Return-Path: 
 <dev-return-77710-apmail-tomcat-dev-archive=tomcat.apache.org@tomcat.apache.org>
Delivered-To: apmail-tomcat-dev-archive@www.apache.org
Received: (qmail 92594 invoked from network); 4 Jan 2007 18:09:55 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 4 Jan 2007 18:09:55 -0000
Received: (qmail 8657 invoked by uid 500); 4 Jan 2007 18:00:18 -0000
Delivered-To: apmail-tomcat-dev-archive@tomcat.apache.org
Received: (qmail 7944 invoked by uid 500); 4 Jan 2007 18:00:13 -0000
Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@tomcat.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@tomcat.apache.org>
List-Post: <mailto:dev@tomcat.apache.org>
List-Id: <dev.tomcat.apache.org>
Reply-To: "Tomcat Developers List" <dev@tomcat.apache.org>
Delivered-To: mailing list dev@tomcat.apache.org
Received: (qmail 7664 invoked by uid 500); 4 Jan 2007 18:00:11 -0000
Delivered-To: apmail-jakarta-tomcat-dev@jakarta.apache.org
Received: (qmail 7532 invoked by uid 99); 4 Jan 2007 18:00:10 -0000
Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 04 Jan 2007 10:00:10 -0800
X-ASF-Spam-Status: No, hits=-7.6 required=10.0
	tests=ALL_TRUSTED,NO_REAL_NAME,SUBJECT_DRUG_GAP_L
X-Spam-Check-By: apache.org
Received: from [140.211.11.3] (HELO eris.apache.org) (140.211.11.3)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 04 Jan 2007 09:04:18 -0800
Received: by eris.apache.org (Postfix, from userid 65534)
	id 7EEB81A981C; Thu,  4 Jan 2007 09:03:06 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r492639 -
 /tomcat/tc6.0.x/trunk/java/org/apache/jasper/compiler/Validator.java
Date: Thu, 04 Jan 2007 17:03:06 -0000
To: tomcat-dev@jakarta.apache.org
From: remm@apache.org
X-Mailer: svnmailer-1.1.0
Message-Id: <20070104170306.7EEB81A981C@eris.apache.org>
X-Virus-Checked: Checked by ClamAV on apache.org

Author: remm
Date: Thu Jan  4 09:03:05 2007
New Revision: 492639

URL: http://svn.apache.org/viewvc?view=rev&rev=492639
Log:
- More accurate validation of EL. Needs testing.

Modified:
    tomcat/tc6.0.x/trunk/java/org/apache/jasper/compiler/Validator.java

Modified: tomcat/tc6.0.x/trunk/java/org/apache/jasper/compiler/Validator.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/jasper/compiler/Validator.java?view=diff&rev=492639&r1=492638&r2=492639
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/jasper/compiler/Validator.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/jasper/compiler/Validator.java Thu Jan  4 09:03:05 2007
@@ -1018,24 +1018,46 @@
             TagAttributeInfo[] tldAttrs = tagInfo.getAttributes();
             Attributes attrs = n.getAttributes();
 
+            boolean checkDeferred = !pageInfo.isDeferredSyntaxAllowedAsLiteral()
+                && !(tagInfo.getTagLibrary().getRequiredVersion().equals("2.0")
+                        || tagInfo.getTagLibrary().getRequiredVersion().equals("1.2"));
+
             for (int i = 0; attrs != null && i < attrs.getLength(); i++) {
                 boolean found = false;
+                
+                boolean runtimeExpression = ((n.getRoot().isXmlSyntax() && attrs.getValue(i).startsWith("%="))
+                        || (!n.getRoot().isXmlSyntax() && attrs.getValue(i).startsWith("<%=")));
+                boolean elExpression = false;
+                boolean deferred = false;
+                boolean deferredValueIsLiteral = false;
+
+                ELNode.Nodes el = null;
+                if (!runtimeExpression) {
+                    el = ELParser.parse(attrs.getValue(i));
+                    Iterator<ELNode> nodes = el.iterator();
+                    while (nodes.hasNext()) {
+                        ELNode node = nodes.next();
+                        if (node instanceof ELNode.Root) {
+                            if (((ELNode.Root) node).getType() == '$') {
+                                elExpression = true;
+                            } else if (checkDeferred && ((ELNode.Root) node).getType() == '#') {
+                                elExpression = true;
+                                deferred = true;
+                                if (pageInfo.isELIgnored()) {
+                                    deferredValueIsLiteral = true;
+                                }
+                            }
+                        }
+                    }
+                }
+
+                boolean expression = runtimeExpression || (elExpression  && !pageInfo.isELIgnored());
+                
                 for (int j = 0; tldAttrs != null && j < tldAttrs.length; j++) {
                     if (attrs.getLocalName(i).equals(tldAttrs[j].getName())
                             && (attrs.getURI(i) == null
                                     || attrs.getURI(i).length() == 0 || attrs
                                     .getURI(i).equals(n.getURI()))) {
-                        boolean checkDeferred = !(tagInfo.getTagLibrary().getRequiredVersion().equals("2.0")
-                                || tagInfo.getTagLibrary().getRequiredVersion().equals("1.2"));
-                        boolean deferred = false;
-                        boolean deferredValueIsLiteral = false;
-                        boolean expression = isExpression(n, attrs.getValue(i), checkDeferred);
-                        if (checkDeferred && attrs.getValue(i).indexOf("#{") != -1) {
-                            deferred = true;
-                            if (pageInfo.isELIgnored()) {
-                                deferredValueIsLiteral = true;
-                            }
-                        }
                         
                         if (tldAttrs[j].canBeRequestTime()
                                 || tldAttrs[j].isDeferredMethod() || tldAttrs[j].isDeferredValue()) { // JSP 2.1
@@ -1327,14 +1349,28 @@
          * expression.
          */
         private boolean isExpression(Node n, String value, boolean checkDeferred) {
-            if ((n.getRoot().isXmlSyntax() && value.startsWith("%="))
-                    || (!n.getRoot().isXmlSyntax() && value.startsWith("<%="))
-                    || (value.indexOf("${") != -1 && !pageInfo.isELIgnored())
-                    || (checkDeferred && value.indexOf("#{") != -1 && !pageInfo.isELIgnored()
-                            && !pageInfo.isDeferredSyntaxAllowedAsLiteral()))
-                return true;
-            else
-                return false;
+            
+            boolean runtimeExpression = ((n.getRoot().isXmlSyntax() && value.startsWith("%="))
+                    || (!n.getRoot().isXmlSyntax() && value.startsWith("<%=")));
+            boolean elExpression = false;
+
+            if (!runtimeExpression && !pageInfo.isELIgnored()) {
+                Iterator<ELNode> nodes = ELParser.parse(value).iterator();
+                while (nodes.hasNext()) {
+                    ELNode node = nodes.next();
+                    if (node instanceof ELNode.Root) {
+                        if (((ELNode.Root) node).getType() == '$') {
+                            elExpression = true;
+                        } else if (checkDeferred && !pageInfo.isDeferredSyntaxAllowedAsLiteral() 
+                                && ((ELNode.Root) node).getType() == '#') {
+                            elExpression = true;
+                        }
+                    }
+                }
+            }
+
+            return runtimeExpression || elExpression;
+
         }
 
         /*



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org