Thread: CreateObject(java)
Created on: 10/13/07 03:01 PM
| New topic Reply | Page: 1 |
| Replies: 3 | |
| JoshRodgers
|
10/13/07 3:01 PM Laura, I have a security setting from my host company that does not allow createObject(java) After I set up Mango and I try and access the admin section i received the security error message. Is there a way around using createObject(java) The error occurred in ...\FileManager.cfc: line 33
31 : <cfargument name="extensions" required="false" default="*" type="string"> 32 : 33 : <cfset var rootDir = createObject("java","java.io.File").init(arguments.root)/> 34 : <cfset variables.basePath = rootDir.getCanonicalPath()/> 35 : <cfset this.path = variables.basePath/> 31 : <cfargument name="extensions" required="false" default="*" type="string"> 32 : 33 : <cfset var rootDir = createObject("java","java.io.File").init(arguments.root)/> 34 : <cfset variables.basePath = rootDir.getCanonicalPath()/> 35 : <cfset this.path = variables.basePath/> |
| Link | Top | Bottom | |
| JoshRodgers
|
10/13/07 10:19 PM Laura, The host co I am using wont allow createObject(java) because of the security issues when its allowed. Actually most host companies wont allow it. Can any of the cfdirectory, cffile, or any of the "Get" file path functions be used to replace what you have in fileManager.cfc? Currently it poses a major security issue on shared hosting environments, which is where most blogs run on. <cffunction name="init" output="false" returntype="any" hint="instantiates an object of this class" access="public"> <cfargument name="root" required="true" type="any"> <cfargument name="extensions" required="false" default="*" type="string"> <cfset var rootDir = createObject("java","java.io.File").init(arguments.root)/> <cfset variables.basePath = rootDir.getCanonicalPath()/> <cfset this.path = variables.basePath/> <!--- check that the base path exists ---> <cfif NOT directoryexists(variables.basePath)> <cfthrow message="Base path does not exist"/> </cfif> <cfset variables.extensions = arguments.extensions /> <!--- get the system file separator ---> <cfset variables.fileSeparator = createObject("java","java.io.File").separator /> <cfreturn this /> </cffunction> <cffunction name="getResolvedPath" output="false" description="Returns the aboslute path" access="private" returntype="string"> <cfargument name="path" required="true" type="string" /> <cfset var dir = createObject("java","java.io.File").init(variables.basePath & arguments.path) /> <cfreturn dir.getCanonicalPath() /> </cffunction> Link on security issues: http://www.adobe.com/devnet/security/security_zone/mpsb04-10.html http://forums.webhostautomation.com/showthread.php?t=7036 |
| Link | Top | Bottom | |
| Laura
Wizard |
10/14/07 9:05 PM Hi Josh, The simplest fix would be to remove the File Explorer if you don't plan to use it. As a general solution, I would have to see what I can do. Most of the calls are simply to get the correct platform file separator, which would be easy to replace, but the getCanonicalPath call would be more difficult to change. I use that to make sure the file explorer is not trying to navigate off the allowed root directory. There is one function I think I could use, but I would need to investigate a little more. |
| Link | Top | Bottom | |
| JoshRodgers
|
10/15/07 6:59 AM Good morning Laura, I went with the simplest fix for now, although I already miss the file explorer :) Looks like you only call that java object 3 times in the fileExplorer.cfc, once for the file seperator on the system and twice when you call the getCanonicalPath() (init function and getResolvedPath function) I started playing with it Sunday trying to find a fix, but ran out of time so I just commented out all the calls to the fileExplorer temporarily. |
| Link | Top | Bottom | |
New Post