From portal-commits at lists.jboss.org Thu Jan 29 12:32:34 2009
Content-Type: multipart/mixed; boundary="===============6210062089582106685=="
MIME-Version: 1.0
From: portal-commits at lists.jboss.org
To: portal-commits at lists.jboss.org
Subject: [portal-commits] JBoss Portal SVN: r12707 - in
 tags/Enterprise_Portal_Platform_4_3_GA:
 core-cms/src/resources/portal-cms-war/WEB-INF/jsp/cms/admin and 1 other
 directories.
Date: Thu, 29 Jan 2009 12:32:33 -0500
Message-ID: <E1LSakj-0006JU-T2@committer01.frg.pub.inap.atl.jboss.com>

--===============6210062089582106685==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

Author: thomas.heute(a)jboss.com
Date: 2009-01-29 12:32:33 -0500 (Thu, 29 Jan 2009)
New Revision: 12707

Modified:
   tags/Enterprise_Portal_Platform_4_3_GA/core-cms/src/resources/portal-cms=
-war/WEB-INF/jsp/cms/admin/securenode.jsp
   tags/Enterprise_Portal_Platform_4_3_GA/core-identity/src/main/org/jboss/=
portal/core/identity/ui/validators/UsernameValidator.java
   tags/Enterprise_Portal_Platform_4_3_GA/core/src/resources/portal-core-wa=
r/WEB-INF/jsp/header/header.jsp
Log:
Encoding stuff


Modified: tags/Enterprise_Portal_Platform_4_3_GA/core/src/resources/portal-=
core-war/WEB-INF/jsp/header/header.jsp
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- tags/Enterprise_Portal_Platform_4_3_GA/core/src/resources/portal-core-w=
ar/WEB-INF/jsp/header/header.jsp	2009-01-29 17:28:21 UTC (rev 12706)
+++ tags/Enterprise_Portal_Platform_4_3_GA/core/src/resources/portal-core-w=
ar/WEB-INF/jsp/header/header.jsp	2009-01-29 17:32:33 UTC (rev 12707)
@@ -1,4 +1,5 @@
 <%@ page import=3D"org.jboss.portal.api.PortalURL" %>
+<%@ page import=3D"org.jboss.portal.common.text.EntityEncoder" %>
 <%@ page import=3D"org.jboss.portal.identity.User" %>
 <%@page import=3D"java.util.ResourceBundle"%>
 <%@ page import=3D"java.security.Principal" %>
@@ -35,10 +36,10 @@
 </script>
 =

 <noscript>
-      <a href=3D"<%=3D loginURL %>"><%=3D rb.getString("LOGIN") %></a>
+      <a href=3D"<%=3D loginURL %>"><%=3D EntityEncoder.FULL.encode(rb.get=
String("LOGIN")) %></a>
 </noscript>
 <%}else{%>
-<a href=3D"<%=3D loginURL %>"><%=3D rb.getString("LOGIN") %></a>
+<a href=3D"<%=3D loginURL %>"><%=3D EntityEncoder.FULL.encode(rb.getString=
("LOGIN")) %></a>
 <%}%>
 =

 =


Modified: tags/Enterprise_Portal_Platform_4_3_GA/core-cms/src/resources/por=
tal-cms-war/WEB-INF/jsp/cms/admin/securenode.jsp
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- tags/Enterprise_Portal_Platform_4_3_GA/core-cms/src/resources/portal-cm=
s-war/WEB-INF/jsp/cms/admin/securenode.jsp	2009-01-29 17:28:21 UTC (rev 127=
06)
+++ tags/Enterprise_Portal_Platform_4_3_GA/core-cms/src/resources/portal-cm=
s-war/WEB-INF/jsp/cms/admin/securenode.jsp	2009-01-29 17:32:33 UTC (rev 127=
07)
@@ -78,7 +78,7 @@
                         Role role =3D (Role)iterator.next();
                   %>
                   <option value=3D"<%=3D role.getName() %>" <%if(readRoleS=
et.contains(role.getName())){%>selected<%}%>>
-                     <%=3D role.getDisplayName() %>
+                     <%=3D EntityEncoder.FULL.encode(role.getDisplayName()=
) %>
                   </option>
                   <%
                      }
@@ -103,7 +103,7 @@
                   %>
                   <option value=3D"<%=3D user.getUserName() %>"
                           <%if(readUserSet.contains(user.getUserName())){%=
>selected<%}%>>
-                     <%=3D user.getUserName() %>
+                     <%=3D EntityEncoder.FULL.encode(user.getUserName()) %>
                   </option>
                   <%
                      }
@@ -140,7 +140,7 @@
                         Role role =3D (Role)iterator.next();
                   %>
                   <option value=3D"<%=3D role.getName() %>" <%if(writeRole=
Set.contains(role.getName())){%>selected<%}%>>
-                     <%=3D role.getDisplayName() %>
+                     <%=3D EntityEncoder.FULL.encode(role.getDisplayName()=
) %>
                   </option>
                   <%
                      }
@@ -165,7 +165,7 @@
                   %>
                   <option value=3D"<%=3D user.getUserName() %>"
                           <%if(writeUserSet.contains(user.getUserName())){=
%>selected<%}%>>
-                     <%=3D user.getUserName() %>
+                     <%=3D EntityEncoder.FULL.encode(user.getUserName()) %>
                   </option>
                   <%
                      }
@@ -202,7 +202,7 @@
                         Role role =3D (Role)iterator.next();
                   %>
                   <option value=3D"<%=3D role.getName() %>" <%if(manageRol=
eSet.contains(role.getName())){%>selected<%}%>>
-                     <%=3D role.getDisplayName() %>
+                     <%=3D EntityEncoder.FULL.encode(role.getDisplayName()=
) %>
                   </option>
                   <%
                      }
@@ -227,7 +227,7 @@
                   %>
                   <option value=3D"<%=3D user.getUserName() %>"
                           <%if(manageUserSet.contains(user.getUserName()))=
{%>selected<%}%>>
-                     <%=3D user.getUserName() %>
+                     <%=3D EntityEncoder.FULL.encode(user.getUserName()) %>
                   </option>
                   <%
                      }

Modified: tags/Enterprise_Portal_Platform_4_3_GA/core-identity/src/main/org=
/jboss/portal/core/identity/ui/validators/UsernameValidator.java
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- tags/Enterprise_Portal_Platform_4_3_GA/core-identity/src/main/org/jboss=
/portal/core/identity/ui/validators/UsernameValidator.java	2009-01-29 17:28=
:21 UTC (rev 12706)
+++ tags/Enterprise_Portal_Platform_4_3_GA/core-identity/src/main/org/jboss=
/portal/core/identity/ui/validators/UsernameValidator.java	2009-01-29 17:32=
:33 UTC (rev 12707)
@@ -65,6 +65,12 @@
       registrationService =3D (RegistrationService) portletContext.getAttr=
ibute("RegistrationService");
 =

       // if (username.length() >=3D 5 && (Pattern.matches(NICKNAME_VALIDAT=
ION, username)))
+      if (username.contains("<") || username.contains(">"))
+      {
+    	  throw new ValidatorException(new FacesMessage(FacesMessage.SEVERITY=
_ERROR,
+               bundle.getString("IDENTITY_VALIDATION_ERROR_USERNAME_ERROR"=
),
+               bundle.getString("IDENTITY_VALIDATION_ERROR_USERNAME_ERROR"=
)));
+      }
       try
       {
          // checking jBPM context


--===============6210062089582106685==--