I see another problem with this code. Suppose for some reason we have an attribute or resource parameter value like the following (without the quotes): "> corresponds to >" The correct XML for this string is: "> corresponds to >" However this code would write to server.xml: "> corresponds to >" The next time the server.xml file is read in, we end up with: "> corresponds to >" which is different than the original string.
In my opinion this portion of the code should be left as it was in revision 1.32: Roberto > -----Original Message----- > From: Amy Roh [mailto:[EMAIL PROTECTED]] > Sent: Friday, January 03, 2003 20:55 > To: Tomcat Developers List > Subject: Re: cvs commit: > jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core > StandardServer.java > > > Christoph Seibert wrote: > > Hi there, > > > > I think there is a problem with the following fix: > > > >> amyroh 2003/01/02 17:59:09 > >> > >> Modified: catalina/src/share/org/apache/catalina/core > >> StandardServer.java > >> Log: > >> Fix for bugzilla 15762. > > > > [...] > > > >> diff -u -r1.32 -r1.33 > >> --- StandardServer.java 11 Sep 2002 14:19:33 -0000 1.32 > >> +++ StandardServer.java 3 Jan 2003 01:59:08 -0000 1.33 > >> @@ -824,7 +824,15 @@ > >> } else if (c == '"') { > >> filtered.append("""); > >> } else if (c == '&') { > >> - filtered.append("&"); > >> + char s1 = input.charAt(i+3); > >> + char s2 = input.charAt(i+4); > >> + char s3 = input.charAt(i+5); > >> + if (((s1 == ';') || (s2 == ';')) || (s3 > == ';')) { > >> + // do not convert if it's already > in converted > >> form > >> + filtered.append(c); > >> + } else { > >> + filtered.append("&"); > >> + } > >> } else { > >> filtered.append(c); > >> } > > > > > > (Note: I haven't had a look at the surrounding code yet, so > I have to > > assume that 'i' is the position of 'c', that is the '&' character.) > > > > This code assumes that character or entity references will not be > > shorter than 4 characters (including the delimiters '&' and > ';') and > > no longer than 6. However, the XML specification does not > in any way > > define restrictions like that. For example, '&d;' is a valid entity > > reference (assuming it was defined in the DTD). Worse, character or > > entity references can have arbitrary length. For example, > > ' ' is a valid character reference to the ' > ' (space) > > character. > > > > I'm sorry I don't have a better fix right now, but I assume > one would > > have to iterate through the characters following the '&' > until either > > a ';' is found or a character occurs that is not a legal part of an > > entity reference name (or in the case of a character reference, not > > one of [0-9] for decimal or [0-9a-fA-F] for hexadecimal). > > > > (Actually, I believe this wheel must already have been > invented, but > > with only looking at this code snippet, I don't really know.) > > I believe iterating through the characters following the '&' > to look for > ';' is found will fix the problem. A character such as > ' ' without following ';' will result in parsing error > where as ' ' will be written as a space(' '). > > Thanks, > Amy > > > > > Ciao, > > Christoph > > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
