luehe 2005/03/23 20:08:01 Modified: webapps/docs changelog.xml jasper2/src/share/org/apache/jasper/xmlparser ParserUtils.java jasper2/src/share/org/apache/jasper/compiler JspConfig.java Log: Fix for Bugzilla 34034 ("Jasper didn't respect external entities") based on patch by <[EMAIL PROTECTED]> Revision Changes Path 1.255 +8 -0 jakarta-tomcat-catalina/webapps/docs/changelog.xml Index: changelog.xml =================================================================== RCS file: /home/cvs/jakarta-tomcat-catalina/webapps/docs/changelog.xml,v retrieving revision 1.254 retrieving revision 1.255 diff -u -r1.254 -r1.255 --- changelog.xml 23 Mar 2005 16:38:05 -0000 1.254 +++ changelog.xml 24 Mar 2005 04:08:01 -0000 1.255 @@ -118,6 +118,14 @@ </update> </changelog> </subsection> + + <subsection name="Jasper"> + <changelog> + <fix> + <bug>34034</bug>: Jasper does not respect external entities (billbarker) + </fix> + </changelog> + </subsection> <subsection name="Cluster"> <changelog> 1.13 +20 -3 jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/xmlparser/ParserUtils.java Index: ParserUtils.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/xmlparser/ParserUtils.java,v retrieving revision 1.12 retrieving revision 1.13 diff -u -r1.12 -r1.13 --- ParserUtils.java 21 Mar 2005 15:38:12 -0000 1.12 +++ ParserUtils.java 24 Mar 2005 04:08:01 -0000 1.13 @@ -73,12 +73,12 @@ * that corresponds to the root node of the document tree. * * @param uri URI of the XML document being parsed - * @param is Input stream containing the deployment descriptor + * @param is Input source containing the deployment descriptor * * @exception JasperException if an input/output error occurs * @exception JasperException if a parsing error occurs */ - public TreeNode parseXMLDocument(String uri, InputStream is) + public TreeNode parseXMLDocument(String uri, InputSource is) throws JasperException { Document document = null; @@ -116,6 +116,23 @@ } + /** + * Parse the specified XML document, and return a <code>TreeNode</code> + * that corresponds to the root node of the document tree. + * + * @param uri URI of the XML document being parsed + * @param is Input stream containing the deployment descriptor + * + * @exception JasperException if an input/output error occurs + * @exception JasperException if a parsing error occurs + */ + public TreeNode parseXMLDocument(String uri, InputStream is) + throws JasperException { + + return (parseXMLDocument(uri, new InputSource(is))); + } + + // ------------------------------------------------------ Protected Methods 1.18 +15 -6 jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspConfig.java Index: JspConfig.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspConfig.java,v retrieving revision 1.17 retrieving revision 1.18 diff -u -r1.17 -r1.18 --- JspConfig.java 21 Mar 2005 15:38:12 -0000 1.17 +++ JspConfig.java 24 Mar 2005 04:08:01 -0000 1.18 @@ -19,6 +19,7 @@ import java.io.InputStream; import java.util.Iterator; import java.util.Vector; +import java.net.URL; import javax.servlet.ServletContext; @@ -27,6 +28,7 @@ import org.apache.jasper.JasperException; import org.apache.jasper.xmlparser.ParserUtils; import org.apache.jasper.xmlparser.TreeNode; +import org.xml.sax.InputSource; /** * Handles the jsp-config element in WEB_INF/web.xml. This is used @@ -57,17 +59,22 @@ private void processWebDotXml(ServletContext ctxt) throws JasperException { - InputStream is = null; + InputStream is = null; try { - is = ctxt.getResourceAsStream(WEB_XML); - if (is == null) { + URL uri = ctxt.getResource(WEB_XML); + if (uri == null) { // no web.xml - return; + return; } - ParserUtils pu = new ParserUtils(); - TreeNode webApp = pu.parseXMLDocument(WEB_XML, is); + is = uri.openStream(); + InputSource ip = new InputSource(is); + ip.setSystemId(uri.toExternalForm()); + + ParserUtils pu = new ParserUtils(); + TreeNode webApp = pu.parseXMLDocument(WEB_XML, ip); + if (webApp == null || !"2.4".equals(webApp.findAttribute("version"))) { defaultIsELIgnored = "true"; @@ -173,6 +180,8 @@ jspProperties.addElement(propertyGroup); } } + } catch (Exception ex) { + throw new JasperException(ex); } finally { if (is != null) { try {
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]