Author: remy.maucherat(a)jboss.com Date: 2009-11-01 20:33:52 -0500 (Sun, 01 Nov 2009) New Revision: 1235 Modified: trunk/java/javax/servlet/http/Cookie.java trunk/java/javax/servlet/http/LocalStrings.properties trunk/java/org/apache/catalina/connector/Response.java trunk/java/org/apache/jasper/compiler/Validator.java trunk/java/org/apache/tomcat/util/http/ServerCookie.java Log: - Port patches. - Error for deferred syntax in template text. - Filter out null in headers. - Cookie defaults to version switch. Modified: trunk/java/javax/servlet/http/Cookie.java =================================================================== --- trunk/java/javax/servlet/http/Cookie.java 2009-10-31 23:31:38 UTC (rev 1234) +++ trunk/java/javax/servlet/http/Cookie.java 2009-11-02 01:33:52 UTC (rev 1235) @@ -88,9 +88,8 @@ private String path; // ;Path=VALUE ... URLs that see the cookie private boolean secure; // ;Secure ... e.g. use SSL private int version = 0; // ;Version=1 ... means RFC 2109++ style - private boolean isHttpOnly = false; + private boolean httpOnly; // Not in cookie specs, but supported by browsers - /** * Constructs a cookie with a specified name and value. @@ -124,26 +123,30 @@ */ public Cookie(String name, String value) { - if (!isToken(name) - || name.equalsIgnoreCase("Comment") // rfc2019 - || name.equalsIgnoreCase("Discard") // 2019++ - || name.equalsIgnoreCase("Domain") - || name.equalsIgnoreCase("Expires") // (old cookies) - || name.equalsIgnoreCase("Max-Age") // rfc2019 - || name.equalsIgnoreCase("Path") - || name.equalsIgnoreCase("Secure") - || name.equalsIgnoreCase("Version") - || name.startsWith("$") - ) { - String errMsg = lStrings.getString("err.cookie_name_is_token"); - Object[] errArgs = new Object[1]; - errArgs[0] = name; - errMsg = MessageFormat.format(errMsg, errArgs); - throw new IllegalArgumentException(errMsg); - } + if (name == null || name.length() == 0) { + throw new IllegalArgumentException( + lStrings.getString("err.cookie_name_blank")); + } + if (!isToken(name) + || name.equalsIgnoreCase("Comment") // rfc2019 + || name.equalsIgnoreCase("Discard") // 2019++ + || name.equalsIgnoreCase("Domain") + || name.equalsIgnoreCase("Expires") // (old cookies) + || name.equalsIgnoreCase("Max-Age") // rfc2019 + || name.equalsIgnoreCase("Path") + || name.equalsIgnoreCase("Secure") + || name.equalsIgnoreCase("Version") + || name.startsWith("$") + ) { + String errMsg = lStrings.getString("err.cookie_name_is_token"); + Object[] errArgs = new Object[1]; + errArgs[0] = name; + errMsg = MessageFormat.format(errMsg, errArgs); + throw new IllegalArgumentException(errMsg); + } - this.name = name; - this.value = value; + this.name = name; + this.value = value; } @@ -595,7 +598,7 @@ * @since Servlet 3.0 */ public boolean isHttpOnly() { - return isHttpOnly; + return httpOnly; } /** @@ -604,7 +607,7 @@ * @since Servlet 3.0 */ public void setHttpOnly(boolean httpOnly) { - this.isHttpOnly = httpOnly; + this.httpOnly = httpOnly; } } Modified: trunk/java/javax/servlet/http/LocalStrings.properties =================================================================== --- trunk/java/javax/servlet/http/LocalStrings.properties 2009-10-31 23:31:38 UTC (rev 1234) +++ trunk/java/javax/servlet/http/LocalStrings.properties 2009-11-02 01:33:52 UTC (rev 1235) @@ -56,6 +56,7 @@ # Localized for Locale en_US err.cookie_name_is_token=Cookie name \"{0}\" is a reserved token +err.cookie_name_blank=Cookie name may not be null or zero length err.io.negativelength=Negative length given in write method err.io.short_read=Short Read err.ise.getWriter=Illegal to call getWriter() after getOutputStream() has been called Modified: trunk/java/org/apache/catalina/connector/Response.java =================================================================== --- trunk/java/org/apache/catalina/connector/Response.java 2009-10-31 23:31:38 UTC (rev 1234) +++ trunk/java/org/apache/catalina/connector/Response.java 2009-11-02 01:33:52 UTC (rev 1235) @@ -1040,6 +1040,10 @@ */ public void addDateHeader(String name, long value) { + if (name == null || name.length() == 0) { + return; + } + if (isCommitted()) return; @@ -1067,6 +1071,10 @@ */ public void addHeader(String name, String value) { + if (name == null || name.length() == 0 || value == null) { + return; + } + if (isCommitted()) return; @@ -1087,6 +1095,10 @@ */ public void addIntHeader(String name, int value) { + if (name == null || name.length() == 0) { + return; + } + if (isCommitted()) return; @@ -1312,6 +1324,10 @@ */ public void setDateHeader(String name, long value) { + if (name == null || name.length() == 0) { + return; + } + if (isCommitted()) return; @@ -1339,6 +1355,10 @@ */ public void setHeader(String name, String value) { + if (name == null || name.length() == 0 || value == null) { + return; + } + if (isCommitted()) return; @@ -1359,6 +1379,10 @@ */ public void setIntHeader(String name, int value) { + if (name == null || name.length() == 0) { + return; + } + if (isCommitted()) return; Modified: trunk/java/org/apache/jasper/compiler/Validator.java =================================================================== --- trunk/java/org/apache/jasper/compiler/Validator.java 2009-10-31 23:31:38 UTC (rev 1234) +++ trunk/java/org/apache/jasper/compiler/Validator.java 2009-11-02 01:33:52 UTC (rev 1235) @@ -738,10 +738,16 @@ int attrSize = attrs.getLength(); Node.JspAttribute[] jspAttrs = new Node.JspAttribute[attrSize]; for (int i = 0; i < attrSize; i++) { + // JSP.2.2 - '#{' not allowed in template text + String value = attrs.getValue(i); + if (!pageInfo.isDeferredSyntaxAllowedAsLiteral()) { + if (containsDeferredSyntax(value)) { + err.jspError(n, "jsp.error.el.template.deferred"); + } + } jspAttrs[i] = getJspAttribute(null, attrs.getQName(i), - attrs.getURI(i), attrs.getLocalName(i), attrs - .getValue(i), java.lang.Object.class, n, - false); + attrs.getURI(i), attrs.getLocalName(i), value, + java.lang.Object.class, n, false); } n.setJspAttributes(jspAttrs); } @@ -749,6 +755,31 @@ visitBody(n); } + /** + * Look for a #{ sequence that isn't preceded by \. + */ + private boolean containsDeferredSyntax(String value) { + if (value == null) { + return false; + } + + int i = 0; + int len = value.length(); + boolean prevCharIsEscape = false; + while (i < value.length()) { + char c = value.charAt(i); + if (c == '#' && (i+1) < len && value.charAt(i+1) == '{' && !prevCharIsEscape) { + return true; + } else if (c == '\\') { + prevCharIsEscape = true; + } else { + prevCharIsEscape = false; + } + i++; + } + return false; + } + public void visit(Node.CustomTag n) throws JasperException { TagInfo tagInfo = n.getTagInfo(); Modified: trunk/java/org/apache/tomcat/util/http/ServerCookie.java =================================================================== --- trunk/java/org/apache/tomcat/util/http/ServerCookie.java 2009-10-31 23:31:38 UTC (rev 1234) +++ trunk/java/org/apache/tomcat/util/http/ServerCookie.java 2009-11-02 01:33:52 UTC (rev 1235) @@ -108,7 +108,7 @@ String allowVersionSwitch = System.getProperty( "org.apache.tomcat.util.http.ServerCookie.ALLOW_VERSION_SWITCH"); if (allowVersionSwitch == null) { - ALLOW_VERSION_SWITCH = STRICT_SERVLET_COMPLIANCE; + ALLOW_VERSION_SWITCH = true; } else { ALLOW_VERSION_SWITCH = Boolean.valueOf(allowVersionSwitch).booleanValue();