svn commit: r1777446 - in /ofbiz/trunk: applications/content/src/main/
Locked
svn commit: r1777446 - in /ofbiz/trunk: applications/content/src/main/
 
|
Author: jleroux
Date: Thu Jan 5 11:13:28 2017 New Revision: 1777446 URL: http://svn.apache.org/viewvc?rev=1777446&view=rev Log: No functional change, only formatting and imports cleaning Modified: ofbiz/trunk/applications/content/src/main/java/org/apache/ofbiz/content/content/ContentWorker.java ofbiz/trunk/applications/content/src/main/java/org/apache/ofbiz/content/data/DataResourceWorker.java ofbiz/trunk/applications/order/src/main/java/org/apache/ofbiz/order/order/OrderContentWrapper.java ofbiz/trunk/applications/party/src/main/java/org/apache/ofbiz/party/content/PartyContentWrapper.java ofbiz/trunk/applications/product/src/main/java/org/apache/ofbiz/product/category/CategoryContentWrapper.java ofbiz/trunk/applications/product/src/main/java/org/apache/ofbiz/product/config/ProductConfigItemContentWrapper.java ofbiz/trunk/applications/product/src/main/java/org/apache/ofbiz/product/product/ProductContentWrapper.java ofbiz/trunk/applications/product/src/main/java/org/apache/ofbiz/product/product/ProductPromoContentWrapper.java ofbiz/trunk/applications/workeffort/src/main/java/org/apache/ofbiz/workeffort/content/WorkEffortContentWrapper.java ofbiz/trunk/framework/widget/src/main/java/org/apache/ofbiz/widget/renderer/FormRenderer.java Modified: ofbiz/trunk/applications/content/src/main/java/org/apache/ofbiz/content/content/ContentWorker.java URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/content/src/main/java/org/apache/ofbiz/content/content/ContentWorker.java?rev=1777446&r1=1777445&r2=1777446&view=diff ============================================================================== --- ofbiz/trunk/applications/content/src/main/java/org/apache/ofbiz/content/content/ContentWorker.java (original) +++ ofbiz/trunk/applications/content/src/main/java/org/apache/ofbiz/content/content/ContentWorker.java Thu Jan 5 11:13:28 2017 @@ -335,18 +335,22 @@ public class ContentWorker implements or String mimeTypeId, boolean cache) throws GeneralException, IOException { Writer writer = new StringWriter(); renderContentAsText(dispatcher, contentId, writer, templateContext, locale, mimeTypeId, null, null, cache); + GenericValue content = EntityQuery.use(dispatcher.getDelegator()).from("Content").where("contentId", contentId).queryOne(); + String contentTypeId = content.getString("contentTypeId"); String rendered = writer.toString(); // According to https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#XSS_Prevention_Rules_Summary // Normally head is protected by X-XSS-Protection Response Header by default - if (rendered.contains("<script>") - || rendered.contains("<!--") - || rendered.contains("<div") - || rendered.contains("<style>") - || rendered.contains("<span") - || rendered.contains("<input") - || rendered.contains("<iframe") - || rendered.contains("<a")) { - rendered = encoder.sanitize(rendered); + if (!"REPORT".equals(contentTypeId)) { // FIXME here BIRT_REPORT_BUILDER_USAGE_POLICY should be used but I could not tweak it yet: the content of <script> are removed and should not. Also a more annoying no yet spotted issue with contentId dissapearing + if (rendered.contains("<script>") + || rendered.contains("<!--") + || rendered.contains("<div") + || rendered.contains("<style>") + || rendered.contains("<span") + || rendered.contains("<input") + || rendered.contains("<iframe") + || rendered.contains("<a")) { + rendered = encoder.sanitize(rendered, contentTypeId); + } } return rendered; } Modified: ofbiz/trunk/applications/content/src/main/java/org/apache/ofbiz/content/data/DataResourceWorker.java URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/content/src/main/java/org/apache/ofbiz/content/data/DataResourceWorker.java?rev=1777446&r1=1777445&r2=1777446&view=diff ============================================================================== --- ofbiz/trunk/applications/content/src/main/java/org/apache/ofbiz/content/data/DataResourceWorker.java (original) +++ ofbiz/trunk/applications/content/src/main/java/org/apache/ofbiz/content/data/DataResourceWorker.java Thu Jan 5 11:13:28 2017 @@ -747,12 +747,37 @@ public class DataResourceWorker impleme } else { throw new GeneralException("The dataResource file [" + dataResourceId + "] could not be found"); } - } catch (SAXException e) { + } catch (SAXException | ParserConfigurationException e) { throw new GeneralException("Error rendering Screen template", e); - } catch (ParserConfigurationException e) { + } catch (TemplateException e) { + throw new GeneralException("Error creating Screen renderer", e); + } + } else if ("FORM_COMBINED".equals(dataTemplateTypeId)){ + try { + Map<String, Object> context = UtilGenerics.checkMap(templateContext.get("globalContext")); + context.put("locale", locale); + context.put("simpleEncoder", UtilCodec.getEncoder(UtilProperties.getPropertyValue("widget", "screen.encoder"))); + HttpServletRequest request = (HttpServletRequest) context.get("request"); + HttpServletResponse response = (HttpServletResponse) context.get("response"); + ModelForm modelForm = null; + ModelReader entityModelReader = delegator.getModelReader(); + String formText = getDataResourceText(dataResource, targetMimeTypeId, locale, templateContext, delegator, cache); + Document formXml = UtilXml.readXmlDocument(formText, true, true); + Map<String, ModelForm> modelFormMap = FormFactory.readFormDocument(formXml, entityModelReader, dispatcher.getDispatchContext(), null); + + if (UtilValidate.isNotEmpty(modelFormMap)) { + Map.Entry<String, ModelForm> entry = modelFormMap.entrySet().iterator().next(); // get first entry, only one form allowed per file + modelForm = entry.getValue(); + } + MacroFormRenderer renderer = new MacroFormRenderer(formrenderer, request, response); + FormRenderer formRenderer = new FormRenderer(modelForm, renderer); + formRenderer.render(out, context); + } catch (SAXException | ParserConfigurationException e) { throw new GeneralException("Error rendering Screen template", e); } catch (TemplateException e) { throw new GeneralException("Error creating Screen renderer", e); + } catch (Exception e) { + throw new GeneralException("Error rendering Screen template", e); } } else { throw new GeneralException("The dataTemplateTypeId [" + dataTemplateTypeId + "] is not yet supported"); Modified: ofbiz/trunk/applications/order/src/main/java/org/apache/ofbiz/order/order/OrderContentWrapper.java URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/order/src/main/java/org/apache/ofbiz/order/order/OrderContentWrapper.java?rev=1777446&r1=1777445&r2=1777446&view=diff ============================================================================== --- ofbiz/trunk/applications/order/src/main/java/org/apache/ofbiz/order/order/OrderContentWrapper.java (original) +++ ofbiz/trunk/applications/order/src/main/java/org/apache/ofbiz/order/order/OrderContentWrapper.java Thu Jan 5 11:13:28 2017 @@ -111,7 +111,7 @@ public class OrderContentWrapper impleme if (UtilValidate.isEmpty(outString)) { outString = outString == null? "" : outString; } - outString = encoder.sanitize(outString); + outString = encoder.sanitize(outString, null); if (orderContentCache != null) { orderContentCache.put(cacheKey, outString); } Modified: ofbiz/trunk/applications/party/src/main/java/org/apache/ofbiz/party/content/PartyContentWrapper.java URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/party/src/main/java/org/apache/ofbiz/party/content/PartyContentWrapper.java?rev=1777446&r1=1777445&r2=1777446&view=diff ============================================================================== --- ofbiz/trunk/applications/party/src/main/java/org/apache/ofbiz/party/content/PartyContentWrapper.java (original) +++ ofbiz/trunk/applications/party/src/main/java/org/apache/ofbiz/party/content/PartyContentWrapper.java Thu Jan 5 11:13:28 2017 @@ -168,7 +168,7 @@ public class PartyContentWrapper impleme outString = party.getModelEntity().isField(candidateFieldName) ? party.getString(candidateFieldName): ""; outString = outString == null? "" : outString; } - outString = encoder.sanitize(outString); + outString = encoder.sanitize(outString, null); if (partyContentCache != null) { partyContentCache.put(cacheKey, outString); } @@ -176,11 +176,11 @@ public class PartyContentWrapper impleme } catch (GeneralException e) { Debug.logError(e, "Error rendering PartyContent, inserting empty String", module); String candidateOut = party.getModelEntity().isField(candidateFieldName) ? party.getString(candidateFieldName): ""; - return candidateOut == null? "" : encoder.sanitize(candidateOut); + return candidateOut == null? "" : encoder.sanitize(candidateOut, null); } catch (IOException e) { Debug.logError(e, "Error rendering PartyContent, inserting empty String", module); String candidateOut = party.getModelEntity().isField(candidateFieldName) ? party.getString(candidateFieldName): ""; - return candidateOut == null? "" : encoder.sanitize(candidateOut); + return candidateOut == null? "" : encoder.sanitize(candidateOut, null); } } Modified: ofbiz/trunk/applications/product/src/main/java/org/apache/ofbiz/product/category/CategoryContentWrapper.java URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/src/main/java/org/apache/ofbiz/product/category/CategoryContentWrapper.java?rev=1777446&r1=1777445&r2=1777446&view=diff ============================================================================== --- ofbiz/trunk/applications/product/src/main/java/org/apache/ofbiz/product/category/CategoryContentWrapper.java (original) +++ ofbiz/trunk/applications/product/src/main/java/org/apache/ofbiz/product/category/CategoryContentWrapper.java Thu Jan 5 11:13:28 2017 @@ -110,7 +110,7 @@ public class CategoryContentWrapper impl outString = productCategory.getModelEntity().isField(candidateFieldName) ? productCategory.getString(candidateFieldName): ""; outString = outString == null? "" : outString; } - outString = encoder.sanitize(outString); + outString = encoder.sanitize(outString, null); if (categoryContentCache != null) { categoryContentCache.put(cacheKey, outString); } Modified: ofbiz/trunk/applications/product/src/main/java/org/apache/ofbiz/product/config/ProductConfigItemContentWrapper.java URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/src/main/java/org/apache/ofbiz/product/config/ProductConfigItemContentWrapper.java?rev=1777446&r1=1777445&r2=1777446&view=diff ============================================================================== --- ofbiz/trunk/applications/product/src/main/java/org/apache/ofbiz/product/config/ProductConfigItemContentWrapper.java (original) +++ ofbiz/trunk/applications/product/src/main/java/org/apache/ofbiz/product/config/ProductConfigItemContentWrapper.java Thu Jan 5 11:13:28 2017 @@ -133,7 +133,7 @@ public class ProductConfigItemContentWra outString = productConfigItem.getModelEntity().isField(candidateFieldName) ? productConfigItem.getString(candidateFieldName): ""; outString = outString == null? "" : outString; } - outString = encoder.sanitize(outString); + outString = encoder.sanitize(outString, null); if (configItemContentCache != null) { configItemContentCache.put(cacheKey, outString); } @@ -141,11 +141,11 @@ public class ProductConfigItemContentWra } catch (GeneralException e) { Debug.logError(e, "Error rendering ProdConfItemContent, inserting empty String", module); String candidateOut = productConfigItem.getModelEntity().isField(candidateFieldName) ? productConfigItem.getString(candidateFieldName): ""; - return candidateOut == null? "" : encoder.sanitize(candidateOut); + return candidateOut == null? "" : encoder.sanitize(candidateOut, null); } catch (IOException e) { Debug.logError(e, "Error rendering ProdConfItemContent, inserting empty String", module); String candidateOut = productConfigItem.getModelEntity().isField(candidateFieldName) ? productConfigItem.getString(candidateFieldName): ""; - return candidateOut == null? "" : encoder.sanitize(candidateOut); + return candidateOut == null? "" : encoder.sanitize(candidateOut, null); } } Modified: ofbiz/trunk/applications/product/src/main/java/org/apache/ofbiz/product/product/ProductContentWrapper.java URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/src/main/java/org/apache/ofbiz/product/product/ProductContentWrapper.java?rev=1777446&r1=1777445&r2=1777446&view=diff ============================================================================== --- ofbiz/trunk/applications/product/src/main/java/org/apache/ofbiz/product/product/ProductContentWrapper.java (original) +++ ofbiz/trunk/applications/product/src/main/java/org/apache/ofbiz/product/product/ProductContentWrapper.java Thu Jan 5 11:13:28 2017 @@ -123,7 +123,7 @@ public class ProductContentWrapper imple outString = product.getModelEntity().isField(candidateFieldName) ? product.getString(candidateFieldName): ""; outString = outString == null? "" : outString; } - outString = encoder.sanitize(outString); + outString = encoder.sanitize(outString, null); if (productContentCache != null) { productContentCache.put(cacheKey, outString); } @@ -131,11 +131,11 @@ public class ProductContentWrapper imple } catch (GeneralException e) { Debug.logError(e, "Error rendering ProductContent, inserting empty String", module); String candidateOut = product.getModelEntity().isField(candidateFieldName) ? product.getString(candidateFieldName): ""; - return candidateOut == null? "" : encoder.sanitize(candidateOut); + return candidateOut == null? "" : encoder.sanitize(candidateOut, null); } catch (IOException e) { Debug.logError(e, "Error rendering ProductContent, inserting empty String", module); String candidateOut = product.getModelEntity().isField(candidateFieldName) ? product.getString(candidateFieldName): ""; - return candidateOut == null? "" : encoder.sanitize(candidateOut); + return candidateOut == null? "" : encoder.sanitize(candidateOut, null); } } Modified: ofbiz/trunk/applications/product/src/main/java/org/apache/ofbiz/product/product/ProductPromoContentWrapper.java URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/src/main/java/org/apache/ofbiz/product/product/ProductPromoContentWrapper.java?rev=1777446&r1=1777445&r2=1777446&view=diff ============================================================================== --- ofbiz/trunk/applications/product/src/main/java/org/apache/ofbiz/product/product/ProductPromoContentWrapper.java (original) +++ ofbiz/trunk/applications/product/src/main/java/org/apache/ofbiz/product/product/ProductPromoContentWrapper.java Thu Jan 5 11:13:28 2017 @@ -128,7 +128,7 @@ public class ProductPromoContentWrapper outString = productPromo.getModelEntity().isField(candidateFieldName) ? productPromo.getString(candidateFieldName): ""; outString = outString == null? "" : outString; } - outString = encoder.sanitize(outString); + outString = encoder.sanitize(outString, null); if (productPromoContentCache != null) { productPromoContentCache.put(cacheKey, outString); } @@ -136,11 +136,11 @@ public class ProductPromoContentWrapper } catch (GeneralException e) { Debug.logError(e, "Error rendering ProductPromoContent, inserting empty String", module); String candidateOut = productPromo.getModelEntity().isField(candidateFieldName) ? productPromo.getString(candidateFieldName): ""; - return candidateOut == null? "" : encoder.sanitize(candidateOut); + return candidateOut == null? "" : encoder.sanitize(candidateOut, null); } catch (IOException e) { Debug.logError(e, "Error rendering ProductPromoContent, inserting empty String", module); String candidateOut = productPromo.getModelEntity().isField(candidateFieldName) ? productPromo.getString(candidateFieldName): ""; - return candidateOut == null? "" : encoder.sanitize(candidateOut); + return candidateOut == null? "" : encoder.sanitize(candidateOut, null); } } Modified: ofbiz/trunk/applications/workeffort/src/main/java/org/apache/ofbiz/workeffort/content/WorkEffortContentWrapper.java URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/workeffort/src/main/java/org/apache/ofbiz/workeffort/content/WorkEffortContentWrapper.java?rev=1777446&r1=1777445&r2=1777446&view=diff ============================================================================== --- ofbiz/trunk/applications/workeffort/src/main/java/org/apache/ofbiz/workeffort/content/WorkEffortContentWrapper.java (original) +++ ofbiz/trunk/applications/workeffort/src/main/java/org/apache/ofbiz/workeffort/content/WorkEffortContentWrapper.java Thu Jan 5 11:13:28 2017 @@ -256,7 +256,7 @@ public class WorkEffortContentWrapper im outString = workEffort.getModelEntity().isField(candidateFieldName) ? workEffort.getString(candidateFieldName): ""; outString = outString == null? "" : outString; } - outString = encoder.sanitize(outString); + outString = encoder.sanitize(outString, null); if (workEffortContentCache != null) { workEffortContentCache.put(cacheKey, outString); } @@ -264,11 +264,11 @@ public class WorkEffortContentWrapper im } catch (GeneralException e) { Debug.logError(e, "Error rendering WorkEffortContent, inserting empty String", module); String candidateOut = workEffort.getModelEntity().isField(candidateFieldName) ? workEffort.getString(candidateFieldName): ""; - return candidateOut == null? "" : encoder.sanitize(candidateOut); + return candidateOut == null? "" : encoder.sanitize(candidateOut, null); } catch (IOException e) { Debug.logError(e, "Error rendering WorkEffortContent, inserting empty String", module); String candidateOut = workEffort.getModelEntity().isField(candidateFieldName) ? workEffort.getString(candidateFieldName): ""; - return candidateOut == null? "" : encoder.sanitize(candidateOut); + return candidateOut == null? "" : encoder.sanitize(candidateOut, null); } } Modified: ofbiz/trunk/framework/widget/src/main/java/org/apache/ofbiz/widget/renderer/FormRenderer.java URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/widget/src/main/java/org/apache/ofbiz/widget/renderer/FormRenderer.java?rev=1777446&r1=1777445&r2=1777446&view=diff ============================================================================== --- ofbiz/trunk/framework/widget/src/main/java/org/apache/ofbiz/widget/renderer/FormRenderer.java (original) +++ ofbiz/trunk/framework/widget/src/main/java/org/apache/ofbiz/widget/renderer/FormRenderer.java Thu Jan 5 11:13:28 2017 @@ -44,10 +44,11 @@ import org.apache.ofbiz.entity.util.Enti import org.apache.ofbiz.widget.WidgetWorker; import org.apache.ofbiz.widget.model.AbstractModelAction; import org.apache.ofbiz.widget.model.FieldInfo; -import org.apache.ofbiz.widget.model.*; +import org.apache.ofbiz.widget.model.ModelForm; import org.apache.ofbiz.widget.model.ModelForm.FieldGroup; import org.apache.ofbiz.widget.model.ModelForm.FieldGroupBase; import org.apache.ofbiz.widget.model.ModelFormField; +import org.apache.ofbiz.widget.model.ModelGrid; /** * A form rendering engine. @@ -227,8 +228,7 @@ public class FormRenderer { * (String, optional alternate name for form, defaults to the * value of the name attribute) */ - public void render(Appendable writer, Map<String, Object> context) - throws Exception { + public void render(Appendable writer, Map<String, Object> context) throws Exception { // increment the paginator, only for list and multi forms if (modelForm instanceof ModelGrid) { WidgetWorker.incrementPaginatorNumber(context); |
«
Return to OFBiz - Commits
|
1 view|%1 views
| Free forum by Nabble | Edit this page |