Return-Path: Delivered-To: apmail-jakarta-tomcat-dev-archive@www.apache.org Received: (qmail 99369 invoked from network); 6 Jan 2004 15:26:41 -0000 Received: from daedalus.apache.org (HELO mail.apache.org) (208.185.179.12) by minotaur-2.apache.org with SMTP; 6 Jan 2004 15:26:41 -0000 Received: (qmail 94770 invoked by uid 500); 6 Jan 2004 15:26:31 -0000 Delivered-To: apmail-jakarta-tomcat-dev-archive@jakarta.apache.org Received: (qmail 94547 invoked by uid 500); 6 Jan 2004 15:26:29 -0000 Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Tomcat Developers List" Reply-To: "Tomcat Developers List" Delivered-To: mailing list tomcat-dev@jakarta.apache.org Received: (qmail 94517 invoked from network); 6 Jan 2004 15:26:29 -0000 Received: from unknown (HELO merc65.na.sas.com) (149.173.6.60) by daedalus.apache.org with SMTP; 6 Jan 2004 15:26:29 -0000 Received: from merc17.na.sas.com ([10.16.13.34]) by 10.19.11.13 with InterScan Messaging Security Suite; Tue, 06 Jan 2004 10:26:30 -0500 x-mimeole: Produced By Microsoft Exchange V6.0.6410.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable Subject: RE: cvs commit: jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/resources messages.properties Date: Tue, 6 Jan 2004 10:26:30 -0500 Message-ID: <8D966D6B75EB7F47AA300241BF2E1D0C01D116C4@merc17.na.sas.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: cvs commit: jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/resources messages.properties Thread-Index: AcPSAWtk6cDh+rKFSHG8WRnNTNj2pACZbxQA From: "Larry Isaacs" To: "Tomcat Developers List" X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N Mark, For backwards compatibility, I think the restrictions to the TLD location need to follow the spec level used by the web application. Since JSP 1.1 didn't include much in the way of restrictions, I know of some legacy Servlet 2.2/JSP 1.1 webapps that would fail these restrictions if deployed to Tomcat 5 with this change (or Tomcat 4.1 with the port of this change). If you want, I can take a look at fixing this. Cheers, Larry > -----Original Message----- > From: markt@apache.org [mailto:markt@apache.org]=20 > Sent: Saturday, January 03, 2004 8:57 AM > To: jakarta-tomcat-jasper-cvs@apache.org > Subject: cvs commit:=20 > jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/reso > urces messages.properties >=20 >=20 > markt 2004/01/03 05:56:39 >=20 > Modified: jasper2/src/share/org/apache/jasper/compiler > TagLibraryInfoImpl.java > jasper2/src/share/org/apache/jasper/resources > messages.properties > Log: > - Fix bug 11069. Check that the location of the TLD file is=20 > spec compliant. > =20 > Revision Changes Path > 1.50 +11 -4 =20 > jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/comp > iler/TagLibraryInfoImpl.java > =20 > Index: TagLibraryInfoImpl.java > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > RCS file:=20 > /home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/j > asper/compiler/TagLibraryInfoImpl.java,v > retrieving revision 1.49 > retrieving revision 1.50 > diff -u -r1.49 -r1.50 > --- TagLibraryInfoImpl.java 3 Jan 2004 12:17:18 -0000 1.49 > +++ TagLibraryInfoImpl.java 3 Jan 2004 13:56:38 -0000 1.50 > @@ -5,7 +5,7 @@ > * > * The Apache Software License, Version 1.1 > * > - * Copyright (c) 1999 The Apache Software Foundation. All rights=20 > + * Copyright (c) 1999,2004 The Apache Software Foundation.=20 > All rights=20 > * reserved. > * > * Redistribution and use in source and binary forms, with=20 > or without > @@ -200,6 +200,13 @@ > } > } catch (FileNotFoundException ex) { > =20 > err.jspError("jsp.error.file.not.found", location[0]); > + } > + > + // Check TLD file location conforms to JSP.7.3.1 > + if (!location[0].startsWith("/WEB-INF/") > + ||=20 > location[0].startsWith("/WEB-INF/classes/") > + ||=20 > location[0].startsWith("/WEB-INF/lib/")) { > + =20 > err.jspError("jsp.error.tld.invalid.location", location[0]); > } > =20 > parseTLD(ctxt, location[0], in, null); > =20 > =20 > =20 > 1.138 +2 -1 =20 > jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/reso > urces/messages.properties > =20 > Index: messages.properties > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > RCS file:=20 > /home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/j > asper/resources/messages.properties,v > retrieving revision 1.137 > retrieving revision 1.138 > diff -u -r1.137 -r1.138 > --- messages.properties 11 Dec 2003 18:24:21 -0000 1.137 > +++ messages.properties 3 Jan 2004 13:56:39 -0000 1.138 > @@ -187,6 +187,7 @@ > jsp.error.tld.unable_to_read=3DUnable to read TLD \"{1}\"=20 > from JAR file \"{0}\": {2} > jsp.error.tld.unable_to_get_jar=3DUnable to get JAR resource=20 > \"{0}\" containing TLD: {1} > jsp.error.tld.missing_jar=3DMissing JAR resource \"{0}\"=20 > containing TLD > +jsp.error.tld.invalid.location=3D\"{0}\" is not a valid=20 > location for a TLD as per JSP specification JSP.7.3.1 > jsp.error.webxml_not_found=3DCould not locate web.xml > jsp.cmd_line.usage=3DUsage: jsptoservlet [-dd=20 > ] [-keepgenerated] \ > <.jsp files> > =20 > =20 > =20 >=20 > --------------------------------------------------------------------- > To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org > For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org >=20 >=20 --------------------------------------------------------------------- To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org