cvs commit: jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler JspConfig.java
luehe 2005/03/23 20:08:01
Modified:webapps/docs changelog.xml
jasper2/src/share/org/apache/jasper/xmlparser
ParserUtils.java
jasper2/src/share/org/apache/jasper/compiler JspConfig.java
Log:
Fix for Bugzilla 34034 (Jasper didn't respect external entities)
based on patch by [EMAIL PROTECTED]
Revision ChangesPath
1.255 +8 -0 jakarta-tomcat-catalina/webapps/docs/changelog.xml
Index: changelog.xml
===
RCS file: /home/cvs/jakarta-tomcat-catalina/webapps/docs/changelog.xml,v
retrieving revision 1.254
retrieving revision 1.255
diff -u -r1.254 -r1.255
--- changelog.xml 23 Mar 2005 16:38:05 - 1.254
+++ changelog.xml 24 Mar 2005 04:08:01 - 1.255
@@ -118,6 +118,14 @@
/update
/changelog
/subsection
+
+ subsection name=Jasper
+changelog
+ fix
+bug34034/bug: Jasper does not respect external entities
(billbarker)
+ /fix
+/changelog
+ /subsection
subsection name=Cluster
changelog
1.13 +20 -3
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/xmlparser/ParserUtils.java
Index: ParserUtils.java
===
RCS file:
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/xmlparser/ParserUtils.java,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- ParserUtils.java 21 Mar 2005 15:38:12 - 1.12
+++ ParserUtils.java 24 Mar 2005 04:08:01 - 1.13
@@ -73,12 +73,12 @@
* that corresponds to the root node of the document tree.
*
* @param uri URI of the XML document being parsed
- * @param is Input stream containing the deployment descriptor
+ * @param is Input source containing the deployment descriptor
*
* @exception JasperException if an input/output error occurs
* @exception JasperException if a parsing error occurs
*/
-public TreeNode parseXMLDocument(String uri, InputStream is)
+public TreeNode parseXMLDocument(String uri, InputSource is)
throws JasperException {
Document document = null;
@@ -116,6 +116,23 @@
}
+/**
+ * Parse the specified XML document, and return a codeTreeNode/code
+ * that corresponds to the root node of the document tree.
+ *
+ * @param uri URI of the XML document being parsed
+ * @param is Input stream containing the deployment descriptor
+ *
+ * @exception JasperException if an input/output error occurs
+ * @exception JasperException if a parsing error occurs
+ */
+public TreeNode parseXMLDocument(String uri, InputStream is)
+throws JasperException {
+
+return (parseXMLDocument(uri, new InputSource(is)));
+}
+
+
// -- Protected
Methods
1.18 +15 -6
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspConfig.java
Index: JspConfig.java
===
RCS file:
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspConfig.java,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- JspConfig.java21 Mar 2005 15:38:12 - 1.17
+++ JspConfig.java24 Mar 2005 04:08:01 - 1.18
@@ -19,6 +19,7 @@
import java.io.InputStream;
import java.util.Iterator;
import java.util.Vector;
+import java.net.URL;
import javax.servlet.ServletContext;
@@ -27,6 +28,7 @@
import org.apache.jasper.JasperException;
import org.apache.jasper.xmlparser.ParserUtils;
import org.apache.jasper.xmlparser.TreeNode;
+import org.xml.sax.InputSource;
/**
* Handles the jsp-config element in WEB_INF/web.xml. This is used
@@ -57,17 +59,22 @@
private void processWebDotXml(ServletContext ctxt) throws
JasperException {
- InputStream is = null;
+InputStream is = null;
try {
-is = ctxt.getResourceAsStream(WEB_XML);
- if (is == null) {
+URL uri = ctxt.getResource(WEB_XML);
+if (uri == null) {
// no web.xml
- return;
+return;
}
- ParserUtils pu = new ParserUtils();
- TreeNode webApp = pu.parseXMLDocument(WEB_XML, is);
+is = uri.openStream();
+InputSource ip = new InputSource(is);
+ip.setSystemId(uri.toExternalForm());
+
+ParserUtils pu = new ParserUtils();
+ TreeNode webApp = pu.parseXMLDocument(WEB_XML, ip);
+
if (webApp == null
cvs commit: jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler JspConfig.java
kinman 2004/01/26 17:20:22
Modified:jasper2/src/share/org/apache/jasper/compiler JspConfig.java
Log:
- Fix 26432: Incorrect mapping for url pattern in jsp property group.
I also took the oppertunity to do some clear up and refactoring.
Revision ChangesPath
1.14 +75 -67
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspConfig.java
Index: JspConfig.java
===
RCS file:
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspConfig.java,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- JspConfig.java2 Sep 2003 21:39:58 - 1.13
+++ JspConfig.java27 Jan 2004 01:20:22 - 1.14
@@ -184,7 +184,15 @@
extension = *;
} else if (file.startsWith(*.)) {
extension = file.substring(file.indexOf('.')+1);
- } else {
+ }
+
+ // The url patterns are reconstructed as the follwoing:
+ // path != null, extension == null: / or /foo/bar.ext
+ // path == null, extension != null: *.ext
+ // path != null, extension == *: /foo/*
+ boolean isStar = *.equals(extension);
+ if ((path == null (extension == null || isStar)) ||
+ (path != null !isStar)) {
if (log.isWarnEnabled()) {
log.warn(Localizer.getMessage(jsp.warning.bad.urlpattern.propertygroup,
urlPattern));
@@ -220,6 +228,42 @@
}
/**
+ * Select the property group that has more restrictive url-pattern.
+ * In case of tie, select the first.
+ */
+private JspPropertyGroup selectProperty(JspPropertyGroup prev,
+JspPropertyGroup curr) {
+if (prev == null) {
+return curr;
+}
+if (prev.getExtension() == null) {
+// exact match
+return prev;
+}
+if (curr.getExtension() == null) {
+// exact match
+return curr;
+}
+String prevPath = prev.getPath();
+String currPath = curr.getPath();
+if (prevPath == null currPath == null) {
+// Both specifies a *.ext, keep the first one
+return prev;
+}
+if (prevPath == null currPath != null) {
+return curr;
+}
+if (prevPath != null currPath == null) {
+return prev;
+}
+if (prevPath.length() = currPath.length()) {
+return prev;
+}
+return curr;
+}
+
+
+/**
* Find a property that best matches the supplied resource.
* @param uri the resource supplied.
* @return a JspProperty indicating the best match, or some default.
@@ -264,39 +308,15 @@
String path = jpg.getPath();
if (extension == null) {
-
// exact match pattern: /a/foo.jsp
if (!uri.equals(path)) {
// not matched;
continue;
}
-
- // Add include-preludes and include-codas
- if (jp.getIncludePrelude() != null) {
- includePreludes.addAll(jp.getIncludePrelude());
- }
- if (jp.getIncludeCoda() != null) {
- includeCodas.addAll(jp.getIncludeCoda());
- }
-
- // For other attributes, keep the best match.
- if (jp.isXml() != null) {
- isXmlMatch = jpg;
- }
- if (jp.isELIgnored() != null) {
- elIgnoredMatch = jpg;
- }
- if (jp.isScriptingInvalid() != null) {
- scriptingInvalidMatch = jpg;
- }
- if (jp.getPageEncoding() != null) {
- pageEncodingMatch = jpg;
- }
} else {
-
- // Possible patterns are *, *.ext, /p/*, and /p/*.ext
-
- if (path != null !path.equals(uriPath)) {
+ // Matching patterns *.ext or /p/*
+ if (path != null uriPath != null
+ ! uriPath.startsWith(path)) {
// not matched
continue;
}
@@ -305,42 +325,30 @@
// not matched
continue;
}
-
-
cvs commit: jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler JspConfig.java
kinman 2003/08/26 17:47:19
Modified:jasper2/src/share/org/apache/jasper JspC.java
jasper2/src/share/org/apache/jasper/compiler JspConfig.java
Log:
- When precompiling with JSPC, files that mathch the url-pattern specified
in jsp-config should be included for compilation.
Revision ChangesPath
1.58 +12 -10
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/JspC.java
Index: JspC.java
===
RCS file:
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/JspC.java,v
retrieving revision 1.57
retrieving revision 1.58
diff -u -r1.57 -r1.58
--- JspC.java 12 Aug 2003 19:40:17 - 1.57
+++ JspC.java 27 Aug 2003 00:47:19 - 1.58
@@ -776,7 +776,7 @@
* Locate all jsp files in the webapp. Used if no explicit
* jsps are specified.
*/
-public void scanFiles( File base ) {
+public void scanFiles( File base ) throws JasperException {
Stack dirs = new Stack();
dirs.push(base);
if (extensions == null) {
@@ -798,12 +798,14 @@
dirs.push(f2.getPath());
//System.out.println(++ + f2.getPath());
} else {
+String path = f2.getPath();
+String uri = path.substring(uriRoot.length());
ext = files[i].substring(files[i].lastIndexOf('.')
+ 1);
-if (extensions.contains(ext)) {
+if (extensions.contains(ext) ||
+jspConfig.isJspPage(uri)) {
//System.out.println(s + ? + files[i]);
-pages.addElement(s + File.separatorChar
- + files[i]);
+pages.addElement(path);
} else {
//System.out.println(not done: + ext);
}
@@ -831,6 +833,9 @@
locateUriRoot( firstJspF );
}
+ if( context==null )
+ initServletContext();
+
// No explicit page, we'll process all .jsp in the webapp
if (pages.size() == 0) {
scanFiles( new File( uriRoot ));
@@ -845,9 +850,6 @@
throw new JasperException(
Localizer.getMessage(jsp.error.jspc.uriroot_not_dir));
}
-
- if( context==null )
- initServletContext();
initWebXml();
1.12 +61 -9
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspConfig.java
Index: JspConfig.java
===
RCS file:
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspConfig.java,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- JspConfig.java31 Jul 2003 18:51:16 - 1.11
+++ JspConfig.java27 Aug 2003 00:47:19 - 1.12
@@ -208,12 +208,7 @@
}
}
-/**
- * Find a property that best matches the supplied resource.
- * @param uri the resource supplied.
- * @return a JspProperty if a match is found, null otherwise
- */
-public JspProperty findJspProperty(String uri) throws JasperException {
+private void init() throws JasperException {
if (!initialized) {
processWebDotXml(ctxt);
@@ -223,6 +218,16 @@
null, null, null);
initialized = true;
}
+}
+
+/**
+ * Find a property that best matches the supplied resource.
+ * @param uri the resource supplied.
+ * @return a JspProperty indicating the best match, or some default.
+ */
+public JspProperty findJspProperty(String uri) throws JasperException {
+
+ init();
// JSP Configuration settings do not apply to tag files
if (jspProperties == null || uri.endsWith(.tag)
@@ -362,6 +367,53 @@
return new JspProperty(isXml, isELIgnored, isScriptingInvalid,
pageEncoding, includePreludes, includeCodas);
+}
+
+/**
+ * To find out if an uri matches an url pattern in jsp config. If so,
+ * then the uri is a JSP page. This is used primarily for jspc.
+ */
+public boolean isJspPage(String uri) throws JasperException {
+
+init();
+if (jspProperties == null) {
+return false;
+}
+
+String uriPath = null;
+int index = uri.lastIndexOf('/');
+if (index =0 ) {
+uriPath = uri.substring(0, index+1);
+}
+
cvs commit: jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler JspConfig.java
kinman 2003/07/31 11:51:16
Modified:jasper2/src/share/org/apache/jasper/compiler JspConfig.java
Log:
- Make JspProperty constructor public, to allow for user supplied JspConfig.
Revision ChangesPath
1.11 +4 -4
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspConfig.java
Index: JspConfig.java
===
RCS file:
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspConfig.java,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- JspConfig.java27 Mar 2003 22:05:19 - 1.10
+++ JspConfig.java31 Jul 2003 18:51:16 - 1.11
@@ -398,7 +398,7 @@
private Vector includePrelude;
private Vector includeCoda;
- JspProperty(String isXml, String elIgnored,
+ public JspProperty(String isXml, String elIgnored,
String scriptingInvalid, String pageEncoding,
Vector includePrelude, Vector includeCoda) {
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler JspConfig.java
luehe 2003/03/27 14:05:19
Modified:jasper2/src/share/org/apache/jasper/compiler JspConfig.java
Log:
Added fix so that JSP Configuration settings do not apply to tag files
Revision ChangesPath
1.10 +13 -8
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspConfig.java
Index: JspConfig.java
===
RCS file:
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspConfig.java,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- JspConfig.java5 Feb 2003 23:41:19 - 1.9
+++ JspConfig.java27 Mar 2003 22:05:19 - 1.10
@@ -95,6 +95,7 @@
private String defaultIsXml = null; // unspecified
private String defaultIsELIgnored = null;// unspecified
private String defaultIsScriptingInvalid = false;
+private JspProperty defaultJspProperty;
public JspConfig(ServletContext ctxt) {
this.ctxt = ctxt;
@@ -216,13 +217,17 @@
if (!initialized) {
processWebDotXml(ctxt);
+ defaultJspProperty = new JspProperty(defaultIsXml,
+ defaultIsELIgnored,
+ defaultIsScriptingInvalid,
+ null, null, null);
initialized = true;
}
-
- if (jspProperties == null) {
- return new JspProperty(defaultIsXml, defaultIsELIgnored,
-defaultIsScriptingInvalid,
-null, null, null);
+
+ // JSP Configuration settings do not apply to tag files
+ if (jspProperties == null || uri.endsWith(.tag)
+ || uri.endsWith(.tagx)) {
+ return defaultJspProperty;
}
String uriPath = null;
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler JspConfig.java
luehe 2003/02/05 15:41:19 Modified:jasper2/src/share/org/apache/jasper/compiler JspConfig.java Log: fixed typo Revision ChangesPath 1.9 +4 -4 jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspConfig.java Index: JspConfig.java === RCS file: /home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspConfig.java,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- JspConfig.java5 Feb 2003 23:39:21 - 1.8 +++ JspConfig.java5 Feb 2003 23:41:19 - 1.9 @@ -208,7 +208,7 @@ } /** - * Find a property that best match the supplied resource. + * Find a property that best matches the supplied resource. * @param uri the resource supplied. * @return a JspProperty if a match is found, null otherwise */ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler JspConfig.java
kinman 2002/08/21 17:47:24
Modified:jasper2/src/share/org/apache/jasper/compiler JspConfig.java
Log:
- If is-xml is not specified, leave it as unspecified.
Revision ChangesPath
1.2 +4 -5
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspConfig.java
Index: JspConfig.java
===
RCS file:
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspConfig.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- JspConfig.java20 Aug 2002 03:54:54 - 1.1
+++ JspConfig.java22 Aug 2002 00:47:24 - 1.2
@@ -89,7 +89,7 @@
private ServletContext ctxt;
private boolean initialized = false;
-private String defaultIsXml = false;
+private String defaultIsXml = null; // unspecified
private String defaultIsELEnabled = true;
private String defaultIsScriptingEnabled = true;
@@ -109,7 +109,6 @@
ParserUtils pu = ParserUtils.createParserUtils(cl);
TreeNode webApp = pu.parseXMLDocument(WEB_XML, is);
if (webApp == null || !2.4.equals(webApp.findAttribute(version))) {
- System.out.println(Servlet 2.3);
defaultIsELEnabled = false;
return;
}
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
cvs commit: jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler JspConfig.java
kinman 2002/08/19 20:54:54
Added: jasper2/src/share/org/apache/jasper/compiler JspConfig.java
Log:
- Added for JSP configuration support
Revision ChangesPath
1.1
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspConfig.java
Index: JspConfig.java
===
/*
* $Header:
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspConfig.java,v
1.1 2002/08/20 03:54:54 kinman Exp $
* $Revision: 1.1 $
* $Date: 2002/08/20 03:54:54 $
*
*
*
* The Apache Software License, Version 1.1
*
* Copyright (c) 1999 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
*notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
*notice, this list of conditions and the following disclaimer in
*the documentation and/or other materials provided with the
*distribution.
*
* 3. The end-user documentation included with the redistribution, if
*any, must include the following acknowlegement:
* This product includes software developed by the
*Apache Software Foundation (http://www.apache.org/).
*Alternately, this acknowlegement may appear in the software itself,
*if and wherever such third-party acknowlegements normally appear.
*
* 4. The names The Jakarta Project, Tomcat, and Apache Software
*Foundation must not be used to endorse or promote products derived
*from this software without prior written permission. For written
*permission, please contact [EMAIL PROTECTED]
*
* 5. Products derived from this software may not be called Apache
*nor may Apache appear in their names without prior written
*permission of the Apache Group.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* http://www.apache.org/.
*
*/
package org.apache.jasper.compiler;
import java.util.Vector;
import java.io.InputStream;
import java.util.Iterator;
import javax.servlet.ServletContext;
import org.apache.jasper.Constants;
import org.apache.jasper.logging.Logger;
import org.apache.jasper.JasperException;
import org.apache.jasper.xmlparser.ParserUtils;
import org.apache.jasper.xmlparser.TreeNode;
/**
* Handles the jsp-config element in WEB_INF/web.xml. This is used
* for specifying the JSP configuration informantion on a JSP page
*
* @authro Kin-man Chung
*/
public class JspConfig {
static private final String WEB_XML = /WEB-INF/web.xml;
private Vector jspProperties = null;
private ServletContext ctxt;
private boolean initialized = false;
private String defaultIsXml = false;
private String defaultIsELEnabled = true;
private String defaultIsScriptingEnabled = true;
public JspConfig(ServletContext ctxt) {
this.ctxt = ctxt;
}
private void processWebDotXml(ServletContext ctxt) throws JasperException {
InputStream is = ctxt.getResourceAsStream(WEB_XML);
if (is == null) {
// no web.xml
return;
}
ClassLoader cl = this.getClass().getClassLoader();
ParserUtils pu = ParserUtils.createParserUtils(cl);
TreeNode webApp = pu.parseXMLDocument(WEB_XML, is);
if (webApp == null || !2.4.equals(webApp.findAttribute(version))) {
System.out.println(Servlet 2.3);
defaultIsELEnabled = false;
return;
}
