Item12781: Configure: SimpleFreeMarker buggy with variables that expand to query expressions

Under circumstances I can't pin down exactly, when the login dialog is rendered, a bug in the template parser is exposed:

Suppose you have a template variable that expands to something containing yet another {$foo} expression. The parser inserts that into your page. Once all template variables have been expanded, there's another step that treats {$foo?bar} expressions, using a regex substitution along the lines of \{.*\?.*\} . Since the output now contains {$foo} that weren't there before, the substitution can match them – and since they don't contain a literal question mark, the parser may end up interpreting a huge chunk of the document (spanning everything from the newly inserted expression and an as-of-yet unexpanded {$foo?bar} expression further down) as a single expression. That expression is almost certainly invalid, and we end up getting a really ugly error message complaining about a missing template variable.

It seems much more reasonable to do the {$foo?bar} code in the loop that iterates over the template variables, so that we can use a much more specific regex and nip this kind of problem in the bud.

-- JanKrueger - 14 Mar 2014

SimpleFreeMarker has been removed since this was closed.

-- CrawfordCurrie - 15 Mar 2015

Commenting is disabled while not logged in