diff --git a/src/java/com/samskivert/servlet/MessageManager.java b/src/java/com/samskivert/servlet/MessageManager.java index 13c6250e..67a221e6 100644 --- a/src/java/com/samskivert/servlet/MessageManager.java +++ b/src/java/com/samskivert/servlet/MessageManager.java @@ -116,9 +116,9 @@ public class MessageManager return "[null message key]"; } - // if the key is tainted, just strip the taint character - if (path.startsWith(MessageUtil.TAINT_CHAR)) { - return path.substring(1); + // if the key is tainted, just return the untainted key + if (MessageUtil.isTainted(path)) { + return MessageUtil.untaint(path); } // attempt to determine whether or not this is a compound key @@ -128,13 +128,13 @@ public class MessageManager String argstr = path.substring(tidx+1); String[] args = StringUtil.split(argstr, "|"); // unescape and translate the arguments - for (int i = 0; i < args.length; i++) { + for (int ii = 0; ii < args.length; ii++) { // if the argument is tainted, do no further translation (it might contain |s or // other fun stuff) - if (args[i].startsWith(MessageUtil.TAINT_CHAR)) { - args[i] = MessageUtil.unescape(args[i].substring(1)); + if (MessageUtil.isTainted(args[ii])) { + args[ii] = MessageUtil.unescape(MessageUtil.untaint(args[ii])); } else { - args[i] = getMessage(req, MessageUtil.unescape(args[i])); + args[ii] = getMessage(req, MessageUtil.unescape(args[ii])); } } return getMessage(req, key, args); diff --git a/src/java/com/samskivert/text/MessageUtil.java b/src/java/com/samskivert/text/MessageUtil.java index 1e2f2e67..7e581443 100644 --- a/src/java/com/samskivert/text/MessageUtil.java +++ b/src/java/com/samskivert/text/MessageUtil.java @@ -25,10 +25,6 @@ package com.samskivert.text; */ public class MessageUtil { - /** Text prefixed by this character will be considered tainted when doing recursive - * translations and won't be translated. */ - public static final String TAINT_CHAR = "~"; - /** Used to mark fully qualified message keys. */ public static final String QUAL_PREFIX = "%"; @@ -46,6 +42,24 @@ public class MessageUtil return TAINT_CHAR + text; } + /** + * Returns whether or not the provided string is tainted. See {@link #taint()}. Null strings + * are considered untainted. + */ + public static boolean isTainted (String text) + { + return text != null && text.startsWith(TAINT_CHAR); + } + + /** + * Removes the tainting character added to a string by {@link #taint()}. If the provided string + * is not tainted, this silently returns the originally provided string. + */ + public static String untaint (String text) + { + return isTainted(text) ? text.substring(TAINT_CHAR.length()) : text; + } + /** * Composes a message key with an array of arguments. The message can subsequently be * decomposed and translated without prior knowledge of how many arguments were provided. @@ -220,4 +234,8 @@ public class MessageUtil return qualifiedKey.substring(qsidx+1); } + + /** Text prefixed by this character will be considered tainted when doing recursive + * translations and won't be translated. */ + protected static final String TAINT_CHAR = "~"; }