Re: svn commit: r1648298 - in /ofbiz/trunk: applications/content/src/org/o
Locked
Re: svn commit: r1648298 - in /ofbiz/trunk: applications/content/src/org/o
 
|
+ public static class UrlEncoder implements SimpleEncoder,
SimpleDecoder { Since the class encodes and decodes URLs, can we call it UrlCodec? Adrian Crum Sandglass Software www.sandglass-software.com On 12/29/2014 9:24 AM, [hidden email] wrote: > Author: jacopoc > Date: Mon Dec 29 09:24:46 2014 > New Revision: 1648298 > > URL: http://svn.apache.org/r1648298 > Log: > A series of cleanup to the integration with OWASP ESAPI. Isolated dependencies on the external OWASP ESAPI jar into the StringUtil class. > > > Modified: > ofbiz/trunk/applications/content/src/org/ofbiz/content/content/ContentUrlFilter.java > ofbiz/trunk/framework/base/src/org/ofbiz/base/util/StringUtil.java > ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilHttp.java > ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/StringUtilTests.java > ofbiz/trunk/framework/common/src/org/ofbiz/common/CommonServices.java > ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java > ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/ftl/OfbizContentTransform.java > ofbiz/trunk/framework/webtools/src/org/ofbiz/webtools/labelmanager/LabelManagerFactory.java > ofbiz/trunk/framework/widget/src/org/ofbiz/widget/WidgetWorker.java > ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/MacroFormRenderer.java > ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/HtmlWidget.java > > Modified: ofbiz/trunk/applications/content/src/org/ofbiz/content/content/ContentUrlFilter.java > URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/content/src/org/ofbiz/content/content/ContentUrlFilter.java?rev=1648298&r1=1648297&r2=1648298&view=diff > ============================================================================== > --- ofbiz/trunk/applications/content/src/org/ofbiz/content/content/ContentUrlFilter.java (original) > +++ ofbiz/trunk/applications/content/src/org/ofbiz/content/content/ContentUrlFilter.java Mon Dec 29 09:24:46 2014 > @@ -39,7 +39,6 @@ import org.ofbiz.entity.Delegator; > import org.ofbiz.entity.GenericValue; > import org.ofbiz.entity.util.EntityQuery; > import org.ofbiz.webapp.control.ContextFilter; > -import org.owasp.esapi.errors.EncodingException; > > public class ContentUrlFilter extends ContextFilter { > public final static String module = ContentUrlFilter.class.getName(); > @@ -118,14 +117,10 @@ public class ContentUrlFilter extends Co > .queryFirst(); > if (contentAssocDataResource != null) { > url = contentAssocDataResource.getString("drObjectInfo"); > - try { > - url = StringUtil.defaultWebEncoder.decodeFromURL(url); > - String mountPoint = request.getContextPath(); > - if (!(mountPoint.equals("/")) && !(mountPoint.equals(""))) { > - url = mountPoint + url; > - } > - } catch (EncodingException e) { > - Debug.logError(e, module); > + url = StringUtil.getDecoder("url").decode(url); > + String mountPoint = request.getContextPath(); > + if (!(mountPoint.equals("/")) && !(mountPoint.equals(""))) { > + url = mountPoint + url; > } > } > } catch (Exception e) { > > Modified: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/StringUtil.java > URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/src/org/ofbiz/base/util/StringUtil.java?rev=1648298&r1=1648297&r2=1648298&view=diff > ============================================================================== > --- ofbiz/trunk/framework/base/src/org/ofbiz/base/util/StringUtil.java (original) > +++ ofbiz/trunk/framework/base/src/org/ofbiz/base/util/StringUtil.java Mon Dec 29 09:24:46 2014 > @@ -36,14 +36,12 @@ import java.util.regex.Pattern; > import org.apache.commons.codec.DecoderException; > import org.apache.commons.codec.binary.Hex; > import org.ofbiz.base.lang.Appender; > -import org.owasp.esapi.ValidationErrorList; > -import org.owasp.esapi.Validator; > import org.owasp.esapi.codecs.Codec; > import org.owasp.esapi.codecs.HTMLEntityCodec; > import org.owasp.esapi.codecs.PercentCodec; > +import org.owasp.esapi.errors.EncodingException; > import org.owasp.esapi.errors.IntrusionException; > import org.owasp.esapi.reference.DefaultEncoder; > -import org.owasp.esapi.reference.DefaultValidator; > > /** > * Misc String Utility Functions > @@ -56,15 +54,11 @@ public class StringUtil { > // FIXME: Not thread safe > protected static final Map<String, Pattern> substitutionPatternMap; > > - /** OWASP ESAPI canonicalize strict flag; setting false so we only get warnings about double encoding, etc; can be set to true for exceptions and more security */ > - public static final boolean esapiCanonicalizeStrict = false; > - public static final DefaultEncoder defaultWebEncoder; > - public static final Validator defaultWebValidator; > + private static final DefaultEncoder defaultWebEncoder; > static { > // possible codecs: CSSCodec, HTMLEntityCodec, JavaScriptCodec, MySQLCodec, OracleCodec, PercentCodec, UnixCodec, VBScriptCodec, WindowsCodec > List<Codec> codecList = Arrays.asList(new HTMLEntityCodec(), new PercentCodec()); > defaultWebEncoder = new DefaultEncoder(codecList); > - defaultWebValidator = new DefaultValidator(); > substitutionPatternMap = new HashMap<String, Pattern>(); > substitutionPatternMap.put("&&", Pattern.compile("@and", Pattern.LITERAL)); > substitutionPatternMap.put("||", Pattern.compile("@or", Pattern.LITERAL)); > @@ -74,9 +68,10 @@ public class StringUtil { > substitutionPatternMap.put(">", Pattern.compile("@gt", Pattern.LITERAL)); > } > > - public static final SimpleEncoder htmlEncoder = new HtmlEncoder(); > - public static final SimpleEncoder xmlEncoder = new XmlEncoder(); > - public static final SimpleEncoder stringEncoder = new StringEncoder(); > + private static final HtmlEncoder htmlEncoder = new HtmlEncoder(); > + private static final XmlEncoder xmlEncoder = new XmlEncoder(); > + private static final StringEncoder stringEncoder = new StringEncoder(); > + private static final UrlEncoder urlEncoder = new UrlEncoder(); > > private StringUtil() { > } > @@ -85,6 +80,10 @@ public class StringUtil { > public String encode(String original); > } > > + public static interface SimpleDecoder { > + public String decode(String original); > + } > + > public static class HtmlEncoder implements SimpleEncoder { > public String encode(String original) { > return StringUtil.defaultWebEncoder.encodeForHTML(original); > @@ -97,6 +96,26 @@ public class StringUtil { > } > } > > + public static class UrlEncoder implements SimpleEncoder, SimpleDecoder { > + public String encode(String original) { > + try { > + return StringUtil.defaultWebEncoder.encodeForURL(original); > + } catch (EncodingException ee) { > + Debug.logError(ee, module); > + return null; > + } > + } > + > + public String decode(String original) { > + try { > + return StringUtil.defaultWebEncoder.decodeFromURL(original); > + } catch (EncodingException ee) { > + Debug.logError(ee, module); > + return null; > + } > + } > + } > + > public static class StringEncoder implements SimpleEncoder { > public String encode(String original) { > if (original != null) { > @@ -109,7 +128,9 @@ public class StringUtil { > // ================== Begin General Functions ================== > > public static SimpleEncoder getEncoder(String type) { > - if ("xml".equals(type)) { > + if ("url".equals(type)) { > + return StringUtil.urlEncoder; > + } else if ("xml".equals(type)) { > return StringUtil.xmlEncoder; > } else if ("html".equals(type)) { > return StringUtil.htmlEncoder; > @@ -120,6 +141,14 @@ public class StringUtil { > } > } > > + public static SimpleDecoder getDecoder(String type) { > + if ("url".equals(type)) { > + return StringUtil.urlEncoder; > + } else { > + return null; > + } > + } > + > public static String internString(String value) { > return value != null ? value.intern() : null; > } > @@ -594,6 +623,13 @@ public class StringUtil { > return result; > } > > + public static String canonicalize(String value) throws IntrusionException { > + return defaultWebEncoder.canonicalize(value); > + } > + > + public static String canonicalize(String value, boolean strict) throws IntrusionException { > + return defaultWebEncoder.canonicalize(value, strict); > + } > /** > * Uses a black-list approach for necessary characters for HTML. > * Does not allow various characters (after canonicalization), including "<", ">", "&" (if not followed by a space), and "%" (if not followed by a space). > @@ -606,7 +642,7 @@ public class StringUtil { > > // canonicalize, strict (error on double-encoding) > try { > - value = defaultWebEncoder.canonicalize(value, true); > + value = canonicalize(value, true); > } catch (IntrusionException e) { > // NOTE: using different log and user targeted error messages to allow the end-user message to be less technical > Debug.logError("Canonicalization (format consistency, character escaping that is mixed or double, etc) error for attribute named [" + valueName + "], String [" + value + "]: " + e.toString(), module); > @@ -651,21 +687,6 @@ public class StringUtil { > return value; > } > > - /** > - * Uses a white-list approach to check for safe HTML. > - * Based on the ESAPI validator configured in the antisamy-esapi.xml file. > - * > - * @param value > - * @param errorMessageList > - * @return String with updated value if needed for safer HTML. > - */ > - public static String checkStringForHtmlSafeOnly(String valueName, String value, List<String> errorMessageList) { > - ValidationErrorList vel = new ValidationErrorList(); > - value = defaultWebValidator.getValidSafeHTML(valueName, value, Integer.MAX_VALUE, true, vel); > - errorMessageList.addAll(UtilGenerics.checkList(vel.errors(), String.class)); > - return value; > - } > - > /** > * Remove/collapse multiple newline characters > * > > Modified: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilHttp.java > URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilHttp.java?rev=1648298&r1=1648297&r2=1648298&view=diff > ============================================================================== > --- ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilHttp.java (original) > +++ ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilHttp.java Mon Dec 29 09:24:46 2014 > @@ -53,8 +53,6 @@ import org.apache.oro.text.regex.Malform > import org.apache.oro.text.regex.Pattern; > import org.apache.oro.text.regex.PatternMatcher; > import org.apache.oro.text.regex.Perl5Matcher; > -import org.owasp.esapi.errors.EncodingException; > -import org.owasp.esapi.errors.IntrusionException; > > import com.ibm.icu.util.Calendar; > > @@ -251,10 +249,11 @@ public class UtilHttp { > > public static String canonicalizeParameter(String paramValue) { > try { > - String cannedStr = StringUtil.defaultWebEncoder.canonicalize(paramValue, StringUtil.esapiCanonicalizeStrict); > + /** calling canonicalize with strict flag set to false so we only get warnings about double encoding, etc; can be set to true for exceptions and more security */ > + String cannedStr = StringUtil.canonicalize(paramValue, false); > if (Debug.verboseOn()) Debug.logVerbose("Canonicalized parameter with " + (cannedStr.equals(paramValue) ? "no " : "") + "change: original [" + paramValue + "] canned [" + cannedStr + "]", module); > return cannedStr; > - } catch (IntrusionException e) { > + } catch (Exception e) { > Debug.logError(e, "Error in canonicalize parameter value [" + paramValue + "]: " + e.toString(), module); > return paramValue; > } > @@ -791,22 +790,14 @@ public class UtilHttp { > buf.append("&"); > } > } > - try { > - buf.append(StringUtil.defaultWebEncoder.encodeForURL(name)); > - } catch (EncodingException e) { > - Debug.logError(e, module); > - } > + buf.append(StringUtil.getEncoder("url").encode(name)); > /* the old way: try { > buf.append(URLEncoder.encode(name, "UTF-8")); > } catch (UnsupportedEncodingException e) { > Debug.logError(e, module); > } */ > buf.append('='); > - try { > - buf.append(StringUtil.defaultWebEncoder.encodeForURL(valueStr)); > - } catch (EncodingException e) { > - Debug.logError(e, module); > - } > + buf.append(StringUtil.getEncoder("url").encode(valueStr)); > /* the old way: try { > buf.append(URLEncoder.encode(valueStr, "UTF-8")); > } catch (UnsupportedEncodingException e) { > > Modified: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/StringUtilTests.java > URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/StringUtilTests.java?rev=1648298&r1=1648297&r2=1648298&view=diff > ============================================================================== > --- ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/StringUtilTests.java (original) > +++ ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/StringUtilTests.java Mon Dec 29 09:24:46 2014 > @@ -303,9 +303,6 @@ public class StringUtilTests extends Gen > checkStringForHtmlStrictNone_test("double-encoding", "%2%353Cscript", "%2%353Cscript", "In field [double-encoding] found character escaping (mixed or double) that is not allowed or other format consistency error: org.owasp.esapi.errors.IntrusionException: Input validation failure"); > } > > - public void testCheckStringForHtmlSafeOnly() { > - } > - > public void testCollapseNewlines() { > } > > > Modified: ofbiz/trunk/framework/common/src/org/ofbiz/common/CommonServices.java > URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/common/src/org/ofbiz/common/CommonServices.java?rev=1648298&r1=1648297&r2=1648298&view=diff > ============================================================================== > --- ofbiz/trunk/framework/common/src/org/ofbiz/common/CommonServices.java (original) > +++ ofbiz/trunk/framework/common/src/org/ofbiz/common/CommonServices.java Mon Dec 29 09:24:46 2014 > @@ -64,7 +64,6 @@ import org.ofbiz.service.ModelService; > import org.ofbiz.service.ServiceSynchronization; > import org.ofbiz.service.ServiceUtil; > import org.ofbiz.service.mail.MimeMessageWrapper; > -import org.owasp.esapi.errors.EncodingException; > > /** > * Common Services > @@ -539,17 +538,15 @@ public class CommonServices { > } > > public static Map<String, Object> resetMetric(DispatchContext dctx, Map<String, ?> context) { > - String name = (String) context.get("name"); > - try { > - name = StringUtil.defaultWebEncoder.decodeFromURL(name); > - } catch (EncodingException e) { > - return ServiceUtil.returnError("Exception thrown while decoding metric name \"" + name + "\""); > + String originalName = (String) context.get("name"); > + String name = StringUtil.getDecoder("url").decode(originalName); > + if (name == null) { > + return ServiceUtil.returnError("Exception thrown while decoding metric name \"" + originalName + "\""); > } > Metrics metric = MetricsFactory.getMetric(name); > if (metric != null) { > metric.reset(); > return ServiceUtil.returnSuccess(); > - > } > return ServiceUtil.returnError("Metric \"" + name + "\" not found."); > } > > Modified: ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java > URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java?rev=1648298&r1=1648297&r2=1648298&view=diff > ============================================================================== > --- ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java (original) > +++ ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java Mon Dec 29 09:24:46 2014 > @@ -62,7 +62,6 @@ import org.ofbiz.webapp.view.ViewHandler > import org.ofbiz.webapp.view.ViewHandlerException; > import org.ofbiz.webapp.website.WebSiteProperties; > import org.ofbiz.webapp.website.WebSiteWorker; > -import org.owasp.esapi.errors.EncodingException; > import org.python.modules.re; > > /** > @@ -1116,13 +1115,11 @@ public class RequestHandler { > if (queryString.length() > 1) { > queryString.append("&"); > } > - > - try { > - queryString.append(StringUtil.defaultWebEncoder.encodeForURL(name)); > + String encodedName = StringUtil.getEncoder("url").encode(name); > + if (encodedName != null) { > + queryString.append(encodedName); > queryString.append("="); > - queryString.append(StringUtil.defaultWebEncoder.encodeForURL(value)); > - } catch (EncodingException e) { > - Debug.logError(e, module); > + queryString.append(StringUtil.getEncoder("url").encode(value)); > } > } > } > > Modified: ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/ftl/OfbizContentTransform.java > URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/ftl/OfbizContentTransform.java?rev=1648298&r1=1648297&r2=1648298&view=diff > ============================================================================== > --- ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/ftl/OfbizContentTransform.java (original) > +++ ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/ftl/OfbizContentTransform.java Mon Dec 29 09:24:46 2014 > @@ -28,7 +28,6 @@ import org.ofbiz.base.util.Debug; > import org.ofbiz.base.util.StringUtil; > import org.ofbiz.base.util.UtilValidate; > import org.ofbiz.webapp.taglib.ContentUrlTag; > -import org.owasp.esapi.errors.EncodingException; > > import freemarker.core.Environment; > import freemarker.ext.beans.BeanModel; > @@ -93,11 +92,7 @@ public class OfbizContentTransform imple > return; > } > > - try { > - requestUrl = StringUtil.defaultWebEncoder.decodeFromURL(requestUrl); > - } catch (EncodingException e) { > - Debug.logError(e, module); > - } > + requestUrl = StringUtil.getDecoder("url").decode(requestUrl); > > // make the link > StringBuilder newURL = new StringBuilder(); > > Modified: ofbiz/trunk/framework/webtools/src/org/ofbiz/webtools/labelmanager/LabelManagerFactory.java > URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/webtools/src/org/ofbiz/webtools/labelmanager/LabelManagerFactory.java?rev=1648298&r1=1648297&r2=1648298&view=diff > ============================================================================== > --- ofbiz/trunk/framework/webtools/src/org/ofbiz/webtools/labelmanager/LabelManagerFactory.java (original) > +++ ofbiz/trunk/framework/webtools/src/org/ofbiz/webtools/labelmanager/LabelManagerFactory.java Mon Dec 29 09:24:46 2014 > @@ -40,7 +40,6 @@ import org.ofbiz.base.util.GeneralExcept > import org.ofbiz.base.util.StringUtil; > import org.ofbiz.base.util.UtilValidate; > import org.ofbiz.base.util.UtilXml; > -import org.owasp.esapi.errors.EncodingException; > import org.w3c.dom.Comment; > import org.w3c.dom.Document; > import org.w3c.dom.Element; > @@ -103,7 +102,7 @@ public class LabelManagerFactory { > } > } > > - public void findMatchingLabels(String component, String fileName, String key, String locale) throws MalformedURLException, SAXException, ParserConfigurationException, IOException, EncodingException, GeneralException { > + public void findMatchingLabels(String component, String fileName, String key, String locale) throws MalformedURLException, SAXException, ParserConfigurationException, IOException, GeneralException { > if (UtilValidate.isEmpty(component) && UtilValidate.isEmpty(fileName) && UtilValidate.isEmpty(key) && UtilValidate.isEmpty(locale)) { > // Important! Don't allow unparameterized queries - doing so will result in loading the entire project into memory > return; > @@ -124,7 +123,7 @@ public class LabelManagerFactory { > for (Node propertyNode : UtilXml.childNodeList(resourceElem.getFirstChild())) { > if (propertyNode instanceof Element) { > Element propertyElem = (Element) propertyNode; > - String labelKey = StringUtil.defaultWebEncoder.canonicalize(propertyElem.getAttribute("key")); > + String labelKey = StringUtil.canonicalize(propertyElem.getAttribute("key")); > String labelComment = ""; > for (Node valueNode : UtilXml.childNodeList(propertyElem.getFirstChild())) { > if (valueNode instanceof Element) { > @@ -135,7 +134,7 @@ public class LabelManagerFactory { > if( localeName.contains("_")) { > localeName = localeName.replace('_', '-'); > } > - String labelValue = StringUtil.defaultWebEncoder.canonicalize(UtilXml.nodeValue(valueElem.getFirstChild())); > + String labelValue = StringUtil.canonicalize(UtilXml.nodeValue(valueElem.getFirstChild())); > LabelInfo label = labels.get(labelKey + keySeparator + fileInfo.getFileName()); > > if (UtilValidate.isEmpty(label)) { > @@ -149,12 +148,12 @@ public class LabelManagerFactory { > localesFound.add(localeName); > labelComment = ""; > } else if (valueNode instanceof Comment) { > - labelComment = labelComment + StringUtil.defaultWebEncoder.canonicalize(valueNode.getNodeValue()); > + labelComment = labelComment + StringUtil.canonicalize(valueNode.getNodeValue()); > } > } > labelKeyComment = ""; > } else if (propertyNode instanceof Comment) { > - labelKeyComment = labelKeyComment + StringUtil.defaultWebEncoder.canonicalize(propertyNode.getNodeValue()); > + labelKeyComment = labelKeyComment + StringUtil.canonicalize(propertyNode.getNodeValue()); > } > } > } > > Modified: ofbiz/trunk/framework/widget/src/org/ofbiz/widget/WidgetWorker.java > URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/widget/src/org/ofbiz/widget/WidgetWorker.java?rev=1648298&r1=1648297&r2=1648298&view=diff > ============================================================================== > --- ofbiz/trunk/framework/widget/src/org/ofbiz/widget/WidgetWorker.java (original) > +++ ofbiz/trunk/framework/widget/src/org/ofbiz/widget/WidgetWorker.java Mon Dec 29 09:24:46 2014 > @@ -71,7 +71,7 @@ public class WidgetWorker { > // We may get an encoded request like: /projectmgr/control/EditTaskContents?workEffortId=10003 > // Try to reducing a possibly encoded string down to its simplest form: /projectmgr/control/EditTaskContents?workEffortId=10003 > // This step make sure the following appending externalLoginKey operation to work correctly > - localRequestName = StringUtil.defaultWebEncoder.canonicalize(localRequestName); > + localRequestName = StringUtil.canonicalize(localRequestName); > Appendable localWriter = new StringWriter(); > > if ("intra-app".equals(targetType)) { > @@ -300,7 +300,7 @@ public class WidgetWorker { > writer.append("<input name=\""); > writer.append(parameter.getKey()); > writer.append("\" value=\""); > - writer.append(StringUtil.htmlEncoder.encode(parameter.getValue())); > + writer.append(StringUtil.getEncoder("html").encode(parameter.getValue())); > writer.append("\" type=\"hidden\"/>"); > } > } > > Modified: ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/MacroFormRenderer.java > URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/MacroFormRenderer.java?rev=1648298&r1=1648297&r2=1648298&view=diff > ============================================================================== > --- ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/MacroFormRenderer.java (original) > +++ ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/MacroFormRenderer.java Mon Dec 29 09:24:46 2014 > @@ -3088,7 +3088,7 @@ public final class MacroFormRenderer imp > parameters.append(parameter.getName()); > parameters.append("'"); > parameters.append(",'value':'"); > - parameters.append(StringUtil.htmlEncoder.encode(parameter.getValue(context))); > + parameters.append(StringUtil.getEncoder("html").encode(parameter.getValue(context))); > parameters.append("'}"); > } > parameters.append("]"); > > Modified: ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/HtmlWidget.java > URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/HtmlWidget.java?rev=1648298&r1=1648297&r2=1648298&view=diff > ============================================================================== > --- ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/HtmlWidget.java (original) > +++ ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/HtmlWidget.java Mon Dec 29 09:24:46 2014 > @@ -88,7 +88,7 @@ public class HtmlWidget extends ModelScr > } > @Override > public String getAsString() { > - return StringUtil.htmlEncoder.encode(super.getAsString()); > + return StringUtil.getEncoder("html").encode(super.getAsString()); > } > } > > @@ -100,7 +100,7 @@ public class HtmlWidget extends ModelScr > > @Override > public String getAsString() { > - return StringUtil.htmlEncoder.encode(super.getAsString()); > + return StringUtil.getEncoder("html").encode(super.getAsString()); > } > > } > > |
Re: svn commit: r1648298 - in /ofbiz/trunk: applications/content/src/org/o
|
|
You are mind reading on me... I am in the process of doing some more refactoring, including this.
I will commit later today or (more probably) tomorrow. Jacopo On Dec 29, 2014, at 4:48 PM, Adrian Crum <[hidden email]> wrote: > + public static class UrlEncoder implements SimpleEncoder, SimpleDecoder { > > Since the class encodes and decodes URLs, can we call it UrlCodec? > > Adrian Crum > Sandglass Software > www.sandglass-software.com > > On 12/29/2014 9:24 AM, [hidden email] wrote: >> Author: jacopoc >> Date: Mon Dec 29 09:24:46 2014 >> New Revision: 1648298 >> >> URL: http://svn.apache.org/r1648298 >> Log: >> A series of cleanup to the integration with OWASP ESAPI. Isolated dependencies on the external OWASP ESAPI jar into the StringUtil class. >> >> >> Modified: >> ofbiz/trunk/applications/content/src/org/ofbiz/content/content/ContentUrlFilter.java >> ofbiz/trunk/framework/base/src/org/ofbiz/base/util/StringUtil.java >> ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilHttp.java >> ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/StringUtilTests.java >> ofbiz/trunk/framework/common/src/org/ofbiz/common/CommonServices.java >> ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java >> ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/ftl/OfbizContentTransform.java >> ofbiz/trunk/framework/webtools/src/org/ofbiz/webtools/labelmanager/LabelManagerFactory.java >> ofbiz/trunk/framework/widget/src/org/ofbiz/widget/WidgetWorker.java >> ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/MacroFormRenderer.java >> ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/HtmlWidget.java >> >> Modified: ofbiz/trunk/applications/content/src/org/ofbiz/content/content/ContentUrlFilter.java >> URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/content/src/org/ofbiz/content/content/ContentUrlFilter.java?rev=1648298&r1=1648297&r2=1648298&view=diff >> ============================================================================== >> --- ofbiz/trunk/applications/content/src/org/ofbiz/content/content/ContentUrlFilter.java (original) >> +++ ofbiz/trunk/applications/content/src/org/ofbiz/content/content/ContentUrlFilter.java Mon Dec 29 09:24:46 2014 >> @@ -39,7 +39,6 @@ import org.ofbiz.entity.Delegator; >> import org.ofbiz.entity.GenericValue; >> import org.ofbiz.entity.util.EntityQuery; >> import org.ofbiz.webapp.control.ContextFilter; >> -import org.owasp.esapi.errors.EncodingException; >> >> public class ContentUrlFilter extends ContextFilter { >> public final static String module = ContentUrlFilter.class.getName(); >> @@ -118,14 +117,10 @@ public class ContentUrlFilter extends Co >> .queryFirst(); >> if (contentAssocDataResource != null) { >> url = contentAssocDataResource.getString("drObjectInfo"); >> - try { >> - url = StringUtil.defaultWebEncoder.decodeFromURL(url); >> - String mountPoint = request.getContextPath(); >> - if (!(mountPoint.equals("/")) && !(mountPoint.equals(""))) { >> - url = mountPoint + url; >> - } >> - } catch (EncodingException e) { >> - Debug.logError(e, module); >> + url = StringUtil.getDecoder("url").decode(url); >> + String mountPoint = request.getContextPath(); >> + if (!(mountPoint.equals("/")) && !(mountPoint.equals(""))) { >> + url = mountPoint + url; >> } >> } >> } catch (Exception e) { >> >> Modified: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/StringUtil.java >> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/src/org/ofbiz/base/util/StringUtil.java?rev=1648298&r1=1648297&r2=1648298&view=diff >> ============================================================================== >> --- ofbiz/trunk/framework/base/src/org/ofbiz/base/util/StringUtil.java (original) >> +++ ofbiz/trunk/framework/base/src/org/ofbiz/base/util/StringUtil.java Mon Dec 29 09:24:46 2014 >> @@ -36,14 +36,12 @@ import java.util.regex.Pattern; >> import org.apache.commons.codec.DecoderException; >> import org.apache.commons.codec.binary.Hex; >> import org.ofbiz.base.lang.Appender; >> -import org.owasp.esapi.ValidationErrorList; >> -import org.owasp.esapi.Validator; >> import org.owasp.esapi.codecs.Codec; >> import org.owasp.esapi.codecs.HTMLEntityCodec; >> import org.owasp.esapi.codecs.PercentCodec; >> +import org.owasp.esapi.errors.EncodingException; >> import org.owasp.esapi.errors.IntrusionException; >> import org.owasp.esapi.reference.DefaultEncoder; >> -import org.owasp.esapi.reference.DefaultValidator; >> >> /** >> * Misc String Utility Functions >> @@ -56,15 +54,11 @@ public class StringUtil { >> // FIXME: Not thread safe >> protected static final Map<String, Pattern> substitutionPatternMap; >> >> - /** OWASP ESAPI canonicalize strict flag; setting false so we only get warnings about double encoding, etc; can be set to true for exceptions and more security */ >> - public static final boolean esapiCanonicalizeStrict = false; >> - public static final DefaultEncoder defaultWebEncoder; >> - public static final Validator defaultWebValidator; >> + private static final DefaultEncoder defaultWebEncoder; >> static { >> // possible codecs: CSSCodec, HTMLEntityCodec, JavaScriptCodec, MySQLCodec, OracleCodec, PercentCodec, UnixCodec, VBScriptCodec, WindowsCodec >> List<Codec> codecList = Arrays.asList(new HTMLEntityCodec(), new PercentCodec()); >> defaultWebEncoder = new DefaultEncoder(codecList); >> - defaultWebValidator = new DefaultValidator(); >> substitutionPatternMap = new HashMap<String, Pattern>(); >> substitutionPatternMap.put("&&", Pattern.compile("@and", Pattern.LITERAL)); >> substitutionPatternMap.put("||", Pattern.compile("@or", Pattern.LITERAL)); >> @@ -74,9 +68,10 @@ public class StringUtil { >> substitutionPatternMap.put(">", Pattern.compile("@gt", Pattern.LITERAL)); >> } >> >> - public static final SimpleEncoder htmlEncoder = new HtmlEncoder(); >> - public static final SimpleEncoder xmlEncoder = new XmlEncoder(); >> - public static final SimpleEncoder stringEncoder = new StringEncoder(); >> + private static final HtmlEncoder htmlEncoder = new HtmlEncoder(); >> + private static final XmlEncoder xmlEncoder = new XmlEncoder(); >> + private static final StringEncoder stringEncoder = new StringEncoder(); >> + private static final UrlEncoder urlEncoder = new UrlEncoder(); >> >> private StringUtil() { >> } >> @@ -85,6 +80,10 @@ public class StringUtil { >> public String encode(String original); >> } >> >> + public static interface SimpleDecoder { >> + public String decode(String original); >> + } >> + >> public static class HtmlEncoder implements SimpleEncoder { >> public String encode(String original) { >> return StringUtil.defaultWebEncoder.encodeForHTML(original); >> @@ -97,6 +96,26 @@ public class StringUtil { >> } >> } >> >> + public static class UrlEncoder implements SimpleEncoder, SimpleDecoder { >> + public String encode(String original) { >> + try { >> + return StringUtil.defaultWebEncoder.encodeForURL(original); >> + } catch (EncodingException ee) { >> + Debug.logError(ee, module); >> + return null; >> + } >> + } >> + >> + public String decode(String original) { >> + try { >> + return StringUtil.defaultWebEncoder.decodeFromURL(original); >> + } catch (EncodingException ee) { >> + Debug.logError(ee, module); >> + return null; >> + } >> + } >> + } >> + >> public static class StringEncoder implements SimpleEncoder { >> public String encode(String original) { >> if (original != null) { >> @@ -109,7 +128,9 @@ public class StringUtil { >> // ================== Begin General Functions ================== >> >> public static SimpleEncoder getEncoder(String type) { >> - if ("xml".equals(type)) { >> + if ("url".equals(type)) { >> + return StringUtil.urlEncoder; >> + } else if ("xml".equals(type)) { >> return StringUtil.xmlEncoder; >> } else if ("html".equals(type)) { >> return StringUtil.htmlEncoder; >> @@ -120,6 +141,14 @@ public class StringUtil { >> } >> } >> >> + public static SimpleDecoder getDecoder(String type) { >> + if ("url".equals(type)) { >> + return StringUtil.urlEncoder; >> + } else { >> + return null; >> + } >> + } >> + >> public static String internString(String value) { >> return value != null ? value.intern() : null; >> } >> @@ -594,6 +623,13 @@ public class StringUtil { >> return result; >> } >> >> + public static String canonicalize(String value) throws IntrusionException { >> + return defaultWebEncoder.canonicalize(value); >> + } >> + >> + public static String canonicalize(String value, boolean strict) throws IntrusionException { >> + return defaultWebEncoder.canonicalize(value, strict); >> + } >> /** >> * Uses a black-list approach for necessary characters for HTML. >> * Does not allow various characters (after canonicalization), including "<", ">", "&" (if not followed by a space), and "%" (if not followed by a space). >> @@ -606,7 +642,7 @@ public class StringUtil { >> >> // canonicalize, strict (error on double-encoding) >> try { >> - value = defaultWebEncoder.canonicalize(value, true); >> + value = canonicalize(value, true); >> } catch (IntrusionException e) { >> // NOTE: using different log and user targeted error messages to allow the end-user message to be less technical >> Debug.logError("Canonicalization (format consistency, character escaping that is mixed or double, etc) error for attribute named [" + valueName + "], String [" + value + "]: " + e.toString(), module); >> @@ -651,21 +687,6 @@ public class StringUtil { >> return value; >> } >> >> - /** >> - * Uses a white-list approach to check for safe HTML. >> - * Based on the ESAPI validator configured in the antisamy-esapi.xml file. >> - * >> - * @param value >> - * @param errorMessageList >> - * @return String with updated value if needed for safer HTML. >> - */ >> - public static String checkStringForHtmlSafeOnly(String valueName, String value, List<String> errorMessageList) { >> - ValidationErrorList vel = new ValidationErrorList(); >> - value = defaultWebValidator.getValidSafeHTML(valueName, value, Integer.MAX_VALUE, true, vel); >> - errorMessageList.addAll(UtilGenerics.checkList(vel.errors(), String.class)); >> - return value; >> - } >> - >> /** >> * Remove/collapse multiple newline characters >> * >> >> Modified: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilHttp.java >> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilHttp.java?rev=1648298&r1=1648297&r2=1648298&view=diff >> ============================================================================== >> --- ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilHttp.java (original) >> +++ ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilHttp.java Mon Dec 29 09:24:46 2014 >> @@ -53,8 +53,6 @@ import org.apache.oro.text.regex.Malform >> import org.apache.oro.text.regex.Pattern; >> import org.apache.oro.text.regex.PatternMatcher; >> import org.apache.oro.text.regex.Perl5Matcher; >> -import org.owasp.esapi.errors.EncodingException; >> -import org.owasp.esapi.errors.IntrusionException; >> >> import com.ibm.icu.util.Calendar; >> >> @@ -251,10 +249,11 @@ public class UtilHttp { >> >> public static String canonicalizeParameter(String paramValue) { >> try { >> - String cannedStr = StringUtil.defaultWebEncoder.canonicalize(paramValue, StringUtil.esapiCanonicalizeStrict); >> + /** calling canonicalize with strict flag set to false so we only get warnings about double encoding, etc; can be set to true for exceptions and more security */ >> + String cannedStr = StringUtil.canonicalize(paramValue, false); >> if (Debug.verboseOn()) Debug.logVerbose("Canonicalized parameter with " + (cannedStr.equals(paramValue) ? "no " : "") + "change: original [" + paramValue + "] canned [" + cannedStr + "]", module); >> return cannedStr; >> - } catch (IntrusionException e) { >> + } catch (Exception e) { >> Debug.logError(e, "Error in canonicalize parameter value [" + paramValue + "]: " + e.toString(), module); >> return paramValue; >> } >> @@ -791,22 +790,14 @@ public class UtilHttp { >> buf.append("&"); >> } >> } >> - try { >> - buf.append(StringUtil.defaultWebEncoder.encodeForURL(name)); >> - } catch (EncodingException e) { >> - Debug.logError(e, module); >> - } >> + buf.append(StringUtil.getEncoder("url").encode(name)); >> /* the old way: try { >> buf.append(URLEncoder.encode(name, "UTF-8")); >> } catch (UnsupportedEncodingException e) { >> Debug.logError(e, module); >> } */ >> buf.append('='); >> - try { >> - buf.append(StringUtil.defaultWebEncoder.encodeForURL(valueStr)); >> - } catch (EncodingException e) { >> - Debug.logError(e, module); >> - } >> + buf.append(StringUtil.getEncoder("url").encode(valueStr)); >> /* the old way: try { >> buf.append(URLEncoder.encode(valueStr, "UTF-8")); >> } catch (UnsupportedEncodingException e) { >> >> Modified: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/StringUtilTests.java >> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/StringUtilTests.java?rev=1648298&r1=1648297&r2=1648298&view=diff >> ============================================================================== >> --- ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/StringUtilTests.java (original) >> +++ ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/StringUtilTests.java Mon Dec 29 09:24:46 2014 >> @@ -303,9 +303,6 @@ public class StringUtilTests extends Gen >> checkStringForHtmlStrictNone_test("double-encoding", "%2%353Cscript", "%2%353Cscript", "In field [double-encoding] found character escaping (mixed or double) that is not allowed or other format consistency error: org.owasp.esapi.errors.IntrusionException: Input validation failure"); >> } >> >> - public void testCheckStringForHtmlSafeOnly() { >> - } >> - >> public void testCollapseNewlines() { >> } >> >> >> Modified: ofbiz/trunk/framework/common/src/org/ofbiz/common/CommonServices.java >> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/common/src/org/ofbiz/common/CommonServices.java?rev=1648298&r1=1648297&r2=1648298&view=diff >> ============================================================================== >> --- ofbiz/trunk/framework/common/src/org/ofbiz/common/CommonServices.java (original) >> +++ ofbiz/trunk/framework/common/src/org/ofbiz/common/CommonServices.java Mon Dec 29 09:24:46 2014 >> @@ -64,7 +64,6 @@ import org.ofbiz.service.ModelService; >> import org.ofbiz.service.ServiceSynchronization; >> import org.ofbiz.service.ServiceUtil; >> import org.ofbiz.service.mail.MimeMessageWrapper; >> -import org.owasp.esapi.errors.EncodingException; >> >> /** >> * Common Services >> @@ -539,17 +538,15 @@ public class CommonServices { >> } >> >> public static Map<String, Object> resetMetric(DispatchContext dctx, Map<String, ?> context) { >> - String name = (String) context.get("name"); >> - try { >> - name = StringUtil.defaultWebEncoder.decodeFromURL(name); >> - } catch (EncodingException e) { >> - return ServiceUtil.returnError("Exception thrown while decoding metric name \"" + name + "\""); >> + String originalName = (String) context.get("name"); >> + String name = StringUtil.getDecoder("url").decode(originalName); >> + if (name == null) { >> + return ServiceUtil.returnError("Exception thrown while decoding metric name \"" + originalName + "\""); >> } >> Metrics metric = MetricsFactory.getMetric(name); >> if (metric != null) { >> metric.reset(); >> return ServiceUtil.returnSuccess(); >> - >> } >> return ServiceUtil.returnError("Metric \"" + name + "\" not found."); >> } >> >> Modified: ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java >> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java?rev=1648298&r1=1648297&r2=1648298&view=diff >> ============================================================================== >> --- ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java (original) >> +++ ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java Mon Dec 29 09:24:46 2014 >> @@ -62,7 +62,6 @@ import org.ofbiz.webapp.view.ViewHandler >> import org.ofbiz.webapp.view.ViewHandlerException; >> import org.ofbiz.webapp.website.WebSiteProperties; >> import org.ofbiz.webapp.website.WebSiteWorker; >> -import org.owasp.esapi.errors.EncodingException; >> import org.python.modules.re; >> >> /** >> @@ -1116,13 +1115,11 @@ public class RequestHandler { >> if (queryString.length() > 1) { >> queryString.append("&"); >> } >> - >> - try { >> - queryString.append(StringUtil.defaultWebEncoder.encodeForURL(name)); >> + String encodedName = StringUtil.getEncoder("url").encode(name); >> + if (encodedName != null) { >> + queryString.append(encodedName); >> queryString.append("="); >> - queryString.append(StringUtil.defaultWebEncoder.encodeForURL(value)); >> - } catch (EncodingException e) { >> - Debug.logError(e, module); >> + queryString.append(StringUtil.getEncoder("url").encode(value)); >> } >> } >> } >> >> Modified: ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/ftl/OfbizContentTransform.java >> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/ftl/OfbizContentTransform.java?rev=1648298&r1=1648297&r2=1648298&view=diff >> ============================================================================== >> --- ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/ftl/OfbizContentTransform.java (original) >> +++ ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/ftl/OfbizContentTransform.java Mon Dec 29 09:24:46 2014 >> @@ -28,7 +28,6 @@ import org.ofbiz.base.util.Debug; >> import org.ofbiz.base.util.StringUtil; >> import org.ofbiz.base.util.UtilValidate; >> import org.ofbiz.webapp.taglib.ContentUrlTag; >> -import org.owasp.esapi.errors.EncodingException; >> >> import freemarker.core.Environment; >> import freemarker.ext.beans.BeanModel; >> @@ -93,11 +92,7 @@ public class OfbizContentTransform imple >> return; >> } >> >> - try { >> - requestUrl = StringUtil.defaultWebEncoder.decodeFromURL(requestUrl); >> - } catch (EncodingException e) { >> - Debug.logError(e, module); >> - } >> + requestUrl = StringUtil.getDecoder("url").decode(requestUrl); >> >> // make the link >> StringBuilder newURL = new StringBuilder(); >> >> Modified: ofbiz/trunk/framework/webtools/src/org/ofbiz/webtools/labelmanager/LabelManagerFactory.java >> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/webtools/src/org/ofbiz/webtools/labelmanager/LabelManagerFactory.java?rev=1648298&r1=1648297&r2=1648298&view=diff >> ============================================================================== >> --- ofbiz/trunk/framework/webtools/src/org/ofbiz/webtools/labelmanager/LabelManagerFactory.java (original) >> +++ ofbiz/trunk/framework/webtools/src/org/ofbiz/webtools/labelmanager/LabelManagerFactory.java Mon Dec 29 09:24:46 2014 >> @@ -40,7 +40,6 @@ import org.ofbiz.base.util.GeneralExcept >> import org.ofbiz.base.util.StringUtil; >> import org.ofbiz.base.util.UtilValidate; >> import org.ofbiz.base.util.UtilXml; >> -import org.owasp.esapi.errors.EncodingException; >> import org.w3c.dom.Comment; >> import org.w3c.dom.Document; >> import org.w3c.dom.Element; >> @@ -103,7 +102,7 @@ public class LabelManagerFactory { >> } >> } >> >> - public void findMatchingLabels(String component, String fileName, String key, String locale) throws MalformedURLException, SAXException, ParserConfigurationException, IOException, EncodingException, GeneralException { >> + public void findMatchingLabels(String component, String fileName, String key, String locale) throws MalformedURLException, SAXException, ParserConfigurationException, IOException, GeneralException { >> if (UtilValidate.isEmpty(component) && UtilValidate.isEmpty(fileName) && UtilValidate.isEmpty(key) && UtilValidate.isEmpty(locale)) { >> // Important! Don't allow unparameterized queries - doing so will result in loading the entire project into memory >> return; >> @@ -124,7 +123,7 @@ public class LabelManagerFactory { >> for (Node propertyNode : UtilXml.childNodeList(resourceElem.getFirstChild())) { >> if (propertyNode instanceof Element) { >> Element propertyElem = (Element) propertyNode; >> - String labelKey = StringUtil.defaultWebEncoder.canonicalize(propertyElem.getAttribute("key")); >> + String labelKey = StringUtil.canonicalize(propertyElem.getAttribute("key")); >> String labelComment = ""; >> for (Node valueNode : UtilXml.childNodeList(propertyElem.getFirstChild())) { >> if (valueNode instanceof Element) { >> @@ -135,7 +134,7 @@ public class LabelManagerFactory { >> if( localeName.contains("_")) { >> localeName = localeName.replace('_', '-'); >> } >> - String labelValue = StringUtil.defaultWebEncoder.canonicalize(UtilXml.nodeValue(valueElem.getFirstChild())); >> + String labelValue = StringUtil.canonicalize(UtilXml.nodeValue(valueElem.getFirstChild())); >> LabelInfo label = labels.get(labelKey + keySeparator + fileInfo.getFileName()); >> >> if (UtilValidate.isEmpty(label)) { >> @@ -149,12 +148,12 @@ public class LabelManagerFactory { >> localesFound.add(localeName); >> labelComment = ""; >> } else if (valueNode instanceof Comment) { >> - labelComment = labelComment + StringUtil.defaultWebEncoder.canonicalize(valueNode.getNodeValue()); >> + labelComment = labelComment + StringUtil.canonicalize(valueNode.getNodeValue()); >> } >> } >> labelKeyComment = ""; >> } else if (propertyNode instanceof Comment) { >> - labelKeyComment = labelKeyComment + StringUtil.defaultWebEncoder.canonicalize(propertyNode.getNodeValue()); >> + labelKeyComment = labelKeyComment + StringUtil.canonicalize(propertyNode.getNodeValue()); >> } >> } >> } >> >> Modified: ofbiz/trunk/framework/widget/src/org/ofbiz/widget/WidgetWorker.java >> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/widget/src/org/ofbiz/widget/WidgetWorker.java?rev=1648298&r1=1648297&r2=1648298&view=diff >> ============================================================================== >> --- ofbiz/trunk/framework/widget/src/org/ofbiz/widget/WidgetWorker.java (original) >> +++ ofbiz/trunk/framework/widget/src/org/ofbiz/widget/WidgetWorker.java Mon Dec 29 09:24:46 2014 >> @@ -71,7 +71,7 @@ public class WidgetWorker { >> // We may get an encoded request like: /projectmgr/control/EditTaskContents?workEffortId=10003 >> // Try to reducing a possibly encoded string down to its simplest form: /projectmgr/control/EditTaskContents?workEffortId=10003 >> // This step make sure the following appending externalLoginKey operation to work correctly >> - localRequestName = StringUtil.defaultWebEncoder.canonicalize(localRequestName); >> + localRequestName = StringUtil.canonicalize(localRequestName); >> Appendable localWriter = new StringWriter(); >> >> if ("intra-app".equals(targetType)) { >> @@ -300,7 +300,7 @@ public class WidgetWorker { >> writer.append("<input name=\""); >> writer.append(parameter.getKey()); >> writer.append("\" value=\""); >> - writer.append(StringUtil.htmlEncoder.encode(parameter.getValue())); >> + writer.append(StringUtil.getEncoder("html").encode(parameter.getValue())); >> writer.append("\" type=\"hidden\"/>"); >> } >> } >> >> Modified: ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/MacroFormRenderer.java >> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/MacroFormRenderer.java?rev=1648298&r1=1648297&r2=1648298&view=diff >> ============================================================================== >> --- ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/MacroFormRenderer.java (original) >> +++ ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/MacroFormRenderer.java Mon Dec 29 09:24:46 2014 >> @@ -3088,7 +3088,7 @@ public final class MacroFormRenderer imp >> parameters.append(parameter.getName()); >> parameters.append("'"); >> parameters.append(",'value':'"); >> - parameters.append(StringUtil.htmlEncoder.encode(parameter.getValue(context))); >> + parameters.append(StringUtil.getEncoder("html").encode(parameter.getValue(context))); >> parameters.append("'}"); >> } >> parameters.append("]"); >> >> Modified: ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/HtmlWidget.java >> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/HtmlWidget.java?rev=1648298&r1=1648297&r2=1648298&view=diff >> ============================================================================== >> --- ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/HtmlWidget.java (original) >> +++ ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/HtmlWidget.java Mon Dec 29 09:24:46 2014 >> @@ -88,7 +88,7 @@ public class HtmlWidget extends ModelScr >> } >> @Override >> public String getAsString() { >> - return StringUtil.htmlEncoder.encode(super.getAsString()); >> + return StringUtil.getEncoder("html").encode(super.getAsString()); >> } >> } >> >> @@ -100,7 +100,7 @@ public class HtmlWidget extends ModelScr >> >> @Override >> public String getAsString() { >> - return StringUtil.htmlEncoder.encode(super.getAsString()); >> + return StringUtil.getEncoder("html").encode(super.getAsString()); >> } >> >> } >> >> |
«
Return to OFBiz - Dev
|
1 view|%1 views
| Free forum by Nabble | Edit this page |