You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2010/11/03 19:35:16 UTC
svn commit: r1030599 - in /tomcat/tc6.0.x/trunk: STATUS.txt
java/org/apache/el/parser/AstDotSuffix.java
java/org/apache/el/parser/AstIdentifier.java
java/org/apache/el/util/Validation.java webapps/docs/config/systemprops.xml
Author: markt
Date: Wed Nov 3 18:35:15 2010
New Revision: 1030599
URL: http://svn.apache.org/viewvc?rev=1030599&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=49217
Provide an option to check that EL identifiers conform to the Java Language Specification.
Added:
tomcat/tc6.0.x/trunk/java/org/apache/el/util/Validation.java (with props)
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
tomcat/tc6.0.x/trunk/java/org/apache/el/parser/AstDotSuffix.java
tomcat/tc6.0.x/trunk/java/org/apache/el/parser/AstIdentifier.java
tomcat/tc6.0.x/trunk/webapps/docs/config/systemprops.xml
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1030599&r1=1030598&r2=1030599&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Wed Nov 3 18:35:15 2010
@@ -89,18 +89,6 @@ PATCHES PROPOSED TO BACKPORT:
cause confusion. I'd prefer not to invent a new name, but mention the
one that we already have when documenting virtualClasspath.
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=49217
- Ensure EL identifiers conform to the Java Language Specification with an
- option to disable this check.
- https://issues.apache.org/bugzilla/attachment.cgi?id=25727
- +1: markt
- +1: kkolinko, rjung (if doc part is adjusted to the code)
- -1:
- kkolinko: doc says the SKIP_* property defaults to false, but in the code the
- default is true. (Maybe tie it to STRICT_SERVLET_COMPLIANCE?)
- Maybe document this in the "Specification" part of the systemprops.xml,
- instead of "Expression Language" as done in 7.0.2?
-
* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=49555
Correctly handle tag libraries that use functions defined in static inner
classes
Modified: tomcat/tc6.0.x/trunk/java/org/apache/el/parser/AstDotSuffix.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/el/parser/AstDotSuffix.java?rev=1030599&r1=1030598&r2=1030599&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/el/parser/AstDotSuffix.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/el/parser/AstDotSuffix.java Wed Nov 3 18:35:15 2010
@@ -21,6 +21,7 @@ package org.apache.el.parser;
import javax.el.ELException;
import org.apache.el.lang.EvaluationContext;
+import org.apache.el.util.Validation;
/**
@@ -36,4 +37,13 @@ public final class AstDotSuffix extends
throws ELException {
return this.image;
}
+
+ @Override
+ public void setImage(String image) {
+ if (!Validation.isIdentifier(image)) {
+ throw new ELException("[" + image +
+ "] is not a valid Java identifier");
+ }
+ this.image = image;
+ }
}
Modified: tomcat/tc6.0.x/trunk/java/org/apache/el/parser/AstIdentifier.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/el/parser/AstIdentifier.java?rev=1030599&r1=1030598&r2=1030599&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/el/parser/AstIdentifier.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/el/parser/AstIdentifier.java Wed Nov 3 18:35:15 2010
@@ -28,6 +28,7 @@ import javax.el.VariableMapper;
import org.apache.el.lang.EvaluationContext;
import org.apache.el.util.MessageFactory;
+import org.apache.el.util.Validation;
/**
@@ -136,6 +137,15 @@ public final class AstIdentifier extends
return this.getMethodExpression(ctx).getMethodInfo(ctx.getELContext());
}
+ @Override
+ public void setImage(String image) {
+ if (!Validation.isIdentifier(image)) {
+ throw new ELException("[" + image +
+ "] is not a valid Java identifier");
+ }
+ this.image = image;
+ }
+
private final MethodExpression getMethodExpression(EvaluationContext ctx)
throws ELException {
Object obj = null;
Added: tomcat/tc6.0.x/trunk/java/org/apache/el/util/Validation.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/el/util/Validation.java?rev=1030599&view=auto
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/el/util/Validation.java (added)
+++ tomcat/tc6.0.x/trunk/java/org/apache/el/util/Validation.java Wed Nov 3 18:35:15 2010
@@ -0,0 +1,108 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.el.util;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
+public class Validation {
+
+ // Java keywords, boolean literals & the null literal in alphabetical order
+ private static final String invalidIdentifiers[] = { "abstract", "assert",
+ "boolean", "break", "byte", "case", "catch", "char", "class", "const",
+ "continue", "default", "do", "double", "else", "enum", "extends",
+ "false", "final", "finally", "float", "for", "goto", "if", "implements",
+ "import", "instanceof", "int", "interface", "long", "native", "new",
+ "null", "package", "private", "protected", "public", "return", "short",
+ "static", "strictfp", "super", "switch", "synchronized", "this",
+ "throw", "throws", "transient", "true", "try", "void", "volatile",
+ "while" };
+
+ private static final boolean IS_SECURITY_ENABLED =
+ (System.getSecurityManager() != null);
+
+ private static final boolean SKIP_IDENTIFIER_CHECK;
+
+ static {
+ if (IS_SECURITY_ENABLED) {
+ SKIP_IDENTIFIER_CHECK = AccessController.doPrivileged(
+ new PrivilegedAction<Boolean>(){
+ public Boolean run() {
+ return Boolean.valueOf(System.getProperty(
+ "org.apache.el.parser.SKIP_IDENTIFIER_CHECK",
+ "true"));
+ }
+ }
+ ).booleanValue();
+ } else {
+ SKIP_IDENTIFIER_CHECK = Boolean.valueOf(System.getProperty(
+ "org.apache.el.parser.SKIP_IDENTIFIER_CHECK",
+ "true")).booleanValue();
+ }
+ }
+
+
+ private Validation() {
+ // Utility class. Hide default constructor
+ }
+
+ /**
+ * Test whether the argument is a Java identifier.
+ */
+ public static boolean isIdentifier(String key) {
+
+ if (SKIP_IDENTIFIER_CHECK) {
+ return true;
+ }
+
+ // Should not be the case but check to be sure
+ if (key == null || key.length() == 0) {
+ return false;
+ }
+
+ // Check the list of known invalid values
+ int i = 0;
+ int j = invalidIdentifiers.length;
+ while (i < j) {
+ int k = (i + j) / 2;
+ int result = invalidIdentifiers[k].compareTo(key);
+ if (result == 0) {
+ return false;
+ }
+ if (result < 0) {
+ i = k + 1;
+ } else {
+ j = k;
+ }
+ }
+
+ // Check the start character that has more restrictions
+ if (!Character.isJavaIdentifierStart(key.charAt(0))) {
+ return false;
+ }
+
+ // Check each remaining character used is permitted
+ for (int idx = 1; idx < key.length(); idx++) {
+ if (!Character.isJavaIdentifierPart(key.charAt(idx))) {
+ return false;
+ }
+ }
+
+ return true;
+ }
+}
Propchange: tomcat/tc6.0.x/trunk/java/org/apache/el/util/Validation.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: tomcat/tc6.0.x/trunk/webapps/docs/config/systemprops.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/config/systemprops.xml?rev=1030599&r1=1030598&r2=1030599&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/config/systemprops.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/config/systemprops.xml Wed Nov 3 18:35:15 2010
@@ -74,6 +74,13 @@
</p>
</property>
+ <property name="org.apache.el.parser.SKIP_IDENTIFIER_CHECK">
+ <p>If <code>true</code>, when parsing expressions, identifiers will not be
+ checked to ensure that they conform to the Java Language Specification for
+ Java identifiers. If not specified, the default value of
+ <code>true</code> will be used.</p>
+ </property>
+
</properties>
</section>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org