Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

482057 - MultiPartInputStream temp file permissions should be limited to user

This commit is contained in:
Joakim Erdfelt 2015-11-23 14:26:34 -07:00
parent efecc0c8cf
commit 21388d4765
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
jetty-util/src/main/java/org/eclipse/jetty/util/MultiPartInputStreamParser.java
View File

@ -135,7 +135,14 @@ public class MultiPartInputStreamParser
protected void createFile ()
throws IOException
{
/* Some statics just to make the code below easier to understand
* This get optimized away during the compile anyway */
final boolean USER = true;
final boolean WORLD = false;
_file = File.createTempFile("MultiPart", "", MultiPartInputStreamParser.this._tmpDir);
_file.setReadable(false,WORLD); // (reset) disable it for everyone first
_file.setReadable(true,USER); // enable for user only
if (_deleteOnExit)
_file.deleteOnExit();