Bug 44391 - SSI handling of escaped characters broken
Summary: SSI handling of escaped characters broken
Status: RESOLVED FIXED
Alias: None
Product: Tomcat 6
Classification: Unclassified
Component: Catalina (show other bugs)
Version: 6.0.14
Hardware: Other other
: P2 normal (vote)
Target Milestone: default
Assignee: Tomcat Developers Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-02-11 04:37 UTC by Konrad Windszus
Modified: 2008-04-17 10:53 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Konrad Windszus 2008-02-11 04:37:40 UTC
In org.apache.catalina.ssi.SSIProcessor the method parseParamNames is broken. If
I have a SSI directive like <!--#set var="test" value="blubb\"\"" --> the method
detects three parameters instead of two. This is because there are two
consecutive escaped characters. Although the first one \" is detected correctly
the next one isn't because the flag escaped is still set to true, although this
character isn't escaped anymore.

You have to replace

boolean escaped = false;
for (; bIdx < cmd.length() && quotes != 2; bIdx++) {
  char c = cmd.charAt(bIdx);
  // Need to skip escaped characters
  if (c == '\\' && !escaped) {
    escaped = true;
    bIdx++;
    continue;
  }
  escaped = false;
  if (c == '"') quotes++;
}

by 

for (; bIdx < cmd.length() && quotes != 2; bIdx++) {
  char c = cmd.charAt(bIdx);
  // Need to skip escaped characters
  if (c == '\\') {
    bIdx++;
    continue;
  }
  if (c == '"') quotes++;
}

Just removing the flag escaped is sufficient, because you don't have to remember
whether the last character was escaped and that should have no influence to
consecutive characters.

The bug still exists in the HEAD revision of the repository.
Comment 1 Mark Thomas 2008-04-11 14:25:54 UTC
Your proposed patch isn't quire right. For example, you have to know if the previous character is escaped or not if you have two \ in a row.

I have committed a fix to trunk and proposed it for 6.0.x. 
Comment 2 Mark Thomas 2008-04-17 10:53:10 UTC
The patch has been applied to 6.0.x and will be in 6.0.17 onwards.