[gatein-commits] gatein SVN: r2436 - portal/branches/EPP_5_0_Branch/web/portal/src/main/webapp/groovy/portal/webui/workspace.

[do-not-reply at jboss.org]

Author: thomas.heute at jboss.com
Date: 2010-04-01 04:01:03 -0400 (Thu, 01 Apr 2010)
New Revision: 2436

Modified:
   portal/branches/EPP_5_0_Branch/web/portal/src/main/webapp/groovy/portal/webui/workspace/UIPortalApplication.gtmpl
Log:
JBEPP-193: Security issue in portal URL handler

Modified: portal/branches/EPP_5_0_Branch/web/portal/src/main/webapp/groovy/portal/webui/workspace/UIPortalApplication.gtmpl
===================================================================
--- portal/branches/EPP_5_0_Branch/web/portal/src/main/webapp/groovy/portal/webui/workspace/UIPortalApplication.gtmpl	2010-04-01 06:52:16 UTC (rev 2435)
+++ portal/branches/EPP_5_0_Branch/web/portal/src/main/webapp/groovy/portal/webui/workspace/UIPortalApplication.gtmpl	2010-04-01 08:01:03 UTC (rev 2436)
@@ -62,25 +62,21 @@
         <script type="text/javascript" src="<%=docBase%>/javascript/merged.js"></script>
     <%}%>
     <script type="text/javascript">
-      eXo.env.portal.context = '<%=docBase%>' ;
-      <%if(rcontext.getAccessPath() == 0) {%>
-          eXo.env.portal.accessMode = 'public' ;
-      <%} else {%>
-          eXo.env.portal.accessMode = 'private' ;
-      <%}%>
-      eXo.env.portal.portalName = '<%=rcontext.getPortalOwner()%>' ;
-      eXo.env.server.context = '<%=docBase%>' ;
-      eXo.env.server.portalBaseURL = '<%=rcontext.getURLBuilder().getBaseURL()%>' ;
-      eXo.env.client.skin = '$skin' ;
+      eXo.env.portal.context = "<%=docBase%>" ;
+      <%if(rcontext.getAccessPath() == 0) {%>eXo.env.portal.accessMode = "public" ;<%}
+      else
+      {%>eXo.env.portal.accessMode = "private" ;<%}%>
+      eXo.env.portal.portalName = "<%=rcontext.getPortalOwner()%>" ;
+      eXo.env.server.context = "<%=docBase%>" ;
+      eXo.env.server.portalBaseURL = "<%=rcontext.getRequest().getRequestURI()%>" ;
+      eXo.env.client.skin = "$skin" ;
       <% 
         UIPortal portal = uicomponent.findFirstComponentOfType(UIPortal.class);
         String sessionAliveLevel = (portal == null ? null : portal.sessionAlive) ;
         boolean canKeepState = sessionAliveLevel == null ? false : !sessionAliveLevel.equals(PortalProperties.SESSION_NEVER) ;
       %>
-      
       eXo.portal.portalMode = <%= uicomponent.getModeState() %>;
-      
-      eXo.session.level = '$sessionAliveLevel';
+      eXo.session.level = "$sessionAliveLevel";
       eXo.session.canKeepState = $canKeepState;
       eXo.session.isOpen = $uicomponent.isSessionOpen ;
       eXo.session.itvTime = ${((PortalRequestContext)rcontext).getRequest().getSession().getMaxInactiveInterval()} ;