Return-Path: Delivered-To: apmail-jakarta-tomcat-dev-archive@apache.org Received: (qmail 11441 invoked from network); 3 Jan 2003 12:03:38 -0000 Received: from exchange.sun.com (192.18.33.10) by daedalus.apache.org with SMTP; 3 Jan 2003 12:03:38 -0000 Received: (qmail 23532 invoked by uid 97); 3 Jan 2003 12:04:48 -0000 Delivered-To: qmlist-jakarta-archive-tomcat-dev@jakarta.apache.org Received: (qmail 23481 invoked by uid 97); 3 Jan 2003 12:04:47 -0000 Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Tomcat Developers List" Reply-To: "Tomcat Developers List" Delivered-To: mailing list tomcat-dev@jakarta.apache.org Received: (qmail 23468 invoked by uid 98); 3 Jan 2003 12:04:47 -0000 X-Antivirus: nagoya (v4218 created Aug 14 2002) Date: Fri, 3 Jan 2003 13:03:02 +0100 Subject: Re: cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core StandardServer.java Content-Type: text/plain; charset=US-ASCII; format=flowed Mime-Version: 1.0 (Apple Message framework v551) From: Christoph Seibert To: "Tomcat Developers List" Content-Transfer-Encoding: 7bit In-Reply-To: <20030103015910.71774.qmail@icarus.apache.org> Message-Id: <4F26BD35-1F13-11D7-8D9D-0003931820DA@cs.uni-bonn.de> X-Mailer: Apple Mail (2.551) X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Hi there, I think there is a problem with the following fix: > amyroh 2003/01/02 17:59:09 > > Modified: catalina/src/share/org/apache/catalina/core > StandardServer.java > Log: > Fix for bugzilla 15762. [...] > diff -u -r1.32 -r1.33 > --- StandardServer.java 11 Sep 2002 14:19:33 -0000 1.32 > +++ StandardServer.java 3 Jan 2003 01:59:08 -0000 1.33 > @@ -824,7 +824,15 @@ > } else if (c == '"') { > filtered.append("""); > } else if (c == '&') { > - filtered.append("&"); > + char s1 = input.charAt(i+3); > + char s2 = input.charAt(i+4); > + char s3 = input.charAt(i+5); > + if (((s1 == ';') || (s2 == ';')) || (s3 == ';')) { > + // do not convert if it's already in converted > form > + filtered.append(c); > + } else { > + filtered.append("&"); > + } > } else { > filtered.append(c); > } (Note: I haven't had a look at the surrounding code yet, so I have to assume that 'i' is the position of 'c', that is the '&' character.) This code assumes that character or entity references will not be shorter than 4 characters (including the delimiters '&' and ';') and no longer than 6. However, the XML specification does not in any way define restrictions like that. For example, '&d;' is a valid entity reference (assuming it was defined in the DTD). Worse, character or entity references can have arbitrary length. For example, ' ' is a valid character reference to the ' ' (space) character. I'm sorry I don't have a better fix right now, but I assume one would have to iterate through the characters following the '&' until either a ';' is found or a character occurs that is not a legal part of an entity reference name (or in the case of a character reference, not one of [0-9] for decimal or [0-9a-fA-F] for hexadecimal). (Actually, I believe this wheel must already have been invented, but with only looking at this code snippet, I don't really know.) Ciao, Christoph -- --- Christoph Seibert seibert@cs.uni-bonn.de --- -- Farlon Dragon -==(UDIC)==- http://home.pages.de/~seibert/ -- - Who can possibly rule if no one - - who wants to can be allowed to? - D. Adams, HHGTTG - -- To unsubscribe, e-mail: For additional commands, e-mail: