Author: markt
Date: Thu Oct 16 13:48:26 2014
New Revision: 1632310
URL: http://svn.apache.org/r1632310
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=57099
Ensure that semi-colons are not permitted in JSP import page directives.
Added:
tomcat/tc7.0.x/trunk/test/org/apache/jasper/compiler/TestNode.java
- copied unchanged from r1632307,
tomcat/trunk/test/org/apache/jasper/compiler/TestNode.java
tomcat/tc7.0.x/trunk/test/org/apache/jasper/compiler/TestNodeIntegration.java
- copied, changed from r1632290,
tomcat/trunk/test/org/apache/jasper/compiler/TestNodeIntegration.java
Modified:
tomcat/tc7.0.x/trunk/ (props changed)
tomcat/tc7.0.x/trunk/java/org/apache/jasper/compiler/Node.java
tomcat/tc7.0.x/trunk/java/org/apache/jasper/resources/LocalStrings.properties
tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
Propchange: tomcat/tc7.0.x/trunk/
------------------------------------------------------------------------------
Merged /tomcat/trunk:r1632290,1632307
Modified: tomcat/tc7.0.x/trunk/java/org/apache/jasper/compiler/Node.java
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/jasper/compiler/Node.java?rev=1632310&r1=1632309&r2=1632310&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/jasper/compiler/Node.java (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/jasper/compiler/Node.java Thu Oct 16
13:48:26 2014
@@ -601,20 +601,35 @@ abstract class Node implements TagConsta
int start = 0;
int index;
while ((index = value.indexOf(',', start)) != -1) {
- imports.add(value.substring(start, index).trim());
+ imports.add(validateImport(value.substring(start, index)));
start = index + 1;
}
if (start == 0) {
// No comma found
- imports.add(value.trim());
+ imports.add(validateImport(value));
} else {
- imports.add(value.substring(start).trim());
+ imports.add(validateImport(value.substring(start)));
}
}
public List<String> getImports() {
return imports;
}
+
+ /**
+ * Just need enough validation to make sure nothing strange is going
on.
+ * The compiler will validate this thoroughly when it tries to compile
+ * the resulting .java file.
+ */
+ private String validateImport(String importEntry) {
+ // This should either be a fully-qualified class name or a package
+ // name with a wildcard
+ if (importEntry.indexOf(';') > -1) {
+ throw new IllegalArgumentException(
+ Localizer.getMessage("jsp.error.page.invaild.import"));
+ }
+ return importEntry.trim();
+ }
}
/**
Modified:
tomcat/tc7.0.x/trunk/java/org/apache/jasper/resources/LocalStrings.properties
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/jasper/resources/LocalStrings.properties?rev=1632310&r1=1632309&r2=1632310&view=diff
==============================================================================
---
tomcat/tc7.0.x/trunk/java/org/apache/jasper/resources/LocalStrings.properties
(original)
+++
tomcat/tc7.0.x/trunk/java/org/apache/jasper/resources/LocalStrings.properties
Thu Oct 16 13:48:26 2014
@@ -60,6 +60,7 @@ jsp.error.page.conflict.autoflush=Page d
jsp.error.page.invalid.autoflush=Page directive: invalid value for autoFlush
jsp.error.page.conflict.isthreadsafe=Page directive: illegal to have multiple
occurrences of 'isThreadSafe' with different values (old: {0}, new: {1})
jsp.error.page.invalid.isthreadsafe=Page directive: invalid value for
isThreadSafe
+jsp.error.page.invaild.import=Page directive: invalid value for import
jsp.error.page.conflict.info=Page directive: illegal to have multiple
occurrences of 'info' with different values (old: {0}, new: {1})
jsp.error.page.invalid.info=Page directive: invalid value for info
jsp.error.page.conflict.iserrorpage=Page directive: illegal to have multiple
occurrences of 'isErrorPage' with different values (old: {0}, new: {1})
Copied:
tomcat/tc7.0.x/trunk/test/org/apache/jasper/compiler/TestNodeIntegration.java
(from r1632290,
tomcat/trunk/test/org/apache/jasper/compiler/TestNodeIntegration.java)
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/test/org/apache/jasper/compiler/TestNodeIntegration.java?p2=tomcat/tc7.0.x/trunk/test/org/apache/jasper/compiler/TestNodeIntegration.java&p1=tomcat/trunk/test/org/apache/jasper/compiler/TestNodeIntegration.java&r1=1632290&r2=1632310&rev=1632310&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/jasper/compiler/TestNodeIntegration.java
(original)
+++
tomcat/tc7.0.x/trunk/test/org/apache/jasper/compiler/TestNodeIntegration.java
Thu Oct 16 13:48:26 2014
@@ -32,7 +32,7 @@ public class TestNodeIntegration extends
Tomcat tomcat = getTomcatInstance();
File appDir =
- new File("test/webapp");
+ new File("test/webapp-3.0");
// app dir is relative to server home
tomcat.addWebapp(null, "", appDir.getAbsolutePath());
Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1632310&r1=1632309&r2=1632310&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Thu Oct 16 13:48:26 2014
@@ -74,6 +74,14 @@
</fix>
</changelog>
</subsection>
+ <subsection name="Jasper">
+ <changelog>
+ <fix>
+ <bug>57099</bug>: Ensure that semi-colons are not permitted in JSP
+ import page directives. (markt)
+ </fix>
+ </changelog>
+ </subsection>
<subsection name="Cluster">
<changelog>
<fix>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
