Check tag file attribute names are valid Java identifiers

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@1090766 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/java/org/apache/jasper/compiler/JspUtil.java b/java/org/apache/jasper/compiler/JspUtil.java
index 7d693cc..d7b171f 100644 (file)
--- a/java/org/apache/jasper/compiler/JspUtil.java
+++ b/java/org/apache/jasper/compiler/JspUtil.java
@@ -858,6 +858,31 @@ public class JspUtil {
         return false;
     }
 
+    public static boolean isJavaIdentifier(String key) {
+        // Should not be the case but check to be sure
+        if (key == null || key.length() == 0) {
+            return false;
+        }
+        
+        if (isJavaKeyword(key)) {
+            return false;
+        }
+
+        // Check the start character that has more restrictions
+        if (!Character.isJavaIdentifierStart(key.charAt(0))) {
+            return false;
+        }
+
+        // Check each remaining character used is permitted
+        for (int idx = 1; idx < key.length(); idx++) {
+            if (!Character.isJavaIdentifierPart(key.charAt(idx))) {
+                return false;
+            }
+        }
+        
+        return true;
+    }
+
     static InputStreamReader getReader(String fname, String encoding,
             JarFile jarFile, JspCompilationContext ctxt, ErrorDispatcher err)
             throws JasperException, IOException {

diff --git a/java/org/apache/jasper/compiler/Parser.java b/java/org/apache/jasper/compiler/Parser.java
index d7be14c..2abcece 100644 (file)
--- a/java/org/apache/jasper/compiler/Parser.java
+++ b/java/org/apache/jasper/compiler/Parser.java
@@ -593,6 +593,18 @@ class Parser implements TagConstants {
      */
     private void parseAttributeDirective(Node parent) throws JasperException {
         Attributes attrs = parseAttributes();
+        // JSP.8.3 says the variable created for each attribute must have the
+        // same name as the attribute. Therefore, the names must be valid Java
+        // identifiers
+        if (attrs != null && attrs.getLength() > 0) {
+            for (int i = 0; i < attrs.getLength(); i++) {
+                if ("name".equals(attrs.getLocalName(i)) &&
+                        !JspUtil.isJavaIdentifier(attrs.getValue(i))) {
+                    err.jspError(start, "jsp.error.identifier",
+                            attrs.getValue(i));
+                }
+            }
+        }
         new Node.AttributeDirective(attrs, start, parent);
     }
 

diff --git a/java/org/apache/jasper/resources/LocalStrings.properties b/java/org/apache/jasper/resources/LocalStrings.properties
index 33121f8..c2ffcfe 100644 (file)
--- a/java/org/apache/jasper/resources/LocalStrings.properties
+++ b/java/org/apache/jasper/resources/LocalStrings.properties
@@ -486,4 +486,6 @@ jsp.message.jsp_removed_excess=Removing excess JSP for path [{0}] from queue of
 jsp.message.jsp_removed_idle=Removing idle JSP for path [{0}] in context [{1}] after {2} seconds");
 jsp.message.jsp_unload_check=Checking JSPs for unload in context [{0}], JSP count: {1} queue length: {2}
 
+jsp.error.identifier=The attribute name [{0}] is invalid since it is not a valid Java identifier
+
 xmlParser.skipBomFail=Failed to skip BOM when parsing XML input stream

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 19474d8..2acfb7a 100644 (file)
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -77,6 +77,10 @@
         Label JSP/tag file line and column numbers when reporting errors since
         it may not be immediately obvious what the numbers represent. (markt)
       </add>
+      <fix>
+        <bug>36362</bug>: Check that tag file attribute names are valid Java
+        identifiers. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Web applications">