OFBiz › OFBiz - Commits

svn commit: r920372 - in /ofbiz/trunk/framework/widget: src/org/ofbiz/widget/form/MacroFormRenderer.java src/org/ofbiz/widget/form/ModelFormField.java src/org/ofbiz/widget/html/HtmlFormRenderer.java templates/htmlFormMacroLibrary.ftl

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

1 message

lektran

svn commit: r920372 - in /ofbiz/trunk/framework/widget: src/org/ofbiz/widget/form/MacroFormRenderer.java src/org/ofbiz/widget/form/ModelFormField.java src/org/ofbiz/widget/html/HtmlFormRenderer.java templates/htmlFormMacroLibrary.ftl

Author: lektran
Date: Mon Mar 8 16:05:24 2010
New Revision: 920372

URL: http://svn.apache.org/viewvc?rev=920372&view=rev
Log:
Multiple fixes to the macro and html form widget renderers to ensure that all output is encoded when necessary.

Modified:
ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/MacroFormRenderer.java
ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/ModelFormField.java
ofbiz/trunk/framework/widget/src/org/ofbiz/widget/html/HtmlFormRenderer.java
ofbiz/trunk/framework/widget/templates/htmlFormMacroLibrary.ftl

Modified: ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/MacroFormRenderer.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/MacroFormRenderer.java?rev=920372&r1=920371&r2=920372&view=diff
==============================================================================
--- ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/MacroFormRenderer.java (original)
+++ ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/MacroFormRenderer.java Mon Mar 8 16:05:24 2010
@@ -188,7 +188,6 @@
String description = displayField.getDescription(context);
String type = displayField.getType();
String imageLocation = displayField.getImageLocation();
- description = encode(description, modelFormField, context);

ModelFormField.InPlaceEditor inPlaceEditor = displayField.getInPlaceEditor();
boolean ajaxEnabled = inPlaceEditor != null && this.javaScriptEnabled;
@@ -359,7 +358,6 @@
}

String value = modelFormField.getEntry(context, textField.getDefaultValue(context));
- value = encode(value, modelFormField, context);
String textSize = Integer.toString(textField.getSize());
String maxlength = "";
if (textField.getMaxlength() != null) {
@@ -451,7 +449,6 @@
readonly = "readonly";
}
String value = modelFormField.getEntry(context, textareaField.getDefaultValue(context));
- value = encode(value, modelFormField, context);
StringWriter sr = new StringWriter();
sr.append("<@renderTextareaField ");
sr.append("name=\"");
@@ -742,7 +739,8 @@
options.append(",");
}
options.append("{'key':'");
- options.append(optionValue.getKey());
+ String key = encode(optionValue.getKey(), modelFormField, context);
+ options.append(key);
options.append("'");
options.append(",'description':'");
String description = encode(optionValue.getDescription(), modelFormField, context);
@@ -906,7 +904,7 @@
}
items.append("{'value':'");
items.append(optionValue.getKey());
- items.append("', 'description':'" + optionValue.getDescription());
+ items.append("', 'description':'" + encode(optionValue.getDescription(), modelFormField, context));
items.append("'}");
}
items.append("]");
@@ -965,7 +963,7 @@
}
items.append("{'key':'");
items.append(optionValue.getKey());
- items.append("', 'description':'" + optionValue.getDescription());
+ items.append("', 'description':'" + encode(optionValue.getDescription(), modelFormField, context));
items.append("'}");
}
items.append("]");
@@ -1046,7 +1044,7 @@
sr.append("\" formName=\"");
sr.append(formName);
sr.append("\" title=\"");
- sr.append(title);
+ sr.append(encode(title, modelFormField, context));
sr.append("\" name=\"");
sr.append(name);
sr.append("\" event=\"");
@@ -2806,9 +2804,12 @@
List<WidgetWorker.Parameter> parameterList, String description, String targetWindow, String confirmation , ModelFormField modelFormField,
HttpServletRequest request, HttpServletResponse response, Map<String, Object> context) throws IOException {
String realLinkType = WidgetWorker.determineAutoLinkType(linkType, target, targetType, request);
+
+ String encodedDescription = encode(description, modelFormField, context);
+
if ("hidden-form".equals(realLinkType)) {
if (modelFormField != null && "multi".equals(modelFormField.getModelForm().getType())) {
- WidgetWorker.makeHiddenFormLinkAnchor(writer, linkStyle, description, confirmation , modelFormField, request, response, context);
+ WidgetWorker.makeHiddenFormLinkAnchor(writer, linkStyle, encodedDescription, confirmation , modelFormField, request, response, context);

// this is a bit trickier, since we can't do a nested form we'll have to put the link to submit the form in place, but put the actual form def elsewhere, ie after the big form is closed
Map<String, Object> wholeFormContext = UtilGenerics.checkMap(context.get("wholeFormContext"));
@@ -2820,10 +2821,10 @@
WidgetWorker.makeHiddenFormLinkForm(postMultiFormWriter, target, targetType, targetWindow, parameterList, modelFormField, request, response, context);
} else {
WidgetWorker.makeHiddenFormLinkForm(writer, target, targetType, targetWindow, parameterList, modelFormField, request, response, context);
- WidgetWorker.makeHiddenFormLinkAnchor(writer, linkStyle, description, confirmation , modelFormField, request, response, context);
+ WidgetWorker.makeHiddenFormLinkAnchor(writer, linkStyle, encodedDescription, confirmation , modelFormField, request, response, context);
}
} else {
- makeHyperlinkString(writer, linkStyle, targetType, target, parameterList, description, confirmation , modelFormField, request, response, context, targetWindow);
+ makeHyperlinkString(writer, linkStyle, targetType, target, parameterList, encodedDescription, confirmation , modelFormField, request, response, context, targetWindow);
}

}

Modified: ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/ModelFormField.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/ModelFormField.java?rev=920372&r1=920371&r2=920372&view=diff
==============================================================================
--- ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/ModelFormField.java (original)
+++ ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/ModelFormField.java Mon Mar 8 16:05:24 2010
@@ -744,23 +744,22 @@
if (retVal instanceof Double || retVal instanceof Float || retVal instanceof BigDecimal) {
NumberFormat nf = NumberFormat.getInstance(locale);
nf.setMaximumFractionDigits(10);
- returnValue = nf.format(retVal);
+ return nf.format(retVal);
} else if (retVal instanceof java.sql.Date) {
DateFormat df = UtilDateTime.toDateFormat(UtilDateTime.DATE_FORMAT, timeZone, null);
- returnValue = df.format((java.util.Date) retVal);
+ return df.format((java.util.Date) retVal);
} else if (retVal instanceof java.sql.Time) {
DateFormat df = UtilDateTime.toTimeFormat(UtilDateTime.TIME_FORMAT, timeZone, null);
- returnValue = df.format((java.util.Date) retVal);
+ return df.format((java.util.Date) retVal);
} else if (retVal instanceof java.sql.Timestamp) {
DateFormat df = UtilDateTime.toDateTimeFormat(UtilDateTime.DATE_TIME_FORMAT, timeZone, null);
- returnValue = df.format((java.util.Date) retVal);
+ return df.format((java.util.Date) retVal);
} else if (retVal instanceof java.util.Date) {
DateFormat df = UtilDateTime.toDateTimeFormat("EEE MMM dd hh:mm:ss z yyyy", timeZone, null);
- returnValue = df.format((java.util.Date) retVal);
+ return df.format((java.util.Date) retVal);
} else {
returnValue = retVal.toString();
}
- return returnValue; // do not encode date and number type fields
} else {
returnValue = defaultValue;
}
@@ -2087,6 +2086,12 @@
String retVal = null;
if (this.description != null && !this.description.isEmpty()) {
retVal = this.description.expandString(context);
+ if (retVal != null) {
+ StringUtil.SimpleEncoder simpleEncoder = (StringUtil.SimpleEncoder) context.get("simpleEncoder");
+ if (simpleEncoder != null) {
+ retVal = simpleEncoder.encode(retVal);
+ }
+ }
} else {
retVal = this.modelFormField.getEntry(context);
}

Modified: ofbiz/trunk/framework/widget/src/org/ofbiz/widget/html/HtmlFormRenderer.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/widget/src/org/ofbiz/widget/html/HtmlFormRenderer.java?rev=920372&r1=920371&r2=920372&view=diff
==============================================================================
--- ofbiz/trunk/framework/widget/src/org/ofbiz/widget/html/HtmlFormRenderer.java (original)
+++ ofbiz/trunk/framework/widget/src/org/ofbiz/widget/html/HtmlFormRenderer.java Mon Mar 8 16:05:24 2010
@@ -33,11 +33,13 @@
import javolution.util.FastList;

import org.ofbiz.base.util.Debug;
+import org.ofbiz.base.util.StringUtil;
import org.ofbiz.base.util.UtilGenerics;
import org.ofbiz.base.util.UtilHttp;
import org.ofbiz.base.util.UtilMisc;
import org.ofbiz.base.util.UtilProperties;
import org.ofbiz.base.util.UtilValidate;
+import org.ofbiz.base.util.StringUtil.SimpleEncoder;
import org.ofbiz.base.util.string.FlexibleStringExpander;
import org.ofbiz.webapp.control.RequestHandler;
import org.ofbiz.webapp.taglib.ContentUrlTag;
@@ -82,6 +84,7 @@
protected String lastFieldGroupId = "";
protected boolean renderPagination = true;
protected boolean javaScriptEnabled = false;
+ private SimpleEncoder internalEncoder;

protected HtmlFormRenderer() {}

@@ -91,6 +94,7 @@
ServletContext ctx = (ServletContext) request.getAttribute("servletContext");
this.rh = (RequestHandler) ctx.getAttribute("_REQUEST_HANDLER_");
this.javaScriptEnabled = UtilHttp.isJavaScriptEnabled(request);
+ internalEncoder = StringUtil.getEncoder("string");
}

public boolean getRenderPagination() {
@@ -330,8 +334,10 @@
public void renderHyperlinkField(Appendable writer, Map<String, Object> context, HyperlinkField hyperlinkField) throws IOException {
this.request.setAttribute("image", hyperlinkField.getImage());
ModelFormField modelFormField = hyperlinkField.getModelFormField();
+ String description = encode(hyperlinkField.getDescription(context), modelFormField, context);
+ String confirmation = encode(hyperlinkField.getConfirmation(context), modelFormField, context);
WidgetWorker.makeHyperlinkByType(writer, hyperlinkField.getLinkType(), modelFormField.getWidgetStyle(), hyperlinkField.getTargetType(), hyperlinkField.getTarget(context),
- hyperlinkField.getParameterList(), hyperlinkField.getDescription(context), hyperlinkField.getTargetWindow(context), hyperlinkField.getConfirmation(context), modelFormField,
+ hyperlinkField.getParameterList(), description, hyperlinkField.getTargetWindow(context), confirmation, modelFormField,
this.request, this.response, context);
this.appendTooltip(writer, context, modelFormField);
//appendWhitespace(writer);
@@ -343,12 +349,26 @@
}
if (subHyperlink.shouldUse(context)) {
writer.append(' ');
+ String description = encode(subHyperlink.getDescription(context), subHyperlink.getModelFormField(), context);
WidgetWorker.makeHyperlinkByType(writer, subHyperlink.getLinkType(), subHyperlink.getLinkStyle(), subHyperlink.getTargetType(), subHyperlink.getTarget(context),
- subHyperlink.getParameterList(), subHyperlink.getDescription(context), subHyperlink.getTargetWindow(context), subHyperlink.getConfirmation(context), subHyperlink.getModelFormField(),
+ subHyperlink.getParameterList(), description, subHyperlink.getTargetWindow(context), subHyperlink.getConfirmation(context), subHyperlink.getModelFormField(),
this.request, this.response, context);
}
}

+ private String encode(String value, ModelFormField modelFormField, Map<String, Object> context) {
+ if (UtilValidate.isEmpty(value)) {
+ return value;
+ }
+ StringUtil.SimpleEncoder encoder = (StringUtil.SimpleEncoder)context.get("simpleEncoder");
+ if (modelFormField.getEncodeOutput() && encoder != null) {
+ value = encoder.encode(value);
+ } else {
+ value = internalEncoder.encode(value);
+ }
+ return value;
+ }
+
/* (non-Javadoc)
* @see org.ofbiz.widget.form.FormStringRenderer#renderTextField(java.io.Writer, java.util.Map, org.ofbiz.widget.form.ModelFormField.TextField)
*/
@@ -704,7 +724,7 @@
String currentDescription = null;
if (UtilValidate.isNotEmpty(currentValue)) {
for (ModelFormField.OptionValue optionValue : allOptionValues) {
- if (optionValue.getKey().equals(currentValue)) {
+ if (encode(optionValue.getKey(), modelFormField, context).equals(currentValue)) {
currentDescription = optionValue.getDescription();
break;
}
@@ -737,12 +757,17 @@

if (UtilValidate.isNotEmpty(currentValue)) {
writer.append(" value=\"");
- String explicitDescription = (currentDescription != null ? currentDescription : dropDownField.getCurrentDescription(context));
- if (UtilValidate.isNotEmpty(explicitDescription)) {
- writer.append(explicitDescription);
+ String explicitDescription = null;
+ if (currentDescription != null) {
+ explicitDescription = currentDescription;
} else {
- writer.append(ModelFormField.FieldInfoWithOptions.getDescriptionForOptionKey(currentValue, allOptionValues));
+ explicitDescription = dropDownField.getCurrentDescription(context);
+ }
+ if (UtilValidate.isEmpty(explicitDescription)) {
+ explicitDescription = ModelFormField.FieldInfoWithOptions.getDescriptionForOptionKey(currentValue, allOptionValues);
}
+ explicitDescription = encode(explicitDescription, modelFormField, context);
+ writer.append(explicitDescription);
writer.append('"');
}
writer.append("/>");
@@ -833,9 +858,10 @@
writer.append("\">");
String explicitDescription = (currentDescription != null ? currentDescription : dropDownField.getCurrentDescription(context));
if (UtilValidate.isNotEmpty(explicitDescription)) {
- writer.append(explicitDescription);
+ writer.append(encode(explicitDescription, modelFormField, context));
} else {
- writer.append(ModelFormField.FieldInfoWithOptions.getDescriptionForOptionKey(currentValue, allOptionValues));
+ String description = ModelFormField.FieldInfoWithOptions.getDescriptionForOptionKey(currentValue, allOptionValues);
+ writer.append(encode(description, modelFormField, context));
}
writer.append("</option>");

@@ -861,9 +887,9 @@
writer.append(" selected=\"selected\"");
}
writer.append(" value=\"");
- writer.append(optionValue.getKey());
+ writer.append(encode(optionValue.getKey(), modelFormField, context));
writer.append("\">");
- writer.append(optionValue.getDescription());
+ writer.append(encode(optionValue.getDescription(), modelFormField, context));
writer.append("</option>");
}

@@ -956,7 +982,7 @@
writer.append(modelFormField.getParameterName(context));
writer.append('"');
writer.append(" value=\"");
- writer.append(optionValue.getKey());
+ writer.append(encode(optionValue.getKey(), modelFormField, context));
writer.append("\"");

if (UtilValidate.isNotEmpty(event) && UtilValidate.isNotEmpty(action)) {
@@ -969,7 +995,7 @@

writer.append("/>");

- writer.append(optionValue.getDescription());
+ writer.append(encode(optionValue.getDescription(), modelFormField, context));
}

this.appendTooltip(writer, context, modelFormField);
@@ -1008,7 +1034,7 @@
writer.append(modelFormField.getParameterName(context));
writer.append('"');
writer.append(" value=\"");
- writer.append(optionValue.getKey());
+ writer.append(encode(optionValue.getKey(), modelFormField, context));
writer.append("\"");

if (UtilValidate.isNotEmpty(event) && UtilValidate.isNotEmpty(action)) {
@@ -1021,7 +1047,7 @@

writer.append("/>");

- writer.append(optionValue.getDescription());
+ writer.append(encode(optionValue.getDescription(), modelFormField, context));
writer.append("</div>");
}

@@ -1038,23 +1064,23 @@
ModelForm modelForm = modelFormField.getModelForm();
String event = null;
String action = null;
- String confirmation = submitField.getConfirmation(context);
+ String confirmation = encode(submitField.getConfirmation(context), modelFormField, context);

if ("text-link".equals(submitField.getButtonType())) {
writer.append("<a");

appendClassNames(writer, context, modelFormField);
if (UtilValidate.isNotEmpty(confirmation)) {
- writer.append("onclick=\" return confirm('");
+ writer.append(" onclick=\"return confirm('");
writer.append(confirmation);
- writer.append("); \" ");
+ writer.append("'); \" ");
}

writer.append(" href=\"javascript:document.");
writer.append(modelForm.getCurrentFormName(context));
writer.append(".submit()\">");

- writer.append(modelFormField.getTitle(context));
+ writer.append(encode(modelFormField.getTitle(context), modelFormField, context));

writer.append("</a>");
} else if ("image".equals(submitField.getButtonType())) {
@@ -1069,7 +1095,7 @@
String title = modelFormField.getTitle(context);
if (UtilValidate.isNotEmpty(title)) {
writer.append(" alt=\"");
- writer.append(title);
+ writer.append(encode(title, modelFormField, context));
writer.append('"');
}

@@ -1125,7 +1151,7 @@
String title = modelFormField.getTitle(context);
if (UtilValidate.isNotEmpty(title)) {
writer.append(" value=\"");
- writer.append(title);
+ writer.append(encode(title, modelFormField, context));
writer.append('"');
}

@@ -1181,7 +1207,7 @@
String title = modelFormField.getTitle(context);
if (UtilValidate.isNotEmpty(title)) {
writer.append(" value=\"");
- writer.append(title);
+ writer.append(encode(title, modelFormField, context));
writer.append('"');
}

Modified: ofbiz/trunk/framework/widget/templates/htmlFormMacroLibrary.ftl
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/widget/templates/htmlFormMacroLibrary.ftl?rev=920372&r1=920371&r2=920372&view=diff
==============================================================================
--- ofbiz/trunk/framework/widget/templates/htmlFormMacroLibrary.ftl (original)
+++ ofbiz/trunk/framework/widget/templates/htmlFormMacroLibrary.ftl Mon Mar 8 16:05:24 2010
@@ -162,7 +162,7 @@
disa = ' disabled';
if(other_choice(document.${formName}.${fieldName}))
disa = '';
-document.write("<input type='text' name='${otherFieldName}' value='${otherValue}' size='${otherFieldSize}'"+disa+" onfocus='check_choice(document.${formName}.${fieldName})' />");
+document.write("<input type='text' name='${otherFieldName}' value='${otherValue?js_string}' size='${otherFieldSize}'"+disa+" onfocus='check_choice(document.${formName}.${fieldName})' />");
if(disa && document.styleSheets)
document.${formName}.${fieldName}.style.visibility = 'hidden';
//--></script>
@@ -187,11 +187,11 @@

<#macro renderSubmitField buttonType className alert formName title name event action imgSrc confirmation containerId ajaxUrl>
<#if buttonType=="text-link">
- <a <@renderClass className alert /> href="javascript:document.${formName}.submit()" <#if confirmation?has_content>onclick="return confirm('${confirmation}');"</#if>><#if title?has_content>${title}</#if> </a>
+ <a <@renderClass className alert /> href="javascript:document.${formName}.submit()" <#if confirmation?has_content>onclick="return confirm('${confirmation?js_string}');"</#if>><#if title?has_content>${title}</#if> </a>
<#elseif buttonType=="image">
- <input type="image" src="${imgSrc}" <@renderClass className alert /><#if name?has_content> name="${name}"</#if><#if title?has_content> alt="${title}"</#if><#if event?has_content> ${event}="${action}"</#if> <#if confirmation?has_content>onclick="return confirm('${confirmation}');"</#if>/>
+ <input type="image" src="${imgSrc}" <@renderClass className alert /><#if name?has_content> name="${name}"</#if><#if title?has_content> alt="${title}"</#if><#if event?has_content> ${event}="${action}"</#if> <#if confirmation?has_content>onclick="return confirm('${confirmation?js_string}');"</#if>/>
<#else>
-<input type="<#if containerId?has_content>button<#else>submit</#if>" <@renderClass className alert /><#if name?exists> name="${name}"</#if><#if title?has_content> value="${title}"</#if><#if event?has_content> ${event}="${action}"</#if><#if containerId?has_content> onclick="<#if confirmation?has_content>if (confirm('${confirmation}')) </#if>ajaxSubmitFormUpdateAreas('${containerId}', '${ajaxUrl}')"<#else><#if confirmation?has_content> onclick="return confirm('${confirmation}');"</#if></#if>/></#if>
+<input type="<#if containerId?has_content>button<#else>submit</#if>" <@renderClass className alert /><#if name?exists> name="${name}"</#if><#if title?has_content> value="${title}"</#if><#if event?has_content> ${event}="${action}"</#if><#if containerId?has_content> onclick="<#if confirmation?has_content>if (confirm('${confirmation?js_string}')) </#if>ajaxSubmitFormUpdateAreas('${containerId}', '${ajaxUrl}')"<#else><#if confirmation?has_content> onclick="return confirm('${confirmation?js_string}');"</#if></#if>/></#if>
</#macro>

<#macro renderResetField className alert name title>
@@ -525,5 +525,5 @@
</#macro>

<#macro makeHiddenFormLinkForm actionUrl name parameters targetWindow><form method="post" action="${actionUrl}" <#if targetWindow?has_content>target="${targetWindow}"</#if> onsubmit="javascript:submitFormDisableSubmits(this)" name="${name}"><#list parameters as parameter><input name="${parameter.name}" value="${parameter.value}" type="hidden"/></#list></form></#macro>
-<#macro makeHiddenFormLinkAnchor linkStyle hiddenFormName event action imgSrc description confirmation><a <#if linkStyle?has_content>class="${linkStyle}"</#if> href="javascript:document.${hiddenFormName}.submit()"<#if action?has_content && event?has_content> ${event}="${action}"</#if><#if confirmation?has_content> onclick="return confirm('${confirmation}')"</#if>><#if imgSrc?has_content><img src="${imgSrc}"/></#if>${description}</a></#macro>
-<#macro makeHyperlinkString linkStyle hiddenFormName event action imgSrc linkUrl targetWindow description confirmation><a <#if linkStyle?has_content>class="${linkStyle}"</#if> href="${linkUrl}"<#if targetWindow?has_content> target="${targetWindow}"</#if><#if action?has_content && event?has_content> ${event}="${action}"</#if><#if confirmation?has_content> onclick="return confirm('${confirmation}')"</#if>><#if imgSrc?has_content><img src="${imgSrc}"/></#if>${description}</a></#macro>
+<#macro makeHiddenFormLinkAnchor linkStyle hiddenFormName event action imgSrc description confirmation><a <#if linkStyle?has_content>class="${linkStyle}"</#if> href="javascript:document.${hiddenFormName}.submit()"<#if action?has_content && event?has_content> ${event}="${action}"</#if><#if confirmation?has_content> onclick="return confirm('${confirmation?js_string}')"</#if>><#if imgSrc?has_content><img src="${imgSrc}"/></#if>${description}</a></#macro>
+<#macro makeHyperlinkString linkStyle hiddenFormName event action imgSrc linkUrl targetWindow description confirmation><a <#if linkStyle?has_content>class="${linkStyle}"</#if> href="${linkUrl}"<#if targetWindow?has_content> target="${targetWindow}"</#if><#if action?has_content && event?has_content> ${event}="${action}"</#if><#if confirmation?has_content> onclick="return confirm('${confirmation?js_string}')"</#if>><#if imgSrc?has_content><img src="${imgSrc}"/></#if>${description}</a></#macro>