luehe 2004/02/13 16:46:01
Modified: jasper2/src/share/org/apache/jasper/compiler
JspDocumentParser.java
Log:
Fixed Bugtraq 4994881 ("Parser for JSP pages in XML syntax ignores
custom action's body type")
Sorry this commit is so close to the tagging, but it's an important fix.
Revision Changes Path
1.76 +54 -3
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspDocumentParser.java
Index: JspDocumentParser.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspDocumentParser.java,v
retrieving revision 1.75
retrieving revision 1.76
diff -u -r1.75 -r1.76
--- JspDocumentParser.java 19 Jan 2004 10:34:30 -0000 1.75
+++ JspDocumentParser.java 14 Feb 2004 00:46:00 -0000 1.76
@@ -116,6 +116,13 @@
// Node representing the XML element currently being parsed
private Node current;
+ /*
+ * Outermost (in the nesting hierarchy) node whose body is declared to be
+ * scriptless. If a node's body is declared to be scriptless, all its
+ * nested nodes must be scriptless, too.
+ */
+ private Node scriptlessBodyNode;
+
private Locator locator;
//Mark representing the start of the current element. Note
@@ -393,6 +400,19 @@
taglibAttrs,
startMark,
current);
+ } else {
+ // custom action
+ Node.CustomTag custom = (Node.CustomTag) node;
+ String bodyType;
+ if (custom.getTagInfo() != null) {
+ bodyType = custom.getTagInfo().getBodyContent();
+ } else {
+ bodyType = custom.getTagFileInfo().getTagInfo().getBodyContent();
+ }
+ if (scriptlessBodyNode == null
+ &&
bodyType.equalsIgnoreCase(TagInfo.BODY_CONTENT_SCRIPTLESS)) {
+ scriptlessBodyNode = node;
+ }
}
}
@@ -598,6 +618,10 @@
if (current.getParent() != null) {
current = current.getParent();
+ if (scriptlessBodyNode != null
+ && current.equals(scriptlessBodyNode)) {
+ scriptlessBodyNode = null;
+ }
}
}
@@ -786,6 +810,15 @@
current);
processIncludeDirective(nonTaglibAttrs.getValue("file"), node);
} else if (localName.equals(DECLARATION_ACTION)) {
+ if (scriptlessBodyNode != null) {
+ // We're nested inside a node whose body is
+ // declared to be scriptless
+ throw new SAXParseException(
+ Localizer.getMessage(
+ "jsp.error.no.scriptlets",
+ localName),
+ locator);
+ }
node =
new Node.Declaration(
qName,
@@ -794,6 +827,15 @@
start,
current);
} else if (localName.equals(SCRIPTLET_ACTION)) {
+ if (scriptlessBodyNode != null) {
+ // We're nested inside a node whose body is
+ // declared to be scriptless
+ throw new SAXParseException(
+ Localizer.getMessage(
+ "jsp.error.no.scriptlets",
+ localName),
+ locator);
+ }
node =
new Node.Scriptlet(
qName,
@@ -802,6 +844,15 @@
start,
current);
} else if (localName.equals(EXPRESSION_ACTION)) {
+ if (scriptlessBodyNode != null) {
+ // We're nested inside a node whose body is
+ // declared to be scriptless
+ throw new SAXParseException(
+ Localizer.getMessage(
+ "jsp.error.no.scriptlets",
+ localName),
+ locator);
+ }
node =
new Node.Expression(
qName,
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
