[gatein-commits] gatein SVN: r2380 - portal/trunk/web/portal/src/main/webapp/groovy/portal/webui/workspace.

Author: thomas.heute(a)jboss.com Date: 2010-03-29 06:40:45 -0400 (Mon, 29 Mar 2010) New Revision: 2380 Modified: portal/trunk/web/portal/src/main/webapp/groovy/portal/webui/workspace/UIPortalApplication.gtmpl Log: GTNPORTAL-728: Security issue in portal URL handler Solved issue when displayed decoded URL in javascript. URL should remain encoded. Tested locally dashboard and gadget support which seem to use that variable Modified: portal/trunk/web/portal/src/main/webapp/groovy/portal/webui/workspace/UIPortalApplication.gtmpl =================================================================== --- portal/trunk/web/portal/src/main/webapp/groovy/portal/webui/workspace/UIPortalApplication.gtmpl 2010-03-29 10:40:35 UTC (rev 2379) +++ portal/trunk/web/portal/src/main/webapp/groovy/portal/webui/workspace/UIPortalApplication.gtmpl 2010-03-29 10:40:45 UTC (rev 2380) @@ -62,25 +62,21 @@ <script type="text/javascript" src="<%=docBase%>/javascript/merged.js"></script> <%}%> <script type="text/javascript"> - eXo.env.portal.context = '<%=docBase%>' ; - <%if(rcontext.getAccessPath() == 0) {%> - eXo.env.portal.accessMode = 'public' ; - <%} else {%> - eXo.env.portal.accessMode = 'private' ; - <%}%> - eXo.env.portal.portalName = '<%=rcontext.getPortalOwner()%>' ; - eXo.env.server.context = '<%=docBase%>' ; - eXo.env.server.portalBaseURL = '<%=rcontext.getURLBuilder().getBaseURL()%>' ; - eXo.env.client.skin = '$skin' ; + eXo.env.portal.context = "<%=docBase%>" ; + <%if(rcontext.getAccessPath() == 0) {%>eXo.env.portal.accessMode = "public" ;<%} + else + {%>eXo.env.portal.accessMode = "private" ;<%}%> + eXo.env.portal.portalName = "<%=rcontext.getPortalOwner()%>" ; + eXo.env.server.context = "<%=docBase%>" ; + eXo.env.server.portalBaseURL = "<%=rcontext.getRequest().getRequestURI()%>" ; + eXo.env.client.skin = "$skin" ; <% UIPortal portal = uicomponent.findFirstComponentOfType(UIPortal.class); String sessionAliveLevel = (portal == null ? null : portal.sessionAlive) ; boolean canKeepState = sessionAliveLevel == null ? false : !sessionAliveLevel.equals(PortalProperties.SESSION_NEVER) ; %> - eXo.portal.portalMode = <%= uicomponent.getModeState() %>; - - eXo.session.level = '$sessionAliveLevel'; + eXo.session.level = "$sessionAliveLevel"; eXo.session.canKeepState = $canKeepState; eXo.session.isOpen = $uicomponent.isSessionOpen ; eXo.session.itvTime = ${((PortalRequestContext)rcontext).getRequest().getSession().getMaxInactiveInterval()} ;