cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Donald Ball <ba...@webslingerZ.com>
Subject Re: xslt parameter patch
Date Tue, 02 May 2000 19:35:12 GMT
On Tue, 2 May 2000, Robin Green wrote:

> balld wrote:
> >   +				StringCharacterIterator iter = new StringCharacterIterator(name);
> >   +				boolean valid_name = true;
> >   +				for (char c = iter.first(); c != iter.DONE; c = iter.next()) {
> >   +					if (!(Character.isLetterOrDigit(c) ||
> >   +						c == '-' ||
> >   +						c == '_' ||
> >   +						c == '.')) {
> >   +						valid_name = false;
> >   +						break;
> >   +					}
> >   +				}
> >   +				if (valid_name) {
> >   +                	params.put(name, request.getParameter(name));
> >   +				}
> >                }
> >            }
> >
> >   @@ -198,4 +212,4 @@
> >        public String getStatus() {
> >            return "XSLT Processor";
> >        }
> >   -}
> >   \ No newline at end of file
> >   +}
> >
> 
> 
> Thanx for the patch!
> 
> Personally I prefer some indication of what has gone wrong. Also the _value_ 
> of the parameter also needs to be checked. Here is a different patch which 
> checks both and gives some indication of errors (to someone who is debugging 
> their code).

Couple of questions about your patch:

1. why validate the value? It doesn't have to be a qname, right?

2. your patch doesn't exactly provide an indication that something went
wrong, it just turns invalid qnames into "invalidXSLTstring". why not
simply translate invalid characters into valid ones (e.g. all invalid
characters into _)? personally, i think this is bad since you're allowing
for name collision, but others might think it's an acceptable tradeoff.

3. how _should_ you provide an indication that something went wrong (i
agree that it would be nice)? most people would argue that this is a
non-fatal error, so we shouldn't simply toss an exception and bail out. It
would be nice if we could log a warning and continue. Doesn't cocoon-1.x
have a logging facility now?

- donald

> WARNING - this is a patch for an older version so line numbers may be wrong.
> 
> 
> --- src/org/apache/cocoon/processor/xslt/XSLTProcessor.java     Mon Mar 20 
> 22:46:18 2000
> +++ build/src/org/apache/cocoon/processor/xslt/XSLTProcessor.java       Tue 
> May  2 20:18:22 2000
> @@ -4,7 +4,7 @@
>                     The Apache Software License, Version 1.1
>   
> ============================================================================
> 
> - Copyright (C) @year@ The Apache Software Foundation. All rights reserved.
> + Copyright (C) 1999-2000 The Apache Software Foundation. All rights 
> reserved.
> 
>   Redistribution and use in source and binary forms, with or without 
> modifica-
>   tion, are permitted provided that the following conditions are met:
> @@ -53,6 +53,7 @@
> 
> import java.io.*;
> import java.net.*;
> +import java.text.StringCharacterIterator;
> import java.util.*;
> import org.w3c.dom.*;
> import javax.servlet.http.*;
> @@ -100,7 +101,7 @@
>          Enumeration enum = request.getParameterNames();
>          while (enum.hasMoreElements()) {
>              String name = (String) enum.nextElement();
> -            params.put(name, request.getParameter(name));
> +            params.put(validate(name), 
> validate(request.getParameter(name)));
>          }
> 
>          try {
> @@ -113,6 +114,20 @@
>          }
>      }
> 
> +    private String validate (String xsltString) {
> +       StringCharacterIterator iter =
> +           new StringCharacterIterator(xsltString);
> +       for (char c = iter.first(); c != iter.DONE; c = iter.next()) {
> +           if (!(Character.isLetterOrDigit(c) ||
> +                 c == '-' ||
> +                 c == '_' ||
> +                 c == '.')) {
> +               return "invalidXSLTString";
> +           }
> +       }
> +       return xsltString;
> +    }
> +
>      private Object getResource(Document document, String path, String 
> browser) throws ProcessorException {
> 
>          Object resource = null;
> @@ -204,4 +219,4 @@
>      public String getStatus() {
>          return "XSLT Processor";
>      }
> -}
> \ No newline at end of file
> +}
> 
> 
> 
> --
> Robin
> 
> 270+ Open Source Java links! 
> http://directory.mozilla.org/Computers/Programming/Languages/Java/Open_Source/
> 
> ________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
> 
> 


Mime
View raw message