am b6f1a009: Merge "Adjustment to patch for secure processing for CVE-2014-0107 by Ryan Berg based on feedack from Emmanuel Bourg."
* commit 'b6f1a009193f13433cc8b00f27b84733845f3a4d':
Adjustment to patch for secure processing for CVE-2014-0107 by Ryan Berg based on feedack from Emmanuel Bourg.
diff --git a/src/main/java/org/apache/xpath/functions/FuncSystemProperty.java b/src/main/java/org/apache/xpath/functions/FuncSystemProperty.java
index 2621d7a..0562311 100644
--- a/src/main/java/org/apache/xpath/functions/FuncSystemProperty.java
+++ b/src/main/java/org/apache/xpath/functions/FuncSystemProperty.java
@@ -101,13 +101,12 @@
//if secure procession is enabled only handle required properties do not not map any valid system property
if(!xctxt.isSecureProcessing())
{
- result = System.getProperty(fullName);
+ result = System.getProperty(propName);
}
else
{
warn(xctxt, XPATHErrorResources.WG_SECURITY_EXCEPTION,
new Object[]{ fullName }); //"SecurityException when trying to access XSL system property: "+fullName);
- result = xsltInfo.getProperty(propName);
}
if (null == result)
{
@@ -136,7 +135,6 @@
{
warn(xctxt, XPATHErrorResources.WG_SECURITY_EXCEPTION,
new Object[]{ fullName }); //"SecurityException when trying to access XSL system property: "+fullName);
- result = xsltInfo.getProperty(propName);
}
if (null == result)
{