svn commit: r1633809 - in /tomcat/trunk: java/javax/el/ImportHandler.java test/javax/el/TestImportHandler.java webapps/docs/changelog.xml

Thu, 23 Oct 2014 06:45:01 -0700 

Author: markt
Date: Thu Oct 23 13:44:38 2014
New Revision: 1633809

URL: http://svn.apache.org/r1633809
Log:
Follow up to https://issues.apache.org/bugzilla/show_bug.cgi?id=57132
Better handling for invalid input.

Modified:
    tomcat/trunk/java/javax/el/ImportHandler.java
    tomcat/trunk/test/javax/el/TestImportHandler.java
    tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/java/javax/el/ImportHandler.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/javax/el/ImportHandler.java?rev=1633809&r1=1633808&r2=1633809&view=diff
==============================================================================
--- tomcat/trunk/java/javax/el/ImportHandler.java (original)
+++ tomcat/trunk/java/javax/el/ImportHandler.java Thu Oct 23 13:44:38 2014
@@ -146,6 +146,10 @@ public class ImportHandler {
 
 
     public java.lang.Class<?> resolveClass(String name) {
+        if (name == null || name.contains(".")) {
+            return null;
+        }
+
         Class<?> result = clazzes.get(name);
 
         if (result == null) {

Modified: tomcat/trunk/test/javax/el/TestImportHandler.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/test/javax/el/TestImportHandler.java?rev=1633809&r1=1633808&r2=1633809&view=diff
==============================================================================
--- tomcat/trunk/test/javax/el/TestImportHandler.java (original)
+++ tomcat/trunk/test/javax/el/TestImportHandler.java Thu Oct 23 13:44:38 2014
@@ -91,6 +91,36 @@ public class TestImportHandler {
 
 
     /**
+     * Attempting to resolve something that isn't a simple class name
+     * https://issues.apache.org/bugzilla/show_bug.cgi?id=57132
+     */
+    @Test
+    public void testResolveClass05() {
+        ImportHandler handler = new ImportHandler();
+
+        handler.importPackage("java.nio");
+
+        Class<?> clazz = handler.resolveClass("charset.StandardCharsets");
+
+        Assert.assertNull(clazz);
+    }
+
+    /**
+     * Attempting to resolve something that isn't a simple class name
+     * https://issues.apache.org/bugzilla/show_bug.cgi?id=57132
+     */
+    @Test
+    public void testResolveClass06() {
+        ImportHandler handler = new ImportHandler();
+
+        handler.importPackage("java.nio");
+
+        Class<?> clazz = handler.resolveClass(null);
+
+        Assert.assertNull(clazz);
+    }
+
+    /**
      * Import a valid class.
      */
     @Test

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1633809&r1=1633808&r2=1633809&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Thu Oct 23 13:44:38 2014
@@ -210,6 +210,10 @@
         array if both the object type and the target type are an array type.
         (violetagg/markt)
       </fix>
+      <fix>
+        Improve handling of invalid input to
+        <code>javax.el.ImportHandler.resolveClass()</code>. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Cluster">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to