2:36 a.m.
Author: tkobayas(a)redhat.com
Date: 2013-01-15 03:36:39 -0500 (Tue, 15 Jan 2013)
New Revision: 9053
Modified:
epp/portal/branches/EPP_5_2_2_GA_BZ851985_BZ861377_BZ891247_BZ895343/web/portal/src/main/webapp/groovy/portal/webui/workspace/UIPortalApplication.gtmpl
epp/portal/branches/EPP_5_2_2_GA_BZ851985_BZ861377_BZ891247_BZ895343/webui/portal/src/main/java/org/exoplatform/portal/application/PortalRequestHandler.java
epp/portal/branches/EPP_5_2_2_GA_BZ851985_BZ861377_BZ891247_BZ895343/webui/portal/src/main/java/org/exoplatform/portal/webui/workspace/UIPortalApplication.java
Log:
Bug 895343 - one-off patch for CVE-2012-5531 on top of BZ851985_BZ861377_BZ891247
Modified:
epp/portal/branches/EPP_5_2_2_GA_BZ851985_BZ861377_BZ891247_BZ895343/web/portal/src/main/webapp/groovy/portal/webui/workspace/UIPortalApplication.gtmpl
===================================================================
---
epp/portal/branches/EPP_5_2_2_GA_BZ851985_BZ861377_BZ891247_BZ895343/web/portal/src/main/webapp/groovy/portal/webui/workspace/UIPortalApplication.gtmpl 2013-01-15
06:07:15 UTC (rev 9052)
+++
epp/portal/branches/EPP_5_2_2_GA_BZ851985_BZ861377_BZ891247_BZ895343/web/portal/src/main/webapp/groovy/portal/webui/workspace/UIPortalApplication.gtmpl 2013-01-15
08:36:39 UTC (rev 9053)
@@ -81,7 +81,7 @@
{%>eXo.env.portal.accessMode = "private" ;<%}%>
eXo.env.portal.portalName = "<%=rcontext.getPortalOwner()%>" ;
eXo.env.server.context = "<%=docBase%>" ;
- eXo.env.server.portalBaseURL =
"<%=rcontext.getRequest().getRequestURI()%>" ;
+ eXo.env.server.portalBaseURL = "<%=uicomponent.getBaseURL()%>" ;
eXo.env.server.portalURLTemplate =
"<%=uicomponent.getPortalURLTemplate()%>" ;
eXo.env.client.skin = "$skin" ;
<%
Modified:
epp/portal/branches/EPP_5_2_2_GA_BZ851985_BZ861377_BZ891247_BZ895343/webui/portal/src/main/java/org/exoplatform/portal/application/PortalRequestHandler.java
===================================================================
---
epp/portal/branches/EPP_5_2_2_GA_BZ851985_BZ861377_BZ891247_BZ895343/webui/portal/src/main/java/org/exoplatform/portal/application/PortalRequestHandler.java 2013-01-15
06:07:15 UTC (rev 9052)
+++
epp/portal/branches/EPP_5_2_2_GA_BZ851985_BZ861377_BZ891247_BZ895343/webui/portal/src/main/java/org/exoplatform/portal/application/PortalRequestHandler.java 2013-01-15
08:36:39 UTC (rev 9053)
@@ -36,6 +36,8 @@
import org.exoplatform.web.controller.QualifiedName;
import org.exoplatform.webui.application.WebuiRequestContext;
import org.exoplatform.webui.core.UIApplication;
+import org.gatein.common.text.EntityEncoder;
+
import java.util.List;
import java.util.Locale;
import javax.servlet.http.HttpServletRequest;
@@ -106,6 +108,7 @@
//
String requestPath = controllerContext.getParameter(REQUEST_PATH);
+ requestPath = EntityEncoder.FULL.encode(requestPath);
String requestSiteType = controllerContext.getParameter(REQUEST_SITE_TYPE);
String requestSiteName = controllerContext.getParameter(REQUEST_SITE_NAME);
Modified:
epp/portal/branches/EPP_5_2_2_GA_BZ851985_BZ861377_BZ891247_BZ895343/webui/portal/src/main/java/org/exoplatform/portal/webui/workspace/UIPortalApplication.java
===================================================================
---
epp/portal/branches/EPP_5_2_2_GA_BZ851985_BZ861377_BZ891247_BZ895343/webui/portal/src/main/java/org/exoplatform/portal/webui/workspace/UIPortalApplication.java 2013-01-15
06:07:15 UTC (rev 9052)
+++
epp/portal/branches/EPP_5_2_2_GA_BZ851985_BZ861377_BZ891247_BZ895343/webui/portal/src/main/java/org/exoplatform/portal/webui/workspace/UIPortalApplication.java 2013-01-15
08:36:39 UTC (rev 9053)
@@ -47,6 +47,7 @@
import org.exoplatform.web.application.javascript.Javascript.PortalJScript;
import org.exoplatform.web.application.javascript.JavascriptConfigService;
import org.exoplatform.web.url.MimeType;
+import org.exoplatform.web.url.navigation.NavigationResource;
import org.exoplatform.web.url.navigation.NodeURL;
import org.exoplatform.webui.application.WebuiRequestContext;
import org.exoplatform.webui.config.annotation.ComponentConfig;
@@ -561,7 +562,7 @@
lastRequestURI = requestURI;
StringBuilder js = new
StringBuilder("eXo.env.server.portalBaseURL=\"");
- js.append(pcontext.getRequestURI()).append("\";\n");
+ js.append(getBaseURL()).append("\";\n");
String url = getPortalURLTemplate();
js.append("eXo.env.server.portalURLTemplate=\"");
@@ -823,4 +824,10 @@
return URLDecoder.decode(urlTemplate.toString(), "UTF-8");
}
+
+ public String getBaseURL() {
+ PortalRequestContext pcontext = Util.getPortalRequestContext();
+ NodeURL nodeURL = pcontext.createURL(NodeURL.TYPE, new
NavigationResource(pcontext.getSiteKey(), pcontext.getNodePath()));
+ return nodeURL.toString();
+ }
}