Author: chris.laprun(a)jboss.com
Date: 2009-05-27 05:11:34 -0400 (Wed, 27 May 2009)
New Revision: 13415
Modified:
branches/JBoss_Portal_Branch_2_7/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminConstants.java
branches/JBoss_Portal_Branch_2_7/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminPortlet.java
branches/JBoss_Portal_Branch_2_7/core-cms/src/resources/portal-cms-war/WEB-INF/classes/Resource.properties
branches/JBoss_Portal_Branch_2_7/core-cms/src/resources/portal-cms-war/WEB-INF/classes/Resource_fr.properties
branches/JBoss_Portal_Branch_2_7/core-cms/src/resources/portal-cms-war/WEB-INF/jsp/cms/admin/edit.jsp
Log:
- JBEPP-86: Fixed problem with disappearing values... We need to TEST this more.
Modified:
branches/JBoss_Portal_Branch_2_7/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminConstants.java
===================================================================
---
branches/JBoss_Portal_Branch_2_7/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminConstants.java 2009-05-26
11:48:45 UTC (rev 13414)
+++
branches/JBoss_Portal_Branch_2_7/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminConstants.java 2009-05-27
09:11:34 UTC (rev 13415)
@@ -121,4 +121,6 @@
public static final String CMS_DATE_PATTERN = "CMS_DATE_PATTERN";
public static final String DATE_FORMAT = "dateFormat";
+
+ public static final String CMS_INVALID_PARAMETER = "CMS_INVALID_PARAMETER";
}
Modified:
branches/JBoss_Portal_Branch_2_7/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminPortlet.java
===================================================================
---
branches/JBoss_Portal_Branch_2_7/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminPortlet.java 2009-05-26
11:48:45 UTC (rev 13414)
+++
branches/JBoss_Portal_Branch_2_7/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminPortlet.java 2009-05-27
09:11:34 UTC (rev 13415)
@@ -48,7 +48,6 @@
import org.jboss.portal.cms.workflow.CMSWorkflowUtil;
import org.jboss.portal.common.util.ParameterValidation;
import org.jboss.portal.core.cms.command.StreamContentCommand;
-import org.jboss.portal.core.cms.ui.Util;
import org.jboss.portal.core.controller.ControllerContext;
import org.jboss.portal.identity.AnonymousRole;
import org.jboss.portal.identity.IdentityException;
@@ -112,6 +111,8 @@
private static final String SLASH = "/";
private static final String INVALID_TITLE = "Invalid title";
private static final String INVALID_DESCRIPTION = "Invalid description";
+ private static final String INVALID_LANG = "INVALID_LANG";
+ private static final String ERROR_MESSAGE = "error:message";
public void init() throws PortletException
@@ -335,10 +336,10 @@
rRes.setContentType("text/html");
rReq.setAttribute("createpath", sPath);
- String parameter = rReq.getParameter("error:message");
+ String parameter = rReq.getParameter(ERROR_MESSAGE);
if (parameter != null)
{
- rReq.setAttribute("error:message", parameter);
+ rReq.setAttribute(ERROR_MESSAGE, parameter);
}
parameter = rReq.getParameter("error:newcollectionname");
if (parameter != null)
@@ -616,10 +617,10 @@
{
rReq.setAttribute("error:filename", parameter);
}
- parameter = rReq.getParameter("error:message");
+ parameter = rReq.getParameter(ERROR_MESSAGE);
if (parameter != null)
{
- rReq.setAttribute("error:message", parameter);
+ rReq.setAttribute(ERROR_MESSAGE, parameter);
}
javax.portlet.PortletRequestDispatcher prd =
getPortletContext().getRequestDispatcher(CMSAdminConstants.CMS_JSP_PATH +
"/create.jsp");
@@ -679,6 +680,7 @@
rReq.setAttribute("language", sLanguage);
rReq.setAttribute("title", file.getContent().getTitle());
rReq.setAttribute("description", file.getContent().getDescription());
+ rReq.setAttribute(ERROR_MESSAGE, rReq.getParameter(ERROR_MESSAGE));
javax.portlet.PortletRequestDispatcher prd =
getPortletContext().getRequestDispatcher(CMSAdminConstants.CMS_JSP_PATH +
"/edit.jsp");
prd.include(rReq, rRes);
@@ -942,7 +944,7 @@
aRes.setRenderParameter("path",
aReq.getParameter("destination"));
//used to remember the data already submitted by the user
- aRes.setRenderParameter("error:message",
CMSAdminConstants.CMS_FOLDERNAME_INVALID);
+ aRes.setRenderParameter(ERROR_MESSAGE,
CMSAdminConstants.CMS_FOLDERNAME_INVALID);
aRes.setRenderParameter("error:newcollectionname",
aReq.getParameter("newcollectionname"));
aRes.setRenderParameter("error:newcollectiondescription",
aReq.getParameter("newcollectiondescription"));
@@ -964,7 +966,7 @@
aRes.setRenderParameter("path",
aReq.getParameter("destination"));
//used to remember the data already submitted by the user
- aRes.setRenderParameter("error:message",
CMSAdminConstants.CMS_FOLDERNAME_INVALID);
+ aRes.setRenderParameter(ERROR_MESSAGE,
CMSAdminConstants.CMS_FOLDERNAME_INVALID);
aRes.setRenderParameter("error:newcollectionname",
aReq.getParameter("newcollectionname"));
aRes.setRenderParameter("error:newcollectiondescription",
aReq.getParameter("newcollectiondescription"));
}
@@ -1386,7 +1388,7 @@
String sDescription = aReq.getParameter("description");
String sLanguage = aReq.getParameter("language");
- sFileName = ParameterValidation.sanitizeFromPattern(sFileName,
CHECK_FOR_XSS_PATTERN, "");
+ sFileName = ParameterValidation.sanitizeFromPattern(sFileName,
CHECK_FOR_XSS_PATTERN, "");
sDirectory = ParameterValidation.sanitizeFromPattern(sDirectory,
CHECK_FOR_XSS_PATTERN, SLASH);
sTitle = ParameterValidation.sanitizeFromPattern(sTitle,
CHECK_FOR_XSS_PATTERN, INVALID_TITLE);
sDescription = ParameterValidation.sanitizeFromPattern(sDescription,
CHECK_FOR_XSS_PATTERN, INVALID_DESCRIPTION);
@@ -1464,7 +1466,7 @@
aRes.setRenderParameter("path", sDirectory);
//used to remember the data already submitted by the user
- aRes.setRenderParameter("error:message",
CMSAdminConstants.CMS_FILENAME_INVALID);
+ aRes.setRenderParameter(ERROR_MESSAGE,
CMSAdminConstants.CMS_FILENAME_INVALID);
aRes.setRenderParameter("error:filename",
aReq.getParameter("filename"));
aRes.setRenderParameter("error:content",
aReq.getParameter("elm1"));
aRes.setRenderParameter("error:description",
aReq.getParameter("description"));
@@ -1497,22 +1499,56 @@
else if (CMSAdminConstants.OP_SAVETEXT.equals(op))
{
String sFilePath = aReq.getParameter("savetopath");
- String sTitle = aReq.getParameter("title");
- String sDescription = aReq.getParameter("description");
- String sLanguage = aReq.getParameter("language");
-
- sTitle = ParameterValidation.sanitizeFromPattern(sTitle,
CHECK_FOR_XSS_PATTERN, "");
- sDescription = ParameterValidation.sanitizeFromPattern(sDescription,
CHECK_FOR_XSS_PATTERN, "");
- sLanguage = ParameterValidation.sanitizeFromPattern(sLanguage,
CHECK_FOR_XSS_PATTERN, "en");
-
- String sMakeLive = "off";
- if (aReq.getParameterValues("makelive") != null)
+ if (!"".equals(sFilePath) &&
CHECK_FOR_XSS_PATTERN.matcher(sFilePath).matches())
{
- sMakeLive = "on";
- }
+ String sTitle = aReq.getParameter("title");
+ String sDescription = aReq.getParameter("description");
+ String sLanguage = aReq.getParameter("language");
- if (!"".equals(sFilePath) &&
CHECK_FOR_XSS_PATTERN.matcher(sFilePath).matches())
- {
+ // check title and description for XSS injection... If one found,
re-display page with old values
+ String parameter = null;
+ sTitle = ParameterValidation.sanitizeFromPattern(sTitle,
CHECK_FOR_XSS_PATTERN, INVALID_TITLE);
+ boolean invalidTitle = INVALID_TITLE.equals(sTitle);
+ if(invalidTitle)
+ {
+ parameter = "CMS_TITLE";
+ }
+ sDescription = ParameterValidation.sanitizeFromPattern(sDescription,
CHECK_FOR_XSS_PATTERN, INVALID_DESCRIPTION);
+ boolean invalidDesc = INVALID_DESCRIPTION.equals(sDescription);
+ if(invalidDesc)
+ {
+ parameter = "CMS_DESCRIPTION";
+ }
+
+ sLanguage = ParameterValidation.sanitizeFromPattern(sLanguage,
CHECK_FOR_XSS_PATTERN, INVALID_LANG);
+ boolean invalidLang = INVALID_LANG.equals(sLanguage);
+ if(invalidLang)
+ {
+ parameter = "CMS_LANGUAGE";
+ }
+
+ if (invalidTitle || invalidDesc || invalidLang)
+ {
+ aRes.setRenderParameter("op", CMSAdminConstants.OP_EDIT);
+
+ // output error message
+ aRes.setRenderParameter(ERROR_MESSAGE,
CMSAdminConstants.CMS_INVALID_PARAMETER);
+
+ aRes.setRenderParameter("path",
aReq.getParameter("savetopath"));
+ aRes.setRenderParameter("language",
aReq.getParameter("language"));
+
+ return;
+ }
+
+ Locale locale = new Locale(sLanguage);
+
+ String sMakeLive = "off";
+ if (aReq.getParameterValues("makelive") != null)
+ {
+ sMakeLive = "on";
+ }
+
+
String sContent = aReq.getParameter("elm1");
File file = new FileImpl();
@@ -1533,9 +1569,9 @@
content.setTitle(sTitle);
content.setDescription(sDescription);
- content.setBasePath(sFilePath + SLASH + new
Locale(sLanguage).getLanguage());
+ content.setBasePath(sFilePath + SLASH + locale.getLanguage());
content.setBytes(sContent.getBytes());
- file.setContent(new Locale(sLanguage), content);
+ file.setContent(locale, content);
boolean bMakeLive = false;
if ("on".equalsIgnoreCase(sMakeLive))
Modified:
branches/JBoss_Portal_Branch_2_7/core-cms/src/resources/portal-cms-war/WEB-INF/classes/Resource.properties
===================================================================
---
branches/JBoss_Portal_Branch_2_7/core-cms/src/resources/portal-cms-war/WEB-INF/classes/Resource.properties 2009-05-26
11:48:45 UTC (rev 13414)
+++
branches/JBoss_Portal_Branch_2_7/core-cms/src/resources/portal-cms-war/WEB-INF/classes/Resource.properties 2009-05-27
09:11:34 UTC (rev 13415)
@@ -143,6 +143,7 @@
CMS_FILENAME_INVALID=File Name is invalid. It may not contain illegal characters such as
'.', '/', ':', '[', ']', '*',
''', '"', '|' or any whitespace character.
CMS_FOLDERNAME_INVALID=Folder Name is invalid. It may not contain illegal characters such
as '.', '/', ':', '[', ']', '*',
''', '"', '|' or any whitespace character.
+CMS_INVALID_PARAMETER=A value below is invalid. It may not contain illegal characters
such as '\\', '<', '>', '(', ')',
'=' or '%5c'.
CMS_MSG_DESTINATION_ALREADY_EXISTS=The command was not performed, because the destination
already exists.
CMS_CANT_MOVE_SAME_DESTINATION=You cannot move a folder to the same location
Modified:
branches/JBoss_Portal_Branch_2_7/core-cms/src/resources/portal-cms-war/WEB-INF/classes/Resource_fr.properties
===================================================================
---
branches/JBoss_Portal_Branch_2_7/core-cms/src/resources/portal-cms-war/WEB-INF/classes/Resource_fr.properties 2009-05-26
11:48:45 UTC (rev 13414)
+++
branches/JBoss_Portal_Branch_2_7/core-cms/src/resources/portal-cms-war/WEB-INF/classes/Resource_fr.properties 2009-05-27
09:11:34 UTC (rev 13415)
@@ -32,23 +32,23 @@
CMS_CANCEL = Annuler
-CMS_CONTENT_DIR = R\u00E9pertoire de contenu
+CMS_CONTENT_DIR = R\u00e9pertoire de contenu
-CMS_CONTENT_DIR_USE = Utilisez l'arborescence des dossiers afin de parcourir la
structure du r\u00E9pertoire.
+CMS_CONTENT_DIR_USE = Utilisez l'arborescence des dossiers afin de parcourir la
structure du r\u00e9pertoire.
CMS_COPY = Copier
-CMS_CREATE = Cr\u00E9er
+CMS_CREATE = Cr\u00e9er
-CMS_CREATED = Cr\u00E9\u00E9
+CMS_CREATED = Cr\u00e9\u00e9
-CMS_CREATED_BY = Cr\u00E9\u00E9 par
+CMS_CREATED_BY = Cr\u00e9\u00e9 par
-CMS_CREATEFILE = Cr\u00E9er un fichier
+CMS_CREATEFILE = Cr\u00e9er un fichier
-CMS_CREATEFILEINDIR = Cr\u00E9er un fichier dans le dossier
+CMS_CREATEFILEINDIR = Cr\u00e9er un fichier dans le dossier
-CMS_CREATEFOLDER = Cr\u00E9er un dossier
+CMS_CREATEFOLDER = Cr\u00e9er un dossier
CMS_DELETE = Supprimer
@@ -56,7 +56,7 @@
CMS_DELETEWARN1 = ATTENTION ! Vous ne pourrez pas annuler cette action.
-CMS_DELETEWARN2 = \u00CAtes vous certain de vouloir supprimer cette ressource ?
+CMS_DELETEWARN2 = \u00cates vous certain de vouloir supprimer cette ressource ?
CMS_DENY = Refuser
@@ -78,35 +78,35 @@
CMS_LANGUAGE = Langue
-CMS_LIVE = Diffusion imm\u00E9diate
+CMS_LIVE = Diffusion imm\u00e9diate
CMS_LIVEVERSION = Version en ligne
-CMS_MAIN_USE = Utilisez le portlet d'administration du CMS afin de modifier le
contenu de votre r\u00E9pertoire.
+CMS_MAIN_USE = Utilisez le portlet d'administration du CMS afin de modifier le
contenu de votre r\u00e9pertoire.
-CMS_MANAGE = G\u00E9rer le contenu
+CMS_MANAGE = G\u00e9rer le contenu
CMS_MENU = Menu action
-CMS_MODIFIED = Derni\u00E8re modification
+CMS_MODIFIED = Derni\u00e8re modification
CMS_MODIFY = Modifier
-CMS_MOVE = D\u00E9placer
+CMS_MOVE = D\u00e9placer
CMS_NAME = Nom
CMS_PATH = Emplacement
-CMS_PREVIEW = Pr\u00E9visualiser
+CMS_PREVIEW = Pr\u00e9visualiser
-CMS_RESET = R\u00E9initialiser
+CMS_RESET = R\u00e9initialiser
CMS_SEARCH = Rechercher
-CMS_SEARCHNORESULT = Aucun r\u00E9sultat pour cette recherche
+CMS_SEARCHNORESULT = Aucun r\u00e9sultat pour cette recherche
-CMS_SECURE = S\u00E9curiser
+CMS_SECURE = S\u00e9curiser
CMS_SIZE = Taille
@@ -118,23 +118,23 @@
CMS_TYPE = Type
-CMS_UPLOAD = T\u00E9l\u00E9d\u00E9verser
+CMS_UPLOAD = T\u00e9l\u00e9d\u00e9verser
-CMS_UPLOADARCHIVE = T\u00E9l\u00E9d\u00E9verser une archive
+CMS_UPLOADARCHIVE = T\u00e9l\u00e9d\u00e9verser une archive
CMS_VERSION = Version
CMS_VIEW = Visualiser
-CMS_WYSIWYG = \u00C9diteur visuel WYSIWYG
+CMS_WYSIWYG = \u00c9diteur visuel WYSIWYG
TITLE_BROWSE = Navigateur de dossiers
TITLE_COPYCONFIRM = Confirmer la copie
-TITLE_CREATE = Cr\u00E9er un fichier
+TITLE_CREATE = Cr\u00e9er un fichier
-TITLE_CREATECOLLCONFIRM = Confirmer la cr\u00E9ation d'un r\u00E9pertoire
+TITLE_CREATECOLLCONFIRM = Confirmer la cr\u00e9ation d'un r\u00e9pertoire
TITLE_DELETECONFIRM = Confirmer la suppression
@@ -145,17 +145,19 @@
## CMS ADMIN PORTLET
TITLE_HEAD = Administration du CMS
-TITLE_MOVECONFIRM = Confirmer le d\u00E9placement
+TITLE_MOVECONFIRM = Confirmer le d\u00e9placement
-TITLE_SECURECONFIRM = S\u00E9curiser le noeud
+TITLE_SECURECONFIRM = S\u00e9curiser le noeud
-TITLE_UPLOAD = T\u00E9l\u00E9d\u00E9verser un fichier
+TITLE_UPLOAD = T\u00e9l\u00e9d\u00e9verser un fichier
-TITLE_VIEWFILE = Propri\u00E9t\u00E9s du fichier
+TITLE_VIEWFILE = Propri\u00e9t\u00e9s du fichier
-CMS_ACCESS_DENIED=Acc\u00E9s interdit
-CMS_ACCESS_DENIED_DESCRIPTION=Vous n'\u00eates pas autoris\u00E9 \u00e0 acc\u00e9der
a ce document
-CMS_ACCESS_DENIED_DESCRIPTION_PATH=Vous n'\u00eates pas autoris\u00E9 \u00e0
acc\u00e9der au document
+CMS_ACCESS_DENIED=Acc\u00e9s interdit
+CMS_ACCESS_DENIED_DESCRIPTION=Vous n'\u00eates pas autoris\u00e9 \u00e0 acc\u00e9der
a ce document
+CMS_ACCESS_DENIED_DESCRIPTION_PATH=Vous n'\u00eates pas autoris\u00e9 \u00e0
acc\u00e9der au document
-CMS_MISSING_DOCUMENT=404 - Page non trouv\u00E9e
-CMS_MISSING_DOCUMENT_DESCRIPTION=Le document auquel vous avez tent\u00E9
d'acc\u00E9der est introuvable
+CMS_MISSING_DOCUMENT=404 - Page non trouv\u00e9e
+CMS_MISSING_DOCUMENT_DESCRIPTION=Le document auquel vous avez tent\u00e9
d'acc\u00e9der est introuvable
+
+CMS_INVALID_PARAMETER=Une valeur ci-dessous est invalide car elle contient des
caract\u00e8rs invalides '\\', '<', '>', '(',
')', '=' ou '%5c'.
\ No newline at end of file
Modified:
branches/JBoss_Portal_Branch_2_7/core-cms/src/resources/portal-cms-war/WEB-INF/jsp/cms/admin/edit.jsp
===================================================================
---
branches/JBoss_Portal_Branch_2_7/core-cms/src/resources/portal-cms-war/WEB-INF/jsp/cms/admin/edit.jsp 2009-05-26
11:48:45 UTC (rev 13414)
+++
branches/JBoss_Portal_Branch_2_7/core-cms/src/resources/portal-cms-war/WEB-INF/jsp/cms/admin/edit.jsp 2009-05-27
09:11:34 UTC (rev 13415)
@@ -21,6 +21,9 @@
String sVersion = (String)request.getAttribute("version");
String sTitle = (String)request.getAttribute("title");
String sDescription = (String)request.getAttribute("description");
+
+ // for error handling
+ String errorMessage = (String)request.getAttribute("error:message");
%>
<!-- tinyMCE -->
@@ -74,8 +77,20 @@
<tr>
<td height="10"></td>
</tr>
+
+ <%
+ if(errorMessage != null)
+ {
+ %>
+ <tr>
+ <td><span style="color:
red">${n:i18n("CMS_INVALID_PARAMETER")}></span></td>
+ </tr>
+ <%
+ }
+ %>
<tr>
- <td>
+ <td></td>
+</tr>
<tr>
<td>
<table>