Author: chris.laprun(a)jboss.com Date: 2009-01-19 10:57:09 -0500 (Mon, 19 Jan 2009) New Revision: 12558 Added: branches/JBoss_Portal_Branch_2_7/server/src/main/org/jboss/portal/server/ParameterSanitizer.java Removed: branches/JBoss_Portal_Branch_2_7/core/src/main/org/jboss/portal/core/util/ParameterSanitizer.java Modified: branches/JBoss_Portal_Branch_2_7/core/src/resources/portal-server-war/login.jsp branches/JBoss_Portal_Branch_2_7/theme/src/main/org/jboss/portal/theme/servlet/DynaAjaxServlet.java Log: - Cleaned-up DynaAjaxServlet, still investigating whether removal is safe or not. - Moved ParameterSanitizer to server module and renamed methods to follow common. Deleted: branches/JBoss_Portal_Branch_2_7/core/src/main/org/jboss/portal/core/util/ParameterSanitizer.java =================================================================== --- branches/JBoss_Portal_Branch_2_7/core/src/main/org/jboss/portal/core/util/ParameterSanitizer.java 2009-01-19 15:54:33 UTC (rev 12557) +++ branches/JBoss_Portal_Branch_2_7/core/src/main/org/jboss/portal/core/util/ParameterSanitizer.java 2009-01-19 15:57:09 UTC (rev 12558) @@ -1,52 +0,0 @@ -/* -* JBoss, a division of Red Hat -* Copyright 2008, Red Hat Middleware, LLC, and individual contributors as indicated -* by the @authors tag. See the copyright.txt in the distribution for a -* full listing of individual contributors. -* -* This is free software; you can redistribute it and/or modify it -* under the terms of the GNU Lesser General Public License as -* published by the Free Software Foundation; either version 2.1 of -* the License, or (at your option) any later version. -* -* This software is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -* Lesser General Public License for more details. -* -* You should have received a copy of the GNU Lesser General Public -* License along with this software; if not, write to the Free -* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA -* 02110-1301 USA, or see the FSF site: http://www.fsf.org. -*/ - -package org.jboss.portal.core.util; - -import org.jboss.portal.common.util.ParameterValidation; - -import java.util.regex.Pattern; - -/** - * TODO - * @author <a href="mailto:chris.laprun@jboss.com">Chris Laprun</a> - * @version $Revision$ - * @deprecated Should use {@link org.jboss.portal.common.util.ParameterValidation#sanitize} instead starting with 2.7.2 - */ -public class ParameterSanitizer -{ - public final static Pattern CSS_DISTANCE = Pattern.compile("\\d+\\W*(em|ex|px|in|cm|mm|pt|pc|%)?"); - - public static String sanitize(String value, Pattern regex, String defaultValue) - { - ParameterValidation.throwIllegalArgExceptionIfNull(regex, "expected value format"); - - if(value == null || !regex.matcher(value).matches()) - { - return defaultValue; - } - else - { - return value; - } - } -} Modified: branches/JBoss_Portal_Branch_2_7/core/src/resources/portal-server-war/login.jsp =================================================================== --- branches/JBoss_Portal_Branch_2_7/core/src/resources/portal-server-war/login.jsp 2009-01-19 15:54:33 UTC (rev 12557) +++ branches/JBoss_Portal_Branch_2_7/core/src/resources/portal-server-war/login.jsp 2009-01-19 15:57:09 UTC (rev 12558) @@ -21,23 +21,24 @@ ~ 02110-1301 USA, or see the FSF site: http://www.fsf.org. ~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~--%> <%@ page pageEncoding="utf-8" %> -<%@page import="org.jboss.portal.identity.UserStatus"%> -<%@page import="org.jboss.portal.core.util.ParameterSanitizer"%> -<%@page import="java.util.ResourceBundle"%> +<%@page import="org.jboss.portal.identity.UserStatus" %> +<%@page import="org.jboss.portal.server.ParameterSanitizer" %> +<%@page import="java.util.ResourceBundle" %> <% ResourceBundle rb = ResourceBundle.getBundle("Resource", request.getLocale()); // todo: use ParameterValidation.sanitize after 2.7.1 String loginheight = request.getParameter("loginheight"); boolean paramPresent = loginheight != null; - loginheight = ParameterSanitizer.sanitize(loginheight, ParameterSanitizer.CSS_DISTANCE, "300px"); + loginheight = ParameterSanitizer.sanitizeFromPattern(loginheight, ParameterSanitizer.CSS_DISTANCE, "300px"); %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> - <title><%= rb.getString("LOGIN_TITLE") %></title> + <title><%= rb.getString("LOGIN_TITLE") %> + </title> <style type="text/css"> /* <![CDATA[ */ body { @@ -46,20 +47,24 @@ border: 0; padding-top: <%=loginheight%>; } + /* ]]> */ </style> <script> - function setFocusOnLoginForm() { - try { - document.loginform.j_username.focus(); + function setFocusOnLoginForm() + { + try + { + document.loginform.j_username.focus(); + } + catch (e) + { + } } - catch (e) { - } - } </script> - <link rel="stylesheet" href="/portal-core/css/login.css" type="text/css" /> + <link rel="stylesheet" href="/portal-core/css/login.css" type="text/css"/> </head> <body onload="setFocusOnLoginForm();"> @@ -67,44 +72,51 @@ <div class="login-header"> - <h2><%= rb.getString("LOGIN_TITLE") %></h2> + <h2><%= rb.getString("LOGIN_TITLE") %> + </h2> </div> <div class="login-content"> <div class="error-message" style="<%=(request.getAttribute(!UserStatus.OK.equals("org.jboss.portal.userStatus") ? "" : "display:none"))%>;"> - <% + <% - if (UserStatus.DISABLE.equals(request.getAttribute("org.jboss.portal.userStatus"))) - { - out.println(rb.getString("ACCOUNT_DISABLED")); - } - else if (UserStatus.WRONGPASSWORD.equals(request.getAttribute("org.jboss.portal.userStatus")) || UserStatus.UNEXISTING.equals(request.getAttribute("org.jboss.portal.userStatus"))) - { - out.println(rb.getString("ACCOUNT_INEXISTING_OR_WRONG_PASSWORD")); - } - else if (UserStatus.NOTASSIGNEDTOROLE.equals(request.getAttribute("org.jboss.portal.userStatus"))) - { - out.println(rb.getString("ACCOUNT_NOTASSIGNEDTOROLE")); - } - %> + if (UserStatus.DISABLE.equals(request.getAttribute("org.jboss.portal.userStatus"))) + { + out.println(rb.getString("ACCOUNT_DISABLED")); + } + else if (UserStatus.WRONGPASSWORD.equals(request.getAttribute("org.jboss.portal.userStatus")) || UserStatus.UNEXISTING.equals(request.getAttribute("org.jboss.portal.userStatus"))) + { + out.println(rb.getString("ACCOUNT_INEXISTING_OR_WRONG_PASSWORD")); + } + else if (UserStatus.NOTASSIGNEDTOROLE.equals(request.getAttribute("org.jboss.portal.userStatus"))) + { + out.println(rb.getString("ACCOUNT_NOTASSIGNEDTOROLE")); + } + %> </div> <form method="post" action="<%= response.encodeURL("j_security_check") %>" name="loginform" id="loginForm" target="_parent"> <div class="form-field"> - <label for="j_username"><%= rb.getString("LOGIN_USERNAME") %></label> + <label for="j_username"><%= rb.getString("LOGIN_USERNAME") %> + </label> <input type="text" name="j_username" id="j_username" value=""/> </div> <div class="form-field"> - <label for="j_password"><%= rb.getString("LOGIN_PASSWORD") %></label> + <label for="j_password"><%= rb.getString("LOGIN_PASSWORD") %> + </label> <input type="password" name="j_password" id="j_password" value=""/> </div> <br class="clear"/> + <div class="button-container"> <br class="clear"/> - <input style="<%=paramPresent ? "" : "display:none"%>;" type="button" name="cancel" value="<%= rb.getString("LOGIN_CANCEL") %>" class="cancel-button" onclick="window.parent.hideContentModal('login-modal');"/> + <input style="<%=paramPresent ? "" : "display:none"%>;" type="button" name="cancel" + value="<%= rb.getString("LOGIN_CANCEL") %>" class="cancel-button" + onclick="window.parent.hideContentModal('login-modal');"/> <br class="clear"/> - <input style="<%=paramPresent ? "" : "right:10px"%>;" type="submit" name="login" value="<%= rb.getString("LOGIN_SUBMIT") %>" class="login-button"/> + <input style="<%=paramPresent ? "" : "right:10px"%>;" type="submit" name="login" + value="<%= rb.getString("LOGIN_SUBMIT") %>" class="login-button"/> </div> <br class="clear"/> </form> Copied: branches/JBoss_Portal_Branch_2_7/server/src/main/org/jboss/portal/server/ParameterSanitizer.java (from rev 12498, branches/JBoss_Portal_Branch_2_7/core/src/main/org/jboss/portal/core/util/ParameterSanitizer.java) =================================================================== --- branches/JBoss_Portal_Branch_2_7/server/src/main/org/jboss/portal/server/ParameterSanitizer.java (rev 0) +++ branches/JBoss_Portal_Branch_2_7/server/src/main/org/jboss/portal/server/ParameterSanitizer.java 2009-01-19 15:57:09 UTC (rev 12558) @@ -0,0 +1,71 @@ +/* +* JBoss, a division of Red Hat +* Copyright 2008, Red Hat Middleware, LLC, and individual contributors as indicated +* by the @authors tag. See the copyright.txt in the distribution for a +* full listing of individual contributors. +* +* This is free software; you can redistribute it and/or modify it +* under the terms of the GNU Lesser General Public License as +* published by the Free Software Foundation; either version 2.1 of +* the License, or (at your option) any later version. +* +* This software is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +* Lesser General Public License for more details. +* +* You should have received a copy of the GNU Lesser General Public +* License along with this software; if not, write to the Free +* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA +* 02110-1301 USA, or see the FSF site: http://www.fsf.org. +*/ + +package org.jboss.portal.server; + +import org.jboss.portal.common.util.ParameterValidation; + +import java.util.Arrays; +import java.util.List; +import java.util.regex.Pattern; + +/** + * TODO + * + * @author <a href="mailto:chris.laprun@jboss.com">Chris Laprun</a> + * @version $Revision$ + * @deprecated Should use {@link org.jboss.portal.common.util.ParameterValidation#sanitize*} instead starting with + * 2.7.2 + */ +public class ParameterSanitizer +{ + public final static Pattern CSS_DISTANCE = Pattern.compile("\\d+\\W*(em|ex|px|in|cm|mm|pt|pc|%)?"); + + public static String sanitizeFromPattern(String value, Pattern regex, String defaultValue) + { + ParameterValidation.throwIllegalArgExceptionIfNull(regex, "expected value format"); + + if (value == null || !regex.matcher(value).matches()) + { + return defaultValue; + } + else + { + return value; + } + } + + public static String sanitizeFromValues(String value, String[] possibleValues, String defaultValue) + { + ParameterValidation.throwIllegalArgExceptionIfNullOrEmpty(possibleValues, "possible values"); + + List<String> values = Arrays.asList(possibleValues); + if (!values.contains(value)) + { + return defaultValue; + } + else + { + return value; + } + } +} Modified: branches/JBoss_Portal_Branch_2_7/theme/src/main/org/jboss/portal/theme/servlet/DynaAjaxServlet.java =================================================================== --- branches/JBoss_Portal_Branch_2_7/theme/src/main/org/jboss/portal/theme/servlet/DynaAjaxServlet.java 2009-01-19 15:54:33 UTC (rev 12557) +++ branches/JBoss_Portal_Branch_2_7/theme/src/main/org/jboss/portal/theme/servlet/DynaAjaxServlet.java 2009-01-19 15:57:09 UTC (rev 12558) @@ -23,7 +23,7 @@ package org.jboss.portal.theme.servlet; -import org.jboss.logging.Logger; +import org.jboss.portal.server.ParameterSanitizer; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; @@ -31,7 +31,6 @@ import javax.servlet.http.HttpServletResponse; import java.io.IOException; import java.util.Date; -import java.util.Enumeration; /** * @author <a href="mailto:tomasz.szymanski@jboss.com">Tomasz Szymanski</a> @@ -40,7 +39,9 @@ public class DynaAjaxServlet extends HttpServlet { - private final static Logger log = Logger.getLogger(DynaAjaxServlet.class); + private static final String ACTION = "action"; + private static final String[] POSSIBLE_ACTION_VALUES = new String[]{"windowremove", "windowmove"}; + private static final String DEFAULT_RESPONSE = ""; public void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException @@ -48,79 +49,11 @@ doPost(req, resp); } - public void doPost(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException + public void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { - Enumeration paramNames = req.getParameterNames(); - String response = ""; - while (paramNames.hasMoreElements()) - { - String name = (String)paramNames.nextElement(); - // action: windowremove|windowmove - if ("action".equalsIgnoreCase(name)) - { - response = req.getParameter(name); - } - System.out.println("Parameter: " + name + " = " + req.getParameter(name)); - } - + String actionValue = req.getParameter(ACTION); + String response = ParameterSanitizer.sanitizeFromValues(actionValue, POSSIBLE_ACTION_VALUES, DEFAULT_RESPONSE); sendResp(resp, response); - -/* - if(req.getParameter("action") != null) - { - if(req.getParameter("action").equals(PERSIST)) - { - if(req.getParameter("positionNo") == null - || req.getParameter("windowId") == null - || req.getParameter("oldRegionId") == null - || req.getParameter("newRegionId") == null) - { - resp.sendError(400, "Not enought parameters"); - return; - } - - if(!testMode) - { - persistance.persistPosition(req.getParameter("positionNo"), - req.getParameter("windowId"), req - .getParameter("oldRegionId"), req - .getParameter("newRegionId")); - } - - sendResp(resp, "Position persisted"); - } - else if(req.getParameter("action").equals(TEST_MODE)) - { - if(req.getParameter("mode") != null) - { - try - { - testMode = Boolean.valueOf(req.getParameter("mode")) - .booleanValue(); - } - catch(RuntimeException e) - { - resp.sendError(400, "Bad arguments"); - return; - } - - sendResp(resp, ((testMode) ? "Test mode ON" : "Test mode OFF")); - - } - else - { - resp.sendError(400, "Not enought parameters"); - return; - } - } - else - { - resp.sendError(400, "Unknown ajax call"); - return; - } - } -*/ } private void sendResp(HttpServletResponse resp, String respData)