You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@sling.apache.org by cz...@apache.org on 2012/01/13 09:57:09 UTC

svn commit: r1230926 - /sling/trunk/bundles/scripting/jsp-taglib/src/main/java/org/apache/sling/scripting/jsp/taglib/AbstractDispatcherTagHandler.java

Author: cziegeler
Date: Fri Jan 13 08:57:09 2012
New Revision: 1230926

URL: http://svn.apache.org/viewvc?rev=1230926&view=rev
Log:
SLING-2353 : Prevent <sling:include resource="<%= null %>" /> to include itself

Modified:
    sling/trunk/bundles/scripting/jsp-taglib/src/main/java/org/apache/sling/scripting/jsp/taglib/AbstractDispatcherTagHandler.java

Modified: sling/trunk/bundles/scripting/jsp-taglib/src/main/java/org/apache/sling/scripting/jsp/taglib/AbstractDispatcherTagHandler.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/scripting/jsp-taglib/src/main/java/org/apache/sling/scripting/jsp/taglib/AbstractDispatcherTagHandler.java?rev=1230926&r1=1230925&r2=1230926&view=diff
==============================================================================
--- sling/trunk/bundles/scripting/jsp-taglib/src/main/java/org/apache/sling/scripting/jsp/taglib/AbstractDispatcherTagHandler.java (original)
+++ sling/trunk/bundles/scripting/jsp-taglib/src/main/java/org/apache/sling/scripting/jsp/taglib/AbstractDispatcherTagHandler.java Fri Jan 13 08:57:09 2012
@@ -114,6 +114,11 @@ public abstract class AbstractDispatcher
             }
         }
 
+        // prevent useless recursion, we don't need to use equals here(!)
+        if ( resource == request.getResource()
+             && resourceType == null && replaceSelectors == null && addSelectors == null && replaceSuffix == null ) {
+            throw new JspTagException("Resource is including itself without changing resource type, selectors, or suffix!");
+        }
         try {
             // create a dispatcher for the resource or path
             RequestDispatcher dispatcher;
@@ -131,11 +136,11 @@ public abstract class AbstractDispatcher
                 TagUtil.log(log, pageContext, "No content to include...", null);
             }
 
-        } catch (JspTagException jte) {
+        } catch (final JspTagException jte) {
             throw jte;
-        } catch (IOException ioe) {
+        } catch (final IOException ioe) {
             throw new JspTagException(ioe);
-        } catch (ServletException ce) {
+        } catch (final ServletException ce) {
             throw new JspTagException(TagUtil.getRootCause(ce));
         }