Author: nbubna
Date: Fri Oct 14 14:55:18 2005
New Revision: 321227
URL: http://svn.apache.org/viewcvs?rev=321227&view=rev
Log:
add a parse-depth to prevent infinite recursion
Modified:
jakarta/velocity/tools/trunk/src/java/org/apache/velocity/tools/generic/RenderTool.java
Modified:
jakarta/velocity/tools/trunk/src/java/org/apache/velocity/tools/generic/RenderTool.java
URL:
http://svn.apache.org/viewcvs/jakarta/velocity/tools/trunk/src/java/org/apache/velocity/tools/generic/RenderTool.java?rev=321227&r1=321226&r2=321227&view=diff
==============================================================================
---
jakarta/velocity/tools/trunk/src/java/org/apache/velocity/tools/generic/RenderTool.java
(original)
+++
jakarta/velocity/tools/trunk/src/java/org/apache/velocity/tools/generic/RenderTool.java
Fri Oct 14 14:55:18 2005
@@ -1,5 +1,5 @@
/*
- * Copyright 2003 The Apache Software Foundation.
+ * Copyright 2003-2005 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -14,16 +14,13 @@
* limitations under the License.
*/
-
package org.apache.velocity.tools.generic;
-
import java.io.StringWriter;
import org.apache.velocity.app.Velocity;
import org.apache.velocity.app.VelocityEngine;
import org.apache.velocity.context.Context;
-
/**
* This tool exposes methods to evaluate the given
* strings as VTL (Velocity Template Language)
@@ -70,15 +67,20 @@
* scope of a servlet environment.</p>
*
* @author <a href="mailto:[EMAIL PROTECTED]">Nathan Bubna</a>
- * @version $Revision: 1.10 $ $Date: 2004/11/12 02:02:25 $
+ * @version $Revision$ $Date$
*/
-
public class RenderTool
{
+ /**
+ * The maximum number of loops allowed when recursing.
+ * @since VelocityTools 1.2
+ */
+ public static final int DEFAULT_PARSE_DEPTH = 20;
private static final String LOG_TAG = "RenderTool.eval()";
private VelocityEngine engine = null;
+ private int parseDepth = DEFAULT_PARSE_DEPTH;
/**
* Allow user to specify a VelocityEngine to be used
@@ -90,6 +92,26 @@
}
/**
+ * Set the maximum number of loops allowed when recursing.
+ *
+ * @since VelocityTools 1.2
+ */
+ public void setParseDepth(int depth)
+ {
+ this.parseDepth = depth;
+ }
+
+ /**
+ * Get the maximum number of loops allowed when recursing.
+ *
+ * @since VelocityTools 1.2
+ */
+ public int getParseDepth()
+ {
+ return this.parseDepth;
+ }
+
+ /**
* <p>Evaluates a String containing VTL using the current context,
* and returns the result as a String. If this fails, then
* <code>null</code> will be returned. This evaluation is not
@@ -128,9 +150,8 @@
* current context, and returns the result as a String. It
* will continue to re-evaluate the output of the last
* evaluation until an evaluation returns the same code
- * that was fed into it.</p>
- *
- * FIXME? add a parse-depth to prevent infinite recursion?
+ * that was fed into it or the number of recursive loops
+ * exceeds the set parse depth.</p>
*
* @param ctx the current Context
* @param vtl the code to be evaluated
@@ -138,6 +159,11 @@
*/
public String recurse(Context ctx, String vtl) throws Exception
{
+ return internalRecurse(ctx, vtl, 0);
+ }
+
+ protected String internalRecurse(Context ctx, String vtl, int count)
throws Exception
+ {
String result = eval(ctx, vtl);
if (result == null || result.equals(vtl))
{
@@ -145,7 +171,18 @@
}
else
{
- return recurse(ctx, result);
+ // if we haven't reached our parse depth...
+ if (count < parseDepth)
+ {
+ // continue recursing
+ return internalRecurse(ctx, result, count++);
+ }
+ else
+ {
+ // abort and return what we have so far
+ //FIXME: notify the developer or user somehow??
+ return result;
+ }
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
