Author: markt Date: Wed Jan 21 10:08:15 2015 New Revision: 1653471 URL: http://svn.apache.org/r1653471 Log: Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=57455 Add a note that " may not appear in a path value and throw an IAE if once does.
Modified: tomcat/trunk/conf/catalina.properties tomcat/trunk/java/org/apache/catalina/startup/Bootstrap.java tomcat/trunk/test/org/apache/catalina/startup/TestBootstrap.java Modified: tomcat/trunk/conf/catalina.properties URL: http://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.properties?rev=1653471&r1=1653470&r2=1653471&view=diff ============================================================================== --- tomcat/trunk/conf/catalina.properties (original) +++ tomcat/trunk/conf/catalina.properties Wed Jan 21 10:08:15 2015 @@ -48,6 +48,8 @@ org.apache.jasper.,org.apache.naming.,or # # Note: Values are enclosed in double quotes ("...") in case either the # ${catalina.base} path or the ${catalina.home} path contains a comma. +# Because double quotes are used for quoting, the double quote character +# may not appear in a path. common.loader="${catalina.base}/lib","${catalina.base}/lib/*.jar","${catalina.home}/lib","${catalina.home}/lib/*.jar" # @@ -61,6 +63,11 @@ common.loader="${catalina.base}/lib","${ # "foo/*.jar": Add all the JARs of the specified folder as class # repositories # "foo/bar.jar": Add bar.jar as a class repository +# +# Note: Values may be enclosed in double quotes ("...") in case either the +# ${catalina.base} path or the ${catalina.home} path contains a comma. +# Because double quotes are used for quoting, the double quote character +# may not appear in a path. server.loader= # @@ -75,6 +82,11 @@ server.loader= # "foo/bar.jar": Add bar.jar as a class repository # Please note that for single jars, e.g. bar.jar, you need the URL form # starting with file:. +# +# Note: Values may be enclosed in double quotes ("...") in case either the +# ${catalina.base} path or the ${catalina.home} path contains a comma. +# Because double quotes are used for quoting, the double quote character +# may not appear in a path. shared.loader= # Default list of JAR files that should not be scanned using the JarScanner Modified: tomcat/trunk/java/org/apache/catalina/startup/Bootstrap.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/startup/Bootstrap.java?rev=1653471&r1=1653470&r2=1653471&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/catalina/startup/Bootstrap.java (original) +++ tomcat/trunk/java/org/apache/catalina/startup/Bootstrap.java Wed Jan 21 10:08:15 2015 @@ -568,14 +568,28 @@ public final class Bootstrap { String path = value.substring(matcher.start(), matcher.end()); path = path.trim(); + if (path.length() == 0) { + continue; + } + + char first = path.charAt(0); + char last = path.charAt(path.length() - 1); - if (path.startsWith("\"") && path.length() > 1) { + if (first == '"' && last == '"' && path.length() > 1) { path = path.substring(1, path.length() - 1); path = path.trim(); - } - - if (path.length() == 0) { - continue; + if (path.length() == 0) { + continue; + } + } else if (path.contains("\"")) { + // Unbalanced quotes + // Too early to use standard i18n support. The class path hasn't + // been configured. + throw new IllegalArgumentException( + "The double quote [\"] character only be used to quote paths. It must " + + "not appear in a path. This loader path is not valid: [" + value + "]"); + } else { + // Not quoted - NO-OP } result.add(path); Modified: tomcat/trunk/test/org/apache/catalina/startup/TestBootstrap.java URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/startup/TestBootstrap.java?rev=1653471&r1=1653470&r2=1653471&view=diff ============================================================================== --- tomcat/trunk/test/org/apache/catalina/startup/TestBootstrap.java (original) +++ tomcat/trunk/test/org/apache/catalina/startup/TestBootstrap.java Wed Jan 21 10:08:15 2015 @@ -113,6 +113,66 @@ public class TestBootstrap { doTest("aaa,\"bbb,\"", "aaa", "bbb,"); } + @Test(expected=IllegalArgumentException.class) + public void testUnbalancedQuotes01() { + doTest("\"", "ignored"); + } + + @Test(expected=IllegalArgumentException.class) + public void testUnbalancedQuotes02() { + doTest("\"aaa", "ignored"); + } + + @Test(expected=IllegalArgumentException.class) + public void testUnbalancedQuotes03() { + doTest("aaa\"", "ignored"); + } + + @Test(expected=IllegalArgumentException.class) + public void testUnbalancedQuotes04() { + doTest("a\"a", "ignored"); + } + + @Test(expected=IllegalArgumentException.class) + public void testUnbalancedQuotes05() { + doTest("b,\"", "ignored"); + } + + @Test(expected=IllegalArgumentException.class) + public void testUnbalancedQuotes06() { + doTest("b,\"aaa", "ignored"); + } + + @Test(expected=IllegalArgumentException.class) + public void testUnbalancedQuotes07() { + doTest("b,aaa\"", "ignored"); + } + + @Test(expected=IllegalArgumentException.class) + public void testUnbalancedQuotes08() { + doTest("b,a\"a", "ignored"); + } + + @Test(expected=IllegalArgumentException.class) + public void testUnbalancedQuotes09() { + doTest("\",b", "ignored"); + } + + @Test(expected=IllegalArgumentException.class) + public void testUnbalancedQuotes10() { + doTest("\"aaa,b", "ignored"); + } + + @Test(expected=IllegalArgumentException.class) + public void testUnbalancedQuotes11() { + doTest("aaa\",b", "ignored"); + } + + @Test(expected=IllegalArgumentException.class) + public void testUnbalancedQuotes12() { + doTest("a\"a,b", "ignored"); + } + private void doTest(String input, String... expected) { String[] result = Bootstrap.getPaths(input); --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org