Author: markt
Date: Thu May  1 10:58:14 2008
New Revision: 652595

URL: http://svn.apache.org/viewvc?rev=652595&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=43617
Correctly handle quotes in attribute values for tag(x) files. Based on a patch 
by Lucas Galfaso.

Modified:
    tomcat/tc6.0.x/trunk/STATUS.txt
    tomcat/tc6.0.x/trunk/java/org/apache/jasper/compiler/Generator.java
    tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml

Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=652595&r1=652594&r2=652595&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Thu May  1 10:58:14 2008
@@ -76,12 +76,6 @@
   +1: fhanik, markt
   -1: 
 
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=43617
-  Correctly handle quotes in attribute values for tag(x) files
-  http://svn.apache.org/viewvc?rev=651729&view=rev
-  +1: markt, remm, fhanik
-  -1:
-
 * Add missing access check for ThreadWithAttributes
   http://svn.apache.org/viewvc?rev=651662&view=rev
   +1: markt, remm, fhanik

Modified: tomcat/tc6.0.x/trunk/java/org/apache/jasper/compiler/Generator.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/jasper/compiler/Generator.java?rev=652595&r1=652594&r2=652595&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/jasper/compiler/Generator.java 
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/jasper/compiler/Generator.java Thu May 
 1 10:58:14 2008
@@ -1751,14 +1751,9 @@
                 out.print(" ");
                 out.print(attrs.getQName(i));
                 out.print("=");
-                String quote = DOUBLE_QUOTE;
-                String value = attrs.getValue(i);
-                if (value.indexOf('"') != -1) {
-                    quote = SINGLE_QUOTE;
-                }
-                out.print(quote);
-                out.print(value);
-                out.print(quote);
+                out.print(DOUBLE_QUOTE);
+                out.print(attrs.getValue(i).replace("\"", """));
+                out.print(DOUBLE_QUOTE);
             }
 
             attrs = n.getAttributes();
@@ -1773,14 +1768,9 @@
                     out.print(attributeValue(jspAttrs[i], false, 
String.class));
                     out.print(" + \"\\\"");
                 } else {
-                    String quote = DOUBLE_QUOTE;
-                    String value = attrs.getValue(i);
-                    if (value.indexOf('"') != -1) {
-                        quote = SINGLE_QUOTE;
-                    }
-                    out.print(quote);
-                    out.print(value);
-                    out.print(quote);
+                    out.print(DOUBLE_QUOTE);
+                    out.print(attrs.getValue(i).replace("\"", """));
+                    out.print(DOUBLE_QUOTE);
                 }
             }
 

Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=652595&r1=652594&r2=652595&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Thu May  1 10:58:14 2008
@@ -154,6 +154,10 @@
         <bug>31257</bug>: Quote endorsed dirs if they contain a space. (markt)
       </fix>
       <fix>
+        <bug>43617</bug>: Correctly escape attribute values in tag files.
+        Based on a patch by Lucas Galfaso. (markt)
+      </fix>
+      <fix>
         <bug>43656</bug>: Fix various numeric coercion bugs. Includes a patch 
by
         Nils Eckert and fixes related issues identified in a test case provided
         by Konstantin Kolinko. (markt)



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to