + XPATHBundle = SecuritySupport.getResourceBundle(XPATH_ERROR_RESOURCES); + } - String fmsg = null; - boolean throwex = false; - String msg = null; - - if (msgKey != null) - msg = fResourceBundle.getString(msgKey); - - if (msg == null) - { - msg = fResourceBundle.getString(XPATHErrorResources.BAD_CODE); - throwex = true; + if (XPATHBundle != null) { + return createXPATHMsg(XPATHBundle, msgKey, args); + } else { + return "Could not load any resource bundles."; + } } - if (args != null) + /** + * Creates a message from the specified key and replacement arguments, + * localized to the given locale. + * + * @param fResourceBundle The resource bundle to use. + * @param msgKey The message key to use. + * @param args The arguments to be used as replacement text in the message + * created. + * + * @return The formatted message string. + */ + public static final String createXPATHMsg(ListResourceBundle fResourceBundle, + String msgKey, Object args[]) //throws Exception { - try - { - // Do this to keep format from crying. - // This is better than making a bunch of conditional - // code all over the place. - int n = args.length; + String fmsg = null; + boolean throwex = false; + String msg = null; - for (int i = 0; i < n; i++) - { - if (null == args[i]) - args[i] = ""; + if (msgKey != null) { + msg = fResourceBundle.getString(msgKey); + } + + if (msg == null) { + msg = fResourceBundle.getString(XPATHErrorResources.BAD_CODE); + throwex = true; } - fmsg = java.text.MessageFormat.format(msg, args); - } - catch (Exception e) - { - fmsg = fResourceBundle.getString(XPATHErrorResources.FORMAT_FAILED); - fmsg += " " + msg; - } + if (args != null) { + try { + + // Do this to keep format from crying. + // This is better than making a bunch of conditional + // code all over the place. + int n = args.length; + + for (int i = 0; i < n; i++) { + if (null == args[i]) { + args[i] = ""; + } + } + + fmsg = java.text.MessageFormat.format(msg, args); + } catch (Exception e) { + fmsg = fResourceBundle.getString(XPATHErrorResources.FORMAT_FAILED); + fmsg += " " + msg; + } + } else { + fmsg = msg; + } + + if (throwex) { + throw new RuntimeException(fmsg); + } + + return fmsg; } - else - fmsg = msg; - - if (throwex) - { - throw new RuntimeException(fmsg); - } - - return fmsg; - } - } diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/xml/internal/stream/XMLEntityStorage.java --- a/sources/jaxp_src/src/com/sun/xml/internal/stream/XMLEntityStorage.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/xml/internal/stream/XMLEntityStorage.java Thu Apr 18 14:38:10 2013 +0100 @@ -36,6 +36,7 @@ import com.sun.org.apache.xerces.internal.impl.PropertyManager; import com.sun.org.apache.xerces.internal.impl.XMLErrorReporter; import com.sun.org.apache.xerces.internal.impl.Constants; +import com.sun.org.apache.xerces.internal.utils.SecuritySupport; /** * @@ -405,7 +406,7 @@ // get the user.dir property String userDir = ""; try { - userDir = System.getProperty("user.dir"); + userDir = SecuritySupport.getSystemProperty("user.dir"); } catch (SecurityException se) { } diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/xml/internal/stream/writers/WriterUtility.java --- a/sources/jaxp_src/src/com/sun/xml/internal/stream/writers/WriterUtility.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/xml/internal/stream/writers/WriterUtility.java Thu Apr 18 14:38:10 2013 +0100 @@ -32,6 +32,7 @@ import java.nio.charset.Charset; import java.nio.charset.CharsetEncoder; import com.sun.org.apache.xerces.internal.util.XMLChar; +import com.sun.org.apache.xerces.internal.utils.SecuritySupport; /** * Implements common xml writer functions. @@ -240,7 +241,7 @@ private CharsetEncoder getDefaultEncoder(){ try{ - String encoding = System.getProperty("file.encoding"); + String encoding = SecuritySupport.getSystemProperty("file.encoding"); if(encoding != null){ return Charset.forName(encoding).newEncoder(); } diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/xml/internal/stream/writers/XMLStreamWriterImpl.java --- a/sources/jaxp_src/src/com/sun/xml/internal/stream/writers/XMLStreamWriterImpl.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/xml/internal/stream/writers/XMLStreamWriterImpl.java Thu Apr 18 14:38:10 2013 +0100 @@ -53,6 +53,7 @@ import com.sun.org.apache.xerces.internal.impl.PropertyManager; import com.sun.org.apache.xerces.internal.util.NamespaceSupport; import com.sun.org.apache.xerces.internal.util.SymbolTable; +import com.sun.org.apache.xerces.internal.utils.SecuritySupport; import com.sun.org.apache.xerces.internal.xni.QName; import com.sun.xml.internal.stream.util.ReadOnlyIterator; @@ -339,7 +340,7 @@ fEncoder = Charset.forName(encoding).newEncoder(); } } else { - encoding = System.getProperty("file.encoding"); + encoding = SecuritySupport.getSystemProperty("file.encoding"); if (encoding != null && encoding.equalsIgnoreCase("utf-8")) { fWriter = new UTF8OutputStreamWriter(os); } else { diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/javax/xml/datatype/FactoryFinder.java --- a/sources/jaxp_src/src/javax/xml/datatype/FactoryFinder.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/javax/xml/datatype/FactoryFinder.java Thu Apr 18 14:38:10 2013 +0100 @@ -44,6 +44,7 @@ * @author Santiago.PericasGeertsen@sun.com */ class FactoryFinder { + private static final String DEFAULT_PACKAGE = "com.sun.org.apache.xerces.internal"; /** * Internal debug flag. @@ -95,18 +96,24 @@ * If the class loader supplied is null, first try using the * context class loader followed by the current (i.e. bootstrap) class * loader. + * + * Use bootstrap classLoader if cl = null and useBSClsLoader is true */ static private Class getProviderClass(String className, ClassLoader cl, - boolean doFallback) throws ClassNotFoundException + boolean doFallback, boolean useBSClsLoader) throws ClassNotFoundException { try { if (cl == null) { - cl = ss.getContextClassLoader(); - if (cl == null) { - throw new ClassNotFoundException(); - } - else { - return cl.loadClass(className); + if (useBSClsLoader) { + return Class.forName(className, true, FactoryFinder.class.getClassLoader()); + } else { + cl = ss.getContextClassLoader(); + if (cl == null) { + throw new ClassNotFoundException(); + } + else { + return cl.loadClass(className); + } } } else { @@ -131,8 +138,8 @@ * @param className Name of the concrete class corresponding to the * service provider * - * @param cl ClassLoader to use to load the class, null means to use - * the bootstrap ClassLoader + * @param cl ClassLoader used to load the factory class. If null + * current Thread's context classLoader is used to load the factory class. * * @param doFallback True if the current ClassLoader should be tried as * a fallback if the class is not found using cl @@ -140,8 +147,38 @@ static Object newInstance(String className, ClassLoader cl, boolean doFallback) throws ConfigurationError { + return newInstance(className, cl, doFallback, false); + } + + /** + * Create an instance of a class. Delegates to method + * getProviderClass() in order to load the class. + * + * @param className Name of the concrete class corresponding to the + * service provider + * + * @param cl ClassLoader to use to load the class, null means to use + * the bootstrap ClassLoader + * + * @param doFallback True if the current ClassLoader should be tried as + * a fallback if the class is not found using cl + * + * @param useBSClsLoader True if cl=null actually meant bootstrap classLoader. This parameter + * is needed since DocumentBuilderFactory/SAXParserFactory defined null as context classLoader. + */ + static Object newInstance(String className, ClassLoader cl, boolean doFallback, boolean useBSClsLoader) + throws ConfigurationError + { + // make sure we have access to restricted packages + if (System.getSecurityManager() != null) { + if (className != null && className.startsWith(DEFAULT_PACKAGE)) { + cl = null; + useBSClsLoader = true; + } + } + try { - Class providerClass = getProviderClass(className, cl, doFallback); + Class providerClass = getProviderClass(className, cl, doFallback, useBSClsLoader); Object instance = providerClass.newInstance(); if (debug) { // Extra check to avoid computing cl strings dPrint("created new instance of " + providerClass + @@ -244,6 +281,7 @@ // First try the Context ClassLoader ClassLoader cl = ss.getContextClassLoader(); + boolean useBSClsLoader = false; if (cl != null) { is = ss.getResourceAsStream(cl, serviceId); @@ -251,11 +289,13 @@ if (is == null) { cl = FactoryFinder.class.getClassLoader(); is = ss.getResourceAsStream(cl, serviceId); + useBSClsLoader = true; } } else { // No Context ClassLoader, try the current ClassLoader cl = FactoryFinder.class.getClassLoader(); is = ss.getResourceAsStream(cl, serviceId); + useBSClsLoader = true; } if (is == null) { @@ -293,7 +333,7 @@ // ClassLoader because we want to avoid the case where the // resource file was found using one ClassLoader and the // provider class was instantiated using a different one. - return newInstance(factoryClassName, cl, false); + return newInstance(factoryClassName, cl, false, useBSClsLoader); } // No provider found diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/javax/xml/parsers/FactoryFinder.java --- a/sources/jaxp_src/src/javax/xml/parsers/FactoryFinder.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/javax/xml/parsers/FactoryFinder.java Thu Apr 18 14:38:10 2013 +0100 @@ -44,7 +44,7 @@ * @author Santiago.PericasGeertsen@sun.com */ class FactoryFinder { - + private static final String DEFAULT_PACKAGE = "com.sun.org.apache.xerces.internal"; /** * Internal debug flag. */ @@ -140,6 +140,13 @@ static Object newInstance(String className, ClassLoader cl, boolean doFallback) throws ConfigurationError { + // make sure we have access to restricted packages + if (System.getSecurityManager() != null) { + if (className != null && className.startsWith(DEFAULT_PACKAGE)) { + cl = null; + } + } + try { Class providerClass = getProviderClass(className, cl, doFallback); Object instance = providerClass.newInstance(); diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/javax/xml/stream/FactoryFinder.java --- a/sources/jaxp_src/src/javax/xml/stream/FactoryFinder.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/javax/xml/stream/FactoryFinder.java Thu Apr 18 14:38:10 2013 +0100 @@ -25,14 +25,12 @@ package javax.xml.stream; -import java.io.InputStream; -import java.io.IOException; +import java.io.BufferedReader; import java.io.File; -import java.io.FileInputStream; - +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; import java.util.Properties; -import java.io.BufferedReader; -import java.io.InputStreamReader; /** *

Implements pluggable Datatypes.

@@ -43,6 +41,8 @@ * @author Santiago.PericasGeertsen@sun.com */ class FactoryFinder { + // Check we have access to package. + private static final String DEFAULT_PACKAGE = "com.sun.xml.internal."; /** * Internal debug flag. @@ -94,18 +94,24 @@ * If the class loader supplied is null, first try using the * context class loader followed by the current (i.e. bootstrap) class * loader. + * + * Use bootstrap classLoader if cl = null and useBSClsLoader is true */ static private Class getProviderClass(String className, ClassLoader cl, - boolean doFallback) throws ClassNotFoundException + boolean doFallback, boolean useBSClsLoader) throws ClassNotFoundException { try { if (cl == null) { - cl = ss.getContextClassLoader(); - if (cl == null) { - throw new ClassNotFoundException(); - } - else { - return cl.loadClass(className); + if (useBSClsLoader) { + return Class.forName(className, true, FactoryFinder.class.getClassLoader()); + } else { + cl = ss.getContextClassLoader(); + if (cl == null) { + throw new ClassNotFoundException(); + } + else { + return cl.loadClass(className); + } } } else { @@ -130,8 +136,8 @@ * @param className Name of the concrete class corresponding to the * service provider * - * @param cl ClassLoader to use to load the class, null means to use - * the bootstrap ClassLoader + * @param cl ClassLoader used to load the factory class. If null + * current Thread's context classLoader is used to load the factory class. * * @param doFallback True if the current ClassLoader should be tried as * a fallback if the class is not found using cl @@ -139,8 +145,38 @@ static Object newInstance(String className, ClassLoader cl, boolean doFallback) throws ConfigurationError { + return newInstance(className, cl, doFallback, false); + } + + /** + * Create an instance of a class. Delegates to method + * getProviderClass() in order to load the class. + * + * @param className Name of the concrete class corresponding to the + * service provider + * + * @param cl ClassLoader used to load the factory class. If null + * current Thread's context classLoader is used to load the factory class. + * + * @param doFallback True if the current ClassLoader should be tried as + * a fallback if the class is not found using cl + * + * @param useBSClsLoader True if cl=null actually meant bootstrap classLoader. This parameter + * is needed since DocumentBuilderFactory/SAXParserFactory defined null as context classLoader. + */ + static Object newInstance(String className, ClassLoader cl, boolean doFallback, boolean useBSClsLoader) + throws ConfigurationError + { + // make sure we have access to restricted packages + if (System.getSecurityManager() != null) { + if (className != null && className.startsWith(DEFAULT_PACKAGE)) { + cl = null; + useBSClsLoader = true; + } + } + try { - Class providerClass = getProviderClass(className, cl, doFallback); + Class providerClass = getProviderClass(className, cl, doFallback, useBSClsLoader); Object instance = providerClass.newInstance(); if (debug) { // Extra check to avoid computing cl strings dPrint("created new instance of " + providerClass + @@ -233,11 +269,11 @@ if (ss.doesFileExist(f)) { dPrint("Read properties file "+f); cacheProps.load(ss.getFileInputStream(f)); - } - } } } } + } + } factoryClassName = cacheProps.getProperty(factoryId); if (factoryClassName != null) { @@ -276,6 +312,7 @@ // First try the Context ClassLoader ClassLoader cl = ss.getContextClassLoader(); + boolean useBSClsLoader = false; if (cl != null) { is = ss.getResourceAsStream(cl, serviceId); @@ -283,11 +320,13 @@ if (is == null) { cl = FactoryFinder.class.getClassLoader(); is = ss.getResourceAsStream(cl, serviceId); + useBSClsLoader = true; } } else { // No Context ClassLoader, try the current ClassLoader cl = FactoryFinder.class.getClassLoader(); is = ss.getResourceAsStream(cl, serviceId); + useBSClsLoader = true; } if (is == null) { @@ -325,7 +364,7 @@ // ClassLoader because we want to avoid the case where the // resource file was found using one ClassLoader and the // provider class was instantiated using a different one. - return newInstance(factoryClassName, cl, false); + return newInstance(factoryClassName, cl, false, useBSClsLoader); } // No provider found diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/javax/xml/transform/FactoryFinder.java --- a/sources/jaxp_src/src/javax/xml/transform/FactoryFinder.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/javax/xml/transform/FactoryFinder.java Thu Apr 18 14:38:10 2013 +0100 @@ -44,6 +44,7 @@ * @author Santiago.PericasGeertsen@sun.com */ class FactoryFinder { + private static final String DEFAULT_PACKAGE = "com.sun.org.apache.xalan.internal."; /** * Internal debug flag. @@ -140,6 +141,13 @@ static Object newInstance(String className, ClassLoader cl, boolean doFallback) throws ConfigurationError { + // make sure we have access to restricted packages + if (System.getSecurityManager() != null) { + if (className != null && className.startsWith(DEFAULT_PACKAGE)) { + cl = null; + } + } + try { Class providerClass = getProviderClass(className, cl, doFallback); Object instance = providerClass.newInstance(); diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/javax/xml/validation/SchemaFactoryFinder.java --- a/sources/jaxp_src/src/javax/xml/validation/SchemaFactoryFinder.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/javax/xml/validation/SchemaFactoryFinder.java Thu Apr 18 14:38:10 2013 +0100 @@ -53,6 +53,7 @@ *

Take care of restrictions imposed by java security model

*/ private static SecuritySupport ss = new SecuritySupport(); + private static final String DEFAULT_PACKAGE = "com.sun.org.apache.xerces.internal"; /** *

Cache properties for performance.

*/ @@ -212,28 +213,6 @@ } } - /** - // try to read from $java.home/lib/jaxp.properties - try { - String javah = ss.getSystemProperty( "java.home" ); - String configFile = javah + File.separator + - "lib" + File.separator + "jaxp.properties"; - File f = new File( configFile ); - if( ss.doesFileExist(f)) { - sf = loadFromProperty( - propertyName,f.getAbsolutePath(), new FileInputStream(f)); - if(sf!=null) return sf; - } else { - debugPrintln("Tried to read "+ f.getAbsolutePath()+", but it doesn't exist."); - } - } catch(Throwable e) { - if( debug ) { - debugPrintln("failed to read $java.home/lib/jaxp.properties"); - e.printStackTrace(); - } - } - */ - // try META-INF/services files Iterator sitr = createServiceFileIterator(); while(sitr.hasNext()) { @@ -268,14 +247,20 @@ */ private Class createClass(String className) { Class clazz; + // make sure we have access to restricted packages + boolean internal = false; + if (System.getSecurityManager() != null) { + if (className != null && className.startsWith(DEFAULT_PACKAGE)) { + internal = true; + } + } - // use approprite ClassLoader try { - if (classLoader != null) { - clazz = classLoader.loadClass(className); - } else { - clazz = Class.forName(className); - } + if (classLoader != null && !internal) { + clazz = classLoader.loadClass(className); + } else { + clazz = Class.forName(className); + } } catch (Throwable t) { if(debug) t.printStackTrace(); return null; diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/javax/xml/xpath/XPathFactoryFinder.java --- a/sources/jaxp_src/src/javax/xml/xpath/XPathFactoryFinder.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/javax/xml/xpath/XPathFactoryFinder.java Thu Apr 18 14:38:10 2013 +0100 @@ -47,6 +47,7 @@ * @since 1.5 */ class XPathFactoryFinder { + private static final String DEFAULT_PACKAGE = "com.sun.org.apache.xpath.internal"; private static SecuritySupport ss = new SecuritySupport() ; /** debug support code. */ @@ -245,18 +246,25 @@ */ private Class createClass(String className) { Class clazz; + // make sure we have access to restricted packages + boolean internal = false; + if (System.getSecurityManager() != null) { + if (className != null && className.startsWith(DEFAULT_PACKAGE)) { + internal = true; + } + } - // use approprite ClassLoader - try { - if (classLoader != null) { - clazz = classLoader.loadClass(className); - } else { - clazz = Class.forName(className); - } - } catch (Throwable t) { - if(debug) t.printStackTrace(); - return null; + // use approprite ClassLoader + try { + if (classLoader != null && !internal) { + clazz = classLoader.loadClass(className); + } else { + clazz = Class.forName(className); } + } catch (Throwable t) { + if(debug) t.printStackTrace(); + return null; + } return clazz; } diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/org/w3c/dom/bootstrap/DOMImplementationRegistry.java --- a/sources/jaxp_src/src/org/w3c/dom/bootstrap/DOMImplementationRegistry.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/org/w3c/dom/bootstrap/DOMImplementationRegistry.java Thu Apr 18 14:38:10 2013 +0100 @@ -104,6 +104,8 @@ */ private static final String FALLBACK_CLASS = "com.sun.org.apache.xerces.internal.dom.DOMXSImplementationSourceImpl"; + private static final String DEFAULT_PACKAGE = + "com.sun.org.apache.xerces.internal.dom"; /** * Private constructor. * @param srcs Vector List of DOMImplementationSources @@ -168,10 +170,15 @@ StringTokenizer st = new StringTokenizer(p); while (st.hasMoreTokens()) { String sourceName = st.nextToken(); - // Use context class loader, falling back to Class.forName - // if and only if this fails... + // make sure we have access to restricted packages + boolean internal = false; + if (System.getSecurityManager() != null) { + if (sourceName != null && sourceName.startsWith(DEFAULT_PACKAGE)) { + internal = true; + } + } Class sourceClass = null; - if (classLoader != null) { + if (classLoader != null && !internal) { sourceClass = classLoader.loadClass(sourceName); } else { sourceClass = Class.forName(sourceName); diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/org/xml/sax/helpers/NewInstance.java --- a/sources/jaxp_src/src/org/xml/sax/helpers/NewInstance.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/org/xml/sax/helpers/NewInstance.java Thu Apr 18 14:38:10 2013 +0100 @@ -54,9 +54,10 @@ * including versions of Java 2.

* * @author Edwin Goei, David Brownell + * @version 2.0.1 (sax2r2) */ class NewInstance { - + private static final String DEFAULT_PACKAGE = "com.sun.org.apache.xerces.internal"; /** * Creates a new instance of the specified class name * @@ -66,8 +67,16 @@ throws ClassNotFoundException, IllegalAccessException, InstantiationException { + // make sure we have access to restricted packages + boolean internal = false; + if (System.getSecurityManager() != null) { + if (className != null && className.startsWith(DEFAULT_PACKAGE)) { + internal = true; + } + } + Class driverClass; - if (classLoader == null) { + if (classLoader == null || internal) { driverClass = Class.forName(className); } else { driverClass = classLoader.loadClass(className); @@ -75,29 +84,4 @@ return driverClass.newInstance(); } - /** - * Figure out which ClassLoader to use. For JDK 1.2 and later use - * the context ClassLoader. - */ - static ClassLoader getClassLoader () - { - Method m = null; - - try { - m = Thread.class.getMethod("getContextClassLoader", (Class[]) null); - } catch (NoSuchMethodException e) { - // Assume that we are running JDK 1.1, use the current ClassLoader - return NewInstance.class.getClassLoader(); - } - - try { - return (ClassLoader) m.invoke(Thread.currentThread(), (Object[]) null); - } catch (IllegalAccessException e) { - // assert(false) - throw new UnknownError(e.getMessage()); - } catch (InvocationTargetException e) { - // assert(e.getTargetException() instanceof SecurityException) - throw new UnknownError(e.getMessage()); - } - } } diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/org/xml/sax/helpers/ParserAdapter.java --- a/sources/jaxp_src/src/org/xml/sax/helpers/ParserAdapter.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/org/xml/sax/helpers/ParserAdapter.java Thu Apr 18 14:38:10 2013 +0100 @@ -74,13 +74,14 @@ * * @since SAX 2.0 * @author David Megginson + * @version 2.0.1 (sax2r2) * @see org.xml.sax.helpers.XMLReaderAdapter * @see org.xml.sax.XMLReader * @see org.xml.sax.Parser */ public class ParserAdapter implements XMLReader, DocumentHandler { - + private static SecuritySupport ss = new SecuritySupport(); //////////////////////////////////////////////////////////////////// // Constructors. @@ -102,7 +103,7 @@ { super(); - String driver = System.getProperty("org.xml.sax.parser"); + String driver = ss.getSystemProperty("org.xml.sax.parser"); try { setup(ParserFactory.makeParser()); diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/org/xml/sax/helpers/ParserFactory.java --- a/sources/jaxp_src/src/org/xml/sax/helpers/ParserFactory.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/org/xml/sax/helpers/ParserFactory.java Thu Apr 18 14:38:10 2013 +0100 @@ -30,12 +30,6 @@ package org.xml.sax.helpers; -import java.lang.ClassNotFoundException; -import java.lang.IllegalAccessException; -import java.lang.InstantiationException; -import java.lang.SecurityException; -import java.lang.ClassCastException; - import org.xml.sax.Parser; @@ -69,9 +63,10 @@ * interface. * @since SAX 1.0 * @author David Megginson + * @version 2.0.1 (sax2r2) */ public class ParserFactory { - + private static SecuritySupport ss = new SecuritySupport(); /** * Private null constructor. @@ -109,7 +104,7 @@ NullPointerException, ClassCastException { - String className = System.getProperty("org.xml.sax.parser"); + String className = ss.getSystemProperty("org.xml.sax.parser"); if (className == null) { throw new NullPointerException("No value for sax.parser property"); } else { @@ -146,7 +141,7 @@ ClassCastException { return (Parser) NewInstance.newInstance ( - NewInstance.getClassLoader (), className); + ss.getContextClassLoader(), className); } } diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/org/xml/sax/helpers/XMLReaderFactory.java --- a/sources/jaxp_src/src/org/xml/sax/helpers/XMLReaderFactory.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/org/xml/sax/helpers/XMLReaderFactory.java Thu Apr 18 14:38:10 2013 +0100 @@ -34,8 +34,6 @@ import java.io.BufferedReader; import java.io.InputStream; import java.io.InputStreamReader; -import java.security.AccessController; -import java.security.PrivilegedAction; import org.xml.sax.XMLReader; import org.xml.sax.SAXException; @@ -85,8 +83,8 @@ } private static final String property = "org.xml.sax.driver"; + private static SecuritySupport ss = new SecuritySupport(); - private static String _clsFromJar = null; private static boolean _jarread = false; /** * Attempt to create an XMLReader from system defaults. @@ -134,43 +132,45 @@ throws SAXException { String className = null; - ClassLoader loader = NewInstance.getClassLoader (); + ClassLoader cl = ss.getContextClassLoader(); // 1. try the JVM-instance-wide system property - try { className = System.getProperty (property); } - catch (RuntimeException e) { /* normally fails for applets */ } + try { + className = ss.getSystemProperty(property); + } + catch (RuntimeException e) { /* continue searching */ } // 2. if that fails, try META-INF/services/ if (className == null) { if (!_jarread) { - final ClassLoader loader1 = loader; _jarread = true; - _clsFromJar = (String) - AccessController.doPrivileged(new PrivilegedAction() { - public Object run() { - String clsName = null; - try { - String service = "META-INF/services/" + property; - InputStream in; - BufferedReader reader; - if (loader1 == null) - in = ClassLoader.getSystemResourceAsStream (service); - else - in = loader1.getResourceAsStream (service); + String service = "META-INF/services/" + property; + InputStream in; + BufferedReader reader; + + try { + if (cl != null) { + in = ss.getResourceAsStream(cl, service); - if (in != null) { - reader = new BufferedReader ( - new InputStreamReader (in, "UTF8")); - clsName = reader.readLine (); - in.close (); - } - } catch (Exception e) { + // If no provider found then try the current ClassLoader + if (in == null) { + cl = null; + in = ss.getResourceAsStream(cl, service); } - return clsName; + } else { + // No Context ClassLoader, try the current ClassLoader + in = ss.getResourceAsStream(cl, service); } - }); + + if (in != null) { + reader = new BufferedReader ( + new InputStreamReader (in, "UTF8")); + className = reader.readLine (); + in.close (); + } + } catch (Exception e) { + } } - className = _clsFromJar; } // 3. Distro-specific fallback @@ -187,7 +187,7 @@ // do we know the XMLReader implementation class yet? if (className != null) - return loadClass (loader, className); + return loadClass (cl, className); // 4. panic -- adapt any SAX1 parser try { @@ -217,7 +217,7 @@ public static XMLReader createXMLReader (String className) throws SAXException { - return loadClass (NewInstance.getClassLoader (), className); + return loadClass (ss.getContextClassLoader(), className); } private static XMLReader loadClass (ClassLoader loader, String className)