jspwiki-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ajaqu...@apache.org
Subject svn commit: r756320 - in /incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH: ./ src/com/ecyrd/jspwiki/ src/com/ecyrd/jspwiki/auth/user/ src/com/ecyrd/jspwiki/ui/ tests/com/ecyrd/jspwiki/auth/user/
Date Fri, 20 Mar 2009 03:24:24 GMT
Author: ajaquith
Date: Fri Mar 20 03:24:23 2009
New Revision: 756320

URL: http://svn.apache.org/viewvc?rev=756320&view=rev
Log:
Fixed bug in XMLUserDatabase that was preventing UIDs from being saved, which generated tons
of NPEs afterwards. Added unit tests to check for correct saving of UIDs. Tightened input
filtering on user profile fields to prohibit more characters. [Forward-ported to 3.0.0-build
86 also].

Modified:
    incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/ChangeLog
    incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/Release.java
    incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/auth/user/XMLUserDatabase.java
    incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/ui/InputValidator.java
    incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/tests/com/ecyrd/jspwiki/auth/user/JDBCUserDatabaseTest.java
    incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/tests/com/ecyrd/jspwiki/auth/user/XMLUserDatabaseTest.java

Modified: incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/ChangeLog
URL: http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/ChangeLog?rev=756320&r1=756319&r2=756320&view=diff
==============================================================================
--- incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/ChangeLog (original)
+++ incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/ChangeLog Fri Mar 20 03:24:23 2009
@@ -1,3 +1,12 @@
+2009-03-19  Andrew Jaquith <ajaquith AT apache DOT org>
+
+        * 2.8.2-svn-14
+
+        * Fixed bug in XMLUserDatabase that was preventing UIDs from being
+        saved, which generated tons of NPEs afterwards. Added unit tests
+        to check for correct saving of UIDs. Tightened input filtering on
+        user profile fields to prohibit more characters.
+        
 2008-02-15  Harry Metske <metskem@apache.org>
 
         * 2.8.2-svn-13

Modified: incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/Release.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/Release.java?rev=756320&r1=756319&r2=756320&view=diff
==============================================================================
--- incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/Release.java (original)
+++ incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/Release.java Fri Mar
20 03:24:23 2009
@@ -77,7 +77,7 @@
      *  <p>
      *  If the build identifier is empty, it is not added.
      */
-    public static final String     BUILD         = "13";
+    public static final String     BUILD         = "14";
     
     /**
      *  This is the generic version string you should use

Modified: incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/auth/user/XMLUserDatabase.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/auth/user/XMLUserDatabase.java?rev=756320&r1=756319&r2=756320&view=diff
==============================================================================
--- incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/auth/user/XMLUserDatabase.java
(original)
+++ incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/auth/user/XMLUserDatabase.java
Fri Mar 20 03:24:23 2009
@@ -546,6 +546,7 @@
             }
         }
         
+        setAttribute( user, UID, profile.getUid() );
         setAttribute( user, LAST_MODIFIED, c_format.format( modDate ) );
         setAttribute( user, LOGIN_NAME, profile.getLoginName() );
         setAttribute( user, FULL_NAME, profile.getFullname() );
@@ -623,7 +624,7 @@
                 
                 // Parse basic attributes
                 profile.setUid( user.getAttribute( UID ) );
-                if ( profile.getUid() == null )
+                if ( profile.getUid() == null || profile.getUid().length() == 0 )
                 {
                     profile.setUid( generateUid( this ) );
                 }

Modified: incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/ui/InputValidator.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/ui/InputValidator.java?rev=756320&r1=756319&r2=756320&view=diff
==============================================================================
--- incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/ui/InputValidator.java
(original)
+++ incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/ui/InputValidator.java
Fri Mar 20 03:24:23 2009
@@ -51,7 +51,7 @@
 
     protected static final Pattern EMAIL_PATTERN  = Pattern.compile( "^[0-9a-zA-Z-_\\.\\+]+@([0-9a-zA-Z-_]+\\.)+[a-zA-Z]+$"
);
 
-    protected static final Pattern UNSAFE_PATTERN = Pattern.compile( "[\\x00\\r\\n\\x0f\"':<>;&@\\xff{}\\$%\\\\]"
);
+    protected static final Pattern UNSAFE_PATTERN = Pattern.compile( "[\\x00\\r\\n\\x0f\"':<>\\[\\];#&@\\xff{}\\$%\\\\]"
);
 
     /** Used when checking against IDs such as a full name when saving groups.
      *  @since 2.4.82 */
@@ -146,7 +146,7 @@
             valid = !matcher.find();
             if ( !valid )
             {
-                Object[] args = { label, "&quot;&#39;&lt;&gt;;&amp;\\@{}%$"
};
+                Object[] args = { label, "&quot;&#39;&lt;&gt;;&amp;[]#\\@{}%$"
};
                 m_session.addMessage( m_form, MessageFormat.format( rb.getString("validate.unsafechars"),
                                                                     args ) );
             }

Modified: incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/tests/com/ecyrd/jspwiki/auth/user/JDBCUserDatabaseTest.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/tests/com/ecyrd/jspwiki/auth/user/JDBCUserDatabaseTest.java?rev=756320&r1=756319&r2=756320&view=diff
==============================================================================
--- incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/tests/com/ecyrd/jspwiki/auth/user/JDBCUserDatabaseTest.java
(original)
+++ incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/tests/com/ecyrd/jspwiki/auth/user/JDBCUserDatabaseTest.java
Fri Mar 20 03:24:23 2009
@@ -413,6 +413,11 @@
             assertNotNull( profile.getCreated() );
             assertNotNull( profile.getLastModified() );
             assertEquals( profile.getCreated(), profile.getLastModified() );
+            
+            // Make sure we can find it by uid
+            String uid = profile.getUid();
+            assertNotNull( m_db.findByUid( uid ) );
+
         }
         catch( NoSuchPrincipalException e )
         {

Modified: incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/tests/com/ecyrd/jspwiki/auth/user/XMLUserDatabaseTest.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/tests/com/ecyrd/jspwiki/auth/user/XMLUserDatabaseTest.java?rev=756320&r1=756319&r2=756320&view=diff
==============================================================================
--- incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/tests/com/ecyrd/jspwiki/auth/user/XMLUserDatabaseTest.java
(original)
+++ incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/tests/com/ecyrd/jspwiki/auth/user/XMLUserDatabaseTest.java
Fri Mar 20 03:24:23 2009
@@ -327,6 +327,10 @@
           profile = m_db.findByEmail("user@example.com");
           assertEquals("user@example.com", profile.getEmail());
           assertTrue( CryptoUtil.verifySaltedPassword( "password".getBytes(), profile.getPassword()
) );
+          
+          // Make sure we can find it by uid
+          String uid = profile.getUid();
+          assertNotNull( m_db.findByUid( uid ) );
       }
       catch (NoSuchPrincipalException e)
       {



Mime
View raw message