Author: thomas.heute(a)jboss.com
Date: 2009-01-31 08:44:17 -0500 (Sat, 31 Jan 2009)
New Revision: 12746
Modified:
branches/Enterprise_Portal_Platform_4_3/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminPortlet.java
branches/Enterprise_Portal_Platform_4_3/core-cms/src/resources/portal-cms-war/WEB-INF/classes/Resource.properties
branches/Enterprise_Portal_Platform_4_3/core-cms/src/resources/portal-cms-war/WEB-INF/classes/Resource_it.properties
branches/Enterprise_Portal_Platform_4_3/core-cms/src/resources/portal-cms-war/WEB-INF/classes/Resource_ja.properties
Log:
Forbid filenames and folders with < > ( )
Modified:
branches/Enterprise_Portal_Platform_4_3/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminPortlet.java
===================================================================
---
branches/Enterprise_Portal_Platform_4_3/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminPortlet.java 2009-01-31
11:07:13 UTC (rev 12745)
+++
branches/Enterprise_Portal_Platform_4_3/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminPortlet.java 2009-01-31
13:44:17 UTC (rev 12746)
@@ -925,6 +925,19 @@
folder.setName(sFolderName);
folder.setBasePath(sNewPath);
+ if (!CHECK_FOR_XSS_PATTERN.matcher(sFolderName).matches() )
+ {
+ // Invalid folder name
+ aRes.setRenderParameter("op",
CMSAdminConstants.OP_CONFIRM_CREATE_COLLECTION_VALIDATION_ERROR);
+ aRes.setRenderParameter("path",
aReq.getParameter("destination"));
+
+ //used to remember the data already submitted by the user
+ aRes.setRenderParameter("error:message",
CMSAdminConstants.CMS_FOLDERNAME_INVALID);
+ aRes.setRenderParameter("error:newcollectionname",
aReq.getParameter("newcollectionname"));
+ aRes.setRenderParameter("error:newcollectiondescription",
aReq.getParameter("newcollectiondescription"));
+ return;
+ }
+
try
{
Command saveCMD =
CMSService.getCommandFactory().createFolderSaveCommand(folder);
@@ -1376,7 +1389,7 @@
String sLanguage = aReq.getParameter("language");
//Perform server side data validation
- if (sFileName == null || sFileName.trim().length() == 0)
+ if (sFileName == null || sFileName.trim().length() == 0 ||
!CHECK_FOR_XSS_PATTERN.matcher(sFileName).matches() )
{
//Validation Error occurred
//FileName should not be empty
@@ -1485,7 +1498,7 @@
sMakeLive = "on";
}
- if (!"".equals(sFilePath))
+ if (!"".equals(sFilePath) &&
!CHECK_FOR_XSS_PATTERN.matcher(sFilePath).matches())
{
String sContent = aReq.getParameter("elm1");
Modified:
branches/Enterprise_Portal_Platform_4_3/core-cms/src/resources/portal-cms-war/WEB-INF/classes/Resource.properties
===================================================================
---
branches/Enterprise_Portal_Platform_4_3/core-cms/src/resources/portal-cms-war/WEB-INF/classes/Resource.properties 2009-01-31
11:07:13 UTC (rev 12745)
+++
branches/Enterprise_Portal_Platform_4_3/core-cms/src/resources/portal-cms-war/WEB-INF/classes/Resource.properties 2009-01-31
13:44:17 UTC (rev 12746)
@@ -141,8 +141,8 @@
CMS_MISSING_DOCUMENT=404 - Page Not Found
CMS_MISSING_DOCUMENT_DESCRIPTION=The document you tried to access is not available
-CMS_FILENAME_INVALID=File Name is invalid. It may not contain illegal characters such as
'.', '/', ':', '[', ']', '*',
''', '"', '|' or any whitespace character.
-CMS_FOLDERNAME_INVALID=Folder Name is invalid. It may not contain illegal characters such
as '.', '/', ':', '[', ']', '*',
''', '"', '|' or any whitespace character.
+CMS_FILENAME_INVALID=File Name is invalid. It may not contain illegal characters such as
'.', '/', ':', '[', ']', '*',
''', '"', '>', ,'<', '(',
')', '|' or any whitespace character.
+CMS_FOLDERNAME_INVALID=Folder Name is invalid. It may not contain illegal characters such
as '.', '/', ':', '[', ']', '*',
''', '"', '>', ,'<', '(',
')', '|' or any whitespace character.
CMS_MSG_DESTINATION_ALREADY_EXISTS=The command was not performed, because the destination
already exists.
CMS_CANT_MOVE_SAME_DESTINATION=You cannot move a folder to the same location
Modified:
branches/Enterprise_Portal_Platform_4_3/core-cms/src/resources/portal-cms-war/WEB-INF/classes/Resource_it.properties
===================================================================
---
branches/Enterprise_Portal_Platform_4_3/core-cms/src/resources/portal-cms-war/WEB-INF/classes/Resource_it.properties 2009-01-31
11:07:13 UTC (rev 12745)
+++
branches/Enterprise_Portal_Platform_4_3/core-cms/src/resources/portal-cms-war/WEB-INF/classes/Resource_it.properties 2009-01-31
13:44:17 UTC (rev 12746)
@@ -140,8 +140,8 @@
CMS_MISSING_DOCUMENT=404 - Pagina non trovata
CMS_MISSING_DOCUMENT_DESCRIPTION=Il documento a cui hai tentato di accedere non \u00e8
disponibile
-CMS_FILENAME_INVALID=Il nome del File non \u00e8 valido. Non sono permessi caratteri
quali '.', '/', ':', '[', ']', '*',
''', '"', '|' o lo spazio.
-CMS_FOLDERNAME_INVALID=Il nome della cartella non \u00e8 valido. Non sono permessi
caratteri quali '.', '/', ':', '[', ']',
'*', ''', '"', '|' o lo spazio.
+CMS_FILENAME_INVALID=Il nome del File non \u00e8 valido. Non sono permessi caratteri
quali '.', '/', ':', '[', ']', '*',
''', '"', '>', ,'<', '(',
')', '|' o lo spazio.
+CMS_FOLDERNAME_INVALID=Il nome della cartella non \u00e8 valido. Non sono permessi
caratteri quali '.', '/', ':', '[', ']',
'*', ''', '"', '>', ,'<',
'(', ')', '|' o lo spazio.
CMS_MSG_DESTINATION_ALREADY_EXISTS=Il comando non pu\u00F2 essere eseguito, perch\u00e8
la destinazione esiste gi\u00e0.
CMS_CANT_MOVE_SAME_DESTINATION=Non puoi spostare la cartella nella stessa destinazione
Modified:
branches/Enterprise_Portal_Platform_4_3/core-cms/src/resources/portal-cms-war/WEB-INF/classes/Resource_ja.properties
===================================================================
---
branches/Enterprise_Portal_Platform_4_3/core-cms/src/resources/portal-cms-war/WEB-INF/classes/Resource_ja.properties 2009-01-31
11:07:13 UTC (rev 12745)
+++
branches/Enterprise_Portal_Platform_4_3/core-cms/src/resources/portal-cms-war/WEB-INF/classes/Resource_ja.properties 2009-01-31
13:44:17 UTC (rev 12746)
@@ -143,8 +143,8 @@
CMS_MISSING_DOCUMENT=404 -
\u30da\u30fc\u30b8\u304c\u898b\u3064\u304b\u308a\u307e\u305b\u3093
CMS_MISSING_DOCUMENT_DESCRIPTION=\u3042\u306a\u305f\u304c\u30a2\u30af\u30bb\u30b9\u3057\u3088\u3046\u3068\u3057\u305f\u6587\u66f8\u306f\u5229\u7528\u3067\u304d\u307e\u305b\u3093\u3002
-CMS_FILENAME_INVALID=\u30d5\u30a1\u30a4\u30eb\u540d\u304c\u7121\u52b9\u3067\u3059\u3002\u7121\u52b9\u306a\u6587\u5b57\u5217\uff08
'.', '/', ':', '[', ']', '*',
''', '"',
'|'\uff09\u3084\u30b9\u30da\u30fc\u30b9\u304c\u4f7f\u308f\u308c\u3066\u3044\u306a\u3044\u304b\u78ba\u8a8d\u3057\u3066\u304f\u3060\u3055\u3044\u3002
-CMS_FOLDERNAME_INVALID=\u30d5\u30a9\u30eb\u30c0\u540d\u304c\u7121\u52b9\u3067\u3059\u3002\u7121\u52b9\u306a\u6587\u5b57\u5217\uff08
'.', '/', ':', '[', ']', '*',
''', '"',
'|'\uff09\u3084\u30b9\u30da\u30fc\u30b9\u304c\u4f7f\u308f\u308c\u3066\u3044\u306a\u3044\u304b\u78ba\u8a8d\u3057\u3066\u304f\u3060\u3055\u3044\u3002
+CMS_FILENAME_INVALID=\u30d5\u30a1\u30a4\u30eb\u540d\u304c\u7121\u52b9\u3067\u3059\u3002\u7121\u52b9\u306a\u6587\u5b57\u5217\uff08
'.', '/', ':', '[', ']', '*',
''', '"', '>', ,'<', '(',
')',
'|'\uff09\u3084\u30b9\u30da\u30fc\u30b9\u304c\u4f7f\u308f\u308c\u3066\u3044\u306a\u3044\u304b\u78ba\u8a8d\u3057\u3066\u304f\u3060\u3055\u3044\u3002
+CMS_FOLDERNAME_INVALID=\u30d5\u30a9\u30eb\u30c0\u540d\u304c\u7121\u52b9\u3067\u3059\u3002\u7121\u52b9\u306a\u6587\u5b57\u5217\uff08
'.', '/', ':', '[', ']', '*',
''', '"', '>', ,'<', '(',
')',
'|'\uff09\u3084\u30b9\u30da\u30fc\u30b9\u304c\u4f7f\u308f\u308c\u3066\u3044\u306a\u3044\u304b\u78ba\u8a8d\u3057\u3066\u304f\u3060\u3055\u3044\u3002
CMS_MSG_DESTINATION_ALREADY_EXISTS=\u3053\u306e\u30b3\u30de\u30f3\u30c9\u306f\u5b9f\u884c\u3055\u308c\u307e\u305b\u3093\u3067\u3057\u305f\u3002
CMS_CANT_MOVE_SAME_DESTINATION=\u540c\u3058\u30d5\u30a9\u30eb\u30c0\u306b\u30d5\u30a1\u30a4\u30eb\u3092\u79fb\u52d5\u3059\u308b\u3053\u3068\u306f\u3067\u304d\u307e\u305b\u3093\u3002