cvs commit: jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler JspConfig.java
luehe 2005/03/23 20:08:01 Modified:webapps/docs changelog.xml jasper2/src/share/org/apache/jasper/xmlparser ParserUtils.java jasper2/src/share/org/apache/jasper/compiler JspConfig.java Log: Fix for Bugzilla 34034 (Jasper didn't respect external entities) based on patch by [EMAIL PROTECTED] Revision ChangesPath 1.255 +8 -0 jakarta-tomcat-catalina/webapps/docs/changelog.xml Index: changelog.xml === RCS file: /home/cvs/jakarta-tomcat-catalina/webapps/docs/changelog.xml,v retrieving revision 1.254 retrieving revision 1.255 diff -u -r1.254 -r1.255 --- changelog.xml 23 Mar 2005 16:38:05 - 1.254 +++ changelog.xml 24 Mar 2005 04:08:01 - 1.255 @@ -118,6 +118,14 @@ /update /changelog /subsection + + subsection name=Jasper +changelog + fix +bug34034/bug: Jasper does not respect external entities (billbarker) + /fix +/changelog + /subsection subsection name=Cluster changelog 1.13 +20 -3 jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/xmlparser/ParserUtils.java Index: ParserUtils.java === RCS file: /home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/xmlparser/ParserUtils.java,v retrieving revision 1.12 retrieving revision 1.13 diff -u -r1.12 -r1.13 --- ParserUtils.java 21 Mar 2005 15:38:12 - 1.12 +++ ParserUtils.java 24 Mar 2005 04:08:01 - 1.13 @@ -73,12 +73,12 @@ * that corresponds to the root node of the document tree. * * @param uri URI of the XML document being parsed - * @param is Input stream containing the deployment descriptor + * @param is Input source containing the deployment descriptor * * @exception JasperException if an input/output error occurs * @exception JasperException if a parsing error occurs */ -public TreeNode parseXMLDocument(String uri, InputStream is) +public TreeNode parseXMLDocument(String uri, InputSource is) throws JasperException { Document document = null; @@ -116,6 +116,23 @@ } +/** + * Parse the specified XML document, and return a codeTreeNode/code + * that corresponds to the root node of the document tree. + * + * @param uri URI of the XML document being parsed + * @param is Input stream containing the deployment descriptor + * + * @exception JasperException if an input/output error occurs + * @exception JasperException if a parsing error occurs + */ +public TreeNode parseXMLDocument(String uri, InputStream is) +throws JasperException { + +return (parseXMLDocument(uri, new InputSource(is))); +} + + // -- Protected Methods 1.18 +15 -6 jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspConfig.java Index: JspConfig.java === RCS file: /home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspConfig.java,v retrieving revision 1.17 retrieving revision 1.18 diff -u -r1.17 -r1.18 --- JspConfig.java21 Mar 2005 15:38:12 - 1.17 +++ JspConfig.java24 Mar 2005 04:08:01 - 1.18 @@ -19,6 +19,7 @@ import java.io.InputStream; import java.util.Iterator; import java.util.Vector; +import java.net.URL; import javax.servlet.ServletContext; @@ -27,6 +28,7 @@ import org.apache.jasper.JasperException; import org.apache.jasper.xmlparser.ParserUtils; import org.apache.jasper.xmlparser.TreeNode; +import org.xml.sax.InputSource; /** * Handles the jsp-config element in WEB_INF/web.xml. This is used @@ -57,17 +59,22 @@ private void processWebDotXml(ServletContext ctxt) throws JasperException { - InputStream is = null; +InputStream is = null; try { -is = ctxt.getResourceAsStream(WEB_XML); - if (is == null) { +URL uri = ctxt.getResource(WEB_XML); +if (uri == null) { // no web.xml - return; +return; } - ParserUtils pu = new ParserUtils(); - TreeNode webApp = pu.parseXMLDocument(WEB_XML, is); +is = uri.openStream(); +InputSource ip = new InputSource(is); +ip.setSystemId(uri.toExternalForm()); + +ParserUtils pu = new ParserUtils(); + TreeNode webApp = pu.parseXMLDocument(WEB_XML, ip); + if (webApp == null
cvs commit: jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler JspConfig.java
kinman 2004/01/26 17:20:22 Modified:jasper2/src/share/org/apache/jasper/compiler JspConfig.java Log: - Fix 26432: Incorrect mapping for url pattern in jsp property group. I also took the oppertunity to do some clear up and refactoring. Revision ChangesPath 1.14 +75 -67 jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspConfig.java Index: JspConfig.java === RCS file: /home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspConfig.java,v retrieving revision 1.13 retrieving revision 1.14 diff -u -r1.13 -r1.14 --- JspConfig.java2 Sep 2003 21:39:58 - 1.13 +++ JspConfig.java27 Jan 2004 01:20:22 - 1.14 @@ -184,7 +184,15 @@ extension = *; } else if (file.startsWith(*.)) { extension = file.substring(file.indexOf('.')+1); - } else { + } + + // The url patterns are reconstructed as the follwoing: + // path != null, extension == null: / or /foo/bar.ext + // path == null, extension != null: *.ext + // path != null, extension == *: /foo/* + boolean isStar = *.equals(extension); + if ((path == null (extension == null || isStar)) || + (path != null !isStar)) { if (log.isWarnEnabled()) { log.warn(Localizer.getMessage(jsp.warning.bad.urlpattern.propertygroup, urlPattern)); @@ -220,6 +228,42 @@ } /** + * Select the property group that has more restrictive url-pattern. + * In case of tie, select the first. + */ +private JspPropertyGroup selectProperty(JspPropertyGroup prev, +JspPropertyGroup curr) { +if (prev == null) { +return curr; +} +if (prev.getExtension() == null) { +// exact match +return prev; +} +if (curr.getExtension() == null) { +// exact match +return curr; +} +String prevPath = prev.getPath(); +String currPath = curr.getPath(); +if (prevPath == null currPath == null) { +// Both specifies a *.ext, keep the first one +return prev; +} +if (prevPath == null currPath != null) { +return curr; +} +if (prevPath != null currPath == null) { +return prev; +} +if (prevPath.length() = currPath.length()) { +return prev; +} +return curr; +} + + +/** * Find a property that best matches the supplied resource. * @param uri the resource supplied. * @return a JspProperty indicating the best match, or some default. @@ -264,39 +308,15 @@ String path = jpg.getPath(); if (extension == null) { - // exact match pattern: /a/foo.jsp if (!uri.equals(path)) { // not matched; continue; } - - // Add include-preludes and include-codas - if (jp.getIncludePrelude() != null) { - includePreludes.addAll(jp.getIncludePrelude()); - } - if (jp.getIncludeCoda() != null) { - includeCodas.addAll(jp.getIncludeCoda()); - } - - // For other attributes, keep the best match. - if (jp.isXml() != null) { - isXmlMatch = jpg; - } - if (jp.isELIgnored() != null) { - elIgnoredMatch = jpg; - } - if (jp.isScriptingInvalid() != null) { - scriptingInvalidMatch = jpg; - } - if (jp.getPageEncoding() != null) { - pageEncodingMatch = jpg; - } } else { - - // Possible patterns are *, *.ext, /p/*, and /p/*.ext - - if (path != null !path.equals(uriPath)) { + // Matching patterns *.ext or /p/* + if (path != null uriPath != null + ! uriPath.startsWith(path)) { // not matched continue; } @@ -305,42 +325,30 @@ // not matched continue; } - -
cvs commit: jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler JspConfig.java
kinman 2003/08/26 17:47:19 Modified:jasper2/src/share/org/apache/jasper JspC.java jasper2/src/share/org/apache/jasper/compiler JspConfig.java Log: - When precompiling with JSPC, files that mathch the url-pattern specified in jsp-config should be included for compilation. Revision ChangesPath 1.58 +12 -10 jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/JspC.java Index: JspC.java === RCS file: /home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/JspC.java,v retrieving revision 1.57 retrieving revision 1.58 diff -u -r1.57 -r1.58 --- JspC.java 12 Aug 2003 19:40:17 - 1.57 +++ JspC.java 27 Aug 2003 00:47:19 - 1.58 @@ -776,7 +776,7 @@ * Locate all jsp files in the webapp. Used if no explicit * jsps are specified. */ -public void scanFiles( File base ) { +public void scanFiles( File base ) throws JasperException { Stack dirs = new Stack(); dirs.push(base); if (extensions == null) { @@ -798,12 +798,14 @@ dirs.push(f2.getPath()); //System.out.println(++ + f2.getPath()); } else { +String path = f2.getPath(); +String uri = path.substring(uriRoot.length()); ext = files[i].substring(files[i].lastIndexOf('.') + 1); -if (extensions.contains(ext)) { +if (extensions.contains(ext) || +jspConfig.isJspPage(uri)) { //System.out.println(s + ? + files[i]); -pages.addElement(s + File.separatorChar - + files[i]); +pages.addElement(path); } else { //System.out.println(not done: + ext); } @@ -831,6 +833,9 @@ locateUriRoot( firstJspF ); } + if( context==null ) + initServletContext(); + // No explicit page, we'll process all .jsp in the webapp if (pages.size() == 0) { scanFiles( new File( uriRoot )); @@ -845,9 +850,6 @@ throw new JasperException( Localizer.getMessage(jsp.error.jspc.uriroot_not_dir)); } - - if( context==null ) - initServletContext(); initWebXml(); 1.12 +61 -9 jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspConfig.java Index: JspConfig.java === RCS file: /home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspConfig.java,v retrieving revision 1.11 retrieving revision 1.12 diff -u -r1.11 -r1.12 --- JspConfig.java31 Jul 2003 18:51:16 - 1.11 +++ JspConfig.java27 Aug 2003 00:47:19 - 1.12 @@ -208,12 +208,7 @@ } } -/** - * Find a property that best matches the supplied resource. - * @param uri the resource supplied. - * @return a JspProperty if a match is found, null otherwise - */ -public JspProperty findJspProperty(String uri) throws JasperException { +private void init() throws JasperException { if (!initialized) { processWebDotXml(ctxt); @@ -223,6 +218,16 @@ null, null, null); initialized = true; } +} + +/** + * Find a property that best matches the supplied resource. + * @param uri the resource supplied. + * @return a JspProperty indicating the best match, or some default. + */ +public JspProperty findJspProperty(String uri) throws JasperException { + + init(); // JSP Configuration settings do not apply to tag files if (jspProperties == null || uri.endsWith(.tag) @@ -362,6 +367,53 @@ return new JspProperty(isXml, isELIgnored, isScriptingInvalid, pageEncoding, includePreludes, includeCodas); +} + +/** + * To find out if an uri matches an url pattern in jsp config. If so, + * then the uri is a JSP page. This is used primarily for jspc. + */ +public boolean isJspPage(String uri) throws JasperException { + +init(); +if (jspProperties == null) { +return false; +} + +String uriPath = null; +int index = uri.lastIndexOf('/'); +if (index =0 ) { +uriPath = uri.substring(0, index+1); +} +
cvs commit: jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler JspConfig.java
kinman 2003/07/31 11:51:16 Modified:jasper2/src/share/org/apache/jasper/compiler JspConfig.java Log: - Make JspProperty constructor public, to allow for user supplied JspConfig. Revision ChangesPath 1.11 +4 -4 jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspConfig.java Index: JspConfig.java === RCS file: /home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspConfig.java,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- JspConfig.java27 Mar 2003 22:05:19 - 1.10 +++ JspConfig.java31 Jul 2003 18:51:16 - 1.11 @@ -398,7 +398,7 @@ private Vector includePrelude; private Vector includeCoda; - JspProperty(String isXml, String elIgnored, + public JspProperty(String isXml, String elIgnored, String scriptingInvalid, String pageEncoding, Vector includePrelude, Vector includeCoda) { - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler JspConfig.java
luehe 2003/03/27 14:05:19 Modified:jasper2/src/share/org/apache/jasper/compiler JspConfig.java Log: Added fix so that JSP Configuration settings do not apply to tag files Revision ChangesPath 1.10 +13 -8 jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspConfig.java Index: JspConfig.java === RCS file: /home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspConfig.java,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- JspConfig.java5 Feb 2003 23:41:19 - 1.9 +++ JspConfig.java27 Mar 2003 22:05:19 - 1.10 @@ -95,6 +95,7 @@ private String defaultIsXml = null; // unspecified private String defaultIsELIgnored = null;// unspecified private String defaultIsScriptingInvalid = false; +private JspProperty defaultJspProperty; public JspConfig(ServletContext ctxt) { this.ctxt = ctxt; @@ -216,13 +217,17 @@ if (!initialized) { processWebDotXml(ctxt); + defaultJspProperty = new JspProperty(defaultIsXml, + defaultIsELIgnored, + defaultIsScriptingInvalid, + null, null, null); initialized = true; } - - if (jspProperties == null) { - return new JspProperty(defaultIsXml, defaultIsELIgnored, -defaultIsScriptingInvalid, -null, null, null); + + // JSP Configuration settings do not apply to tag files + if (jspProperties == null || uri.endsWith(.tag) + || uri.endsWith(.tagx)) { + return defaultJspProperty; } String uriPath = null; - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler JspConfig.java
luehe 2003/02/05 15:41:19 Modified:jasper2/src/share/org/apache/jasper/compiler JspConfig.java Log: fixed typo Revision ChangesPath 1.9 +4 -4 jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspConfig.java Index: JspConfig.java === RCS file: /home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspConfig.java,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- JspConfig.java5 Feb 2003 23:39:21 - 1.8 +++ JspConfig.java5 Feb 2003 23:41:19 - 1.9 @@ -208,7 +208,7 @@ } /** - * Find a property that best match the supplied resource. + * Find a property that best matches the supplied resource. * @param uri the resource supplied. * @return a JspProperty if a match is found, null otherwise */ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler JspConfig.java
kinman 2002/08/21 17:47:24 Modified:jasper2/src/share/org/apache/jasper/compiler JspConfig.java Log: - If is-xml is not specified, leave it as unspecified. Revision ChangesPath 1.2 +4 -5 jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspConfig.java Index: JspConfig.java === RCS file: /home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspConfig.java,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- JspConfig.java20 Aug 2002 03:54:54 - 1.1 +++ JspConfig.java22 Aug 2002 00:47:24 - 1.2 @@ -89,7 +89,7 @@ private ServletContext ctxt; private boolean initialized = false; -private String defaultIsXml = false; +private String defaultIsXml = null; // unspecified private String defaultIsELEnabled = true; private String defaultIsScriptingEnabled = true; @@ -109,7 +109,6 @@ ParserUtils pu = ParserUtils.createParserUtils(cl); TreeNode webApp = pu.parseXMLDocument(WEB_XML, is); if (webApp == null || !2.4.equals(webApp.findAttribute(version))) { - System.out.println(Servlet 2.3); defaultIsELEnabled = false; return; } -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
cvs commit: jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler JspConfig.java
kinman 2002/08/19 20:54:54 Added: jasper2/src/share/org/apache/jasper/compiler JspConfig.java Log: - Added for JSP configuration support Revision ChangesPath 1.1 jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspConfig.java Index: JspConfig.java === /* * $Header: /home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspConfig.java,v 1.1 2002/08/20 03:54:54 kinman Exp $ * $Revision: 1.1 $ * $Date: 2002/08/20 03:54:54 $ * * * * The Apache Software License, Version 1.1 * * Copyright (c) 1999 The Apache Software Foundation. All rights * reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright *notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright *notice, this list of conditions and the following disclaimer in *the documentation and/or other materials provided with the *distribution. * * 3. The end-user documentation included with the redistribution, if *any, must include the following acknowlegement: * This product includes software developed by the *Apache Software Foundation (http://www.apache.org/). *Alternately, this acknowlegement may appear in the software itself, *if and wherever such third-party acknowlegements normally appear. * * 4. The names The Jakarta Project, Tomcat, and Apache Software *Foundation must not be used to endorse or promote products derived *from this software without prior written permission. For written *permission, please contact [EMAIL PROTECTED] * * 5. Products derived from this software may not be called Apache *nor may Apache appear in their names without prior written *permission of the Apache Group. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * * This software consists of voluntary contributions made by many * individuals on behalf of the Apache Software Foundation. For more * information on the Apache Software Foundation, please see * http://www.apache.org/. * */ package org.apache.jasper.compiler; import java.util.Vector; import java.io.InputStream; import java.util.Iterator; import javax.servlet.ServletContext; import org.apache.jasper.Constants; import org.apache.jasper.logging.Logger; import org.apache.jasper.JasperException; import org.apache.jasper.xmlparser.ParserUtils; import org.apache.jasper.xmlparser.TreeNode; /** * Handles the jsp-config element in WEB_INF/web.xml. This is used * for specifying the JSP configuration informantion on a JSP page * * @authro Kin-man Chung */ public class JspConfig { static private final String WEB_XML = /WEB-INF/web.xml; private Vector jspProperties = null; private ServletContext ctxt; private boolean initialized = false; private String defaultIsXml = false; private String defaultIsELEnabled = true; private String defaultIsScriptingEnabled = true; public JspConfig(ServletContext ctxt) { this.ctxt = ctxt; } private void processWebDotXml(ServletContext ctxt) throws JasperException { InputStream is = ctxt.getResourceAsStream(WEB_XML); if (is == null) { // no web.xml return; } ClassLoader cl = this.getClass().getClassLoader(); ParserUtils pu = ParserUtils.createParserUtils(cl); TreeNode webApp = pu.parseXMLDocument(WEB_XML, is); if (webApp == null || !2.4.equals(webApp.findAttribute(version))) { System.out.println(Servlet 2.3); defaultIsELEnabled = false; return; }