Fix BZ69508 - Fix jsp:include URL corruption

In GeneratorVisitor#generateIncludeWithParameters, since we introduce an extra variable urlVariableName to store include page param, then we need explicit specify literal=false when call #printParams. https://bz.apache.org/bugzilla/show_bug.cgi?id=69508
apache · Jan 14, 2025 · 97f7133 · 97f7133
1 parent c26e421
commit 97f7133
Show file tree

Hide file tree

Showing 4 changed files with 106 additions and 4 deletions.
diff --git a/java/org/apache/jasper/compiler/Generator.java b/java/org/apache/jasper/compiler/Generator.java
@@ -1082,7 +1082,7 @@ public void visit(Node.IncludeAction n) throws JasperException {
             }
 
             if (n.getBody() != null) {
-                generateIncludeWithParameters(n, page, isFlush, pageParam);
+                generateIncludeWithParameters(n, isFlush, pageParam);
             } else {
                 generateInclude(n, page, isFlush, pageParam);
             }
@@ -1097,8 +1097,8 @@ private void generateInclude(Node.IncludeAction n, Node.JspAttribute page, boole
             out.println(", out, " + isFlush + ");");
         }
 
-        private void generateIncludeWithParameters(Node.IncludeAction n, Node.JspAttribute page, boolean isFlush,
-                String pageParam) throws JasperException {
+        private void generateIncludeWithParameters(Node.IncludeAction n, boolean isFlush, String pageParam)
+                throws JasperException {
             // jsp:include contains jsp:param - reuse some calculations
             String temporaryVariableName = n.getRoot().nextTemporaryVariableName();
             String urlVariableName = temporaryVariableName + "_url";
@@ -1108,7 +1108,8 @@ private void generateIncludeWithParameters(Node.IncludeAction n, Node.JspAttribu
             out.printin("String " + requestEncodingVariableName + " = " + REQUEST_CHARACTER_ENCODING_TEXT + ";");
             out.println();
             out.printin("org.apache.jasper.runtime.JspRuntimeLibrary.include(request, response, " + urlVariableName);
-            printParams(n, urlVariableName, page.isLiteral(), requestEncodingVariableName);
+            // literal is hard-coded to false for this call since it always uses a variable
+            printParams(n, urlVariableName, false, requestEncodingVariableName);
             out.println(", out, " + isFlush + ");");
         }
 

diff --git a/test/org/apache/jasper/compiler/TestGenerator.java b/test/org/apache/jasper/compiler/TestGenerator.java
@@ -971,6 +971,37 @@ public void testBug65390() throws Exception {
         Assert.assertEquals(body.toString(), HttpServletResponse.SC_OK, rc);
     }
 
+    @Test
+    public void testBug69508() throws Exception {
+        getTomcatInstanceTestWebapp(false, true);
+
+        ByteChunk body = new ByteChunk();
+        int rc = getUrl("http://localhost:" + getPort() + "/test/bug6nnnn/bug69508.jsp?init=InitCommand", body, null);
+
+        String text = body.toString();
+        Assert.assertEquals(text, HttpServletResponse.SC_OK, rc);
+        // include page URL with param cmd
+        Assert.assertTrue(text, text.contains("<p>cmd - someCommand</p>"));
+        Assert.assertTrue(text, text.contains("<p>param1 - value1</p>"));
+        Assert.assertTrue(text, text.contains("<p>cmd - someCommandAbs</p>"));
+        Assert.assertTrue(text, text.contains("<p>param1 - value1Abs</p>"));
+        // include page URL without param
+        Assert.assertTrue(text, text.contains("<p>param2 - value2</p>"));
+        Assert.assertTrue(text, text.contains("<p>param2 - value2Abs</p>"));
+
+        Assert.assertTrue(text, text.contains("<p>param3 - InitCommand</p>"));
+        Assert.assertTrue(text, text.contains("<p>param3 - InitCommandAbs</p>"));
+
+        Assert.assertTrue(text, text.contains("<p>param4 - value4</p>"));
+        Assert.assertTrue(text, text.contains("<p>param4 - value4Abs</p>"));
+
+        Assert.assertTrue(text, text.contains("<p>param5 - InitCommand</p>"));
+        Assert.assertTrue(text, text.contains("<p>param5 - InitCommandAbs</p>"));
+
+        Assert.assertTrue(text, text.contains("<p>param6 - value6</p>"));
+        Assert.assertTrue(text, text.contains("<p>param6 - value6Abs</p>"));
+    }
+
     @Test
     public void testTagReleaseWithPooling() throws Exception {
         doTestTagRelease(true);

diff --git a/test/webapp/bug6nnnn/bug69508.jsp b/test/webapp/bug6nnnn/bug69508.jsp
@@ -0,0 +1,64 @@
+<%--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+--%>
+
+<jsp:include page="../echo-params.jsp?cmd=someCommand">
+    <jsp:param name="param1" value="value1" />
+</jsp:include>
+
+<jsp:include page="/echo-params.jsp?cmd=someCommandAbs">
+    <jsp:param name="param1" value="value1Abs" />
+</jsp:include>
+
+<jsp:include page="../echo-params.jsp">
+    <jsp:param name="param2" value="value2" />
+</jsp:include>
+
+<jsp:include page="/echo-params.jsp">
+    <jsp:param name="param2" value="value2Abs" />
+</jsp:include>
+
+<%--
+    Verify expression support in page and param value.
+ --%>
+<%
+    String initCommand = request.getParameter("init");
+    if (initCommand != null) {
+        String relativeUrl = "../echo-params.jsp?param3=" + initCommand;
+        String absoluteUrl = "/echo-params.jsp?param3=" + initCommand + "Abs";
+        String init_param = initCommand+"_param";
+        String init_param_value_abs=initCommand+"Abs";
+    %>
+        <jsp:include page="<%=relativeUrl%>">
+            <jsp:param name="param4" value="value4" />
+            <jsp:param name="param5" value="<%=initCommand%>" />
+        </jsp:include>
+        <jsp:include page="<%=absoluteUrl%>">
+            <jsp:param name="param4" value="value4Abs" />
+            <jsp:param name="param5" value="<%=init_param_value_abs%>" />
+        </jsp:include>
+    <%
+    }
+%>
+<%--
+Following cases without jsp:param
+--%>
+<jsp:include page="../echo-params.jsp"/>
+<jsp:include page="/echo-params.jsp"/>
+
+<jsp:include page="../echo-params.jsp?param6=value6"/>
+
+<jsp:include page="/echo-params.jsp?param6=value6Abs"/>
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
@@ -224,6 +224,12 @@
         21 being the minimum Java version required for Tomcat 12. (markt)
       </update>
       <!-- Entries for backport and removal before 12.0.0-M1 below this line -->
+      <fix>
+        <bug>69508</bug>: Correct a regression in the fix for <bug>69382</bug>
+        that broke JSP include actions if both the page attribute and the body
+        contained parameters. Pull request <pr>803</pr> provided by Chenjp.
+        (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Web applications">