Return-Path: Delivered-To: apmail-jakarta-tomcat-dev-archive@apache.org Received: (qmail 27095 invoked from network); 3 Jan 2003 22:48:45 -0000 Received: from exchange.sun.com (192.18.33.10) by daedalus.apache.org with SMTP; 3 Jan 2003 22:48:45 -0000 Received: (qmail 23094 invoked by uid 97); 3 Jan 2003 22:50:01 -0000 Delivered-To: qmlist-jakarta-archive-tomcat-dev@jakarta.apache.org Received: (qmail 23073 invoked by uid 97); 3 Jan 2003 22:50:00 -0000 Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Tomcat Developers List" Reply-To: "Tomcat Developers List" Delivered-To: mailing list tomcat-dev@jakarta.apache.org Received: (qmail 23055 invoked by uid 98); 3 Jan 2003 22:50:00 -0000 X-Antivirus: nagoya (v4218 created Aug 14 2002) From: "Roberto Casanova" To: "'Tomcat Developers List'" Subject: RE: cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core StandardServer.java Date: Fri, 3 Jan 2003 23:48:38 +0100 Message-ID: <000801c2b37a$41cc5f50$0201a8c0@robertoh> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 In-Reply-To: <3E15EAA9.4020504@apache.org> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Importance: Normal X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N I see another problem with this code. Suppose for some reason we have an attribute or resource parameter value like the following (without the quotes): "> corresponds to >" The correct XML for this string is: "&gt; corresponds to >" However this code would write to server.xml: "> corresponds to >" The next time the server.xml file is read in, we end up with: "> corresponds to >" which is different than the original string. In my opinion this portion of the code should be left as it was in revision 1.32: Roberto > -----Original Message----- > From: Amy Roh [mailto:amyroh@apache.org] > Sent: Friday, January 03, 2003 20:55 > To: Tomcat Developers List > Subject: Re: cvs commit: > jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core > StandardServer.java > > > Christoph Seibert wrote: > > Hi there, > > > > I think there is a problem with the following fix: > > > >> amyroh 2003/01/02 17:59:09 > >> > >> Modified: catalina/src/share/org/apache/catalina/core > >> StandardServer.java > >> Log: > >> Fix for bugzilla 15762. > > > > [...] > > > >> diff -u -r1.32 -r1.33 > >> --- StandardServer.java 11 Sep 2002 14:19:33 -0000 1.32 > >> +++ StandardServer.java 3 Jan 2003 01:59:08 -0000 1.33 > >> @@ -824,7 +824,15 @@ > >> } else if (c == '"') { > >> filtered.append("""); > >> } else if (c == '&') { > >> - filtered.append("&"); > >> + char s1 = input.charAt(i+3); > >> + char s2 = input.charAt(i+4); > >> + char s3 = input.charAt(i+5); > >> + if (((s1 == ';') || (s2 == ';')) || (s3 > == ';')) { > >> + // do not convert if it's already > in converted > >> form > >> + filtered.append(c); > >> + } else { > >> + filtered.append("&"); > >> + } > >> } else { > >> filtered.append(c); > >> } > > > > > > (Note: I haven't had a look at the surrounding code yet, so > I have to > > assume that 'i' is the position of 'c', that is the '&' character.) > > > > This code assumes that character or entity references will not be > > shorter than 4 characters (including the delimiters '&' and > ';') and > > no longer than 6. However, the XML specification does not > in any way > > define restrictions like that. For example, '&d;' is a valid entity > > reference (assuming it was defined in the DTD). Worse, character or > > entity references can have arbitrary length. For example, > > ' ' is a valid character reference to the ' > ' (space) > > character. > > > > I'm sorry I don't have a better fix right now, but I assume > one would > > have to iterate through the characters following the '&' > until either > > a ';' is found or a character occurs that is not a legal part of an > > entity reference name (or in the case of a character reference, not > > one of [0-9] for decimal or [0-9a-fA-F] for hexadecimal). > > > > (Actually, I believe this wheel must already have been > invented, but > > with only looking at this code snippet, I don't really know.) > > I believe iterating through the characters following the '&' > to look for > ';' is found will fix the problem. A character such as > ' ' without following ';' will result in parsing error > where as ' ' will be written as a space(' '). > > Thanks, > Amy > > > > > Ciao, > > Christoph > > > -- To unsubscribe, e-mail: For additional commands, e-mail: