tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 44391] New: - SSI handling of escaped characters broken
Date Mon, 11 Feb 2008 12:37:40 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=44391>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=44391

           Summary: SSI handling of escaped characters broken
           Product: Tomcat 6
           Version: 6.0.14
          Platform: Other
        OS/Version: other
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Catalina
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: konrad_w@gmx.de


In org.apache.catalina.ssi.SSIProcessor the method parseParamNames is broken. If
I have a SSI directive like <!--#set var="test" value="blubb\"\"" --> the method
detects three parameters instead of two. This is because there are two
consecutive escaped characters. Although the first one \" is detected correctly
the next one isn't because the flag escaped is still set to true, although this
character isn't escaped anymore.

You have to replace

boolean escaped = false;
for (; bIdx < cmd.length() && quotes != 2; bIdx++) {
  char c = cmd.charAt(bIdx);
  // Need to skip escaped characters
  if (c == '\\' && !escaped) {
    escaped = true;
    bIdx++;
    continue;
  }
  escaped = false;
  if (c == '"') quotes++;
}

by 

for (; bIdx < cmd.length() && quotes != 2; bIdx++) {
  char c = cmd.charAt(bIdx);
  // Need to skip escaped characters
  if (c == '\\') {
    bIdx++;
    continue;
  }
  if (c == '"') quotes++;
}

Just removing the flag escaped is sufficient, because you don't have to remember
whether the last character was escaped and that should have no influence to
consecutive characters.

The bug still exists in the HEAD revision of the repository.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message