Author: markt Date: Thu May 1 10:58:14 2008 New Revision: 652595 URL: http://svn.apache.org/viewvc?rev=652595&view=rev Log: Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=43617 Correctly handle quotes in attribute values for tag(x) files. Based on a patch by Lucas Galfaso.
Modified: tomcat/tc6.0.x/trunk/STATUS.txt tomcat/tc6.0.x/trunk/java/org/apache/jasper/compiler/Generator.java tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=652595&r1=652594&r2=652595&view=diff ============================================================================== --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Thu May 1 10:58:14 2008 @@ -76,12 +76,6 @@ +1: fhanik, markt -1: -* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=43617 - Correctly handle quotes in attribute values for tag(x) files - http://svn.apache.org/viewvc?rev=651729&view=rev - +1: markt, remm, fhanik - -1: - * Add missing access check for ThreadWithAttributes http://svn.apache.org/viewvc?rev=651662&view=rev +1: markt, remm, fhanik Modified: tomcat/tc6.0.x/trunk/java/org/apache/jasper/compiler/Generator.java URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/jasper/compiler/Generator.java?rev=652595&r1=652594&r2=652595&view=diff ============================================================================== --- tomcat/tc6.0.x/trunk/java/org/apache/jasper/compiler/Generator.java (original) +++ tomcat/tc6.0.x/trunk/java/org/apache/jasper/compiler/Generator.java Thu May 1 10:58:14 2008 @@ -1751,14 +1751,9 @@ out.print(" "); out.print(attrs.getQName(i)); out.print("="); - String quote = DOUBLE_QUOTE; - String value = attrs.getValue(i); - if (value.indexOf('"') != -1) { - quote = SINGLE_QUOTE; - } - out.print(quote); - out.print(value); - out.print(quote); + out.print(DOUBLE_QUOTE); + out.print(attrs.getValue(i).replace("\"", """)); + out.print(DOUBLE_QUOTE); } attrs = n.getAttributes(); @@ -1773,14 +1768,9 @@ out.print(attributeValue(jspAttrs[i], false, String.class)); out.print(" + \"\\\""); } else { - String quote = DOUBLE_QUOTE; - String value = attrs.getValue(i); - if (value.indexOf('"') != -1) { - quote = SINGLE_QUOTE; - } - out.print(quote); - out.print(value); - out.print(quote); + out.print(DOUBLE_QUOTE); + out.print(attrs.getValue(i).replace("\"", """)); + out.print(DOUBLE_QUOTE); } } Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=652595&r1=652594&r2=652595&view=diff ============================================================================== --- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original) +++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Thu May 1 10:58:14 2008 @@ -154,6 +154,10 @@ <bug>31257</bug>: Quote endorsed dirs if they contain a space. (markt) </fix> <fix> + <bug>43617</bug>: Correctly escape attribute values in tag files. + Based on a patch by Lucas Galfaso. (markt) + </fix> + <fix> <bug>43656</bug>: Fix various numeric coercion bugs. Includes a patch by Nils Eckert and fixes related issues identified in a test case provided by Konstantin Kolinko. (markt) --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]