svn commit: r734563 - in /tomcat/tc6.0.x/trunk: ./ STATUS.txt java/org/apache/jasper/compiler/Generator.java webapps/docs/changelog.xml

Wed, 14 Jan 2009 15:52:16 -0800 

Author: markt
Date: Wed Jan 14 15:51:50 2009
New Revision: 734563

URL: http://svn.apache.org/viewvc?rev=734563&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=46381
Composite expressions used for attribute values must be coerced to Strings

Modified:
    tomcat/tc6.0.x/trunk/   (props changed)
    tomcat/tc6.0.x/trunk/STATUS.txt
    tomcat/tc6.0.x/trunk/java/org/apache/jasper/compiler/Generator.java
    tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc6.0.x/trunk/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed Jan 14 15:51:50 2009
@@ -1 +1 @@
-/tomcat/trunk:601180,606992,612607,630314,652744,653247,673796,673820,683982,684001,684081,684234,684269-684270,687503,687645,690781,691392,691805,692748,695053,695311,696780,696782,698012,698227,698236,698613,699427,699634,709294,709811,709816,710063,710066,710125,710205,711126,711600,712461,718360,719602,719626,719628,720046,720069,721040,723404,723738,726052,727303,728032,728768,728947,729057,729567,730250,732859
+/tomcat/trunk:601180,606992,612607,630314,652744,653247,673796,673820,683982,684001,684081,684234,684269-684270,687503,687645,690781,691392,691805,692748,695053,695311,696780,696782,698012,698227,698236,698613,699427,699634,709294,709811,709816,710063,710066,710125,710205,711126,711600,712461,718360,719602,719626,719628,720046,720069,721040,723404,723738,726052,727303,728032,728768,728947,729057,729567,729569,730250,732859

Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=734563&r1=734562&r2=734563&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Wed Jan 14 15:51:50 2009
@@ -141,12 +141,6 @@
       possibly be exploited by a malicious webapp.
   -1: 
 
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=46381
-  Composite expressions used for attribute values must be coerced to Strings
-  http://svn.apache.org/viewvc?rev=729569&view=rev
-  +1: markt, fhanik, funkman
-  -1: 
-
 * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=46351
   Build script re-factoring
   Patch provided by Marc Guillemot

Modified: tomcat/tc6.0.x/trunk/java/org/apache/jasper/compiler/Generator.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/jasper/compiler/Generator.java?rev=734563&r1=734562&r2=734563&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/jasper/compiler/Generator.java 
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/jasper/compiler/Generator.java Wed Jan 
14 15:51:50 2009
@@ -834,6 +834,7 @@
         private String attributeValueWithEL(boolean isTag, String tx,
                 Class<?> expectedType, String mapName) {
             if (tx==null) return null;
+            Class<?> type = expectedType;
             int size = tx.length();
             StringBuffer output = new StringBuffer(size);
             boolean el = false;
@@ -849,6 +850,8 @@
                     if (mark < i) {
                         if (output.length() > 0) {
                             output.append(" + ");
+                            // Composite expression - must coerce to String
+                            type = String.class;
                         }
                         output.append(quote(tx.substring(mark, i)));
                     }
@@ -863,10 +866,12 @@
                     // End of an EL expression
                     if (output.length() > 0) {
                         output.append(" + ");
+                        // Composite expression - must coerce to String
+                        type = String.class;
                     }
                     output.append(
                             JspUtil.interpreterCall(isTag,
-                                    tx.substring(mark, i+1), expectedType,
+                                    tx.substring(mark, i+1), type,
                                     mapName, false));
                     mark = i + 1;
                     el = false;

Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=734563&r1=734562&r2=734563&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Wed Jan 14 15:51:50 2009
@@ -343,6 +343,10 @@
         Cédric Mailleux. (markt)
       </fix>
       <fix>
+        <bug>43681</bug>: Composite expressions used for attribute values must
+        be coerced to Strings. (markt)
+      </fix>
+      <fix>
         <bug>46397</bug>: Don't pool tag instances that implement 
JspIdConsumer.
         (markt)
       </fix>



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to