Bug 37261 - Parsing web.xml from TldLocationsCache does not handle external entities
Parsing web.xml from TldLocationsCache does not handle external entities
Status: RESOLVED FIXED
Product: Tomcat 5
Classification: Unclassified
Component: Jasper
5.5.9
All All
: P2 normal with 2 votes (vote)
: ---
Assigned To: Tomcat Developers Mailing List
:
: 37143 (view as bug list)
Depends on:
Blocks:
  Show dependency tree
 
Reported: 2005-10-27 05:48 UTC by Greg Peterson
Modified: 2005-11-06 19:17 UTC (History)
1 user (show)



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Greg Peterson 2005-10-27 05:48:19 UTC
This is similar to bug 34034.  The org.apache.jasper.compiler.TldLocationsCache
class parses the web.xml (again!).  The processWebDotXml method of this class
should be modified to create an InputSource over the InputStream, and set the
systemId of the InputSource to the URI of the web.xml document, similar to the
change made to org.apache.jaspser.compiler.JspConfig for bug 34034.
Comment 1 william.barker 2005-11-07 03:09:25 UTC
This is now fixed in the SVN trunk, and will appear in 5.5.13.
Comment 2 william.barker 2005-11-07 04:17:46 UTC
*** Bug 37143 has been marked as a duplicate of this bug. ***