This is an automated email from the ASF dual-hosted git repository.
markt-asf pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 24157504c2 Correct detection of end of quoting
24157504c2 is described below
commit 24157504c2c75d4b1e03157f07a9b8e3258a5f5b
Author: Mark Thomas <[email protected]>
AuthorDate: Mon Jun 29 12:41:59 2026 +0100
Correct detection of end of quoting
---
java/org/apache/catalina/ssi/SSIProcessor.java | 31 ++++++++++++++------------
1 file changed, 17 insertions(+), 14 deletions(-)
diff --git a/java/org/apache/catalina/ssi/SSIProcessor.java
b/java/org/apache/catalina/ssi/SSIProcessor.java
index 276194d5db..bfd3e0cce1 100644
--- a/java/org/apache/catalina/ssi/SSIProcessor.java
+++ b/java/org/apache/catalina/ssi/SSIProcessor.java
@@ -199,7 +199,8 @@ public class SSIProcessor {
// Count parameters first
int count = 0;
int bIdx = start;
- boolean insideQuotes = false;
+ // Tracks the quote character that will close any currently quoted
text. 0 means not currently quoted.
+ char endQuote = 0;
boolean escaped = false;
while (bIdx < cmd.length()) {
char c = cmd.charAt(bIdx);
@@ -207,9 +208,11 @@ public class SSIProcessor {
escaped = false;
} else if (c == '\\') {
escaped = true;
- } else if (c == '"' || c == '\'' || c == '`') {
- insideQuotes = !insideQuotes;
- } else if (c == '=' && !insideQuotes) {
+ } else if (endQuote == 0 && (c == '"' || c == '\'' || c == '`')) {
+ endQuote = c;
+ } else if (endQuote == c) {
+ endQuote = 0;
+ } else if (c == '=' && endQuote == 0) {
count++;
}
bIdx++;
@@ -220,34 +223,34 @@ public class SSIProcessor {
int idx = 0;
StringBuilder nameBuf = new StringBuilder();
boolean collectingName = false;
- insideQuotes = false;
+ endQuote = 0;
escaped = false;
while (bIdx < cmd.length() && idx < count) {
char c = cmd.charAt(bIdx);
if (escaped) {
escaped = false;
- if (collectingName && !insideQuotes) {
+ if (collectingName && endQuote == 0) {
nameBuf.append(c);
}
} else if (c == '\\') {
escaped = true;
- if (collectingName && !insideQuotes) {
+ if (collectingName && endQuote == 0) {
nameBuf.append(c);
}
- } else if (!insideQuotes && (c == '"' || c == '\'' || c == '`')) {
- insideQuotes = true;
- } else if (insideQuotes && (c == '"' || c == '\'' || c == '`')) {
- insideQuotes = false;
- } else if (!insideQuotes && isSpace(c)) {
+ } else if (endQuote == 0 && (c == '"' || c == '\'' || c == '`')) {
+ endQuote = c;
+ } else if (endQuote == c) {
+ endQuote = 0;
+ } else if (endQuote == 0 && isSpace(c)) {
if (collectingName) {
nameBuf.setLength(0);
collectingName = false;
}
- } else if (!insideQuotes && c == '=') {
+ } else if (endQuote == 0 && c == '=') {
retString[idx++] = nameBuf.toString().trim();
nameBuf.setLength(0);
collectingName = false;
- } else if (!insideQuotes) {
+ } else if (endQuote == 0) {
collectingName = true;
nameBuf.append(c);
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]