svn commit: r1550706 - /tomcat/trunk/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java

Fri, 13 Dec 2013 04:24:45 -0800 

Author: markt
Date: Fri Dec 13 12:23:44 2013
New Revision: 1550706

URL: http://svn.apache.org/r1550706
Log:
Alternative fix for normalization issue that doesn't depend on RequestUtils 
which isn't available to Jasper.

Modified:
    tomcat/trunk/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java

Modified: tomcat/trunk/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java?rev=1550706&r1=1550705&r2=1550706&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java 
(original)
+++ tomcat/trunk/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java Fri 
Dec 13 12:23:44 2013
@@ -19,6 +19,8 @@ package org.apache.jasper.compiler;
 import java.io.IOException;
 import java.io.PrintWriter;
 import java.io.StringWriter;
+import java.net.URI;
+import java.net.URISyntaxException;
 import java.net.URL;
 import java.util.ArrayList;
 import java.util.Collection;
@@ -46,7 +48,6 @@ import org.apache.tomcat.util.descriptor
 import org.apache.tomcat.util.descriptor.tld.TaglibXml;
 import org.apache.tomcat.util.descriptor.tld.TldResourcePath;
 import org.apache.tomcat.util.descriptor.tld.ValidatorXml;
-import org.apache.tomcat.util.http.RequestUtil;
 import org.apache.tomcat.util.scan.Jar;
 
 /**
@@ -215,7 +216,17 @@ class TagLibraryInfoImpl extends TagLibr
         } else if (uri.charAt(0) != '/') {
             // noroot_rel_uri, resolve against the current JSP page
             uri = ctxt.resolveRelativeUri(uri);
-            uri = RequestUtil.normalize(uri);
+            try {
+                // Can't use RequestUtils.normalize since that package is not
+                // available to Jasper.
+                uri = (new URI(uri)).normalize().toString();
+                if (uri.startsWith("../")) {
+                    // Trying to go outside context root
+                    err.jspError("jsp.error.taglibDirective.uriInvalid", uri);
+                }
+            } catch (URISyntaxException e) {
+                err.jspError("jsp.error.taglibDirective.uriInvalid", uri);
+            }
         }
 
         URL url = null;



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to