View | Details | Raw Unified | Return to bug 49217
Collapse All | Expand All

(-)java/org/apache/el/parser/AstDotSuffix.java (+10 lines)
Lines 21-26 Link Here
21
import javax.el.ELException;
21
import javax.el.ELException;
22
22
23
import org.apache.el.lang.EvaluationContext;
23
import org.apache.el.lang.EvaluationContext;
24
import org.apache.el.util.Validation;
24
25
25
26
26
/**
27
/**
Lines 36-39 Link Here
36
            throws ELException {
37
            throws ELException {
37
        return this.image;
38
        return this.image;
38
    }
39
    }
40
    
41
    @Override
42
    public void setImage(String image) {
43
        if (!Validation.isIdentifier(image)) {
44
            throw new ELException("[" + image +
45
                    "] is not a valid Java identifier");
46
        }
47
        this.image = image;
48
    }
39
}
49
}
(-)java/org/apache/el/parser/AstIdentifier.java (+10 lines)
Lines 28-33 Link Here
28
28
29
import org.apache.el.lang.EvaluationContext;
29
import org.apache.el.lang.EvaluationContext;
30
import org.apache.el.util.MessageFactory;
30
import org.apache.el.util.MessageFactory;
31
import org.apache.el.util.Validation;
31
32
32
33
33
/**
34
/**
Lines 136-141 Link Here
136
        return this.getMethodExpression(ctx).getMethodInfo(ctx.getELContext());
137
        return this.getMethodExpression(ctx).getMethodInfo(ctx.getELContext());
137
    }
138
    }
138
139
140
    @Override
141
    public void setImage(String image) {
142
        if (!Validation.isIdentifier(image)) {
143
            throw new ELException("[" + image +
144
                    "] is not a valid Java identifier");
145
        }
146
        this.image = image;
147
    }
148
139
    private final MethodExpression getMethodExpression(EvaluationContext ctx)
149
    private final MethodExpression getMethodExpression(EvaluationContext ctx)
140
            throws ELException {
150
            throws ELException {
141
        Object obj = null;
151
        Object obj = null;
(-)java/org/apache/el/util/Validation.java (+108 lines)
Line 0 Link Here
1
/*
2
 * Licensed to the Apache Software Foundation (ASF) under one or more
3
 * contributor license agreements.  See the NOTICE file distributed with
4
 * this work for additional information regarding copyright ownership.
5
 * The ASF licenses this file to You under the Apache License, Version 2.0
6
 * (the "License"); you may not use this file except in compliance with
7
 * the License.  You may obtain a copy of the License at
8
 *
9
 *     http://www.apache.org/licenses/LICENSE-2.0
10
 *
11
 * Unless required by applicable law or agreed to in writing, software
12
 * distributed under the License is distributed on an "AS IS" BASIS,
13
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
 * See the License for the specific language governing permissions and
15
 * limitations under the License.
16
 */
17
18
package org.apache.el.util;
19
20
import java.security.AccessController;
21
import java.security.PrivilegedAction;
22
23
public class Validation {
24
25
    // Java keywords, boolean literals & the null literal in alphabetical order
26
    private static final String invalidIdentifiers[] = { "abstract", "assert",
27
        "boolean", "break", "byte", "case", "catch", "char", "class", "const",
28
        "continue", "default", "do", "double", "else", "enum", "extends",
29
        "false", "final", "finally", "float", "for", "goto", "if", "implements",
30
        "import", "instanceof", "int", "interface", "long", "native", "new",
31
        "null", "package", "private", "protected", "public", "return", "short",
32
        "static", "strictfp", "super", "switch", "synchronized", "this",
33
        "throw", "throws", "transient", "true", "try", "void", "volatile",
34
        "while" };
35
    
36
    private static final boolean IS_SECURITY_ENABLED =
37
        (System.getSecurityManager() != null);
38
39
    private static final boolean SKIP_IDENTIFIER_CHECK;
40
    
41
    static {
42
        if (IS_SECURITY_ENABLED) {
43
            SKIP_IDENTIFIER_CHECK = AccessController.doPrivileged(
44
                    new PrivilegedAction<Boolean>(){
45
                        public Boolean run() {
46
                            return Boolean.valueOf(System.getProperty(
47
                                    "org.apache.el.parser.SKIP_IDENTIFIER_CHECK",
48
                                    "true"));
49
                        }
50
                    }
51
            ).booleanValue();
52
        } else {
53
            SKIP_IDENTIFIER_CHECK = Boolean.valueOf(System.getProperty(
54
                    "org.apache.el.parser.SKIP_IDENTIFIER_CHECK",
55
                    "true")).booleanValue();
56
        }
57
    }
58
    
59
    
60
    private Validation() {
61
        // Utility class. Hide default constructor
62
    }
63
    
64
    /**
65
     * Test whether the argument is a Java identifier.
66
     */
67
    public static boolean isIdentifier(String key) {
68
        
69
        if (SKIP_IDENTIFIER_CHECK) {
70
            return true;
71
        }
72
73
        // Should not be the case but check to be sure
74
        if (key == null || key.length() == 0) {
75
            return false;
76
        }
77
        
78
        // Check the list of known invalid values
79
        int i = 0;
80
        int j = invalidIdentifiers.length;
81
        while (i < j) {
82
            int k = (i + j) / 2;
83
            int result = invalidIdentifiers[k].compareTo(key);
84
            if (result == 0) {
85
                return false;
86
            }
87
            if (result < 0) {
88
                i = k + 1;
89
            } else {
90
                j = k;
91
            }
92
        }
93
94
        // Check the start character that has more restrictions
95
        if (!Character.isJavaIdentifierStart(key.charAt(0))) {
96
            return false;
97
        }
98
99
        // Check each remaining character used is permitted
100
        for (int idx = 1; idx < key.length(); idx++) {
101
            if (!Character.isJavaIdentifierPart(key.charAt(idx))) {
102
                return false;
103
            }
104
        }
105
        
106
        return true;
107
    }
108
}
0
  + native
109
  + native
(-)webapps/docs/config/systemprops.xml (+7 lines)
Lines 62-67 Link Here
62
      <code>true</code> will be used.</p>
62
      <code>true</code> will be used.</p>
63
    </property>
63
    </property>
64
64
65
    <property name="org.apache.el.parser.SKIP_IDENTIFIER_CHECK">
66
      <p>If <code>true</code>, when parsing expressions, identifiers will not be
67
      checked to ensure that they conform to the Java Language Specification for
68
      Java identifiers. If not specified, the default value of
69
      <code>false</code> will be used.</p>
70
    </property>
71
65
  </properties>
72
  </properties>
66
</section>
73
</section>
67
74

Return to bug 49217