Author: markt
Date: Thu Apr 17 10:47:19 2008
New Revision: 649203
URL: http://svn.apache.org/viewvc?rev=649203&view=rev
Log:
Fix bug 44392. Handle HTML entities correctly in SSI processing.
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
tomcat/tc6.0.x/trunk/java/org/apache/catalina/ssi/SSIEcho.java
tomcat/tc6.0.x/trunk/java/org/apache/catalina/ssi/SSIMediator.java
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=649203&r1=649202&r2=649203&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Thu Apr 17 10:47:19 2008
@@ -65,12 +65,6 @@
+1: jfclere, rjung, fhanik, remm
-1:
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=44392
- Correct handling of HTML entities in SSI processing
- http://svn.apache.org/viewvc?rev=647289&view=rev
- +1: markt, remm, fhanik
- -1:
-
* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=44391
Handling of escaped characters was incorrect.
http://svn.apache.org/viewvc?rev=647316&view=rev
Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/ssi/SSIEcho.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/ssi/SSIEcho.java?rev=649203&r1=649202&r2=649203&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/ssi/SSIEcho.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/ssi/SSIEcho.java Thu Apr 17
10:47:19 2008
@@ -37,20 +37,14 @@
*/
public long process(SSIMediator ssiMediator, String commandName,
String[] paramNames, String[] paramValues, PrintWriter writer) {
- long lastModified = 0;
String encoding = DEFAULT_ENCODING;
+ String originalValue = null;
String errorMessage = ssiMediator.getConfigErrMsg();
for (int i = 0; i < paramNames.length; i++) {
String paramName = paramNames[i];
String paramValue = paramValues[i];
if (paramName.equalsIgnoreCase("var")) {
- String variableValue = ssiMediator.getVariableValue(
- paramValue, encoding);
- if (variableValue == null) {
- variableValue = MISSING_VARIABLE_VALUE;
- }
- writer.write(variableValue);
- lastModified = System.currentTimeMillis();
+ originalValue = paramValue;
} else if (paramName.equalsIgnoreCase("encoding")) {
if (isValidEncoding(paramValue)) {
encoding = paramValue;
@@ -63,7 +57,13 @@
writer.write(errorMessage);
}
}
- return lastModified;
+ String variableValue = ssiMediator.getVariableValue(
+ originalValue, encoding);
+ if (variableValue == null) {
+ variableValue = MISSING_VARIABLE_VALUE;
+ }
+ writer.write(variableValue);
+ return System.currentTimeMillis();
}
Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/ssi/SSIMediator.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/ssi/SSIMediator.java?rev=649203&r1=649202&r2=649203&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/ssi/SSIMediator.java
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/ssi/SSIMediator.java Thu Apr
17 10:47:19 2008
@@ -27,6 +27,7 @@
import org.apache.catalina.util.DateTool;
import org.apache.catalina.util.Strftime;
import org.apache.catalina.util.URLEncoder;
+import org.apache.tomcat.util.http.HttpMessages;
/**
* Allows the different SSICommand implementations to share data/talk to each
* other
@@ -205,10 +206,31 @@
* new resolved string.
*/
public String substituteVariables(String val) {
- // If it has no variable references then no work
+ // If it has no references or HTML entities then no work
// need to be done
- if (val.indexOf('$') < 0) return val;
+ if (val.indexOf('$') < 0 && val.indexOf('&') < 0) return val;
+
+ // HTML decoding
+ val.replace("<", "<");
+ val.replace(">", ">");
+ val.replace(""", "\"");
+ val.replace("&", "&");
+
StringBuffer sb = new StringBuffer(val);
+ int charStart = sb.indexOf("&#");
+ while (charStart > -1) {
+ int charEnd = sb.indexOf(";", charStart);
+ if (charEnd > -1) {
+ char c = (char) Integer.parseInt(
+ sb.substring(charStart + 2, charEnd));
+ sb.delete(charStart, charEnd + 1);
+ sb.insert(charStart, c);
+ charStart = sb.indexOf("&#");
+ } else {
+ break;
+ }
+ }
+
for (int i = 0; i < sb.length();) {
// Find the next $
for (; i < sb.length(); i++) {
@@ -279,8 +301,7 @@
} else if (encoding.equalsIgnoreCase("none")) {
retVal = value;
} else if (encoding.equalsIgnoreCase("entity")) {
- //Not sure how this is really different than none
- retVal = value;
+ retVal = HttpMessages.filter(value);
} else {
//This shouldn't be possible
throw new IllegalArgumentException("Unknown encoding: " +
encoding);
Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=649203&r1=649202&r2=649203&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Thu Apr 17 10:47:19 2008
@@ -117,6 +117,10 @@
Caldarale. (markt/jim)
</fix>
<fix>
+ <bug>44392</bug>: HTML entities now handled correctly in SSI
processing.
+ (markt)
+ </fix>
+ <fix>
<bug>44558</bug>: Improve error message so address is included if
binding fails.
</fix>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
