svn commit: r547930 - in /tomcat: container/tc5.5.x/webapps/docs/changelog.xml jasper/tc5.5.x/src/share/org/apache/jasper/compiler/ELFunctionMapper.java

[markt]

Author: markt
Date: Sat Jun 16 08:15:25 2007
New Revision: 547930

URL: http://svn.apache.org/viewvc?view=rev&rev=547930
Log:
Fix bug 42643. Prevent creation of duplicate function mapper variables.

Modified:
    tomcat/container/tc5.5.x/webapps/docs/changelog.xml
    
tomcat/jasper/tc5.5.x/src/share/org/apache/jasper/compiler/ELFunctionMapper.java

Modified: tomcat/container/tc5.5.x/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/webapps/docs/changelog.xml?view=diff&rev=547930&r1=547929&r2=547930
==============================================================================
--- tomcat/container/tc5.5.x/webapps/docs/changelog.xml (original)
+++ tomcat/container/tc5.5.x/webapps/docs/changelog.xml Sat Jun 16 08:15:25 2007
@@ -14,6 +14,32 @@
   </properties>
 
 <body>
+<section name="Tomcat 5.5.25 (fhanik)">
+  <subsection name="Catalina">
+    <changelog>
+      <fix>
+        Fix XSS security vulnerability (CVE-2007-2450) in the Manager and Host
+        Manager. Reported by Daiki Fukumori. (markt)
+      </fix>
+    </changelog>
+  </subsection>
+  <subsection name="Jasper">
+    <changelog>
+      <fix>
+        <bug>42643</bug> Prevent creation of duplicate JSP function mapper
+        variables. (markt)
+      </fix>
+    </changelog>
+  </subsection>
+  <subsection name="Webapps">
+    <changelog>
+      <fix>
+        Fix XSS security vulnerabilities (CVE-2007-2449) in the examples.
+        Reported by Toshiharu Sugiyama. (markt)
+      </fix>
+    </changelog>
+  </subsection>
+</section>
 <section name="Tomcat 5.5.24 (fhanik)">
   <subsection name="General">
     <changelog>

Modified: 
tomcat/jasper/tc5.5.x/src/share/org/apache/jasper/compiler/ELFunctionMapper.java
URL: 
http://svn.apache.org/viewvc/tomcat/jasper/tc5.5.x/src/share/org/apache/jasper/compiler/ELFunctionMapper.java?view=diff&rev=547930&r1=547929&r2=547930
==============================================================================
--- 
tomcat/jasper/tc5.5.x/src/share/org/apache/jasper/compiler/ELFunctionMapper.java
 (original)
+++ 
tomcat/jasper/tc5.5.x/src/share/org/apache/jasper/compiler/ELFunctionMapper.java
 Sat Jun 16 08:15:25 2007
@@ -23,7 +23,7 @@
 
 /**
  * This class generates functions mappers for the EL expressions in the page.
- * Instead of a global mapper, a mapper is used for ecah call to EL
+ * Instead of a global mapper, a mapper is used for each call to EL
  * evaluator, thus avoiding the prefix overlapping and redefinition
  * issues.
  *
@@ -31,7 +31,7 @@
  */
 
 public class ELFunctionMapper {
-    static private int currFunc = 0;
+    private int currFunc = 0;
     StringBuffer ds;  // Contains codes to initialize the functions mappers.
     StringBuffer ss;  // Contains declarations of the functions mappers.
 
@@ -44,7 +44,6 @@
     public static void map(Compiler compiler, Node.Nodes page) 
                 throws JasperException {
 
-        currFunc = 0;
         ELFunctionMapper map = new ELFunctionMapper();
         map.ds = new StringBuffer();
         map.ss = new StringBuffer();



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]