cocoon-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jo...@apache.org
Subject cvs commit: cocoon-2.1/src/webapp/samples/hello-world/style/xsl page2itext.xsl page2swf.xsl page2xls.xsl
Date Wed, 22 Oct 2003 11:42:05 GMT
joerg       2003/10/22 04:42:05

  Modified:    src/blocks/lucene/samples sitemap.xmap
               src/webapp/samples sitemap.xmap
               src/webapp/samples/common/style/xsl/html
                        simple-page2html.xsl
               src/webapp/samples/hello-world/style/xsl page2itext.xsl
                        page2swf.xsl page2xls.xsl
  Log:
  fixing bug 23949: security issue through view-source?filename=../../WEB-INF/web.xml in default
installation with samples
  
  Revision  Changes    Path
  1.2       +6 -3      cocoon-2.1/src/blocks/lucene/samples/sitemap.xmap
  
  Index: sitemap.xmap
  ===================================================================
  RCS file: /home/cvs/cocoon-2.1/src/blocks/lucene/samples/sitemap.xmap,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- sitemap.xmap	21 Mar 2003 07:54:19 -0000	1.1
  +++ sitemap.xmap	22 Oct 2003 11:42:05 -0000	1.2
  @@ -39,6 +39,11 @@
      <map:serialize type="xml"/>
     </map:view>
   
  +  <map:view from-label="content" name="pretty-content">
  +   <map:transform src="context://stylesheets/system/xml2html.xslt"/>
  +   <map:serialize type="html"/>
  +  </map:view>
  +
     <map:view name="links" from-position="last">
      <map:serialize type="links"/>
     </map:view>
  @@ -73,9 +78,7 @@
           "[...] All <map:parameter> declarations will be made
           available in the XSLT stylesheet as xsl:variables. [...]" 
         -->
  -      <map:transform src="context://samples/stylesheets/dynamic-page2html.xsl">
  -        <map:parameter name="view-source" value="{1}-index.xsp"/>
  -      </map:transform>
  +      <map:transform src="context://samples/stylesheets/dynamic-page2html.xsl"/>
         <map:serialize/>
       </map:match>
   
  
  
  
  1.16      +17 -9     cocoon-2.1/src/webapp/samples/sitemap.xmap
  
  Index: sitemap.xmap
  ===================================================================
  RCS file: /home/cvs/cocoon-2.1/src/webapp/samples/sitemap.xmap,v
  retrieving revision 1.15
  retrieving revision 1.16
  diff -u -r1.15 -r1.16
  --- sitemap.xmap	7 Sep 2003 06:16:41 -0000	1.15
  +++ sitemap.xmap	22 Oct 2003 11:42:05 -0000	1.16
  @@ -102,14 +102,9 @@
   
      <!-- ========================= Utilities ================================ -->
   
  -   <map:match pattern="view-source">
  -    <!-- colourize files that are known to be XML -->
  -    <map:match type="filename" pattern="((xml)|(xsp)|(xmap)|(xconf))$">
  -       <map:generate src="common/view-source.xsp" type="serverpages"/>
  -       <map:serialize/>
  -    </map:match>
  -    <!-- all other files are just send as text -->
  -    <map:read mime-type="text/plain" src="../{request-param:filename}"/>
  +   <map:match pattern="**sitemap.xmap">
  +     <map:generate src="{0}"/>
  +     <map:serialize type="xml"/>
      </map:match>
   
      <map:match pattern="linkstatus">
  @@ -163,5 +158,18 @@
      </map:match>
   
     </map:pipeline>
  +
  +  <map:pipeline internal-only="true">
  +   <map:match pattern="view-source">
  +    <!-- colourize files that are known to be XML -->
  +    <map:match type="filename" pattern="((xml)|(xsp)|(xmap)|(xconf))$">
  +       <map:generate src="common/view-source.xsp" type="serverpages"/>
  +       <map:serialize/>
  +    </map:match>
  +    <!-- all other files are just send as text -->
  +    <map:read mime-type="text/plain" src="../{request-param:filename}"/>
  +   </map:match>
  +  </map:pipeline>
  +
    </map:pipelines>
   </map:sitemap>
  
  
  
  1.6       +9 -21     cocoon-2.1/src/webapp/samples/common/style/xsl/html/simple-page2html.xsl
  
  Index: simple-page2html.xsl
  ===================================================================
  RCS file: /home/cvs/cocoon-2.1/src/webapp/samples/common/style/xsl/html/simple-page2html.xsl,v
  retrieving revision 1.5
  retrieving revision 1.6
  diff -u -r1.5 -r1.6
  --- simple-page2html.xsl	20 May 2003 00:50:54 -0000	1.5
  +++ simple-page2html.xsl	22 Oct 2003 11:42:05 -0000	1.6
  @@ -2,24 +2,10 @@
   
   <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
   
  +  <xsl:param name="contextPath" select="string('/cocoon')"/>
     <xsl:param name="servletPath" select="string('/samples')"/>
     <xsl:param name="sitemapURI"/>
  -  <xsl:param name="file"/><!-- relative path to file or file suffix -->
  -  <xsl:param name="remove"/><!-- path to remove from servletPath -->
  -  <xsl:param name="contextPath" select="string('/cocoon')"/>
   
  -  <xsl:variable name="realpath">
  -    <xsl:choose>
  -      <xsl:when test="$remove=''">
  -        <xsl:value-of select="$servletPath"/>        
  -      </xsl:when>
  -      <xsl:otherwise>
  -        <xsl:value-of select="substring-before($servletPath,$remove)"/>        
  -      </xsl:otherwise>
  -    </xsl:choose>
  -  </xsl:variable>
  -  <xsl:variable name="path" select="concat($contextPath,'/samples/view-source?filename=')"/>
  -  <xsl:variable name="view-source" select="concat($realpath,$file)"/>
     <xsl:variable name="directory" select="substring-before($servletPath,$sitemapURI)"/>
     <!-- assume that sitemapURIs don't occur in servletPath more than once -->
     <xsl:variable name="sitemap" select="concat($directory,'sitemap.xmap')"/>
  @@ -44,29 +30,31 @@
             <tr>
               <td width="90%">&#160;</td>
               <td nowrap="nowrap">
  -              <a target="_blank" href="{concat($contextPath,$servletPath,'?cocoon-view=content')}">Content
View</a>
  +              <a href="?cocoon-view=content">Content View</a>
               </td>
               <td nowrap="nowrap">
  -              <a target="_blank" href="{concat($path,$view-source)}">Source</a>
  +              <a href="?cocoon-view=pretty-content">Source</a>
               </td>
               <td nowrap="nowrap">
  -              <a target="_blank" href="{concat($path,$sitemap)}">Sitemap</a>
  +              <a href="{$sitemap}?cocoon-view=pretty-content">Sitemap</a>
               </td>
               <xsl:for-each select="resources/resource">
                 <td class="{@type}">
                   <xsl:choose>
                     <xsl:when test="@type='file'">
  -                    <a target="_blank" href="{concat($path,$directory,@href)}">
  +                    <a href="{@href}">
  +                      <!-- we need an explicite match in the sitemap showing
  +                           the source of these resources -->
                         <xsl:apply-templates/>
                       </a>
                     </xsl:when>
                     <xsl:when test="@type='doc'">
  -                    <a target="_blank" href="{concat($contextPath,'/docs/',@href)}">
  +                    <a href="{concat($contextPath,'/docs/',@href)}">
                         <xsl:apply-templates/>
                       </a>
                     </xsl:when>
                     <xsl:otherwise>
  -                    <a target="_blank" href="{concat($contextPath,'/',@href)}">
  +                    <a href="{concat($contextPath,'/',@href)}">
                         <xsl:apply-templates/>
                       </a>
                     </xsl:otherwise>
  
  
  
  1.3       +1 -3      cocoon-2.1/src/webapp/samples/hello-world/style/xsl/page2itext.xsl
  
  Index: page2itext.xsl
  ===================================================================
  RCS file: /home/cvs/cocoon-2.1/src/webapp/samples/hello-world/style/xsl/page2itext.xsl,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- page2itext.xsl	7 May 2003 04:57:13 -0000	1.2
  +++ page2itext.xsl	22 Oct 2003 11:42:05 -0000	1.3
  @@ -4,8 +4,6 @@
   
   <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
   
  -  <xsl:param name="view-source"/>
  -
     <xsl:template match="page">
      <itext>
        <paragraph size="18" align="Center">
  
  
  
  1.6       +1 -3      cocoon-2.1/src/webapp/samples/hello-world/style/xsl/page2swf.xsl
  
  Index: page2swf.xsl
  ===================================================================
  RCS file: /home/cvs/cocoon-2.1/src/webapp/samples/hello-world/style/xsl/page2swf.xsl,v
  retrieving revision 1.5
  retrieving revision 1.6
  diff -u -r1.5 -r1.6
  --- page2swf.xsl	8 May 2003 00:22:38 -0000	1.5
  +++ page2swf.xsl	22 Oct 2003 11:42:05 -0000	1.6
  @@ -16,8 +16,6 @@
   
   <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
   
  -<xsl:param name="view-source"/>
  -
   <xsl:template match="page">
   <SWF version="5" framerate="12.0" width="320.0" height="240.0">
       <RawData type="9">//// </RawData>
  
  
  
  1.3       +1 -3      cocoon-2.1/src/webapp/samples/hello-world/style/xsl/page2xls.xsl
  
  Index: page2xls.xsl
  ===================================================================
  RCS file: /home/cvs/cocoon-2.1/src/webapp/samples/hello-world/style/xsl/page2xls.xsl,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- page2xls.xsl	7 May 2003 04:57:13 -0000	1.2
  +++ page2xls.xsl	22 Oct 2003 11:42:05 -0000	1.3
  @@ -6,8 +6,6 @@
                                 xmlns:sql="http://apache.org/cocoon/SQL/2.0"
                                xmlns:gmr="http://www.gnome.org/gnumeric/v7" >
   
  -  <xsl:param name="view-source"/>
  -
     <xsl:template match="page">
      <gmr:Workbook xmlns:gmr="http://www.gnome.org/gnumeric/v7">
        <gmr:Sheets>
  
  
  

Mime
View raw message