Author: chris.laprun(a)jboss.com Date: 2009-06-16 17:00:24 -0400 (Tue, 16 Jun 2009) New Revision: 13464 Modified: branches/JBoss_Portal_Branch_2_7/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminPortlet.java branches/JBoss_Portal_Branch_2_7/core-cms/src/resources/portal-cms-war/WEB-INF/jsp/cms/admin/confirmcreatecollection.jsp Log: - JBPORTAL-2416: validate folder description and output correct error message. Modified: branches/JBoss_Portal_Branch_2_7/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminPortlet.java =================================================================== --- branches/JBoss_Portal_Branch_2_7/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminPortlet.java 2009-06-16 20:16:50 UTC (rev 13463) +++ branches/JBoss_Portal_Branch_2_7/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminPortlet.java 2009-06-16 21:00:24 UTC (rev 13464) @@ -919,7 +919,9 @@ String sCreatePath = aReq.getParameter("destination"); String sFolderName = aReq.getParameter("newcollectionname"); String sFolderDescription = aReq.getParameter("newcollectiondescription"); - if (!"".equals(sCreatePath) && !"".equals(sFolderName)) + sFolderDescription = ParameterValidation.sanitizeFromPattern(sFolderDescription, CHECK_FOR_XSS_PATTERN, ""); + + if (!"".equals(sCreatePath) && !"".equals(sFolderName) && !"".equals(sFolderDescription)) { String sNewPath = FileUtil.cleanDoubleSlashes(sCreatePath + SLASH + sFolderName); @@ -968,7 +970,7 @@ aRes.setRenderParameter("path", aReq.getParameter("destination")); //used to remember the data already submitted by the user - aRes.setRenderParameter(ERROR_MESSAGE, CMSAdminConstants.CMS_FOLDERNAME_INVALID); + aRes.setRenderParameter(ERROR_MESSAGE, CMSAdminConstants.CMS_INVALID_PARAMETER); aRes.setRenderParameter("error:newcollectionname", aReq.getParameter("newcollectionname")); aRes.setRenderParameter("error:newcollectiondescription", aReq.getParameter("newcollectiondescription")); } Modified: branches/JBoss_Portal_Branch_2_7/core-cms/src/resources/portal-cms-war/WEB-INF/jsp/cms/admin/confirmcreatecollection.jsp =================================================================== --- branches/JBoss_Portal_Branch_2_7/core-cms/src/resources/portal-cms-war/WEB-INF/jsp/cms/admin/confirmcreatecollection.jsp 2009-06-16 20:16:50 UTC (rev 13463) +++ branches/JBoss_Portal_Branch_2_7/core-cms/src/resources/portal-cms-war/WEB-INF/jsp/cms/admin/confirmcreatecollection.jsp 2009-06-16 21:00:24 UTC (rev 13464) @@ -1,3 +1,4 @@ +<%@ page import="org.jboss.portal.core.cms.CMSConstants" %> <%@ page language="java" extends="org.jboss.portal.core.servlet.jsp.PortalJsp" %> <%@ taglib uri="http://java.sun.com/portlet_2_0" prefix="portlet" %> <%@ taglib uri="/WEB-INF/portal-lib.tld" prefix="n" %> @@ -27,15 +28,32 @@ <h3 class="sectionTitle-blue">${n:i18n("TITLE_CREATECOLLCONFIRM")}</h3> <div class=" cms-tab-container"> <table width="100%"> - <%if(errorMessage != null){%> - <tr> - <td colspan="2"> - <font color="red">${n:i18n("CMS_FOLDERNAME_INVALID")}</font> - </td> - </tr> - <%}%> - + <% + if (CMSAdminConstants.CMS_FOLDERNAME_INVALID.equals(errorMessage)) + { + %> <tr> + <td colspan="2"> + <span style="color: red">${n:i18n("CMS_FOLDERNAME_INVALID")}</span> + </td> + </tr> + <% + } + %> + <% + if (CMSAdminConstants.CMS_INVALID_PARAMETER.equals(errorMessage)) + { + %> + <tr> + <td colspan="2"> + <span style="color: red">${n:i18n("CMS_INVALID_PARAMETER")}</span> + </td> + </tr> + <% + } + %> + + <tr> <td valign="top" width="250" class="portlet-section-alternate"> <%@ include file="folderlist.jsp" %> </td>