packages/tomcat
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
tomcat/CVE-2024-54677-8.patch
wk333 ebb0431a51 Fix CVE-2024-50379 CVE-2024-54677 
(cherry picked from commit 37b6fbcf4c334035b8423e43c24b2bea2397c27f)
2024-12-18 11:02:40 +08:00

718 lines
22 KiB
Diff
Raw Blame History

From 84c4af76e7a10fc7f8630ce62e6a46632ea4a90e Mon Sep 17 00:00:00 2001
From: Mark Thomas <markt@apache.org>
Date: Wed, 4 Dec 2024 18:41:34 +0000
Subject: [PATCH] Remove JSP calendar example.
Origin: https://github.com/apache/tomcat/commit/84c4af76e7a10fc7f8630ce62e6a46632ea4a90e
---
build.xml | 9 --
webapps/docs/changelog.xml | 3 +
.../examples/WEB-INF/classes/cal/Entries.java | 63 --------
.../examples/WEB-INF/classes/cal/Entry.java | 52 ------
.../WEB-INF/classes/cal/JspCalendar.java | 152 ------------------
.../WEB-INF/classes/cal/TableBean.java | 106 ------------
webapps/examples/jsp/cal/cal1.jsp | 94 -----------
webapps/examples/jsp/cal/cal2.jsp | 45 ------
webapps/examples/jsp/cal/calendar.html | 43 -----
webapps/examples/jsp/cal/login.html | 47 ------
webapps/examples/jsp/index.html | 8 -
11 files changed, 3 insertions(+), 619 deletions(-)
delete mode 100644 webapps/examples/WEB-INF/classes/cal/Entries.java
delete mode 100644 webapps/examples/WEB-INF/classes/cal/Entry.java
delete mode 100644 webapps/examples/WEB-INF/classes/cal/JspCalendar.java
delete mode 100644 webapps/examples/WEB-INF/classes/cal/TableBean.java
delete mode 100644 webapps/examples/jsp/cal/cal1.jsp
delete mode 100644 webapps/examples/jsp/cal/cal2.jsp
delete mode 100644 webapps/examples/jsp/cal/calendar.html
delete mode 100644 webapps/examples/jsp/cal/login.html
diff --git a/build.xml b/build.xml
index 52f5fa11252f..5b3e1738c283 100644
--- a/build.xml
+++ b/build.xml
@@ -1646,15 +1646,6 @@
</fileset>
</txt2html>
- <txt2html todir="${tomcat.build}/webapps/examples/jsp/cal">
- <fileset dir="webapps/examples/WEB-INF/classes/cal">
- <include name="Entries.java"/>
- <include name="Entry.java"/>
- <include name="JspCalendar.java"/>
- <include name="TableBean.java"/>
- </fileset>
- </txt2html>
-
<txt2html todir="${tomcat.build}/webapps/examples/jsp/jsptoserv">
<fileset dir="webapps/examples/WEB-INF/classes">
<include name="ServletToJsp.java"/>
diff --git a/webapps/examples/WEB-INF/classes/cal/Entries.java b/webapps/examples/WEB-INF/classes/cal/Entries.java
deleted file mode 100644
index cac611a03b1f..000000000000
--- a/webapps/examples/WEB-INF/classes/cal/Entries.java
+++ /dev/null
@@ -1,63 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package cal;
-
-import java.util.Map;
-import java.util.concurrent.ConcurrentHashMap;
-
-import javax.servlet.http.HttpServletRequest;
-
-public class Entries {
-
- private final Map<String, Entry> entries;
- private static final String[] time = { "8am", "9am", "10am", "11am",
- "12pm", "1pm", "2pm", "3pm", "4pm", "5pm", "6pm", "7pm", "8pm" };
- public static final int rows = 12;
-
- public Entries() {
- entries = new ConcurrentHashMap<>(rows);
- for (int i = 0; i < rows; i++) {
- entries.put(time[i], new Entry(time[i]));
- }
- }
-
- public int getRows() {
- return rows;
- }
-
- public Entry getEntry(int index) {
- return this.entries.get(time[index]);
- }
-
- public int getIndex(String tm) {
- for (int i = 0; i < rows; i++) {
- if (tm.equals(time[i])) {
- return i;
- }
- }
- return -1;
- }
-
- public void processRequest(HttpServletRequest request, String tm) {
- int index = getIndex(tm);
- if (index >= 0) {
- String descr = request.getParameter("description");
- entries.get(time[index]).setDescription(descr);
- }
- }
-
-}
diff --git a/webapps/examples/WEB-INF/classes/cal/Entry.java b/webapps/examples/WEB-INF/classes/cal/Entry.java
deleted file mode 100644
index ac248bfa3169..000000000000
--- a/webapps/examples/WEB-INF/classes/cal/Entry.java
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package cal;
-
-public class Entry {
-
- final String hour;
- String description;
-
- public Entry(String hour) {
- this.hour = hour;
- this.description = "";
-
- }
-
- public String getHour() {
- return this.hour;
- }
-
- public String getColor() {
- if (description.equals("")) {
- return "lightblue";
- }
- return "red";
- }
-
- public String getDescription() {
- if (description.equals("")) {
- return "None";
- }
- return this.description;
- }
-
- public void setDescription(String descr) {
- description = descr;
- }
-
-}
diff --git a/webapps/examples/WEB-INF/classes/cal/JspCalendar.java b/webapps/examples/WEB-INF/classes/cal/JspCalendar.java
deleted file mode 100644
index 29541cccb400..000000000000
--- a/webapps/examples/WEB-INF/classes/cal/JspCalendar.java
+++ /dev/null
@@ -1,152 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package cal;
-
-import java.util.Calendar;
-import java.util.Date;
-
-public class JspCalendar {
- final Calendar calendar;
-
- public JspCalendar() {
- calendar = Calendar.getInstance();
- Date trialTime = new Date();
- calendar.setTime(trialTime);
- }
-
-
- public int getYear() {
- return calendar.get(Calendar.YEAR);
- }
-
- public String getMonth() {
- int m = getMonthInt();
- String[] months = new String [] { "January", "February", "March",
- "April", "May", "June",
- "July", "August", "September",
- "October", "November", "December" };
- if (m > 12) {
- return "Unknown to Man";
- }
-
- return months[m - 1];
-
- }
-
- public String getDay() {
- int x = getDayOfWeek();
- String[] days = new String[] {"Sunday", "Monday", "Tuesday", "Wednesday",
- "Thursday", "Friday", "Saturday"};
-
- if (x > 7) {
- return "Unknown to Man";
- }
-
- return days[x - 1];
-
- }
-
- public int getMonthInt() {
- return 1 + calendar.get(Calendar.MONTH);
- }
-
- public String getDate() {
- return getMonthInt() + "/" + getDayOfMonth() + "/" + getYear();
- }
-
- public String getCurrentDate() {
- Date dt = new Date ();
- calendar.setTime (dt);
- return getMonthInt() + "/" + getDayOfMonth() + "/" + getYear();
-
- }
-
- public String getNextDate() {
- calendar.set (Calendar.DAY_OF_MONTH, getDayOfMonth() + 1);
- return getDate ();
- }
-
- public String getPrevDate() {
- calendar.set (Calendar.DAY_OF_MONTH, getDayOfMonth() - 1);
- return getDate ();
- }
-
- public String getTime() {
- return getHour() + ":" + getMinute() + ":" + getSecond();
- }
-
- public int getDayOfMonth() {
- return calendar.get(Calendar.DAY_OF_MONTH);
- }
-
- public int getDayOfYear() {
- return calendar.get(Calendar.DAY_OF_YEAR);
- }
-
- public int getWeekOfYear() {
- return calendar.get(Calendar.WEEK_OF_YEAR);
- }
-
- public int getWeekOfMonth() {
- return calendar.get(Calendar.WEEK_OF_MONTH);
- }
-
- public int getDayOfWeek() {
- return calendar.get(Calendar.DAY_OF_WEEK);
- }
-
- public int getHour() {
- return calendar.get(Calendar.HOUR_OF_DAY);
- }
-
- public int getMinute() {
- return calendar.get(Calendar.MINUTE);
- }
-
-
- public int getSecond() {
- return calendar.get(Calendar.SECOND);
- }
-
-
- public int getEra() {
- return calendar.get(Calendar.ERA);
- }
-
- public String getUSTimeZone() {
- String[] zones = new String[] {"Hawaii", "Alaskan", "Pacific",
- "Mountain", "Central", "Eastern"};
-
- return zones[10 + getZoneOffset()];
- }
-
- public int getZoneOffset() {
- return calendar.get(Calendar.ZONE_OFFSET)/(60*60*1000);
- }
-
-
- public int getDSTOffset() {
- return calendar.get(Calendar.DST_OFFSET)/(60*60*1000);
- }
-
-
- public int getAMPM() {
- return calendar.get(Calendar.AM_PM);
- }
-}
-
-
diff --git a/webapps/examples/WEB-INF/classes/cal/TableBean.java b/webapps/examples/WEB-INF/classes/cal/TableBean.java
deleted file mode 100644
index 9f1cc4a6cf7d..000000000000
--- a/webapps/examples/WEB-INF/classes/cal/TableBean.java
+++ /dev/null
@@ -1,106 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package cal;
-
-import java.util.Map;
-import java.util.concurrent.ConcurrentHashMap;
-
-import javax.servlet.http.HttpServletRequest;
-
-public class TableBean {
-
- private final Map<String, Entries> table;
- private final JspCalendar JspCal;
- private Entries entries;
- private String date;
- private String name = null;
- private String email = null;
- private boolean processError = false;
-
- public TableBean() {
- this.table = new ConcurrentHashMap<>(10);
- this.JspCal = new JspCalendar();
- this.date = JspCal.getCurrentDate();
- }
-
- public void setName(String nm) {
- this.name = nm;
- }
-
- public String getName() {
- return this.name;
- }
-
- public void setEmail(String mail) {
- this.email = mail;
- }
-
- public String getEmail() {
- return this.email;
- }
-
- public String getDate() {
- return this.date;
- }
-
- public Entries getEntries() {
- return this.entries;
- }
-
- public void processRequest(HttpServletRequest request) {
-
- // Get the name and e-mail.
- this.processError = false;
- if (name == null || name.equals("")) {
- setName(request.getParameter("name"));
- }
- if (email == null || email.equals("")) {
- setEmail(request.getParameter("email"));
- }
- if (name == null || email == null || name.equals("")
- || email.equals("")) {
- this.processError = true;
- return;
- }
-
- // Get the date.
- String dateR = request.getParameter("date");
- if (dateR == null) {
- date = JspCal.getCurrentDate();
- } else if (dateR.equalsIgnoreCase("next")) {
- date = JspCal.getNextDate();
- } else if (dateR.equalsIgnoreCase("prev")) {
- date = JspCal.getPrevDate();
- }
-
- entries = table.get(date);
- if (entries == null) {
- entries = new Entries();
- table.put(date, entries);
- }
-
- // If time is provided add the event.
- String time = request.getParameter("time");
- if (time != null) {
- entries.processRequest(request, time);
- }
- }
-
- public boolean getProcessError() {
- return this.processError;
- }
-}
diff --git a/webapps/examples/jsp/cal/cal1.jsp b/webapps/examples/jsp/cal/cal1.jsp
deleted file mode 100644
index ce29c13f9608..000000000000
--- a/webapps/examples/jsp/cal/cal1.jsp
+++ /dev/null
@@ -1,94 +0,0 @@
-<%--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
---%>
-<%@page contentType="text/html; charset=UTF-8" %>
-<HTML>
-<HEAD><TITLE>
- Calendar: A JSP APPLICATION
-</TITLE></HEAD>
-
-
-<BODY BGCOLOR="white">
-
-<%@ page language="java" import="cal.*" %>
-<jsp:useBean id="table" scope="session" class="cal.TableBean" />
-
-<%
- table.processRequest(request);
- if (table.getProcessError() == false) {
-%>
-
-<!-- HTML table goes here -->
-<CENTER>
-<TABLE WIDTH=60% BGCOLOR=yellow CELLPADDING=15>
-<TR>
-<TD ALIGN=CENTER> <A HREF=cal1.jsp?date=prev> prev </A>
-<TD ALIGN=CENTER> Calendar:<%= table.getDate() %></TD>
-<TD ALIGN=CENTER> <A HREF=cal1.jsp?date=next> next </A>
-</TR>
-</TABLE>
-
-<!-- the main table -->
-<TABLE WIDTH=60% BGCOLOR=lightblue BORDER=1 CELLPADDING=10>
-<TR>
-<TH> Time </TH>
-<TH> Appointment </TH>
-</TR>
-<FORM METHOD=POST ACTION=cal1.jsp>
-<%
- for(int i=0; i<table.getEntries().getRows(); i++) {
- cal.Entry entr = table.getEntries().getEntry(i);
-%>
- <TR>
- <TD>
- <A HREF=cal2.jsp?time=<%= entr.getHour() %>>
- <%= entr.getHour() %> </A>
- </TD>
- <TD BGCOLOR=<%= entr.getColor() %>>
- <% out.print(util.HTMLFilter.filter(entr.getDescription())); %>
- </TD>
- </TR>
-<%
- }
-%>
-</FORM>
-</TABLE>
-<BR>
-
-<!-- footer -->
-<TABLE WIDTH=60% BGCOLOR=yellow CELLPADDING=15>
-<TR>
-<TD ALIGN=CENTER> <% out.print(util.HTMLFilter.filter(table.getName())); %> :
- <% out.print(util.HTMLFilter.filter(table.getEmail())); %> </TD>
-</TR>
-</TABLE>
-</CENTER>
-
-<%
- } else {
-%>
-<font size=5>
- You must enter your name and email address correctly.
-</font>
-<%
- }
-%>
-
-
-</BODY>
-</HTML>
-
-
diff --git a/webapps/examples/jsp/cal/cal2.jsp b/webapps/examples/jsp/cal/cal2.jsp
deleted file mode 100644
index e7e14d8e0468..000000000000
--- a/webapps/examples/jsp/cal/cal2.jsp
+++ /dev/null
@@ -1,45 +0,0 @@
-<%--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
---%>
-<%@page contentType="text/html; charset=UTF-8" %>
-<HTML>
-<HEAD><TITLE>
- Calendar: A JSP APPLICATION
-</TITLE></HEAD>
-
-
-<BODY BGCOLOR="white">
-<jsp:useBean id="table" scope="session" class="cal.TableBean" />
-
-<%
- String time = request.getParameter ("time");
-%>
-
-<FONT SIZE=5> Please add the following event:
-<BR> <h3> Date <%= table.getDate() %>
-<BR> Time <%= util.HTMLFilter.filter(time) %> </h3>
-</FONT>
-<FORM METHOD=POST ACTION=cal1.jsp>
-<BR>
-<BR> <INPUT NAME="date" TYPE=HIDDEN VALUE="current">
-<BR> <INPUT NAME="time" TYPE=HIDDEN VALUE="<%= util.HTMLFilter.filter(time) %>">
-<BR> <h2> Description of the event <INPUT NAME="description" TYPE=TEXT SIZE=20> </h2>
-<BR> <INPUT TYPE=SUBMIT VALUE="submit">
-</FORM>
-
-</BODY>
-</HTML>
-
diff --git a/webapps/examples/jsp/cal/calendar.html b/webapps/examples/jsp/cal/calendar.html
deleted file mode 100644
index a0a3ea184134..000000000000
--- a/webapps/examples/jsp/cal/calendar.html
+++ /dev/null
@@ -1,43 +0,0 @@
-<html>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-
-<head>
-<title>Untitled Document</title>
-<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
-</head>
-
-<body bgcolor="#FFFFFF">
-<p><font color="#0000FF"><a href="login.html"><img src="../images/execute.gif" align="right" border="0"></a><a href="../index.html"><img src="../images/return.gif" width="24" height="24" align="right" border="0"></a></font></p>
-
-<h2> Source Code for Calendar Example. <br>
-<h3><a href="cal1.jsp.html">cal1.jsp<font color="#0000FF"></a>
- </font> </h3>
-<h3><a href="cal2.jsp.html">cal2.jsp<font color="#0000FF"></a>
- </font> </h3>
-
-<br>
-<h2> Beans.
-<h3><a href="TableBean.java.html">TableBean<font color="#0000FF"></a>
- </font> </h3>
-<h3><a href="Entries.java.html">Entries<font color="#0000FF"></a>
- </font> </h3>
-<h3><a href="Entry.java.html">Entry<font color="#0000FF"></a>
- </font> </h3>
-
-</body>
-</html>
diff --git a/webapps/examples/jsp/cal/login.html b/webapps/examples/jsp/cal/login.html
deleted file mode 100644
index 8a62eca07b4d..000000000000
--- a/webapps/examples/jsp/cal/login.html
+++ /dev/null
@@ -1,47 +0,0 @@
-<html>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-
-<head>
- <title> Login page for the calendar. </title>
-</head>
-
-<body bgcolor="white">
-<center>
-
- <font size=7 color="red"> Please Enter the following information: </font>
-
-<br>
- <form method=GET action=cal1.jsp>
-
- <font size=5> Name <input type=text name="name" size=20>
- </font>
- <br>
- <font size=5> Email <input type=text name="email" size=20>
- </font>
- <br>
- <input type=submit name=action value="Submit">
-
- </form>
-<hr>
-<font size=3 color="red"> Note: This application does not implement the complete
-functionality of a typical calendar application. It demonstrates a way JSP can
-be used with HTML tables and forms.</font>
-
-</center>
-</body>
-</html>
diff --git a/webapps/examples/jsp/index.html b/webapps/examples/jsp/index.html
index dc25005b2710..ed2da43b9a12 100644
--- a/webapps/examples/jsp/index.html
+++ b/webapps/examples/jsp/index.html
@@ -249,14 +249,6 @@ <h2>JSP 1.2 Examples</h2>
<td style="width: 30%;"><a href="colors/clr.html"><img src="images/code.gif" alt=""></a><a href="colors/clr.html">Source</a></td>
</tr>
-<tr>
-<td>Calendar</td>
-
-<td style="width: 30%;"><a href="cal/login.html"><img src="images/execute.gif" alt=""></a><a href="cal/login.html">Execute</a></td>
-
-<td style="width: 30%;"><a href="cal/calendar.html"><img src="images/code.gif" alt=""></a><a href="cal/calendar.html">Source</a></td>
-</tr>
-
<tr>
<td>Include</td>
Reference in New Issue View Git Blame Copy Permalink