Author: pbenedict
Date: Sun Dec 21 10:58:12 2008
New Revision: 728475

URL: http://svn.apache.org/viewvc?rev=728475&view=rev
Log:
STR-3169: Do not match when recursive substitutions are detected

Modified:
    
struts/struts1/branches/STRUTS_1_3_BRANCH/core/src/main/java/org/apache/struts/config/ActionConfigMatcher.java

Modified: 
struts/struts1/branches/STRUTS_1_3_BRANCH/core/src/main/java/org/apache/struts/config/ActionConfigMatcher.java
URL: 
http://svn.apache.org/viewvc/struts/struts1/branches/STRUTS_1_3_BRANCH/core/src/main/java/org/apache/struts/config/ActionConfigMatcher.java?rev=728475&r1=728474&r2=728475&view=diff
==============================================================================
--- 
struts/struts1/branches/STRUTS_1_3_BRANCH/core/src/main/java/org/apache/struts/config/ActionConfigMatcher.java
 (original)
+++ 
struts/struts1/branches/STRUTS_1_3_BRANCH/core/src/main/java/org/apache/struts/config/ActionConfigMatcher.java
 Sun Dec 21 10:58:12 2008
@@ -260,16 +260,23 @@
         Map.Entry entry;
         StringBuffer key = new StringBuffer("{0}");
         StringBuffer ret = new StringBuffer(val);
-        String keyTmp;
+        String keyStr;
         int x;
 
         for (Iterator i = vars.entrySet().iterator(); i.hasNext();) {
             entry = (Map.Entry) i.next();
             key.setCharAt(1, ((String) entry.getKey()).charAt(0));
-            keyTmp = key.toString();
-
+            keyStr = key.toString();
+            
+            // STR-3169
+            // Prevent an infinite loop by retaining the placeholders
+            // that contain itself in the substitution value
+            if (((String) entry.getValue()).contains(keyStr)) {
+            throw new IllegalStateException();
+            }
+            
             // Replace all instances of the placeholder
-            while ((x = ret.toString().indexOf(keyTmp)) > -1) {
+            while ((x = ret.toString().indexOf(keyStr)) > -1) {
                 ret.replace(x, x + 3, (String) entry.getValue());
             }
         }


Reply via email to