kinman 2002/11/06 10:47:15
Modified: jasper2/src/share/org/apache/jasper/compiler Generator.java
jasper2/src/share/org/apache/jasper/runtime HttpJspBase.java
JspRuntimeLibrary.java PageContextImpl.java
Log:
- Move the code that creates a function for EL from the generated code
to o.a.j.runtime, so that it is secure.
Revision Changes Path
1.119 +25 -29
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/Generator.java
Index: Generator.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/Generator.java,v
retrieving revision 1.118
retrieving revision 1.119
diff -u -r1.118 -r1.119
--- Generator.java 4 Nov 2002 21:13:39 -0000 1.118
+++ Generator.java 6 Nov 2002 18:47:13 -0000 1.119
@@ -459,8 +459,10 @@
out.print (servletClassName);
out.print (" extends ");
out.println(pageInfo.getExtends());
+/* Supress until we also implement resolveFunction()
out.printil(" implements javax.servlet.jsp.el.FunctionMapper, ");
- out.printin(" org.apache.jasper.runtime.JspSourceDependent");
+*/
+ out.printin(" implements org.apache.jasper.runtime.JspSourceDependent");
if (!pageInfo.isThreadSafe()) {
out.println(",");
out.printin(" SingleThreadModel");
@@ -578,15 +580,13 @@
}
}
- out.printil("private static java.util.HashMap _jspx_fnmap = null;");
+ out.printil("private static
org.apache.jasper.runtime.ProtectedFunctionMapper _jspx_fnmap;");
if( fnPresent ) {
iter = taglibs.keySet().iterator();
out.println();
out.printil("static {");
out.pushIndent();
- out.printil("_jspx_fnmap = new java.util.HashMap();");
- out.printil( "try {" );
- out.pushIndent();
+ out.printil("_jspx_fnmap =
org.apache.jasper.runtime.ProtectedFunctionMapper.getInstance();");
while( iter.hasNext() ) {
String key = (String)iter.next();
TagLibraryInfo tli = (TagLibraryInfo)taglibs.get( key );
@@ -594,14 +594,13 @@
String fnPrefix = tli.getPrefixString();
out.printil( "// Functions for " + tli.getShortName() );
for( int i = 0; i < fnInfo.length; i++ ) {
- String fnName = fnPrefix + ":" + fnInfo[i].getName();
- String fnSignature = fnInfo[i].getFunctionSignature();
- out.printin("_jspx_fnmap.put(");
- out.print(quote(fnName));
+ out.printin("_jspx_fnmap.mapFunction(");
+ out.print(quote(fnPrefix));
out.print(", ");
- out.print(fnInfo[i].getFunctionClass() +
- ".class.getDeclaredMethod(");
-
+ out.print(quote(fnInfo[i].getName()));
+ out.print(", ");
+ out.print(fnInfo[i].getFunctionClass() + ".class, ");
+ String fnSignature = fnInfo[i].getFunctionSignature();
JspUtil.FunctionSignature functionSignature =
new JspUtil.FunctionSignature( fnSignature,
tli.getShortName(), err, ctxt.getClassLoader() );
@@ -620,19 +619,10 @@
} else {
out.print("null");
}
- out.println("));");
+ out.println(");");
}
}
- out.popIndent();
- out.printil( "}" );
- out.printil( "catch( NoSuchMethodException e ) {" );
- out.pushIndent();
- out.printil( "throw new RuntimeException( \"" +
- "Invalid function mapping - no such method: \" + " +
- "e.getMessage());" );
- out.popIndent();
- out.printil( "}" );
- out.popIndent();
+ out.popIndent();
out.printil("}");
out.println();
}
@@ -644,6 +634,7 @@
private void generateFunctionMapper()
throws JasperException
{
+/* XX suppress until EL moves out of JSTL
out.printil( "public java.lang.reflect.Method resolveFunction(" );
out.printil( " String prefix, String localName )" );
out.printil( "{" );
@@ -653,6 +644,7 @@
out.popIndent();
out.printil( "}" );
out.println();
+*/
}
@@ -1067,9 +1059,11 @@
"pageContext.findAttribute(\"" + name + "\"), \""
+ property + "\", "
+ quote(value.getValue()) + ", "
- + "pageContext, "
+ + "pageContext, _jspx_fnmap);");
+/*
+ "(javax.servlet.jsp.el.VariableResolver) pageContext, "
+ "(javax.servlet.jsp.el.FunctionMapper) this );");
+*/
} else if( value.isNamedAttribute() ) {
// If the value for setProperty was specified via
// jsp:attribute, first generate code to evaluate
@@ -2889,8 +2883,10 @@
out.printin("public final class ");
out.print(tagInfo.getTagName());
out.println(" extends javax.servlet.jsp.tagext.SimpleTagSupport");
- out.printil(" implements javax.servlet.jsp.el.FunctionMapper, ");
- out.printin(" org.apache.jasper.runtime.JspSourceDependent");
+/* Supress until we also implement resolveFunction()
+ out.printil(" implements "javax.servlet.jsp.el.FunctionMapper, ");
+*/
+ out.printin(" implements org.apache.jasper.runtime.JspSourceDependent");
if (tagInfo.hasDynamicAttributes()) {
out.println(",");
out.printin(" javax.servlet.jsp.tagext.DynamicAttributes");
1.7 +2 -0
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/runtime/HttpJspBase.java
Index: HttpJspBase.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/runtime/HttpJspBase.java,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- HttpJspBase.java 4 Nov 2002 21:13:39 -0000 1.6
+++ HttpJspBase.java 6 Nov 2002 18:47:14 -0000 1.7
@@ -98,6 +98,8 @@
"runtime.ServletResponseWrapperInclude");
factory.getClass().getClassLoader().loadClass( basePackage +
"servlet.JspServletWrapper");
+ factory.getClass().getClassLoader().loadClass( basePackage +
+ "runtime.ProtectedFunctionMapper");
} catch (ClassNotFoundException ex) {
System.out.println(
"Jasper JspRuntimeContext preload of class
failed: " +
1.8 +24 -3
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/runtime/JspRuntimeLibrary.java
Index: JspRuntimeLibrary.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/runtime/JspRuntimeLibrary.java,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- JspRuntimeLibrary.java 16 Oct 2002 21:54:58 -0000 1.7
+++ JspRuntimeLibrary.java 6 Nov 2002 18:47:14 -0000 1.8
@@ -516,6 +516,7 @@
// __end lookupReadMethodMethod
// handles <jsp:setProperty> with EL expression for 'value' attribute
+/** Use proprietaryEvaluate
public static void handleSetPropertyExpression(Object bean,
String prop, String expression, PageContext pageContext,
VariableResolver variableResolver, FunctionMapper functionMapper )
@@ -534,6 +535,26 @@
} catch (Exception ex) {
throw new JasperException(ex);
}
+ }
+**/
+ public static void handleSetPropertyExpression(Object bean,
+ String prop, String expression, PageContext pageContext,
+ ProtectedFunctionMapper functionMapper )
+ throws JasperException
+ {
+ try {
+ Method method = getWriteMethod(bean.getClass(), prop);
+ method.invoke(bean, new Object[] {
+ PageContextImpl.proprietaryEvaluate(
+ expression,
+ method.getParameterTypes()[0],
+ pageContext,
+ functionMapper,
+ null )
+ });
+ } catch (Exception ex) {
+ throw new JasperException(ex);
+ }
}
public static void handleSetProperty(Object bean, String prop,
1.30 +10 -7
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/runtime/PageContextImpl.java
Index: PageContextImpl.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/runtime/PageContextImpl.java,v
retrieving revision 1.29
retrieving revision 1.30
diff -u -r1.29 -r1.30
--- PageContextImpl.java 4 Nov 2002 21:13:39 -0000 1.29
+++ PageContextImpl.java 6 Nov 2002 18:47:14 -0000 1.30
@@ -628,14 +628,17 @@
* @return The result of the evaluation
*/
public static Object proprietaryEvaluate( String expression,
- Class expectedType, PageContext pageContext, Map functionMap,
- String defaultPrefix )
+ Class expectedType, PageContext pageContext,
+ ProtectedFunctionMapper functionMap, String defaultPrefix )
throws ELException
{
+ java.util.HashMap funcMap =
+ (functionMap == null)? null: functionMap.getFnMap();
+
try {
return PageContextImpl.proprietaryEvaluator.evaluate( "<unknown>",
- expression, expectedType, null, pageContext, functionMap,
- defaultPrefix );
+ expression, expectedType, null, pageContext,
+ funcMap, defaultPrefix );
}
catch( JspException e ) {
throw new ELException( e );
--
To unsubscribe, e-mail: <mailto:tomcat-dev-unsubscribe@;jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@;jakarta.apache.org>
