OFBiz › OFBiz - Commits

svn commit: r920382 - in /ofbiz/branches/release09.04/framework/widget/src/org/ofbiz/widget: form/ModelFormField.java html/HtmlFormRenderer.java

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

1 message

lektran

svn commit: r920382 - in /ofbiz/branches/release09.04/framework/widget/src/org/ofbiz/widget: form/ModelFormField.java html/HtmlFormRenderer.java

Author: lektran
Date: Mon Mar 8 16:11:09 2010
New Revision: 920382

URL: http://svn.apache.org/viewvc?rev=920382&view=rev
Log:
Multiple fixes to the html form widget renderer to ensure that all output is encoded when necessary.

Modified:
ofbiz/branches/release09.04/framework/widget/src/org/ofbiz/widget/form/ModelFormField.java
ofbiz/branches/release09.04/framework/widget/src/org/ofbiz/widget/html/HtmlFormRenderer.java

Modified: ofbiz/branches/release09.04/framework/widget/src/org/ofbiz/widget/form/ModelFormField.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/release09.04/framework/widget/src/org/ofbiz/widget/form/ModelFormField.java?rev=920382&r1=920381&r2=920382&view=diff
==============================================================================
--- ofbiz/branches/release09.04/framework/widget/src/org/ofbiz/widget/form/ModelFormField.java (original)
+++ ofbiz/branches/release09.04/framework/widget/src/org/ofbiz/widget/form/ModelFormField.java Mon Mar 8 16:11:09 2010
@@ -740,19 +740,19 @@
if (retVal instanceof Double || retVal instanceof Float || retVal instanceof BigDecimal) {
NumberFormat nf = NumberFormat.getInstance(locale);
nf.setMaximumFractionDigits(10);
- returnValue = nf.format(retVal);
+ return nf.format(retVal);
} else if (retVal instanceof java.sql.Date) {
DateFormat df = UtilDateTime.toDateFormat(UtilDateTime.DATE_FORMAT, timeZone, null);
- returnValue = df.format((java.util.Date) retVal);
+ return df.format((java.util.Date) retVal);
} else if (retVal instanceof java.sql.Time) {
DateFormat df = UtilDateTime.toTimeFormat(UtilDateTime.TIME_FORMAT, timeZone, null);
- returnValue = df.format((java.util.Date) retVal);
+ return df.format((java.util.Date) retVal);
} else if (retVal instanceof java.sql.Timestamp) {
DateFormat df = UtilDateTime.toDateTimeFormat(UtilDateTime.DATE_TIME_FORMAT, timeZone, null);
- returnValue = df.format((java.util.Date) retVal);
+ return df.format((java.util.Date) retVal);
} else if (retVal instanceof java.util.Date) {
DateFormat df = UtilDateTime.toDateTimeFormat("EEE MMM dd hh:mm:ss z yyyy", timeZone, null);
- returnValue = df.format((java.util.Date) retVal);
+ return df.format((java.util.Date) retVal);
} else {
returnValue = retVal.toString();
}
@@ -2055,6 +2055,12 @@
String retVal = null;
if (this.description != null && !this.description.isEmpty()) {
retVal = this.description.expandString(context);
+ if (retVal != null) {
+ StringUtil.SimpleEncoder simpleEncoder = (StringUtil.SimpleEncoder) context.get("simpleEncoder");
+ if (simpleEncoder != null) {
+ retVal = simpleEncoder.encode(retVal);
+ }
+ }
} else {
retVal = modelFormField.getEntry(context);
}

Modified: ofbiz/branches/release09.04/framework/widget/src/org/ofbiz/widget/html/HtmlFormRenderer.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/release09.04/framework/widget/src/org/ofbiz/widget/html/HtmlFormRenderer.java?rev=920382&r1=920381&r2=920382&view=diff
==============================================================================
--- ofbiz/branches/release09.04/framework/widget/src/org/ofbiz/widget/html/HtmlFormRenderer.java (original)
+++ ofbiz/branches/release09.04/framework/widget/src/org/ofbiz/widget/html/HtmlFormRenderer.java Mon Mar 8 16:11:09 2010
@@ -37,6 +37,7 @@
import javolution.util.FastList;

import org.ofbiz.base.util.Debug;
+import org.ofbiz.base.util.StringUtil;
import org.ofbiz.base.util.UtilGenerics;
import org.ofbiz.base.util.UtilHttp;
import org.ofbiz.base.util.UtilMisc;
@@ -83,6 +84,7 @@
protected String lastFieldGroupId = "";
protected boolean renderPagination = true;
protected boolean javaScriptEnabled = false;
+ private StringUtil.SimpleEncoder internalEncoder;

protected HtmlFormRenderer() {}

@@ -92,6 +94,7 @@
ServletContext ctx = (ServletContext) request.getAttribute("servletContext");
this.rh = (RequestHandler) ctx.getAttribute("_REQUEST_HANDLER_");
this.javaScriptEnabled = UtilHttp.isJavaScriptEnabled(request);
+ this.internalEncoder = StringUtil.getEncoder("string");
}

public boolean getRenderPagination() {
@@ -336,9 +339,10 @@
public void renderHyperlinkField(Appendable writer, Map<String, Object> context, HyperlinkField hyperlinkField) throws IOException {
this.request.setAttribute("image", hyperlinkField.getImage());
ModelFormField modelFormField = hyperlinkField.getModelFormField();
+ String description = encode(hyperlinkField.getDescription(context), modelFormField, context);

WidgetWorker.makeHyperlinkByType(writer, hyperlinkField.getLinkType(), modelFormField.getWidgetStyle(), hyperlinkField.getTargetType(), hyperlinkField.getTarget(context),
- hyperlinkField.getParameterList(), hyperlinkField.getDescription(context), hyperlinkField.getTargetWindow(context), modelFormField,
+ hyperlinkField.getParameterList(), description, hyperlinkField.getTargetWindow(context), modelFormField,
this.request, this.response, context);

this.appendTooltip(writer, context, modelFormField);
@@ -351,12 +355,26 @@
}
if (subHyperlink.shouldUse(context)) {
writer.append(' ');
+ String description = encode(subHyperlink.getDescription(context), subHyperlink.getModelFormField(), context);
WidgetWorker.makeHyperlinkByType(writer, subHyperlink.getLinkType(), subHyperlink.getLinkStyle(), subHyperlink.getTargetType(), subHyperlink.getTarget(context),
- subHyperlink.getParameterList(), subHyperlink.getDescription(context), subHyperlink.getTargetWindow(context), subHyperlink.getModelFormField(),
+ subHyperlink.getParameterList(), description, subHyperlink.getTargetWindow(context), subHyperlink.getModelFormField(),
this.request, this.response, context);
}
}

+ private String encode(String value, ModelFormField modelFormField, Map<String, Object> context) {
+ if (UtilValidate.isEmpty(value)) {
+ return value;
+ }
+ StringUtil.SimpleEncoder encoder = (StringUtil.SimpleEncoder)context.get("simpleEncoder");
+ if (modelFormField.getEncodeOutput() && encoder != null) {
+ value = encoder.encode(value);
+ } else {
+ value = internalEncoder.encode(value);
+ }
+ return value;
+ }
+
/* (non-Javadoc)
* @see org.ofbiz.widget.form.FormStringRenderer#renderTextField(java.io.Writer, java.util.Map, org.ofbiz.widget.form.ModelFormField.TextField)
*/
@@ -712,7 +730,7 @@
String currentDescription = null;
if (UtilValidate.isNotEmpty(currentValue)) {
for (ModelFormField.OptionValue optionValue : allOptionValues) {
- if (optionValue.getKey().equals(currentValue)) {
+ if (encode(optionValue.getKey(), modelFormField, context).equals(currentValue)) {
currentDescription = optionValue.getDescription();
break;
}
@@ -747,7 +765,7 @@
writer.append(" value=\"");
String explicitDescription = (currentDescription != null ? currentDescription : dropDownField.getCurrentDescription(context));
if (UtilValidate.isNotEmpty(explicitDescription)) {
- writer.append(explicitDescription);
+ writer.append(encode(explicitDescription, modelFormField, context));
} else {
writer.append(ModelFormField.FieldInfoWithOptions.getDescriptionForOptionKey(currentValue, allOptionValues));
}
@@ -842,7 +860,7 @@
writer.append("\">");
String explicitDescription = (currentDescription != null ? currentDescription : dropDownField.getCurrentDescription(context));
if (UtilValidate.isNotEmpty(explicitDescription)) {
- writer.append(explicitDescription);
+ writer.append(encode(explicitDescription, modelFormField, context));
} else {
writer.append(ModelFormField.FieldInfoWithOptions.getDescriptionForOptionKey(currentValue, allOptionValues));
}
@@ -866,15 +884,15 @@
String noCurrentSelectedKey = dropDownField.getNoCurrentSelectedKey(context);
writer.append("<option");
// if current value should be selected in the list, select it
- if (UtilValidate.isNotEmpty(currentValue) && currentValue.equals(optionValue.getKey()) && "selected".equals(dropDownField.getCurrent())) {
+ if (UtilValidate.isNotEmpty(currentValue) && currentValue.equals(encode(optionValue.getKey(), modelFormField, context)) && "selected".equals(dropDownField.getCurrent())) {
writer.append(" selected=\"selected\"");
} else if (UtilValidate.isEmpty(currentValue) && noCurrentSelectedKey != null && noCurrentSelectedKey.equals(optionValue.getKey())) {
writer.append(" selected=\"selected\"");
}
writer.append(" value=\"");
- writer.append(optionValue.getKey());
+ writer.append(encode(optionValue.getKey(), modelFormField, context));
writer.append("\">");
- writer.append(optionValue.getDescription());
+ writer.append(encode(optionValue.getDescription(), modelFormField, context));
writer.append("</option>");
}

@@ -969,7 +987,7 @@
writer.append(modelFormField.getParameterName(context));
writer.append('"');
writer.append(" value=\"");
- writer.append(optionValue.getKey());
+ writer.append(encode(optionValue.getKey(), modelFormField, context));
writer.append("\"");

if (UtilValidate.isNotEmpty(event) && UtilValidate.isNotEmpty(action)) {
@@ -982,7 +1000,7 @@

writer.append("/>");

- writer.append(optionValue.getDescription());
+ writer.append(encode(optionValue.getDescription(), modelFormField, context));
}

this.appendTooltip(writer, context, modelFormField);
@@ -1014,7 +1032,7 @@

// if current value should be selected in the list, select it
String noCurrentSelectedKey = radioField.getNoCurrentSelectedKey(context);
- if (UtilValidate.isNotEmpty(currentValue) && currentValue.equals(optionValue.getKey())) {
+ if (UtilValidate.isNotEmpty(currentValue) && currentValue.equals(encode(optionValue.getKey(), modelFormField, context))) {
writer.append(" checked=\"checked\"");
} else if (UtilValidate.isEmpty(currentValue) && noCurrentSelectedKey != null && noCurrentSelectedKey.equals(optionValue.getKey())) {
writer.append(" checked=\"checked\"");
@@ -1023,7 +1041,7 @@
writer.append(modelFormField.getParameterName(context));
writer.append('"');
writer.append(" value=\"");
- writer.append(optionValue.getKey());
+ writer.append(encode(optionValue.getKey(), modelFormField, context));
writer.append("\"");

if (UtilValidate.isNotEmpty(event) && UtilValidate.isNotEmpty(action)) {
@@ -1036,7 +1054,7 @@

writer.append("/>");

- writer.append(optionValue.getDescription());
+ writer.append(encode(optionValue.getDescription(), modelFormField, context));
writer.append("</div>");
}

@@ -1063,7 +1081,7 @@
writer.append(modelForm.getCurrentFormName(context));
writer.append(".submit()\">");

- writer.append(modelFormField.getTitle(context));
+ writer.append(encode(modelFormField.getTitle(context), modelFormField, context));

writer.append("</a>");
} else if ("image".equals(submitField.getButtonType())) {
@@ -1078,7 +1096,7 @@
String title = modelFormField.getTitle(context);
if (UtilValidate.isNotEmpty(title)) {
writer.append(" alt=\"");
- writer.append(title);
+ writer.append(encode(title, modelFormField, context));
writer.append('"');
}

@@ -1128,7 +1146,7 @@
String title = modelFormField.getTitle(context);
if (UtilValidate.isNotEmpty(title)) {
writer.append(" value=\"");
- writer.append(title);
+ writer.append(encode(title, modelFormField, context));
writer.append('"');
}

@@ -1179,7 +1197,7 @@
String title = modelFormField.getTitle(context);
if (UtilValidate.isNotEmpty(title)) {
writer.append(" value=\"");
- writer.append(title);
+ writer.append(encode(title, modelFormField, context));
writer.append('"');
}