-
Bug
-
Resolution: Done
-
Blocker
-
7.0.5.GA
-
-
-
-
-
-
+
-
Workaround Exists
-
-
If using a include directive in a tag-file
1.- A WAR app with just an "index.jsp":
<%@ page contentType="text/html" %> <%@ taglib prefix="sample" uri="sample" %> <html> <body bgcolor="white"> <h1>Sample TLD</h1> <sample:copyright/> </body> </html>
2.- The sample taglib is inside another JAR and defined like this:
<?xml version="1.0" encoding="UTF-8" ?> <taglib xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-jsptaglibrary_2_0.xsd" version="2.0"> <tlib-version>1.0</tlib-version> <short-name>sample</short-name> <uri>sample</uri> <tag-file> <name>copyright</name> <path>/META-INF/tags/copyright.tag</path> </tag-file> </taglib>
3.- The tag-file "copyright.tag" includes another JSP with the include directive:
<%@tag body-content="empty" %> <%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> <%@include file="./includes/include1.inc" %> <jsp:useBean id="now" scope="application" class="java.util.Date" /> <p>Copyright© ${now.year + 1900} My Company<%@ tag body-content="empty" %></p>
4.- The final include "include1.inc" is a simple jsp file:
<%@taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%> <%@taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn"%> <%@taglib uri="http://java.sun.com/jsp/jstl/fmt" prefix="fmt"%> <p>Request URI: <%= request.getRequestURI() %></p>
The resulting WAR throws the following exception:
2017-04-04 10:25:34,935 ERROR [io.undertow.request] (default task-7) UT005023: Exception handling request to /tld-war/index.jsp: org.apache.jasper.JasperException: /META-INF/tags/copyright.tag (JBWEB004251: An error occurred at line: 3 column: 1) JBWEB004036: File "./includes/include1.jsp" not found at org.apache.jasper.compiler.DefaultErrorHandler.jspError(DefaultErrorHandler.java:45) at org.apache.jasper.compiler.ErrorDispatcher.dispatch(ErrorDispatcher.java:276) at org.apache.jasper.compiler.ErrorDispatcher.jspError(ErrorDispatcher.java:91) at org.apache.jasper.compiler.Parser.processIncludeDirective(Parser.java:326) at org.apache.jasper.compiler.Parser.parseIncludeDirective(Parser.java:361) ...
Nevertheless I have tested that the same application works if:
1.- The include jsp is added using an absolute path:
<%@include file="/META-INF/tags/includes/include1.inc" %>
2.- The include path does not use "." or ".." (it is normalized):
<%@include file="includes/include1.inc" %>
Following the normalization idea I have patched the ParserController in jastow-2.0.0.Final-redhat-1.jar like this:
--- ParserController.java.ORIG 2017-04-04 12:07:39.655817486 +0200 +++ ParserController.java 2017-04-04 13:17:56.570334402 +0200 @@ -28,6 +28,7 @@ import org.apache.jasper.xmlparser.XMLEncodingDetector; import org.apache.tomcat.util.scan.Jar; import org.xml.sax.Attributes; +import java.nio.file.Paths; /** * Controller for the parsing of a JSP page. @@ -501,6 +502,7 @@ boolean isAbsolute = fileName.startsWith("/"); fileName = isAbsolute ? fileName : baseDirStack.peek() + fileName; + fileName = Paths.get(fileName).normalize().toString(); String baseDir = fileName.substring(0, fileName.lastIndexOf("/") + 1); baseDirStack.push(baseDir);
And it works. The "./includes/include1.inc" is correctly read and the JSP is compiled successfully. I'm going to submit a PR to github later.
- is cloned by
-
JBEAP-15250 [GSS](7.1.z) Include jsp from a taglib throws exception if path not normalized
- Closed
- is incorporated by
-
WFLY-10859 Upgrade jastow to 2.0.5.Final
- Closed