Bug 37261 - Parsing web.xml from TldLocationsCache does not handle external entities
Summary: Parsing web.xml from TldLocationsCache does not handle external entities
Status: RESOLVED FIXED
Alias: None
Product: Tomcat 5
Classification: Unclassified
Component: Jasper (show other bugs)
Version: 5.5.9
Hardware: All All
: P2 normal with 2 votes (vote)
Target Milestone: ---
Assignee: Tomcat Developers Mailing List
URL:
Keywords:
: 37143 (view as bug list)
Depends on:
Blocks:
 
Reported: 2005-10-27 05:48 UTC by Greg Peterson
Modified: 2005-11-06 19:17 UTC (History)
1 user (show)



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Greg Peterson 2005-10-27 05:48:19 UTC
This is similar to bug 34034.  The org.apache.jasper.compiler.TldLocationsCache
class parses the web.xml (again!).  The processWebDotXml method of this class
should be modified to create an InputSource over the InputStream, and set the
systemId of the InputSource to the URI of the web.xml document, similar to the
change made to org.apache.jaspser.compiler.JspConfig for bug 34034.
Comment 1 william.barker 2005-11-07 03:09:25 UTC
This is now fixed in the SVN trunk, and will appear in 5.5.13.
Comment 2 william.barker 2005-11-07 04:17:46 UTC
*** Bug 37143 has been marked as a duplicate of this bug. ***