2:49 p.m.
Author: thomas.heute(a)jboss.com
Date: 2010-03-30 15:49:21 -0400 (Tue, 30 Mar 2010)
New Revision: 2401
Added:
portal/trunk/webui/eXo/src/main/java/org/exoplatform/webui/organization/UIGroup.java
Modified:
portal/trunk/portlet/exoadmin/src/main/java/org/exoplatform/organization/webui/component/UIGroupExplorer.java
Log:
GTNPORTAL-732: XSS in group settings
Modified:
portal/trunk/portlet/exoadmin/src/main/java/org/exoplatform/organization/webui/component/UIGroupExplorer.java
===================================================================
---
portal/trunk/portlet/exoadmin/src/main/java/org/exoplatform/organization/webui/component/UIGroupExplorer.java 2010-03-30
19:16:44 UTC (rev 2400)
+++
portal/trunk/portlet/exoadmin/src/main/java/org/exoplatform/organization/webui/component/UIGroupExplorer.java 2010-03-30
19:49:21 UTC (rev 2401)
@@ -31,6 +31,7 @@
import org.exoplatform.webui.core.UIBreadcumbs.LocalPath;
import org.exoplatform.webui.event.Event;
import org.exoplatform.webui.event.EventListener;
+import org.exoplatform.webui.organization.UIGroup;
import java.util.ArrayList;
import java.util.Collection;
@@ -67,12 +68,12 @@
if (!GroupManagement.isAdministrator(null))
sibblingsGroup_ = GroupManagement.getRelatedGroups(null, sibblingsGroup_);
- tree.setSibbling((List)sibblingsGroup_);
+ tree.setSibbling((List)convertGroups(sibblingsGroup_));
tree.setIcon("GroupAdminIcon");
tree.setSelectedIcon("PortalIcon");
tree.setBeanIdField("id");
//tree.setBeanLabelField("groupName");
- tree.setBeanLabelField("label");
+ tree.setBeanLabelField("encodedLabel");
tree.setMaxTitleCharacter(25);
}
@@ -95,7 +96,7 @@
// if not administrator
if (!GroupManagement.isAdministrator(null))
sibblingsGroup_ = GroupManagement.getRelatedGroups(null, sibblingsGroup_);
- uiTree.setSibbling((List)sibblingsGroup_);
+ uiTree.setSibbling((List)convertGroups(sibblingsGroup_));
uiTree.setSelected(null);
uiTree.setChildren(null);
uiTree.setParentSelected(null);
@@ -139,9 +140,9 @@
}
uiGroupInfo.setGroup(selectedGroup_);
- uiTree.setSibbling((List)sibblingsGroup_);
- uiTree.setChildren((List)childrenGroup_);
- uiTree.setSelected(selectedGroup_);
+ uiTree.setSibbling((List)convertGroups(sibblingsGroup_));
+ uiTree.setChildren((List)convertGroups(childrenGroup_));
+ uiTree.setSelected(new UIGroup(selectedGroup_));
uiTree.setParentSelected(parentGroup);
}
@@ -208,5 +209,15 @@
uiGroupDetail.setRenderedChild(UIGroupInfo.class);
}
}
+
+ private Collection<UIGroup> convertGroups(Collection<Group> groups)
+ {
+ Collection<UIGroup> result = new ArrayList();
+ for (Group group: groups)
+ {
+ result.add(new UIGroup(group));
+ }
+ return result;
+ }
}
Added:
portal/trunk/webui/eXo/src/main/java/org/exoplatform/webui/organization/UIGroup.java
===================================================================
--- portal/trunk/webui/eXo/src/main/java/org/exoplatform/webui/organization/UIGroup.java
(rev 0)
+++
portal/trunk/webui/eXo/src/main/java/org/exoplatform/webui/organization/UIGroup.java 2010-03-30
19:49:21 UTC (rev 2401)
@@ -0,0 +1,30 @@
+package org.exoplatform.webui.organization;
+
+import org.exoplatform.services.organization.Group;
+import org.gatein.common.text.EntityEncoder;
+
+public class UIGroup {
+
+ private Group group;
+
+ public UIGroup(Group group)
+ {
+ this.group = group;
+ }
+
+ public String getEncodedLabel()
+ {
+ EntityEncoder encoder = EntityEncoder.FULL;
+ return encoder.encode(getLabel());
+ }
+
+ public String getLabel()
+ {
+ return group.getLabel();
+ }
+
+ public String getId()
+ {
+ return group.getId();
+ }
+}