luehe 2002/12/09 15:27:04
Modified: jasper2/src/share/org/apache/jasper/compiler Validator.java
jasper2/src/share/org/apache/jasper/resources
messages.properties messages_es.properties
messages_fr.properties messages_ja.properties
Log:
Fixed Bugtraq 4790760: A translation-time error is not generated if
the 'name' attribute of jsp:param is an expression
Revision Changes Path
1.57 +12 -5
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/Validator.java
Index: Validator.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/Validator.java,v
retrieving revision 1.56
retrieving revision 1.57
diff -u -r1.56 -r1.57
--- Validator.java 9 Dec 2002 22:26:10 -0000 1.56
+++ Validator.java 9 Dec 2002 23:27:03 -0000 1.57
@@ -476,6 +476,13 @@
public void visit(Node.ParamAction n) throws JasperException {
JspUtil.checkAttributes("Param action", n,
paramActionAttrs, err);
+ // make sure the value of the 'name' attribute is not a
+ // request-time expression
+ if (isExpression(n, n.getAttributes().getValue("name"))) {
+ err.jspError(n,
+ "jsp.error.attribute.standard.non_rt_with_expr",
+ "name", "jsp:param");
+ }
n.setValue(getJspAttribute("value", null, null,
n.getAttributeValue("value"),
java.lang.String.class, null,
@@ -739,7 +746,7 @@
// Make sure its value does not contain any.
if (isExpression(n, attrs.getValue(i))) {
err.jspError(n,
- "jsp.error.attribute.non_rt_with_expr",
+ "jsp.error.attribute.custom.non_rt_with_expr",
tldAttrs[j].getName());
}
jspAttrs[i]
@@ -976,7 +983,7 @@
* Checks to see if the given attribute value represents a runtime or
* EL expression.
*/
- private boolean isExpression(Node.CustomTag n, String value) {
+ private boolean isExpression(Node n, String value) {
if ((n.isXmlSyntax() && value.startsWith("%="))
|| (!n.isXmlSyntax() && value.startsWith("<%="))
|| (value.indexOf("${") != -1 && !pageInfo.isELIgnored()))
1.66 +3 -2
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/resources/messages.properties
Index: messages.properties
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/resources/messages.properties,v
retrieving revision 1.65
retrieving revision 1.66
diff -u -r1.65 -r1.66
--- messages.properties 9 Dec 2002 22:17:32 -0000 1.65
+++ messages.properties 9 Dec 2002 23:27:03 -0000 1.66
@@ -297,7 +297,8 @@
jsp.error.page.config_pagedir_encoding_conflict=Page-encoding specified in
jsp-property-group ({0}) is different from that specified in page directive ({1})
jsp.error.page.prolog_pagedir_encoding_conflict=Page-encoding specified in XML
prolog ({0}) is different from that specified in page directive ({1})
jsp.error.page.prolog_config_encoding_conflict=Page-encoding specified in XML
prolog ({0}) is different from that specified in jsp-property-group ({1})
-jsp.error.attribute.non_rt_with_expr=According to TLD, attribute {0} does not
accept any expressions
+jsp.error.attribute.custom.non_rt_with_expr=According to TLD, attribute {0} does
not accept any expressions
+jsp.error.attribute.standard.non_rt_with_expr=The {0} attribute of the {1} standard
action does not accept any expressions
jsp.error.scripting.variable.missing_name=Unable to determine scripting variable
name from attribute {0}
jasper.error.emptybodycontent.nonempty=According to TLD, tag {0} must be empty, but
is not
jsp.error.tagfile.var_name_given_equals_attr_name=In tag file {0}, the name-given
attribute ({1}) of a variable directive equals the name attribute of an attribute
directive
1.25 +2 -2
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/resources/messages_es.properties
Index: messages_es.properties
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/resources/messages_es.properties,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -r1.24 -r1.25
--- messages_es.properties 2 Dec 2002 11:21:00 -0000 1.24
+++ messages_es.properties 9 Dec 2002 23:27:03 -0000 1.25
@@ -220,7 +220,7 @@
jsp.error.page.config_pagedir_encoding_conflict=
jsp.error.page.prolog_pagedir_encoding_conflict=
jsp.error.page.prolog_config_encoding_conflict=
-jsp.error.attribute.non_rt_with_expr=
+jsp.error.attribute.custom.non_rt_with_expr=
jsp.error.scripting.variable.missing_name=
jasper.error.emptybodycontent.nonempty=
jsp.error.tagfile.var_name_given_equals_attr_name=
1.8 +2 -2
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/resources/messages_fr.properties
Index: messages_fr.properties
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/resources/messages_fr.properties,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- messages_fr.properties 9 Dec 2002 22:17:32 -0000 1.7
+++ messages_fr.properties 9 Dec 2002 23:27:03 -0000 1.8
@@ -292,7 +292,7 @@
jsp.error.page.config_pagedir_encoding_conflict=L''encode de page (Page-encoding)
indiqué dans le jsp-property-group ({0}) est différent de celui indiqué dans la
directive de page ({1})
jsp.error.page.prolog_pagedir_encoding_conflict=
jsp.error.page.prolog_config_encoding_conflict=
-jsp.error.attribute.non_rt_with_expr=D''après la TLD, l''attribut {0} n''accepte
aucune expression
+jsp.error.attribute.custom.non_rt_with_expr=D''après la TLD, l''attribut {0}
n''accepte aucune expression
jsp.error.scripting.variable.missing_name=Incapable de déterminer le nom de
variable scripting d''après l''attribut {0}
jasper.error.emptybodycontent.nonempty=D''après la TLD, le tag {0} doit être vide,
mais ne l''est pas
jsp.error.tagfile.var_name_given_equals_attr_name=Dans le fichier de tag {0},
l''attribut name-given ({1}) de la directive variable est égal au nom d''attribut de
la directive attribute
1.25 +2 -2
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/resources/messages_ja.properties
Index: messages_ja.properties
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/resources/messages_ja.properties,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -r1.24 -r1.25
--- messages_ja.properties 2 Dec 2002 11:21:00 -0000 1.24
+++ messages_ja.properties 9 Dec 2002 23:27:03 -0000 1.25
@@ -251,7 +251,7 @@
jsp.error.page.config_pagedir_encoding_conflict=
jsp.error.page.prolog_pagedir_encoding_conflict=
jsp.error.page.prolog_config_encoding_conflict=
-jsp.error.attribute.non_rt_with_expr=
+jsp.error.attribute.custom.non_rt_with_expr=
jsp.error.scripting.variable.missing_name=
jasper.error.emptybodycontent.nonempty=
jsp.error.tagfile.var_name_given_equals_attr_name=
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
