From e08b9b890ff9ce8555589f927d05bf20ceb112b3 Mon Sep 17 00:00:00 2001 From: Stephen Colebourne Date: Sat, 16 Oct 2004 18:52:21 +0000 Subject: [PATCH] Fix unescape to handle invalid entities bug 29149, from Dan Goldberg git-svn-id: https://svn.apache.org/repos/asf/jakarta/commons/proper/lang/trunk@137988 13f79535-47bb-0310-9956-ffa450edef68 --- RELEASE-NOTES.txt | 4 +++- .../org/apache/commons/lang/Entities.java | 22 ++++++++++++++----- .../commons/lang/StringEscapeUtilsTest.java | 7 +++++- 3 files changed, 25 insertions(+), 8 deletions(-) diff --git a/RELEASE-NOTES.txt b/RELEASE-NOTES.txt index 17dc329d9..7da41246f 100644 --- a/RELEASE-NOTES.txt +++ b/RELEASE-NOTES.txt @@ -1,4 +1,4 @@ -$Id: RELEASE-NOTES.txt,v 1.31 2004/10/16 17:47:48 scolebourne Exp $ +$Id: RELEASE-NOTES.txt,v 1.32 2004/10/16 18:52:21 scolebourne Exp $ Commons Lang Package Version 2.1 @@ -107,6 +107,7 @@ BUG FIXES: 28468 StringUtils.defaultString: Documentation error 28554 Add hashCode-support to class ObjectUtils 29082 Enhancement of ExceptionUtils.CAUSE_METHOD_NAMES +29149 StringEscapeUtils.unescapeHtml() doesn't handle an empty entity 29294 lang.math.Fraction class deficiencies 29673 ExceptionUtils: new getCause() methodname (for tomcat) 29794 Add convenience format(long) methods to FastDateForma @@ -117,3 +118,4 @@ BUG FIXES: 31395 DateUtils.truncate oddity at the far end of the Date spectrum 31478 Compile error with JDK 5 "enum" is a keyword 31572 o.a.c.lang.enum.ValuedEnum: 'enum'is a keyword in JDK1.5.0 + diff --git a/src/java/org/apache/commons/lang/Entities.java b/src/java/org/apache/commons/lang/Entities.java index ab760d3d8..1c115f655 100644 --- a/src/java/org/apache/commons/lang/Entities.java +++ b/src/java/org/apache/commons/lang/Entities.java @@ -31,7 +31,7 @@ import java.util.TreeMap; * @author Alexander Day Chaffee * @author Gary Gregory * @since 2.0 - * @version $Id: Entities.java,v 1.18 2004/09/01 18:00:01 ggregory Exp $ + * @version $Id: Entities.java,v 1.19 2004/10/16 18:52:21 scolebourne Exp $ */ class Entities { @@ -648,12 +648,22 @@ class Entities { } String entityName = str.substring(i + 1, semi); int entityValue; - if (entityName.charAt(0) == '#') { - char charAt1 = entityName.charAt(1); - if (charAt1 == 'x' || charAt1=='X') { - entityValue = Integer.valueOf(entityName.substring(2), 16).intValue(); + if (entityName.length() == 0) { + entityValue = -1; + } else if (entityName.charAt(0) == '#') { + if (entityName.length() == 1) { + entityValue = -1; } else { - entityValue = Integer.parseInt(entityName.substring(1)); + char charAt1 = entityName.charAt(1); + try { + if (charAt1 == 'x' || charAt1=='X') { + entityValue = Integer.valueOf(entityName.substring(2), 16).intValue(); + } else { + entityValue = Integer.parseInt(entityName.substring(1)); + } + } catch (NumberFormatException ex) { + entityValue = -1; + } } } else { entityValue = this.entityValue(entityName); diff --git a/src/test/org/apache/commons/lang/StringEscapeUtilsTest.java b/src/test/org/apache/commons/lang/StringEscapeUtilsTest.java index d8b889d87..3e7054086 100644 --- a/src/test/org/apache/commons/lang/StringEscapeUtilsTest.java +++ b/src/test/org/apache/commons/lang/StringEscapeUtilsTest.java @@ -29,7 +29,7 @@ import junit.textui.TestRunner; * * @author of original StringUtilsTest.testEscape = ? * @author Alexander Day Chaffee - * @version $Id: StringEscapeUtilsTest.java,v 1.14 2004/02/18 23:06:19 ggregory Exp $ + * @version $Id: StringEscapeUtilsTest.java,v 1.15 2004/10/16 18:52:21 scolebourne Exp $ */ public class StringEscapeUtilsTest extends TestCase { private final static String FOO = "foo"; @@ -226,6 +226,11 @@ public class StringEscapeUtilsTest extends TestCase { // note that the test string must be 7-bit-clean (unicode escaped) or else it will compile incorrectly // on some locales assertEquals("funny chars pass through OK", "Fran\u00E7ais", StringEscapeUtils.unescapeHtml("Fran\u00E7ais")); + + assertEquals("Hello&;World", StringEscapeUtils.unescapeHtml("Hello&;World")); + assertEquals("Hello&#;World", StringEscapeUtils.unescapeHtml("Hello&#;World")); + assertEquals("Hello&# ;World", StringEscapeUtils.unescapeHtml("Hello&# ;World")); + assertEquals("Hello&##;World", StringEscapeUtils.unescapeHtml("Hello&##;World")); } public void testUnescapeHexCharsHtml() {