OFBiz › OFBiz - Commits

svn commit: r746409 - in /ofbiz/trunk/framework: base/src/org/ofbiz/base/util/ widget/src/org/ofbiz/widget/form/ widget/src/org/ofbiz/widget/html/ widget/src/org/ofbiz/widget/menu/ widget/src/org/ofbiz/widget/screen/ widget/src/org/ofbiz/widget/tree/

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

1 message

jonesde

svn commit: r746409 - in /ofbiz/trunk/framework: base/src/org/ofbiz/base/util/ widget/src/org/ofbiz/widget/form/ widget/src/org/ofbiz/widget/html/ widget/src/org/ofbiz/widget/menu/ widget/src/org/ofbiz/widget/screen/ widget/src/org/ofbiz/widget/tree/

Author: jonesde
Date: Fri Feb 20 23:00:36 2009
New Revision: 746409

URL: http://svn.apache.org/viewvc?rev=746409&view=rev
Log:
Addressed more issues with output encoding, based on feedback from Michele Orru in OFBIZ-1959 plus looking for other similar problems in code, and some random testing around; this should catch quite a bit more stuff as there were various places in the form, menu, tree and screen widgets that needed output encoding for data to be presented to the user through a browser; also a few cleanups here and there

Modified:
ofbiz/trunk/framework/base/src/org/ofbiz/base/util/StringUtil.java
ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/ModelForm.java
ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/ModelFormField.java
ofbiz/trunk/framework/widget/src/org/ofbiz/widget/html/HtmlMenuRenderer.java
ofbiz/trunk/framework/widget/src/org/ofbiz/widget/menu/ModelMenuItem.java
ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/HtmlWidget.java
ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/ModelScreenWidget.java
ofbiz/trunk/framework/widget/src/org/ofbiz/widget/tree/ModelTree.java

Modified: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/StringUtil.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/src/org/ofbiz/base/util/StringUtil.java?rev=746409&r1=746408&r2=746409&view=diff
==============================================================================
--- ofbiz/trunk/framework/base/src/org/ofbiz/base/util/StringUtil.java (original)
+++ ofbiz/trunk/framework/base/src/org/ofbiz/base/util/StringUtil.java Fri Feb 20 23:00:36 2009
@@ -22,6 +22,7 @@
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.util.Arrays;
+import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
@@ -30,6 +31,8 @@
import java.util.regex.Matcher;
import java.util.regex.Pattern;

+import javolution.context.ObjectFactory;
+import javolution.lang.Reusable;
import javolution.util.FastList;
import javolution.util.FastMap;
import javolution.util.FastSet;
@@ -39,10 +42,8 @@
import org.owasp.esapi.Encoder;
import org.owasp.esapi.ValidationErrorList;
import org.owasp.esapi.Validator;
-import org.owasp.esapi.codecs.CSSCodec;
import org.owasp.esapi.codecs.Codec;
import org.owasp.esapi.codecs.HTMLEntityCodec;
-import org.owasp.esapi.codecs.JavaScriptCodec;
import org.owasp.esapi.codecs.PercentCodec;
import org.owasp.esapi.errors.EncodingException;
import org.owasp.esapi.reference.DefaultEncoder;
@@ -526,7 +527,7 @@
public static String checkStringForHtmlSafeOnly(String valueName, String value, List<String> errorMessageList) {
ValidationErrorList vel = new ValidationErrorList();
value = defaultWebValidator.getValidSafeHTML(valueName, value, Integer.MAX_VALUE, true, vel);
- errorMessageList.addAll(vel.errors());
+ errorMessageList.addAll(UtilGenerics.checkList(vel.errors(), String.class));
return value;
}

@@ -666,4 +667,62 @@
return this.theString;
}
}
+
+ /**
+ * A simple Map wrapper class that will do HTML encoding. To be used for passing a Map to something that will expand Strings with it as a context, etc.
+ * To reduce memory allocation impact this object is recyclable and minimal in that it only keeps a reference to the original Map.
+ */
+ public static class HtmlEncodingMapWrapper<K> implements Map<K, Object>, Reusable {
+ protected static final ObjectFactory<HtmlEncodingMapWrapper<?>> mapStackFactory = new ObjectFactory<HtmlEncodingMapWrapper<?>>() {
+ protected HtmlEncodingMapWrapper<?> create() {
+ return new HtmlEncodingMapWrapper();
+ }
+ };
+ public static <K> HtmlEncodingMapWrapper<K> getHtmlEncodingMapWrapper(Map<K, Object> mapToWrap, SimpleEncoder encoder) {
+ if (mapToWrap == null) return null;
+
+ HtmlEncodingMapWrapper<K> mapWrapper = (HtmlEncodingMapWrapper<K>) UtilGenerics.<K, Object>checkMap(mapStackFactory.object());
+ mapWrapper.setup(mapToWrap, encoder);
+ return mapWrapper;
+ }
+
+ protected Map<K, Object> internalMap = null;
+ protected SimpleEncoder encoder = null;
+ protected HtmlEncodingMapWrapper() { }
+
+ public void setup(Map<K, Object> mapToWrap, SimpleEncoder encoder) {
+ this.internalMap = mapToWrap;
+ this.encoder = encoder;
+ }
+ public void reset() {
+ this.internalMap = null;
+ this.encoder = null;
+ }
+
+ public int size() { return this.internalMap.size(); }
+ public boolean isEmpty() { return this.internalMap.isEmpty(); }
+ public boolean containsKey(Object key) { return this.internalMap.containsKey(key); }
+ public boolean containsValue(Object value) { return this.internalMap.containsValue(value); }
+ public Object get(Object key) {
+ Object theObject = this.internalMap.get(key);
+ if (theObject instanceof String) {
+ if (this.encoder != null) {
+ return encoder.encode((String) theObject);
+ } else {
+ return StringUtil.defaultWebEncoder.encodeForHTML((String) theObject);
+ }
+ } else if (theObject instanceof Map) {
+ return HtmlEncodingMapWrapper.getHtmlEncodingMapWrapper((Map) theObject, this.encoder);
+ }
+ return theObject;
+ }
+ public Object put(K key, Object value) { return this.internalMap.put(key, value); }
+ public Object remove(Object key) { return this.internalMap.remove(key); }
+ public void putAll(Map<? extends K, ? extends Object> arg0) { this.internalMap.putAll(arg0); }
+ public void clear() { this.internalMap.clear(); }
+ public Set<K> keySet() { return this.internalMap.keySet(); }
+ public Collection<Object> values() { return this.internalMap.values(); }
+ public Set<Map.Entry<K, Object>> entrySet() { return this.internalMap.entrySet(); }
+ public String toString() { return this.internalMap.toString(); }
+ }
}

Modified: ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/ModelForm.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/ModelForm.java?rev=746409&r1=746408&r2=746409&view=diff
==============================================================================
--- ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/ModelForm.java (original)
+++ ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/ModelForm.java Fri Feb 20 23:00:36 2009
@@ -21,7 +21,6 @@
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
-import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
@@ -38,6 +37,7 @@
import org.ofbiz.base.util.BshUtil;
import org.ofbiz.base.util.Debug;
import org.ofbiz.base.util.GeneralException;
+import org.ofbiz.base.util.StringUtil;
import org.ofbiz.base.util.UtilGenerics;
import org.ofbiz.base.util.UtilMisc;
import org.ofbiz.base.util.UtilProperties;
@@ -1913,6 +1913,12 @@
* @return The target for this Form
*/
public String getTarget(Map<String, Object> context, String targetType) {
+ Map<String, Object> expanderContext = context;
+ StringUtil.SimpleEncoder simpleEncoder = (StringUtil.SimpleEncoder) context.get("simpleEncoder");
+ if (simpleEncoder != null) {
+ expanderContext = StringUtil.HtmlEncodingMapWrapper.getHtmlEncodingMapWrapper(context, simpleEncoder);
+ }
+
try {
// use the same Interpreter (ie with the same context setup) for all evals
Interpreter bsh = this.getBshInterpreter(context);
@@ -1931,7 +1937,7 @@
}

if (condTrue && !targetType.equals("inter-app")) {
- return altTarget.target;
+ return altTarget.targetExdr.expandString(expanderContext);
}
}
} catch (EvalError e) {
@@ -1940,7 +1946,7 @@
throw new IllegalArgumentException(errmsg);
}

- return target.expandString(context);
+ return target.expandString(expanderContext);
}

public String getContainerId() {
@@ -2618,10 +2624,10 @@

public static class AltTarget {
public String useWhen;
- public String target;
+ public FlexibleStringExpander targetExdr;
public AltTarget(Element altTargetElement) {
this.useWhen = altTargetElement.getAttribute("use-when");
- this.target = altTargetElement.getAttribute("target");
+ this.targetExdr = FlexibleStringExpander.getInstance(altTargetElement.getAttribute("target"));
}
public int hashCode() {
return useWhen.hashCode();
@@ -2970,7 +2976,7 @@

if (this.altTargets != null) {
for (AltTarget altTarget: this.altTargets) {
- String target = altTarget.target;
+ String target = altTarget.targetExdr.getOriginal();
String urlMode = "intra-app";

Set<String> controllerLocAndRequestSet = ConfigXMLReader.findControllerRequestUniqueForTargetType(target, urlMode);

Modified: ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/ModelFormField.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/ModelFormField.java?rev=746409&r1=746408&r2=746409&view=diff
==============================================================================
--- ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/ModelFormField.java (original)
+++ ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/ModelFormField.java Fri Feb 20 23:00:36 2009
@@ -995,7 +995,7 @@
}

// search for a localized label for the field's name
- Map<String, String> uiLabelMap = UtilGenerics.checkMap(context.get("uiLabelMap"), String.class, String.class);
+ Map<String, String> uiLabelMap = (Map) context.get("uiLabelMap");
if (uiLabelMap != null) {
String titleFieldName = "FormFieldTitle_" + this.name;
String localizedName = (String) uiLabelMap.get(titleFieldName);
@@ -3140,7 +3140,12 @@

public String getValue(Map<String, Object> context) {
if (this.value != null && !this.value.isEmpty()) {
- return this.value.expandString(context);
+ String valueEnc = this.value.expandString(context);
+ StringUtil.SimpleEncoder simpleEncoder = (StringUtil.SimpleEncoder) context.get("simpleEncoder");
+ if (simpleEncoder != null) {
+ valueEnc = simpleEncoder.encode(valueEnc);
+ }
+ return valueEnc;
} else {
return modelFormField.getEntry(context);
}

Modified: ofbiz/trunk/framework/widget/src/org/ofbiz/widget/html/HtmlMenuRenderer.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/widget/src/org/ofbiz/widget/html/HtmlMenuRenderer.java?rev=746409&r1=746408&r2=746409&view=diff
==============================================================================
--- ofbiz/trunk/framework/widget/src/org/ofbiz/widget/html/HtmlMenuRenderer.java (original)
+++ ofbiz/trunk/framework/widget/src/org/ofbiz/widget/html/HtmlMenuRenderer.java Fri Feb 20 23:00:36 2009
@@ -19,7 +19,6 @@
package org.ofbiz.widget.html;

import java.io.IOException;
-import java.util.Iterator;
import java.util.List;
import java.util.Map;

@@ -132,13 +131,8 @@
}

public void renderFormatSimpleWrapperRows(Appendable writer, Map<String, Object> context, Object menuObj) throws IOException {
-
- List menuItemList = ((ModelMenu)menuObj).getMenuItemList();
- Iterator menuItemIter = menuItemList.iterator();
- ModelMenuItem currentMenuItem = null;
-
- while (menuItemIter.hasNext()) {
- currentMenuItem = (ModelMenuItem)menuItemIter.next();
+ List<ModelMenuItem> menuItemList = ((ModelMenu) menuObj).getMenuItemList();
+ for (ModelMenuItem currentMenuItem: menuItemList) {
renderMenuItem(writer, context, currentMenuItem);
}
}
@@ -194,14 +188,12 @@
}

public boolean isDisableIfEmpty(ModelMenuItem menuItem, Map<String, Object> context) {
-
boolean disabled = false;
String disableIfEmpty = menuItem.getDisableIfEmpty();
if (UtilValidate.isNotEmpty(disableIfEmpty)) {
- List keys = StringUtil.split(disableIfEmpty, "|");
- Iterator iter = keys.iterator();
- while (iter.hasNext()) {
- Object obj = context.get(disableIfEmpty);
+ List<String> keys = StringUtil.split(disableIfEmpty, "|");
+ for (String key: keys) {
+ Object obj = context.get(key);
if (obj == null) {
disabled = true;
break;

Modified: ofbiz/trunk/framework/widget/src/org/ofbiz/widget/menu/ModelMenuItem.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/widget/src/org/ofbiz/widget/menu/ModelMenuItem.java?rev=746409&r1=746408&r2=746409&view=diff
==============================================================================
--- ofbiz/trunk/framework/widget/src/org/ofbiz/widget/menu/ModelMenuItem.java (original)
+++ ofbiz/trunk/framework/widget/src/org/ofbiz/widget/menu/ModelMenuItem.java Fri Feb 20 23:00:36 2009
@@ -27,6 +27,7 @@
import javax.xml.parsers.ParserConfigurationException;

import org.ofbiz.base.util.Debug;
+import org.ofbiz.base.util.StringUtil;
import org.ofbiz.base.util.UtilFormatOut;
import org.ofbiz.base.util.UtilValidate;
import org.ofbiz.base.util.UtilXml;
@@ -568,8 +569,13 @@

public String getText(Map<String, Object> context) {
String txt = this.textExdr.expandString(context);
- if (UtilValidate.isEmpty(txt))
- txt = linkMenuItem.getTitle(context);
+ if (UtilValidate.isEmpty(txt)) txt = linkMenuItem.getTitle(context);
+
+ StringUtil.SimpleEncoder simpleEncoder = (StringUtil.SimpleEncoder) context.get("simpleEncoder");
+ if (simpleEncoder != null) {
+ txt = simpleEncoder.encode(txt);
+ }
+
return txt;
}

@@ -590,7 +596,12 @@
}

public String getTarget(Map<String, Object> context) {
- return this.targetExdr.expandString(context);
+ StringUtil.SimpleEncoder simpleEncoder = (StringUtil.SimpleEncoder) context.get("simpleEncoder");
+ if (simpleEncoder != null) {
+ return this.targetExdr.expandString(StringUtil.HtmlEncodingMapWrapper.getHtmlEncodingMapWrapper(context, simpleEncoder));
+ } else {
+ return this.targetExdr.expandString(context);
+ }
}

public String getTargetWindow(Map<String, Object> context) {

Modified: ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/HtmlWidget.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/HtmlWidget.java?rev=746409&r1=746408&r2=746409&view=diff
==============================================================================
--- ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/HtmlWidget.java (original)
+++ ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/HtmlWidget.java Fri Feb 20 23:00:36 2009
@@ -265,7 +265,6 @@
}
}

- @SuppressWarnings("unchecked")
public void renderWidgetString(Appendable writer, Map<String, Object> context, ScreenStringRenderer screenStringRenderer) {
// isolate the scope
MapStack<String> contextMs;

Modified: ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/ModelScreenWidget.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/ModelScreenWidget.java?rev=746409&r1=746408&r2=746409&view=diff
==============================================================================
--- ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/ModelScreenWidget.java (original)
+++ ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/ModelScreenWidget.java Fri Feb 20 23:00:36 2009
@@ -34,6 +34,7 @@

import org.ofbiz.base.util.Debug;
import org.ofbiz.base.util.GeneralException;
+import org.ofbiz.base.util.StringUtil;
import org.ofbiz.base.util.UtilFormatOut;
import org.ofbiz.base.util.UtilGenerics;
import org.ofbiz.base.util.UtilMisc;
@@ -747,7 +748,12 @@
}

public String getText(Map<String, Object> context) {
- return this.textExdr.expandString(context);
+ String text = this.textExdr.expandString(context);
+ StringUtil.SimpleEncoder simpleEncoder = (StringUtil.SimpleEncoder) context.get("simpleEncoder");
+ if (simpleEncoder != null) {
+ text = simpleEncoder.encode(text);
+ }
+ return text;
}

public String getId(Map<String, Object> context) {
@@ -1321,7 +1327,12 @@
}

public String getText(Map<String, Object> context) {
- return this.textExdr.expandString(context);
+ String text = this.textExdr.expandString(context);
+ StringUtil.SimpleEncoder simpleEncoder = (StringUtil.SimpleEncoder) context.get("simpleEncoder");
+ if (simpleEncoder != null) {
+ text = simpleEncoder.encode(text);
+ }
+ return text;
}

public String getId(Map<String, Object> context) {
@@ -1333,7 +1344,12 @@
}

public String getTarget(Map<String, Object> context) {
- return this.targetExdr.expandString(context);
+ Map<String, Object> expanderContext = context;
+ StringUtil.SimpleEncoder simpleEncoder = (StringUtil.SimpleEncoder) context.get("simpleEncoder");
+ if (simpleEncoder != null) {
+ expanderContext = StringUtil.HtmlEncodingMapWrapper.getHtmlEncodingMapWrapper(context, simpleEncoder);
+ }
+ return this.targetExdr.expandString(expanderContext);
}

public String getName(Map<String, Object> context) {

Modified: ofbiz/trunk/framework/widget/src/org/ofbiz/widget/tree/ModelTree.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/widget/src/org/ofbiz/widget/tree/ModelTree.java?rev=746409&r1=746408&r2=746409&view=diff
==============================================================================
--- ofbiz/trunk/framework/widget/src/org/ofbiz/widget/tree/ModelTree.java (original)
+++ ofbiz/trunk/framework/widget/src/org/ofbiz/widget/tree/ModelTree.java Fri Feb 20 23:00:36 2009
@@ -210,7 +210,7 @@
* use the same tree definitions for many types of tree UIs
*/
public void renderTreeString(StringBuffer buf, Map<String, Object> context, TreeStringRenderer treeStringRenderer) throws GeneralException {
- Map parameters = (Map) context.get("parameters");
+ Map<String, Object> parameters = (Map<String, Object>) context.get("parameters");
setWidgetBoundaryComments(context);

ModelNode node = (ModelNode)nodeMap.get(rootNodeName);
@@ -764,7 +764,12 @@
}

public String getText(Map<String, Object> context) {
- return this.textExdr.expandString(context);
+ String text = this.textExdr.expandString(context);
+ StringUtil.SimpleEncoder simpleEncoder = (StringUtil.SimpleEncoder) context.get("simpleEncoder");
+ if (simpleEncoder != null) {
+ text = simpleEncoder.encode(text);
+ }
+ return text;
}

public String getId(Map<String, Object> context) {
@@ -839,7 +844,12 @@
}

public String getText(Map<String, Object> context) {
- return this.textExdr.expandString(context);
+ String text = this.textExdr.expandString(context);
+ StringUtil.SimpleEncoder simpleEncoder = (StringUtil.SimpleEncoder) context.get("simpleEncoder");
+ if (simpleEncoder != null) {
+ text = simpleEncoder.encode(text);
+ }
+ return text;
}

public String getId(Map<String, Object> context) {
@@ -854,11 +864,21 @@
return this.nameExdr.expandString(context);
}
public String getTitle(Map<String, Object> context) {
- return this.titleExdr.expandString(context);
+ String title = this.titleExdr.expandString(context);
+ StringUtil.SimpleEncoder simpleEncoder = (StringUtil.SimpleEncoder) context.get("simpleEncoder");
+ if (simpleEncoder != null) {
+ title = simpleEncoder.encode(title);
+ }
+ return title;
}

public String getTarget(Map<String, Object> context) {
- return this.targetExdr.expandString(context);
+ StringUtil.SimpleEncoder simpleEncoder = (StringUtil.SimpleEncoder) context.get("simpleEncoder");
+ if (simpleEncoder != null) {
+ return this.targetExdr.expandString(StringUtil.HtmlEncodingMapWrapper.getHtmlEncodingMapWrapper(context, simpleEncoder));
+ } else {
+ return this.targetExdr.expandString(context);
+ }
}

public String getTargetWindow(Map<String, Object> context) {