Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

esapi temp properties should use a instance specific temp dir

Description

None

Environment

https://github.com/lucee/extension-esapi/blob/master/source/java/src/org/lucee/extension/esapi/util/PropertyDeployer.java#L77

it’s always using C:\Users\zacsp\AppData\Local\Temp\properties\esapi224 for me

this should be at least lucee prefixed and perhaps with the instance guid?

perhaps all the lucee system temp dir usage should be under such a specific folder, to avoid conflicts?

 

image-20240520-134500.png

Attachments

1
  • 20 May 2024, 01:45 pm

Activity

Show:

Pothys - MitrahSoft 5 February 2025 at 09:57

I have tested this issue with Lucee version 6.2.0.314-SNAPSHOT. When I tried to use ESAPI with version 2.2.4.18-SNAPSHOT, I found that the esapi.properties and validation.properties files are now located in the server's temp folder.

Michael Offner 6 January 2025 at 16:39

Michael Offner 6 January 2025 at 16:05

this is global to the JVM, so this only is an issue, when 2 Lucee instances use the same temp directory, best is to use the Lucee server context directory instead of the temp directory.

Pothys - MitrahSoft 3 June 2024 at 13:28

I checked this ticket with Lucee version 6.1.0.169-SNAPSHOT. Yes, when using the ESAPI, it uses the "temp\properties\esapi224" folder. From my perspective, ESAPI should use the GUID for the folder name, and will decide about this.

Fixed

Details

Assignee

Reporter

Priority

Labels

Fix versions

New Issue warning screen

Before you create a new Issue, please post to the mailing list first https://dev.lucee.org

Once the issue has been verified, one of the Lucee team will ask you to file an issue

Created 20 May 2024 at 13:43
Updated 5 February 2025 at 09:58
Resolved 5 February 2025 at 09:58

Flag notifications