Bug 44391

Summary: SSI handling of escaped characters broken
Product: Tomcat 6 Reporter: Konrad Windszus <konrad_w>
Component: CatalinaAssignee: Tomcat Developers Mailing List <dev>
Status: RESOLVED FIXED    
Severity: normal    
Priority: P2    
Version: 6.0.14   
Target Milestone: default   
Hardware: Other   
OS: other   

Description Konrad Windszus 2008-02-11 04:37:40 UTC
In org.apache.catalina.ssi.SSIProcessor the method parseParamNames is broken. If
I have a SSI directive like <!--#set var="test" value="blubb\"\"" --> the method
detects three parameters instead of two. This is because there are two
consecutive escaped characters. Although the first one \" is detected correctly
the next one isn't because the flag escaped is still set to true, although this
character isn't escaped anymore.

You have to replace

boolean escaped = false;
for (; bIdx < cmd.length() && quotes != 2; bIdx++) {
  char c = cmd.charAt(bIdx);
  // Need to skip escaped characters
  if (c == '\\' && !escaped) {
    escaped = true;
    bIdx++;
    continue;
  }
  escaped = false;
  if (c == '"') quotes++;
}

by 

for (; bIdx < cmd.length() && quotes != 2; bIdx++) {
  char c = cmd.charAt(bIdx);
  // Need to skip escaped characters
  if (c == '\\') {
    bIdx++;
    continue;
  }
  if (c == '"') quotes++;
}

Just removing the flag escaped is sufficient, because you don't have to remember
whether the last character was escaped and that should have no influence to
consecutive characters.

The bug still exists in the HEAD revision of the repository.
Comment 1 Mark Thomas 2008-04-11 14:25:54 UTC
Your proposed patch isn't quire right. For example, you have to know if the previous character is escaped or not if you have two \ in a row.

I have committed a fix to trunk and proposed it for 6.0.x. 
Comment 2 Mark Thomas 2008-04-17 10:53:10 UTC
The patch has been applied to 6.0.x and will be in 6.0.17 onwards.