OFBiz › OFBiz - Commits

svn commit: r746292 - in /ofbiz/trunk/framework/base/src/org/ofbiz/base/util: StringUtil.java UtilHttp.java

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

1 message

jonesde

svn commit: r746292 - in /ofbiz/trunk/framework/base/src/org/ofbiz/base/util: StringUtil.java UtilHttp.java

Author: jonesde
Date: Fri Feb 20 16:47:31 2009
New Revision: 746292

URL: http://svn.apache.org/viewvc?rev=746292&view=rev
Log:
Changed the canonicalization and encoding to not use the CSS and JavaScript codecs, especially for canonicalization they cause problems with backslashes in strings which we generally want to allow and which generally isn't used in webapp input strings and I don't think we interpret such encodings anywhere so there is no danger nor utility for it; this better resolves the filename/etc problem reported by Jacques, so his temporary fix is now gone

Modified:
ofbiz/trunk/framework/base/src/org/ofbiz/base/util/StringUtil.java
ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilHttp.java

Modified: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/StringUtil.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/src/org/ofbiz/base/util/StringUtil.java?rev=746292&r1=746291&r2=746292&view=diff
==============================================================================
--- ofbiz/trunk/framework/base/src/org/ofbiz/base/util/StringUtil.java (original)
+++ ofbiz/trunk/framework/base/src/org/ofbiz/base/util/StringUtil.java Fri Feb 20 16:47:31 2009
@@ -62,7 +62,7 @@
public static final Validator defaultWebValidator;
static {
// possible codecs: CSSCodec, HTMLEntityCodec, JavaScriptCodec, MySQLCodec, OracleCodec, PercentCodec, UnixCodec, VBScriptCodec, WindowsCodec
- List<Codec> codecList = Arrays.asList(new CSSCodec(), new HTMLEntityCodec(), new JavaScriptCodec(), new PercentCodec());
+ List<Codec> codecList = Arrays.asList(new HTMLEntityCodec(), new PercentCodec());
defaultWebEncoder = new DefaultEncoder(codecList);
defaultWebValidator = new DefaultValidator();
}

Modified: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilHttp.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilHttp.java?rev=746292&r1=746291&r2=746292&view=diff
==============================================================================
--- ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilHttp.java (original)
+++ ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilHttp.java Fri Feb 20 16:47:31 2009
@@ -245,9 +245,6 @@

public static String canonicalizeParameter(String paramValue) {
try {
- if (paramValue.startsWith(":\\", 1)) { // FIXME : more a hack than anything else
- paramValue = paramValue.replace("\\", "/"); // This allows to use Windows paths from input fields
- }
String cannedStr = StringUtil.defaultWebEncoder.canonicalize(paramValue, StringUtil.esapiCanonicalizeStrict);
if (Debug.verboseOn()) Debug.logVerbose("Canonicalized parameter with " + (cannedStr.equals(paramValue) ? "no " : "") + "change: original [" + paramValue + "] canned [" + cannedStr + "]", module);
return cannedStr;