Seam SVN: r14086 - in branches/community/Seam_2_2: build and 1 other directory.
by seam-commits@lists.jboss.org
Author: manaRH
Date: 2011-04-22 07:03:09 -0400 (Fri, 22 Apr 2011)
New Revision: 14086
Modified:
branches/community/Seam_2_2/build/default.build.properties
branches/community/Seam_2_2/changelog.txt
branches/community/Seam_2_2/readme.txt
Log:
updated version strings to 2.2.2.Final
Modified: branches/community/Seam_2_2/build/default.build.properties
===================================================================
--- branches/community/Seam_2_2/build/default.build.properties 2011-04-22 09:36:42 UTC (rev 14085)
+++ branches/community/Seam_2_2/build/default.build.properties 2011-04-22 11:03:09 UTC (rev 14086)
@@ -8,7 +8,7 @@
major.version 2
minor.version .2
patchlevel .2
-qualifier -SNAPSHOT
+qualifier .Final
#
# Other program locations
# -----------------------
Modified: branches/community/Seam_2_2/changelog.txt
===================================================================
--- branches/community/Seam_2_2/changelog.txt 2011-04-22 09:36:42 UTC (rev 14085)
+++ branches/community/Seam_2_2/changelog.txt 2011-04-22 11:03:09 UTC (rev 14086)
@@ -1,5 +1,15 @@
JBoss Seam Changelog
====================
+
+Release Notes - Seam 2 - Version 2.2.2.Final
+
+** Bug
+ * [JBSEAM-4774] - Usage of propagation="nested" with <s:link> doesn't create nested conversation
+ * [JBSEAM-4775] - Session invalidated on every request if anemic sessions are used
+ * [JBSEAM-4780] - IllegalArgumentException: No enum const PropagationType.xxxx
+ * [JBSEAM-4804] - JBoss Seam2 privilege escalation caused by EL interpolation in FacesMessages
+
+
Release Notes - Seam - Version 2.2.1.Final
** Feature Request
Modified: branches/community/Seam_2_2/readme.txt
===================================================================
--- branches/community/Seam_2_2/readme.txt 2011-04-22 09:36:42 UTC (rev 14085)
+++ branches/community/Seam_2_2/readme.txt 2011-04-22 11:03:09 UTC (rev 14086)
@@ -1,7 +1,7 @@
JBoss Seam - Contextual Component framework for Java EE 5
=========================================================
-version 2.2.1.Final, January 2011
+version 2.2.2.Final, April 2011
This software is distributed under the terms of the FSF Lesser Gnu
Public License (see lgpl.txt).
13 years
Seam SVN: r14085 - in branches/community/Seam_2_2/src/main/org/jboss/seam: core and 1 other directories.
by seam-commits@lists.jboss.org
Author: manaRH
Date: 2011-04-22 05:36:42 -0400 (Fri, 22 Apr 2011)
New Revision: 14085
Added:
branches/community/Seam_2_2/src/main/org/jboss/seam/blacklist.properties
Modified:
branches/community/Seam_2_2/src/main/org/jboss/seam/core/Expressions.java
branches/community/Seam_2_2/src/main/org/jboss/seam/navigation/Pages.java
Log:
JBPAPP-4804
Added: branches/community/Seam_2_2/src/main/org/jboss/seam/blacklist.properties
===================================================================
--- branches/community/Seam_2_2/src/main/org/jboss/seam/blacklist.properties (rev 0)
+++ branches/community/Seam_2_2/src/main/org/jboss/seam/blacklist.properties 2011-04-22 09:36:42 UTC (rev 14085)
@@ -0,0 +1,4 @@
+.getClass()
+.addRole(
+.getPassword(
+.removeRole(
\ No newline at end of file
Modified: branches/community/Seam_2_2/src/main/org/jboss/seam/core/Expressions.java
===================================================================
--- branches/community/Seam_2_2/src/main/org/jboss/seam/core/Expressions.java 2011-04-21 14:32:43 UTC (rev 14084)
+++ branches/community/Seam_2_2/src/main/org/jboss/seam/core/Expressions.java 2011-04-22 09:36:42 UTC (rev 14085)
@@ -3,7 +3,13 @@
import static org.jboss.seam.annotations.Install.BUILT_IN;
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
import java.io.Serializable;
+import java.util.ArrayList;
+import java.util.List;
import javax.el.ELContext;
import javax.el.ExpressionFactory;
@@ -17,6 +23,8 @@
import org.jboss.seam.contexts.Contexts;
import org.jboss.seam.el.EL;
import org.jboss.seam.el.SeamExpressionFactory;
+import org.jboss.seam.log.LogProvider;
+import org.jboss.seam.log.Logging;
/**
* Factory for EL method and value expressions.
@@ -31,7 +39,41 @@
@Name("org.jboss.seam.core.expressions")
public class Expressions implements Serializable
{
+ private static final LogProvider log = Logging.getLogProvider(Expressions.class);
+ private static List<String> blacklist = new ArrayList<String>();
+ // loading blacklisted patterns of non-valid EL expressions
+ static
+ {
+ BufferedReader reader = null;
+ try
+ {
+ InputStream blacklistIS = ResourceLoader.instance().getResourceAsStream("blacklist.properties");
+ reader = new BufferedReader(new InputStreamReader(blacklistIS));
+ String line;
+ while ((line = reader.readLine()) != null)
+ {
+ blacklist.add(line);
+ }
+ }
+ catch (IOException e)
+ {
+ log.warn("Black list of non-valid EL expressions was not found!");
+ }
+ finally
+ {
+ if (reader != null)
+ {
+ try
+ {
+ reader.close();
+ }
+ catch (IOException e) { }
+ }
+ }
+
+ }
+
/**
* Get the JBoss EL ExpressionFactory
*/
@@ -76,6 +118,8 @@
*/
public <T> ValueExpression<T> createValueExpression(final String expression, final Class<T> type)
{
+
+ checkELExpression(expression);
return new ValueExpression<T>()
{
@@ -140,6 +184,8 @@
*/
public <T> MethodExpression<T> createMethodExpression(final String expression, final Class<T> type, final Class... argTypes)
{
+ checkELExpression(expression);
+
return new MethodExpression<T>()
{
private javax.el.MethodExpression facesMethodExpression;
@@ -257,4 +303,21 @@
return (Expressions) Component.getInstance(Expressions.class, ScopeType.APPLICATION);
}
}
+
+ private static void checkELExpression(final String expression)
+ {
+ for (int index = 0; blacklist.size() > index; index++)
+ {
+ if ( expression.contains(blacklist.get(index)) ) {
+ throw new IllegalArgumentException("This EL expression is not allowed!");
+ }
+ }
+
+ // for any case blacklist is not provided this is definitely not permitted
+ if ( expression.contains(".getClass()") )
+ {
+ throw new IllegalArgumentException("This EL expression is not allowed!");
+ }
+ }
+
}
Modified: branches/community/Seam_2_2/src/main/org/jboss/seam/navigation/Pages.java
===================================================================
--- branches/community/Seam_2_2/src/main/org/jboss/seam/navigation/Pages.java 2011-04-21 14:32:43 UTC (rev 14084)
+++ branches/community/Seam_2_2/src/main/org/jboss/seam/navigation/Pages.java 2011-04-22 09:36:42 UTC (rev 14085)
@@ -697,6 +697,10 @@
.getRequestParameterMap().get("actionMethod");
if (actionId!=null)
{
+ String decodedActionId = URLDecoder.decode(actionId);
+ if (decodedActionId != null && (decodedActionId.indexOf('#') >= 0 || decodedActionId.indexOf('{') >= 0) ){
+ throw new IllegalArgumentException("EL expressions are not allowed in actionMethod parameter");
+ }
if ( !SafeActions.instance().isActionSafe(actionId) ) return result;
String expression = SafeActions.toAction(actionId);
result = true;
13 years
Seam SVN: r14084 - in branches/enterprise/JBPAPP_4_3_FP01/src/main/org/jboss/seam: core and 1 other directories.
by seam-commits@lists.jboss.org
Author: manaRH
Date: 2011-04-21 10:32:43 -0400 (Thu, 21 Apr 2011)
New Revision: 14084
Added:
branches/enterprise/JBPAPP_4_3_FP01/src/main/org/jboss/seam/blacklist.properties
Modified:
branches/enterprise/JBPAPP_4_3_FP01/src/main/org/jboss/seam/core/Expressions.java
branches/enterprise/JBPAPP_4_3_FP01/src/main/org/jboss/seam/navigation/Pages.java
Log:
JBPAPP-6388 back port from one-off patch
Added: branches/enterprise/JBPAPP_4_3_FP01/src/main/org/jboss/seam/blacklist.properties
===================================================================
--- branches/enterprise/JBPAPP_4_3_FP01/src/main/org/jboss/seam/blacklist.properties (rev 0)
+++ branches/enterprise/JBPAPP_4_3_FP01/src/main/org/jboss/seam/blacklist.properties 2011-04-21 14:32:43 UTC (rev 14084)
@@ -0,0 +1,4 @@
+.getClass()
+.addRole(
+.getPassword(
+.removeRole(
\ No newline at end of file
Modified: branches/enterprise/JBPAPP_4_3_FP01/src/main/org/jboss/seam/core/Expressions.java
===================================================================
--- branches/enterprise/JBPAPP_4_3_FP01/src/main/org/jboss/seam/core/Expressions.java 2011-04-21 14:24:58 UTC (rev 14083)
+++ branches/enterprise/JBPAPP_4_3_FP01/src/main/org/jboss/seam/core/Expressions.java 2011-04-21 14:32:43 UTC (rev 14084)
@@ -3,7 +3,13 @@
import static org.jboss.seam.annotations.Install.BUILT_IN;
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
import java.io.Serializable;
+import java.util.ArrayList;
+import java.util.List;
import javax.el.ELContext;
import javax.el.ExpressionFactory;
@@ -16,6 +22,8 @@
import org.jboss.seam.annotations.intercept.BypassInterceptors;
import org.jboss.seam.el.EL;
import org.jboss.seam.el.SeamExpressionFactory;
+import org.jboss.seam.log.LogProvider;
+import org.jboss.seam.log.Logging;
/**
* Factory for EL method and value expressions.
@@ -30,6 +38,42 @@
@Name("org.jboss.seam.core.expressions")
public class Expressions implements Serializable
{
+ private static final LogProvider log = Logging.getLogProvider(Expressions.class);
+ private static List<String> blacklist = new ArrayList<String>();
+
+ // loading blacklisted patterns of non-valid EL expressions
+ static
+ {
+ BufferedReader reader = null;
+ try
+ {
+ InputStream blacklistIS = ResourceLoader.instance().getResourceAsStream("blacklist.properties");
+ reader = new BufferedReader(new InputStreamReader(blacklistIS));
+ String line;
+ while ((line = reader.readLine()) != null)
+ {
+ blacklist.add(line);
+ }
+ }
+ catch (IOException e)
+ {
+ log.warn("Black list of non-valid EL expressions was not found!");
+ }
+ finally
+ {
+ if (reader != null)
+ {
+ try
+ {
+ reader.close();
+ }
+ catch (IOException e)
+ {
+ }
+ }
+ }
+
+ }
/**
* Get the JBoss EL ExpressionFactory
@@ -75,6 +119,7 @@
*/
public <T> ValueExpression<T> createValueExpression(final String expression, final Class<T> type)
{
+ checkELExpression(expression);
return new ValueExpression<T>()
{
@@ -138,6 +183,8 @@
*/
public <T> MethodExpression<T> createMethodExpression(final String expression, final Class<T> type, final Class... argTypes)
{
+ checkELExpression(expression);
+
return new MethodExpression<T>()
{
private javax.el.MethodExpression facesMethodExpression;
@@ -251,5 +298,22 @@
{
return (Expressions) Component.getInstance(Expressions.class, ScopeType.APPLICATION);
}
+
+ private static void checkELExpression(final String expression)
+ {
+ for (int index = 0; blacklist.size() > index; index++)
+ {
+ if ( expression.contains(blacklist.get(index)) )
+ {
+ throw new IllegalArgumentException("This EL expression is not allowed!");
+ }
+ }
+ // for any case blacklist is not provided this is definitely not permitted
+ if ( expression.contains(".getClass()") )
+ {
+ throw new IllegalArgumentException("This EL expression is not allowed!");
+ }
+ }
+
}
Modified: branches/enterprise/JBPAPP_4_3_FP01/src/main/org/jboss/seam/navigation/Pages.java
===================================================================
--- branches/enterprise/JBPAPP_4_3_FP01/src/main/org/jboss/seam/navigation/Pages.java 2011-04-21 14:24:58 UTC (rev 14083)
+++ branches/enterprise/JBPAPP_4_3_FP01/src/main/org/jboss/seam/navigation/Pages.java 2011-04-21 14:32:43 UTC (rev 14084)
@@ -647,6 +647,11 @@
.getRequestParameterMap().get("actionMethod");
if (actionId!=null)
{
+ String decodedActionId = URLDecoder.decode(actionId);
+ if (decodedActionId != null && (decodedActionId.indexOf('#') >= 0 || decodedActionId.indexOf('{') >= 0) ){
+ throw new IllegalArgumentException("EL expressions are not allowed in actionMethod parameter");
+ }
+
if ( !SafeActions.instance().isActionSafe(actionId) ) return result;
String expression = SafeActions.toAction(actionId);
result = true;
13 years
Seam SVN: r14083 - in branches/enterprise/JBPAPP_5_0: build and 4 other directories.
by seam-commits@lists.jboss.org
Author: jharting
Date: 2011-04-21 10:24:58 -0400 (Thu, 21 Apr 2011)
New Revision: 14083
Modified:
branches/enterprise/JBPAPP_5_0/build.xml
branches/enterprise/JBPAPP_5_0/build/validate.xml
branches/enterprise/JBPAPP_5_0/examples/build.xml
branches/enterprise/JBPAPP_5_0/examples/dvdstore/build.xml
branches/enterprise/JBPAPP_5_0/examples/quartz/build.xml
branches/enterprise/JBPAPP_5_0/examples/seampay/build.xml
Log:
JBPAPP-6384
Modified: branches/enterprise/JBPAPP_5_0/build/validate.xml
===================================================================
--- branches/enterprise/JBPAPP_5_0/build/validate.xml 2011-04-21 14:07:33 UTC (rev 14082)
+++ branches/enterprise/JBPAPP_5_0/build/validate.xml 2011-04-21 14:24:58 UTC (rev 14083)
@@ -2,10 +2,13 @@
<project basedir=".">
<property name="seam.dir" value="${basedir}" />
+
+ <property name="java.schema.repository" value="http://java.sun.com/xml/ns"/>
<property name="seam.schemaLocations" value="
http://jboss.com/products/seam/async ${src.schema.dir}/async-${schema.version}.xsd
http://jboss.com/products/seam/bpm ${src.schema.dir}/bpm-${schema.version}.xsd
+ http://jboss.com/products/seam/cache ${src.schema.dir}/cache-${schema.version}.xsd
http://jboss.com/products/seam/components ${src.schema.dir}/components-${schema.version}.xsd
http://jboss.com/products/seam/core ${src.schema.dir}/core-${schema.version}.xsd
http://jboss.com/products/seam/drools ${src.schema.dir}/drools-${schema.version}.xsd
@@ -34,15 +37,9 @@
</taskdef>
<fileset id="validate.resources" dir="${validate.resources.dir}">
- <include name="**/META-INF/application.xml" />
- <include name="**/META-INF/ejb-jar.xml" />
- <include name="**/META-INF/persistence.xml" />
<include name="**/META-INF/jboss-app.xml" />
- <include name="**/META-INF/orm.xml" />
<include name="**/WEB-INF/components.xml" />
<include name="**/WEB-INF/pages.xml" />
- <include name="**/WEB-INF/faces-config.xml" />
- <include name="**/WEB-INF/web.xml" />
<include name="**/WEB-INF/jboss-web.xml" />
<include name="**/${example.ds}" />
<include name="**/hibernate.cfg.xml" />
@@ -55,30 +52,65 @@
</fileset>
<target name="validateConfiguration" description="Validate XML Configuration Files">
+ <echo>Using ${java.schema.repository} as a repository for Java XML Schema documents.</echo>
+ <!-- Validate Java EE namespace descriptors (http://java.sun.com/xml/ns/javaee/) -->
+ <validate.javaee.resource descriptor="application.xml" schema="application_5.xsd" namespace="javaee"/>
+ <validate.javaee.resource descriptor="ejb-jar.xml" schema="ejb-jar_3_0.xsd" namespace="javaee"/>
+ <validate.javaee.resource descriptor="faces-config.xml" schema="web-facesconfig_1_2.xsd" namespace="javaee"/>
+ <validate.javaee.resource descriptor="web.xml" schema="web-app_2_5.xsd" namespace="javaee"/>
+ <validate.javaee.resource descriptor="persistence*.xml" schema="persistence_1_0.xsd" namespace="persistence"/>
+ <validate.javaee.resource descriptor="orm.xml" schema-with-namespace="persistence/orm_1_0.xsd" namespace="persistence/orm"/>
+ <!-- Validate other descriptors -->
<validateConfiguration>
- <fileset refid="validate.resources" />
+ <resources>
+ <fileset refid="validate.resources" />
+ </resources>
</validateConfiguration>
</target>
<target name="validatexsd" description="Validate all XML Schemas">
<validateConfiguration>
- <fileset refid="validate.schemas" />
+ <resources>
+ <fileset refid="validate.schemas" />
+ </resources>
</validateConfiguration>
</target>
- <presetdef name="validateConfiguration" >
- <xmlvalidate.task classname="org.apache.xerces.jaxp.SAXParserImpl$JAXPSAXParser">
- <attribute name="http://xml.org/sax/features/validation" value="true" />
- <attribute name="http://apache.org/xml/features/validation/schema" value="true" />
- <attribute name="http://xml.org/sax/features/namespaces" value="true" />
- <property name="http://apache.org/xml/properties/schema/external-schemaLocation" value="${seam.schemaLocations} ${xsdLocation}" />
- <xmlcatalog>
- <dtd publicId="-//JBoss/Seam Component Configuration DTD 2.0//EN" location="${src.schema.dir}/components-${schema.version}.dtd" />
- <dtd publicId="-//JBoss/Seam Pages Configuration DTD 2.0//EN" location="${src.schema.dir}/pages-${schema.version}.dtd" />
- </xmlcatalog>
- <classpath>
- <fileset dir="${seam.dir}/lib" />
- </classpath>
- </xmlvalidate.task>
- </presetdef>
+ <macrodef name="validateConfiguration">
+ <attribute name="extraSchemaLocation" default=""/>
+ <element name="resources"/>
+ <sequential>
+ <xmlvalidate.task classname="org.apache.xerces.jaxp.SAXParserImpl$JAXPSAXParser">
+ <resources/>
+ <attribute name="http://xml.org/sax/features/validation" value="true" />
+ <attribute name="http://apache.org/xml/features/validation/schema" value="true" />
+ <attribute name="http://xml.org/sax/features/namespaces" value="true" />
+ <attribute name="http://apache.org/xml/features/validation/dynamic" value="true" />
+ <property name="http://apache.org/xml/properties/schema/external-schemaLocation" value="${seam.schemaLocations} ${xsdLocation} @{extraSchemaLocation}" />
+ <xmlcatalog>
+ <dtd publicId="-//JBoss/Seam Component Configuration DTD 2.0//EN" location="${src.schema.dir}/components-${schema.version}.dtd" />
+ <dtd publicId="-//JBoss/Seam Pages Configuration DTD 2.0//EN" location="${src.schema.dir}/pages-${schema.version}.dtd" />
+ </xmlcatalog>
+ <classpath>
+ <fileset dir="${seam.dir}/lib" />
+ </classpath>
+ </xmlvalidate.task>
+ </sequential>
+ </macrodef>
+
+ <macrodef name="validate.javaee.resource">
+ <attribute name="descriptor"/>
+ <attribute name="namespace"/>
+ <attribute name="schema" default="Schema not set"/>
+ <attribute name="schema-with-namespace" default="@{namespace}/@{schema}"/>
+ <sequential>
+ <validateConfiguration extraSchemaLocation="http://java.sun.com/xml/ns/@{namespace} ${java.schema.repository}/@{schema-with-namespace}">
+ <resources>
+ <fileset dir="${validate.resources.dir}">
+ <include name="**/@{descriptor}" />
+ </fileset>
+ </resources>
+ </validateConfiguration>
+ </sequential>
+ </macrodef>
</project>
\ No newline at end of file
Modified: branches/enterprise/JBPAPP_5_0/build.xml
===================================================================
--- branches/enterprise/JBPAPP_5_0/build.xml 2011-04-21 14:07:33 UTC (rev 14082)
+++ branches/enterprise/JBPAPP_5_0/build.xml 2011-04-21 14:24:58 UTC (rev 14083)
@@ -457,33 +457,33 @@
<target name="testall" depends="test,build,copylib,testexamples" description="Run the core unit tests and all example tests"/>
<target name="validateall" description="Validate all example XML Configuration Files">
- <ant antfile="${seam.dir}/build/validate.xml" target="validatexsd"/>
- <ant dir="examples/booking" target="validateConfiguration" inheritall="false" />
- <ant dir="examples/blog" target="validateConfiguration" inheritall="false" />
- <ant dir="examples/contactlist" target="validateConfiguration" inheritall="false" />
- <ant dir="examples/dvdstore" target="validateConfiguration" inheritall="false" />
- <ant dir="examples/drools" target="validateConfiguration" inheritall="false" />
- <ant dir="examples/excel" target="validateConfiguration" inheritall="false" />
- <ant dir="examples/groovybooking" target="validateConfiguration" inheritall="false" />
- <ant dir="examples/itext" target="validateConfiguration" inheritall="false" />
- <ant dir="examples/openid" target="validateConfiguration" inheritall="false" />
- <ant dir="examples/mail" target="validateConfiguration" inheritall="false" />
- <ant dir="examples/messages" target="validateConfiguration" inheritall="false" />
- <ant dir="examples/nestedbooking" target="validateConfiguration" inheritall="false" />
- <ant dir="examples/numberguess" target="validateConfiguration" inheritall="false" />
- <!--<ant dir="examples/quartz" target="validateConfiguration" inheritall="false" />-->
- <ant dir="examples/registration" target="validateConfiguration" inheritall="false" />
- <ant dir="examples/remoting/chatroom" target="validateConfiguration" inheritall="false" />
- <ant dir="examples/remoting/gwt" target="validateConfiguration" inheritall="false" />
- <ant dir="examples/remoting/helloworld" target="validateConfiguration" inheritall="false" />
- <ant dir="examples/seambay" target="validateConfiguration" inheritall="false" />
- <ant dir="examples/restbay" target="validateConfiguration" inheritall="false" />
- <ant dir="examples/seamdiscs" target="validateConfiguration" inheritall="false" />
- <!--<ant dir="examples/seampay" target="validateConfiguration" inheritall="false" />-->
- <ant dir="examples/seamspace" target="validateConfiguration" inheritall="false" />
- <ant dir="examples/tasks" target="validateConfiguration" inheritall="false" />
- <ant dir="examples/todo" target="validateConfiguration" inheritall="false" />
- <ant dir="examples/ui" target="validateConfiguration" inheritall="false" />
+ <!--<ant antfile="${seam.dir}/build/validate.xml" target="validatexsd"/>-->
+ <ant dir="examples/booking" target="validateConfiguration"/>
+ <ant dir="examples/blog" target="validateConfiguration"/>
+ <ant dir="examples/contactlist" target="validateConfiguration"/>
+ <ant dir="examples/dvdstore" target="validateConfiguration"/>
+ <ant dir="examples/drools" target="validateConfiguration"/>
+ <ant dir="examples/excel" target="validateConfiguration"/>
+ <ant dir="examples/groovybooking" target="validateConfiguration"/>
+ <ant dir="examples/itext" target="validateConfiguration"/>
+ <ant dir="examples/openid" target="validateConfiguration"/>
+ <ant dir="examples/mail" target="validateConfiguration"/>
+ <ant dir="examples/messages" target="validateConfiguration"/>
+ <ant dir="examples/nestedbooking" target="validateConfiguration"/>
+ <ant dir="examples/numberguess" target="validateConfiguration"/>
+ <ant dir="examples/quartz" target="validateConfiguration"/>
+ <ant dir="examples/registration" target="validateConfiguration"/>
+ <ant dir="examples/remoting/chatroom" target="validateConfiguration"/>
+ <ant dir="examples/remoting/gwt" target="validateConfiguration"/>
+ <ant dir="examples/remoting/helloworld" target="validateConfiguration"/>
+ <ant dir="examples/seambay" target="validateConfiguration"/>
+ <ant dir="examples/restbay" target="validateConfiguration"/>
+ <ant dir="examples/seamdiscs" target="validateConfiguration"/>
+ <ant dir="examples/seampay" target="validateConfiguration"/>
+ <ant dir="examples/seamspace" target="validateConfiguration"/>
+ <ant dir="examples/tasks" target="validateConfiguration"/>
+ <ant dir="examples/todo" target="validateConfiguration"/>
+ <ant dir="examples/ui" target="validateConfiguration"/>
</target>
Modified: branches/enterprise/JBPAPP_5_0/examples/build.xml
===================================================================
--- branches/enterprise/JBPAPP_5_0/examples/build.xml 2011-04-21 14:07:33 UTC (rev 14082)
+++ branches/enterprise/JBPAPP_5_0/examples/build.xml 2011-04-21 14:24:58 UTC (rev 14083)
@@ -893,7 +893,7 @@
-->
<target name="validateConfiguration" description="Validate XML Configuration files">
- <echo message="Validating configuaration files for ${Name}" />
+ <echo message="Validating configuration files for ${Name}" />
<ant antfile="${build.dir}/validate.xml" target="validateConfiguration">
<reference refid="validate.resources" />
</ant>
Modified: branches/enterprise/JBPAPP_5_0/examples/dvdstore/build.xml
===================================================================
--- branches/enterprise/JBPAPP_5_0/examples/dvdstore/build.xml 2011-04-21 14:07:33 UTC (rev 14082)
+++ branches/enterprise/JBPAPP_5_0/examples/dvdstore/build.xml 2011-04-21 14:24:58 UTC (rev 14083)
@@ -19,22 +19,4 @@
<import file="../build.xml" />
- <!-- Exclude the DS from validated files, as the mbean causes it not to validate -->
- <fileset id="validate.resources" dir="${validate.resources.dir}">
- <include name="META-INF/application.xml" />
- <include name="META-INF/ejb-jar.xml" />
- <include name="META-INF/persistence.xml" />
- <include name="META-INF/jboss-app.xml" />
- <include name="META-INF/orm.xml" />
- <include name="WEB-INF/components.xml" />
- <include name="WEB-INF/pages.xml" />
- <include name="WEB-INF/faces-config.xml" />
- <include name="WEB-INF/web.xml" />
- <include name="WEB-INF/jboss-web.xml" />
- <!--<include name="${example.ds}" />-->
- <include name="hibernate.cfg.xml" />
- <include name="*.jpdl.xml" />
- <exclude name=".gpd.*.jpdl.xml" />
- </fileset>
-
</project>
Modified: branches/enterprise/JBPAPP_5_0/examples/quartz/build.xml
===================================================================
--- branches/enterprise/JBPAPP_5_0/examples/quartz/build.xml 2011-04-21 14:07:33 UTC (rev 14082)
+++ branches/enterprise/JBPAPP_5_0/examples/quartz/build.xml 2011-04-21 14:24:58 UTC (rev 14083)
@@ -20,15 +20,9 @@
</patternset>
<fileset id="validate.resources" dir="${validate.resources.dir}">
- <include name="**/META-INF/application.xml" />
- <include name="**/META-INF/ejb-jar.xml" />
- <include name="**/META-INF/persistence.xml" />
<include name="**/META-INF/jboss-app.xml" />
- <include name="**/META-INF/orm.xml" />
<!--<include name="**/WEB-INF/components.xml" />-->
<include name="**/WEB-INF/pages.xml" />
- <include name="**/WEB-INF/faces-config.xml" />
- <include name="**/WEB-INF/web.xml" />
<include name="**/WEB-INF/jboss-web.xml" />
<include name="**/${example.ds}" />
<include name="**/hibernate.cfg.xml" />
Modified: branches/enterprise/JBPAPP_5_0/examples/seampay/build.xml
===================================================================
--- branches/enterprise/JBPAPP_5_0/examples/seampay/build.xml 2011-04-21 14:07:33 UTC (rev 14082)
+++ branches/enterprise/JBPAPP_5_0/examples/seampay/build.xml 2011-04-21 14:24:58 UTC (rev 14083)
@@ -14,15 +14,9 @@
<import file="../build.xml"/>
<fileset id="validate.resources" dir="${validate.resources.dir}">
- <include name="**/META-INF/application.xml" />
- <include name="**/META-INF/ejb-jar.xml" />
- <include name="**/META-INF/persistence.xml" />
<include name="**/META-INF/jboss-app.xml" />
- <include name="**/META-INF/orm.xml" />
<!--<include name="**/WEB-INF/components.xml" />-->
<include name="**/WEB-INF/pages.xml" />
- <include name="**/WEB-INF/faces-config.xml" />
- <include name="**/WEB-INF/web.xml" />
<include name="**/WEB-INF/jboss-web.xml" />
<include name="**/${example.ds}" />
<include name="**/hibernate.cfg.xml" />
13 years
Seam SVN: r14082 - branches/enterprise/JBPAPP_5_0/src/main/org/jboss/seam/contexts.
by seam-commits@lists.jboss.org
Author: manaRH
Date: 2011-04-21 10:07:33 -0400 (Thu, 21 Apr 2011)
New Revision: 14082
Modified:
branches/enterprise/JBPAPP_5_0/src/main/org/jboss/seam/contexts/Contexts.java
Log:
JBPAPP-6244. JBPAPP-5783
Modified: branches/enterprise/JBPAPP_5_0/src/main/org/jboss/seam/contexts/Contexts.java
===================================================================
--- branches/enterprise/JBPAPP_5_0/src/main/org/jboss/seam/contexts/Contexts.java 2011-04-21 13:38:27 UTC (rev 14081)
+++ branches/enterprise/JBPAPP_5_0/src/main/org/jboss/seam/contexts/Contexts.java 2011-04-21 14:07:33 UTC (rev 14082)
@@ -345,32 +345,35 @@
//TODO: it would be nice if BP context spanned redirects along with the conversation
// this would also require changes to BusinessProcessContext
- try
+ if ( Init.instance().isTransactionManagementEnabled() )
{
- new Work<Object>()
+ try
{
- @Override
- protected Object work() throws Exception
+ new Work<Object>()
{
- boolean destroyBusinessProcessContext = !Init.instance().isJbpmInstalled() ||
- !BusinessProcess.instance().hasActiveProcess();
- if (destroyBusinessProcessContext)
+ @Override
+ protected Object work() throws Exception
{
- //TODO: note that this occurs from Lifecycle.endRequest(), after
- // the Seam-managed txn was committed, but Contexts.destroy()
- // calls BusinessProcessContext.getNames(), which hits the
- // database!
- log.debug("destroying business process context");
- destroy( getBusinessProcessContext() );
+ boolean destroyBusinessProcessContext = !Init.instance().isJbpmInstalled() ||
+ !BusinessProcess.instance().hasActiveProcess();
+ if (destroyBusinessProcessContext)
+ {
+ //TODO: note that this occurs from Lifecycle.endRequest(), after
+ // the Seam-managed txn was committed, but Contexts.destroy()
+ // calls BusinessProcessContext.getNames(), which hits the
+ // database!
+ log.debug("destroying business process context");
+ destroy( getBusinessProcessContext() );
+ }
+ return null;
}
- return null;
- }
- }.workInTransaction();
+ }.workInTransaction();
+ }
+ catch (final Exception ex)
+ {
+ log.warn("Exception destroying context ", ex);
+ }
}
- catch (final Exception ex)
- {
- log.warn("Exception destroying context ", ex);
- }
}
if ( !Manager.instance().isLongRunningConversation() )
13 years
Seam SVN: r14081 - in branches/enterprise/JBPAPP_5_0/src/main/org/jboss/seam: core and 1 other directories.
by seam-commits@lists.jboss.org
Author: manaRH
Date: 2011-04-21 09:38:27 -0400 (Thu, 21 Apr 2011)
New Revision: 14081
Added:
branches/enterprise/JBPAPP_5_0/src/main/org/jboss/seam/blacklist.properties
Modified:
branches/enterprise/JBPAPP_5_0/src/main/org/jboss/seam/core/Expressions.java
branches/enterprise/JBPAPP_5_0/src/main/org/jboss/seam/navigation/Pages.java
Log:
JBPAPP-6387
Added: branches/enterprise/JBPAPP_5_0/src/main/org/jboss/seam/blacklist.properties
===================================================================
--- branches/enterprise/JBPAPP_5_0/src/main/org/jboss/seam/blacklist.properties (rev 0)
+++ branches/enterprise/JBPAPP_5_0/src/main/org/jboss/seam/blacklist.properties 2011-04-21 13:38:27 UTC (rev 14081)
@@ -0,0 +1,4 @@
+.getClass()
+.addRole(
+.getPassword(
+.removeRole(
\ No newline at end of file
Modified: branches/enterprise/JBPAPP_5_0/src/main/org/jboss/seam/core/Expressions.java
===================================================================
--- branches/enterprise/JBPAPP_5_0/src/main/org/jboss/seam/core/Expressions.java 2011-04-20 19:56:08 UTC (rev 14080)
+++ branches/enterprise/JBPAPP_5_0/src/main/org/jboss/seam/core/Expressions.java 2011-04-21 13:38:27 UTC (rev 14081)
@@ -3,7 +3,13 @@
import static org.jboss.seam.annotations.Install.BUILT_IN;
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
import java.io.Serializable;
+import java.util.ArrayList;
+import java.util.List;
import javax.el.ELContext;
import javax.el.ExpressionFactory;
@@ -17,6 +23,8 @@
import org.jboss.seam.contexts.Contexts;
import org.jboss.seam.el.EL;
import org.jboss.seam.el.SeamExpressionFactory;
+import org.jboss.seam.log.LogProvider;
+import org.jboss.seam.log.Logging;
/**
* Factory for EL method and value expressions.
@@ -31,7 +39,41 @@
@Name("org.jboss.seam.core.expressions")
public class Expressions implements Serializable
{
+ private static final LogProvider log = Logging.getLogProvider(Expressions.class);
+ private static List<String> blacklist = new ArrayList<String>();
+ // loading blacklisted patterns of non-valid EL expressions
+ static
+ {
+ BufferedReader reader = null;
+ try
+ {
+ InputStream blacklistIS = ResourceLoader.instance().getResourceAsStream("blacklist.properties");
+ reader = new BufferedReader(new InputStreamReader(blacklistIS));
+ String line;
+ while ((line = reader.readLine()) != null)
+ {
+ blacklist.add(line);
+ }
+ }
+ catch (IOException e)
+ {
+ log.warn("Black list of non-valid EL expressions was not found!");
+ }
+ finally
+ {
+ if (reader != null)
+ {
+ try
+ {
+ reader.close();
+ }
+ catch (IOException e) { }
+ }
+ }
+
+ }
+
/**
* Get the JBoss EL ExpressionFactory
*/
@@ -76,6 +118,8 @@
*/
public <T> ValueExpression<T> createValueExpression(final String expression, final Class<T> type)
{
+
+ checkELExpression(expression);
return new ValueExpression<T>()
{
@@ -140,6 +184,8 @@
*/
public <T> MethodExpression<T> createMethodExpression(final String expression, final Class<T> type, final Class... argTypes)
{
+ checkELExpression(expression);
+
return new MethodExpression<T>()
{
private javax.el.MethodExpression facesMethodExpression;
@@ -257,4 +303,21 @@
return (Expressions) Component.getInstance(Expressions.class, ScopeType.APPLICATION);
}
}
+
+ private static void checkELExpression(final String expression)
+ {
+ for (int index = 0; blacklist.size() > index; index++)
+ {
+ if ( expression.contains(blacklist.get(index)) ) {
+ throw new IllegalArgumentException("This EL expression is not allowed!");
+ }
+ }
+
+ // for any case blacklist is not provided this is definitely not permitted
+ if ( expression.contains(".getClass()") )
+ {
+ throw new IllegalArgumentException("This EL expression is not allowed!");
+ }
+ }
+
}
Modified: branches/enterprise/JBPAPP_5_0/src/main/org/jboss/seam/navigation/Pages.java
===================================================================
--- branches/enterprise/JBPAPP_5_0/src/main/org/jboss/seam/navigation/Pages.java 2011-04-20 19:56:08 UTC (rev 14080)
+++ branches/enterprise/JBPAPP_5_0/src/main/org/jboss/seam/navigation/Pages.java 2011-04-21 13:38:27 UTC (rev 14081)
@@ -696,6 +696,10 @@
.getRequestParameterMap().get("actionMethod");
if (actionId!=null)
{
+ String decodedActionId = URLDecoder.decode(actionId);
+ if (decodedActionId != null && (decodedActionId.indexOf('#') >= 0 || decodedActionId.indexOf('{') >= 0) ){
+ throw new IllegalArgumentException("EL expressions are not allowed in actionMethod parameter");
+ }
if ( !SafeActions.instance().isActionSafe(actionId) ) return result;
String expression = SafeActions.toAction(actionId);
result = true;
13 years
Newsletter Wed, 20 Apr 2011 22:09:09 -0300
by Calix
Hey!!
Do you want an improved future, double in earning power, and brownie points?
Today only:
We can assist with Diplomas from prestigious universities based on your present knowledge and work experience.
Get a Degree in 6 weeks with our program!
~Our program will let ALL with professional experience
gain a 100% verified Degree:
~Doctorate
~Bachelors
~Masters
- Think about it...
- Just follow YOUR Dreams!
- Live a much better life by earning or upgrading your degree.
This is a rare way to make a right move and receive your due
benefits... if you are qualified but are lacking that piece of paper. Get one from us in a short time.
Call 7 days a week! to start improving your life!
~CONTACT US~
1-916-484-3795
You should leave us a voice message with your phone number with country code if outside USA and name and we will call you asap.
It is your move...
Make the right decision.
Best wishes.
Do Not Reply to this Email.
We do not reply to text inquiries, and our server will reject all response traffic.
We apologize for any inconvenience this may have caused you.
13 years
[seam/forge] 4c656c: Fixed Dependency.equals(), updated MW plugin to li...
by noreply@github.com
Branch: refs/heads/master
Home: https://github.com/seam/forge
Commit: 4c656ce2ed032bc7dc404f698d5407030c3e8333
https://github.com/seam/forge/commit/4c656ce2ed032bc7dc404f698d5407030c3e...
Author: Lincoln Baxter, III <lincolnbaxter(a)gmail.com>
Date: 2011-04-20 (Wed, 20 Apr 2011)
Changed paths:
M project-model-maven/src/main/java/org/jboss/seam/forge/maven/facets/MavenDependencyFacet.java
M scaffold-metawidget/pom.xml
M scaffold-metawidget/src/main/java/org/metawidget/forge/MetawidgetScaffold.java
A scaffold-metawidget/src/main/resources/org/metawidget/metawidget-richfaces.xml
A shell-api/src/main/java/org/jboss/seam/forge/project/dependencies/DependencyFilter.java
M shell-api/src/main/java/org/jboss/seam/forge/project/dependencies/DependencyImpl.java
A shell-api/src/main/java/org/jboss/seam/forge/project/dependencies/events/AddedDependencies.java
A shell-api/src/main/java/org/jboss/seam/forge/project/dependencies/events/RemovedDependencies.java
Log Message:
-----------
Fixed Dependency.equals(), updated MW plugin to listen to dependency events
13 years