cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robin Green" <gree...@hotmail.com>
Subject Re: xslt parameter patch
Date Tue, 02 May 2000 20:24:58 GMT
balld wrote:
>   +				StringCharacterIterator iter = new StringCharacterIterator(name);
>   +				boolean valid_name = true;
>   +				for (char c = iter.first(); c != iter.DONE; c = iter.next()) {
>   +					if (!(Character.isLetterOrDigit(c) ||
>   +						c == '-' ||
>   +						c == '_' ||
>   +						c == '.')) {
>   +						valid_name = false;
>   +						break;
>   +					}
>   +				}
>   +				if (valid_name) {
>   +                	params.put(name, request.getParameter(name));
>   +				}
>                }
>            }
>
>   @@ -198,4 +212,4 @@
>        public String getStatus() {
>            return "XSLT Processor";
>        }
>   -}
>   \ No newline at end of file
>   +}
>


Thanx for the patch!

Personally I prefer some indication of what has gone wrong. Also the _value_ 
of the parameter also needs to be checked. Here is a different patch which 
checks both and gives some indication of errors (to someone who is debugging 
their code).

WARNING - this is a patch for an older version so line numbers may be wrong.


--- src/org/apache/cocoon/processor/xslt/XSLTProcessor.java     Mon Mar 20 
22:46:18 2000
+++ build/src/org/apache/cocoon/processor/xslt/XSLTProcessor.java       Tue 
May  2 20:18:22 2000
@@ -4,7 +4,7 @@
                    The Apache Software License, Version 1.1
  
============================================================================

- Copyright (C) @year@ The Apache Software Foundation. All rights reserved.
+ Copyright (C) 1999-2000 The Apache Software Foundation. All rights 
reserved.

  Redistribution and use in source and binary forms, with or without 
modifica-
  tion, are permitted provided that the following conditions are met:
@@ -53,6 +53,7 @@

import java.io.*;
import java.net.*;
+import java.text.StringCharacterIterator;
import java.util.*;
import org.w3c.dom.*;
import javax.servlet.http.*;
@@ -100,7 +101,7 @@
         Enumeration enum = request.getParameterNames();
         while (enum.hasMoreElements()) {
             String name = (String) enum.nextElement();
-            params.put(name, request.getParameter(name));
+            params.put(validate(name), 
validate(request.getParameter(name)));
         }

         try {
@@ -113,6 +114,20 @@
         }
     }

+    private String validate (String xsltString) {
+       StringCharacterIterator iter =
+           new StringCharacterIterator(xsltString);
+       for (char c = iter.first(); c != iter.DONE; c = iter.next()) {
+           if (!(Character.isLetterOrDigit(c) ||
+                 c == '-' ||
+                 c == '_' ||
+                 c == '.')) {
+               return "invalidXSLTString";
+           }
+       }
+       return xsltString;
+    }
+
     private Object getResource(Document document, String path, String 
browser) throws ProcessorException {

         Object resource = null;
@@ -204,4 +219,4 @@
     public String getStatus() {
         return "XSLT Processor";
     }
-}
\ No newline at end of file
+}



--
Robin

270+ Open Source Java links! 
http://directory.mozilla.org/Computers/Programming/Languages/Java/Open_Source/

________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com


Mime
View raw message