This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 2382313f2b Fix BZ69508 - Fix jsp:include URL corruption
2382313f2b is described below
commit 2382313f2b4fc5ad5b5c52a8ed6ff6bb20ddf806
Author: Chenjp <ch...@msn.com>
AuthorDate: Mon Dec 23 01:12:01 2024 +0800
Fix BZ69508 - Fix jsp:include URL corruption
In GeneratorVisitor#generateIncludeWithParameters, since we introduce an
extra variable urlVariableName to store include page param, then we need
explicit specify literal=false when call #printParams.
https://bz.apache.org/bugzilla/show_bug.cgi?id=69508
---
java/org/apache/jasper/compiler/Generator.java | 9 +--
test/org/apache/jasper/compiler/TestGenerator.java | 31 +++++++++++
test/webapp/bug6nnnn/bug69508.jsp | 64 ++++++++++++++++++++++
webapps/docs/changelog.xml | 10 ++++
4 files changed, 110 insertions(+), 4 deletions(-)
diff --git a/java/org/apache/jasper/compiler/Generator.java
b/java/org/apache/jasper/compiler/Generator.java
index 7e477aa36f..bdefa0a1b2 100644
--- a/java/org/apache/jasper/compiler/Generator.java
+++ b/java/org/apache/jasper/compiler/Generator.java
@@ -1093,7 +1093,7 @@ class Generator {
}
if (n.getBody() != null) {
- generateIncludeWithParameters(n, page, isFlush, pageParam);
+ generateIncludeWithParameters(n, isFlush, pageParam);
} else {
generateInclude(n, page, isFlush, pageParam);
}
@@ -1108,8 +1108,8 @@ class Generator {
out.println(", out, " + isFlush + ");");
}
- private void generateIncludeWithParameters(Node.IncludeAction n,
Node.JspAttribute page, boolean isFlush,
- String pageParam) throws JasperException {
+ private void generateIncludeWithParameters(Node.IncludeAction n,
boolean isFlush, String pageParam)
+ throws JasperException {
// jsp:include contains jsp:param - reuse some calculations
String temporaryVariableName =
n.getRoot().nextTemporaryVariableName();
String urlVariableName = temporaryVariableName + "_url";
@@ -1119,7 +1119,8 @@ class Generator {
out.printin("String " + requestEncodingVariableName + " = " +
REQUEST_CHARACTER_ENCODING_TEXT + ";");
out.println();
out.printin("org.apache.jasper.runtime.JspRuntimeLibrary.include(request,
response, " + urlVariableName);
- printParams(n, urlVariableName, page.isLiteral(),
requestEncodingVariableName);
+ // literal is hard-coded to false for this call since it always
uses a variable
+ printParams(n, urlVariableName, false,
requestEncodingVariableName);
out.println(", out, " + isFlush + ");");
}
diff --git a/test/org/apache/jasper/compiler/TestGenerator.java
b/test/org/apache/jasper/compiler/TestGenerator.java
index 5dc746135b..d82f198ec4 100644
--- a/test/org/apache/jasper/compiler/TestGenerator.java
+++ b/test/org/apache/jasper/compiler/TestGenerator.java
@@ -986,6 +986,37 @@ public class TestGenerator extends TomcatBaseTest {
Assert.assertEquals(body.toString(), HttpServletResponse.SC_OK, rc);
}
+ @Test
+ public void testBug69508() throws Exception {
+ getTomcatInstanceTestWebapp(false, true);
+
+ ByteChunk body = new ByteChunk();
+ int rc = getUrl("http://localhost:"; + getPort() +
"/test/bug6nnnn/bug69508.jsp?init=InitCommand", body, null);
+
+ String text = body.toString();
+ Assert.assertEquals(text, HttpServletResponse.SC_OK, rc);
+ // include page URL with param cmd
+ Assert.assertTrue(text, text.contains("<p>cmd - someCommand</p>"));
+ Assert.assertTrue(text, text.contains("<p>param1 - value1</p>"));
+ Assert.assertTrue(text, text.contains("<p>cmd - someCommandAbs</p>"));
+ Assert.assertTrue(text, text.contains("<p>param1 - value1Abs</p>"));
+ // include page URL without param
+ Assert.assertTrue(text, text.contains("<p>param2 - value2</p>"));
+ Assert.assertTrue(text, text.contains("<p>param2 - value2Abs</p>"));
+
+ Assert.assertTrue(text, text.contains("<p>param3 - InitCommand</p>"));
+ Assert.assertTrue(text, text.contains("<p>param3 -
InitCommandAbs</p>"));
+
+ Assert.assertTrue(text, text.contains("<p>param4 - value4</p>"));
+ Assert.assertTrue(text, text.contains("<p>param4 - value4Abs</p>"));
+
+ Assert.assertTrue(text, text.contains("<p>param5 - InitCommand</p>"));
+ Assert.assertTrue(text, text.contains("<p>param5 -
InitCommandAbs</p>"));
+
+ Assert.assertTrue(text, text.contains("<p>param6 - value6</p>"));
+ Assert.assertTrue(text, text.contains("<p>param6 - value6Abs</p>"));
+ }
+
@Test
public void testTagReleaseWithPooling() throws Exception {
doTestTagRelease(true);
diff --git a/test/webapp/bug6nnnn/bug69508.jsp
b/test/webapp/bug6nnnn/bug69508.jsp
new file mode 100644
index 0000000000..2839a850ea
--- /dev/null
+++ b/test/webapp/bug6nnnn/bug69508.jsp
@@ -0,0 +1,64 @@
+<%--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+--%>
+
+<jsp:include page="../echo-params.jsp?cmd=someCommand">
+ <jsp:param name="param1" value="value1" />
+</jsp:include>
+
+<jsp:include page="/echo-params.jsp?cmd=someCommandAbs">
+ <jsp:param name="param1" value="value1Abs" />
+</jsp:include>
+
+<jsp:include page="../echo-params.jsp">
+ <jsp:param name="param2" value="value2" />
+</jsp:include>
+
+<jsp:include page="/echo-params.jsp">
+ <jsp:param name="param2" value="value2Abs" />
+</jsp:include>
+
+<%--
+ Verify expression support in page and param value.
+ --%>
+<%
+ String initCommand = request.getParameter("init");
+ if (initCommand != null) {
+ String relativeUrl = "../echo-params.jsp?param3=" + initCommand;
+ String absoluteUrl = "/echo-params.jsp?param3=" + initCommand + "Abs";
+ String init_param = initCommand+"_param";
+ String init_param_value_abs=initCommand+"Abs";
+ %>
+ <jsp:include page="<%=relativeUrl%>">
+ <jsp:param name="param4" value="value4" />
+ <jsp:param name="param5" value="<%=initCommand%>" />
+ </jsp:include>
+ <jsp:include page="<%=absoluteUrl%>">
+ <jsp:param name="param4" value="value4Abs" />
+ <jsp:param name="param5" value="<%=init_param_value_abs%>" />
+ </jsp:include>
+ <%
+ }
+%>
+<%--
+Following cases without jsp:param
+--%>
+<jsp:include page="../echo-params.jsp"/>
+<jsp:include page="/echo-params.jsp"/>
+
+<jsp:include page="../echo-params.jsp?param6=value6"/>
+
+<jsp:include page="/echo-params.jsp?param6=value6Abs"/>
\ No newline at end of file
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 02dede1efa..8d2d0f9a00 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -160,6 +160,16 @@
</scode>
</changelog>
</subsection>
+ <subsection name="Jasper">
+ <changelog>
+ <fix>
+ <bug>69508</bug>: Correct a regression in the fix for <bug>69382</bug>
+ that broke JSP include actions if both the page attribute and the body
+ contained parameters. Pull request <pr>803</pr> provided by Chenjp.
+ (markt)
+ </fix>
+ </changelog>
+ </subsection>
<subsection name="Other">
<changelog>
<update>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
