Hi Hans,
Thanks for the suggestion. I don't know how you envision to use this feature. I guess it could be used in the new version I commited
at r744657, like:
if (paramValue.startsWith(":\\", 1) && File.separatorChar.equal("\\"))) { // This allows to use Windows paths from input fields
But this will still be a non deterministic hack (I agree my current solution has failure probability).
Let me state this issue.
1) We should be able to input Windows style paths
2) It does not work because in UtilHttp.canonicalizeParameter <<StringUtil.defaultWebEncoder.canonicalize(paramValue,
StringUtil.esapiCanonicalizeStrict);>> does not encode correctly such paths.
3) I tried to lookup for a solution inside esapi javadoc
http://owasp-esapi-java.googlecode.com/svn/trunk_doc/index.html4) I then tried to use Encoder.encodeForOS combined with WindowsCodec but it did not work either (it add a ^ before \ don't kwno
why)
5) I also tried with UnixEncoder, no luck eihter
6) then I used this hack
A better bet would be to use a regexp like ^[a-zA-Z]:\\$ but it would still be a hack (non deterministic). So, if somebody has a
better solution I'm ready to change for it...
Jacques
From: "Hans Bakker" <
[hidden email]>
> you may want to use what is described in:
>
http://java.sun.com/j2se/1.4.2/docs/api/java/io/File.html#separatorChar>
> On Sun, 2009-02-15 at 10:53 +0000,
[hidden email] wrote:
>> Author: jleroux
>> Date: Sun Feb 15 10:53:16 2009
>> New Revision: 744652
>>
>> URL:
http://svn.apache.org/viewvc?rev=744652&view=rev>> Log:
>> This allows to use Windows paths from input fields (like from Entity import for instance)
>>
>> Modified:
>> ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilHttp.java
>>
>> Modified: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilHttp.java
>> URL:
>>
http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilHttp.java?rev=744652&r1=744651&r2=744652&view=diff>> ==============================================================================
>> --- ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilHttp.java (original)
>> +++ ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilHttp.java Sun Feb 15 10:53:16 2009
>> @@ -245,6 +245,9 @@
>>
>> public static String canonicalizeParameter(String paramValue) {
>> try {
>> + if (paramValue.contains(":\\")) {
>> + paramValue = paramValue.replace("\\", "/");
>> + }
>> String cannedStr = StringUtil.defaultWebEncoder.canonicalize(paramValue, StringUtil.esapiCanonicalizeStrict);
>> if (Debug.verboseOn()) Debug.logVerbose("Canonicalized parameter with " + (cannedStr.equals(paramValue) ? "no " :
>> "") + "change: original [" + paramValue + "] canned [" + cannedStr + "]", module);
>> return cannedStr;
>>
>>
> --
> Antwebsystems.com: Quality OFBiz services for competitive prices
>
Locked
