ofbiz-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adrian Crum <adrian.c...@sandglass-software.com>
Subject Re: svn commit: r1648403 - in /ofbiz/trunk: applications/content/src/org/ofbiz/content/content/ framework/base/src/org/ofbiz/base/util/ framework/base/src/org/ofbiz/base/util/template/ framework/base/src/org/ofbiz/base/util/test/ framework/base/testdef/ fr...
Date Tue, 30 Dec 2014 15:28:50 GMT
+1

Adrian Crum
Sandglass Software
www.sandglass-software.com

On 12/30/2014 7:57 AM, Scott Gray wrote:
> If everyone's in favor I'd say we just go for it and change them all in bulk
> On 30 Dec 2014 20:31, "Jacopo Cappellato" <jacopo.cappellato@hotwaxmedia.com>
> wrote:
>
>> I agree with both of you: these strings should be private and should
>> follow the naming convention of constants (MODULE); Adrian, I also agree it
>> is a good time to discuss this with the community.
>> There are currently 29 "module" strings that are private and 676 that are
>> public.
>> Should we bulk change them all to private or to public? It will be a
>> rather easy string replacement.
>> Bulk converting module to MODULE would be a little bit trickier but still
>> possible; is it something we should do now or just something to do in small
>> parts?
>>
>> Jacopo
>>
>>
>> On Dec 29, 2014, at 8:17 PM, Scott Gray <scott.gray@hotwaxmedia.com>
>> wrote:
>>
>>> I'm in favor of making them private, I'm also in favor using MODULE
>> instead
>>> of module.
>>>
>>> Regards
>>> Scott
>>> On 30 Dec 2014 07:36, "Adrian Crum" <adrian.crum@sandglass-software.com>
>>> wrote:
>>>
>>>> +public class UtilCodec {
>>>> +    private static final String module = UtilCodec.class.getName();
>>>>
>>>> The last time I made the module field private someone complained that it
>>>> doesn't follow the de-facto standard of making it public. My personal
>>>> preference is to make it private, but there needs to be an agreement
>> within
>>>> the community.
>>>>
>>>> Adrian Crum
>>>> Sandglass Software
>>>> www.sandglass-software.com
>>>>
>>>> On 12/29/2014 6:24 PM, jacopoc@apache.org wrote:
>>>>
>>>>> Author: jacopoc
>>>>> Date: Mon Dec 29 18:24:57 2014
>>>>> New Revision: 1648403
>>>>>
>>>>> URL: http://svn.apache.org/r1648403
>>>>> Log:
>>>>> Moved code dependent on OWASP ESAPI and utilities for codec tasks from
>>>>> StringUtil to a new UtilCodec class: now the UtilCodec class is the
>> only
>>>>> class dependent on OWASP ESAPI.
>>>>> The DefaultEncoder from OWASP ESAPI, used internally by UtilCodec is
>> now
>>>>> built with the default constructor that also adds the JavascriptCodec
>> to
>>>>> the list of codecs used to canonicalize and validate the input.
>>>>> Renamed the UrlEncoder class to UrlCodec in order to better describe
>> its
>>>>> behavior.
>>>>> Misc minor cleanups.
>>>>> Added to the list of tests of the base component a series of Junit test
>>>>> classes that were missing.
>>>>>
>>>>>
>>>>> Added:
>>>>>      ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilCodec.java
>>>>> (with props)
>>>>>
>>   ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/UtilCodecTests.java
>>>>> (with props)
>>>>>
>>   ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/UtilHttpTests.java
>>>>> (with props)
>>>>> Modified:
>>>>>      ofbiz/trunk/applications/content/src/org/ofbiz/content/
>>>>> content/ContentUrlFilter.java
>>>>>      ofbiz/trunk/framework/base/src/org/ofbiz/base/util/StringUtil.java
>>>>>      ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilHttp.java
>>>>>      ofbiz/trunk/framework/base/src/org/ofbiz/base/util/
>>>>> template/FreeMarkerWorker.java
>>>>>      ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/
>>>>> StringUtilTests.java
>>>>>      ofbiz/trunk/framework/base/testdef/basetests.xml
>>>>>      ofbiz/trunk/framework/common/src/org/ofbiz/common/
>>>>> CommonServices.java
>>>>>      ofbiz/trunk/framework/service/src/org/ofbiz/service/
>>>>> ModelService.java
>>>>>      ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/
>>>>> ControlServlet.java
>>>>>      ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/
>>>>> RequestHandler.java
>>>>>      ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/ftl/
>>>>> OfbizContentTransform.java
>>>>>      ofbiz/trunk/framework/webtools/src/org/ofbiz/webtools/labelmanager/
>>>>> LabelManagerFactory.java
>>>>>      ofbiz/trunk/framework/widget/src/org/ofbiz/widget/WidgetWorker.java
>>>>>      ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/
>>>>> MacroFormRenderer.java
>>>>>      ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/
>>>>> ModelForm.java
>>>>>      ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/
>>>>> ModelFormField.java
>>>>>      ofbiz/trunk/framework/widget/src/org/ofbiz/widget/html/
>>>>> HtmlFormRenderer.java
>>>>>      ofbiz/trunk/framework/widget/src/org/ofbiz/widget/html/
>>>>> HtmlMenuRenderer.java
>>>>>      ofbiz/trunk/framework/widget/src/org/ofbiz/widget/menu/
>>>>> MacroMenuRenderer.java
>>>>>      ofbiz/trunk/framework/widget/src/org/ofbiz/widget/menu/
>>>>> ModelMenuItem.java
>>>>>      ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/
>>>>> HtmlWidget.java
>>>>>      ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/
>>>>> MacroScreenViewHandler.java
>>>>>      ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/
>>>>> ModelScreenWidget.java
>>>>>      ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/
>>>>> ScreenFopViewHandler.java
>>>>>      ofbiz/trunk/framework/widget/src/org/ofbiz/widget/tree/
>>>>> ModelTree.java
>>>>>      ofbiz/trunk/specialpurpose/ebay/src/org/ofbiz/ebay/
>>>>> ProductsExportToEbay.java
>>>>>
>>>>> Modified: ofbiz/trunk/applications/content/src/org/ofbiz/content/
>>>>> content/ContentUrlFilter.java
>>>>> URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/
>>>>> content/src/org/ofbiz/content/content/ContentUrlFilter.java?
>>>>> rev=1648403&r1=1648402&r2=1648403&view=diff
>>>>> ============================================================
>>>>> ==================
>>>>> ---
>> ofbiz/trunk/applications/content/src/org/ofbiz/content/content/ContentUrlFilter.java
>>>>> (original)
>>>>> +++
>> ofbiz/trunk/applications/content/src/org/ofbiz/content/content/ContentUrlFilter.java
>>>>> Mon Dec 29 18:24:57 2014
>>>>> @@ -31,7 +31,7 @@ import javax.servlet.http.HttpServletReq
>>>>>   import javax.servlet.http.HttpServletResponse;
>>>>>
>>>>>   import org.ofbiz.base.util.Debug;
>>>>> -import org.ofbiz.base.util.StringUtil;
>>>>> +import org.ofbiz.base.util.UtilCodec;
>>>>>   import org.ofbiz.base.util.UtilHttp;
>>>>>   import org.ofbiz.base.util.UtilValidate;
>>>>>   import org.ofbiz.common.UrlServletHelper;
>>>>> @@ -117,7 +117,7 @@ public class ContentUrlFilter extends Co
>>>>>                       .queryFirst();
>>>>>               if (contentAssocDataResource != null) {
>>>>>                   url = contentAssocDataResource.
>>>>> getString("drObjectInfo");
>>>>> -                url = StringUtil.getDecoder("url").decode(url);
>>>>> +                url = UtilCodec.getDecoder("url").decode(url);
>>>>>                   String mountPoint = request.getContextPath();
>>>>>                   if (!(mountPoint.equals("/")) &&
>>>>> !(mountPoint.equals(""))) {
>>>>>                       url = mountPoint + url;
>>>>>
>>>>> Modified: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/
>>>>> StringUtil.java
>>>>> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/
>>>>> src/org/ofbiz/base/util/StringUtil.java?rev=1648403&
>>>>> r1=1648402&r2=1648403&view=diff
>>>>> ============================================================
>>>>> ==================
>>>>> --- ofbiz/trunk/framework/base/src/org/ofbiz/base/util/StringUtil.java
>>>>> (original)
>>>>> +++ ofbiz/trunk/framework/base/src/org/ofbiz/base/util/StringUtil.java
>>>>> Mon Dec 29 18:24:57 2014
>>>>> @@ -21,7 +21,6 @@ package org.ofbiz.base.util;
>>>>>   import java.io.UnsupportedEncodingException;
>>>>>   import java.net.URLDecoder;
>>>>>   import java.net.URLEncoder;
>>>>> -import java.util.Arrays;
>>>>>   import java.util.Collection;
>>>>>   import java.util.HashMap;
>>>>>   import java.util.HashSet;
>>>>> @@ -36,12 +35,6 @@ import java.util.regex.Pattern;
>>>>>   import org.apache.commons.codec.DecoderException;
>>>>>   import org.apache.commons.codec.binary.Hex;
>>>>>   import org.ofbiz.base.lang.Appender;
>>>>> -import org.owasp.esapi.codecs.Codec;
>>>>> -import org.owasp.esapi.codecs.HTMLEntityCodec;
>>>>> -import org.owasp.esapi.codecs.PercentCodec;
>>>>> -import org.owasp.esapi.errors.EncodingException;
>>>>> -import org.owasp.esapi.errors.IntrusionException;
>>>>> -import org.owasp.esapi.reference.DefaultEncoder;
>>>>>
>>>>>   /**
>>>>>    * Misc String Utility Functions
>>>>> @@ -54,11 +47,7 @@ public class StringUtil {
>>>>>       // FIXME: Not thread safe
>>>>>       protected static final Map<String, Pattern>
>> substitutionPatternMap;
>>>>>
>>>>> -    private static final DefaultEncoder defaultWebEncoder;
>>>>>       static {
>>>>> -        // possible codecs: CSSCodec, HTMLEntityCodec,
>> JavaScriptCodec,
>>>>> MySQLCodec, OracleCodec, PercentCodec, UnixCodec, VBScriptCodec,
>>>>> WindowsCodec
>>>>> -        List<Codec> codecList = Arrays.asList(new HTMLEntityCodec(),
>> new
>>>>> PercentCodec());
>>>>> -        defaultWebEncoder = new DefaultEncoder(codecList);
>>>>>           substitutionPatternMap = new HashMap<String, Pattern>();
>>>>>           substitutionPatternMap.put("&&", Pattern.compile("@and",
>>>>> Pattern.LITERAL));
>>>>>           substitutionPatternMap.put("||", Pattern.compile("@or",
>>>>> Pattern.LITERAL));
>>>>> @@ -68,87 +57,9 @@ public class StringUtil {
>>>>>           substitutionPatternMap.put(">", Pattern.compile("@gt",
>>>>> Pattern.LITERAL));
>>>>>       }
>>>>>
>>>>> -    private static final HtmlEncoder htmlEncoder = new HtmlEncoder();
>>>>> -    private static final XmlEncoder xmlEncoder = new XmlEncoder();
>>>>> -    private static final StringEncoder stringEncoder = new
>>>>> StringEncoder();
>>>>> -    private static final UrlEncoder urlEncoder = new UrlEncoder();
>>>>> -
>>>>>       private StringUtil() {
>>>>>       }
>>>>>
>>>>> -    public static interface SimpleEncoder {
>>>>> -        public String encode(String original);
>>>>> -    }
>>>>> -
>>>>> -    public static interface SimpleDecoder {
>>>>> -        public String decode(String original);
>>>>> -    }
>>>>> -
>>>>> -    public static class HtmlEncoder implements SimpleEncoder {
>>>>> -        public String encode(String original) {
>>>>> -            return
>> StringUtil.defaultWebEncoder.encodeForHTML(original);
>>>>> -        }
>>>>> -    }
>>>>> -
>>>>> -    public static class XmlEncoder implements SimpleEncoder {
>>>>> -        public String encode(String original) {
>>>>> -            return
>> StringUtil.defaultWebEncoder.encodeForXML(original);
>>>>> -        }
>>>>> -    }
>>>>> -
>>>>> -    public static class UrlEncoder implements SimpleEncoder,
>>>>> SimpleDecoder {
>>>>> -        public String encode(String original) {
>>>>> -            try {
>>>>> -                return StringUtil.defaultWebEncoder.
>>>>> encodeForURL(original);
>>>>> -            } catch (EncodingException ee) {
>>>>> -                Debug.logError(ee, module);
>>>>> -                return null;
>>>>> -            }
>>>>> -        }
>>>>> -
>>>>> -        public String decode(String original) {
>>>>> -            try {
>>>>> -                return StringUtil.defaultWebEncoder.
>>>>> decodeFromURL(original);
>>>>> -            } catch (EncodingException ee) {
>>>>> -                Debug.logError(ee, module);
>>>>> -                return null;
>>>>> -            }
>>>>> -        }
>>>>> -    }
>>>>> -
>>>>> -    public static class StringEncoder implements SimpleEncoder {
>>>>> -        public String encode(String original) {
>>>>> -            if (original != null) {
>>>>> -                original = original.replace("\"", "\\\"");
>>>>> -            }
>>>>> -            return original;
>>>>> -        }
>>>>> -    }
>>>>> -
>>>>> -    // ================== Begin General Functions ==================
>>>>> -
>>>>> -    public static SimpleEncoder getEncoder(String type) {
>>>>> -        if ("url".equals(type)) {
>>>>> -            return StringUtil.urlEncoder;
>>>>> -        } else if ("xml".equals(type)) {
>>>>> -            return StringUtil.xmlEncoder;
>>>>> -        } else if ("html".equals(type)) {
>>>>> -            return StringUtil.htmlEncoder;
>>>>> -        } else if ("string".equals(type)) {
>>>>> -            return StringUtil.stringEncoder;
>>>>> -        } else {
>>>>> -            return null;
>>>>> -        }
>>>>> -    }
>>>>> -
>>>>> -    public static SimpleDecoder getDecoder(String type) {
>>>>> -        if ("url".equals(type)) {
>>>>> -            return StringUtil.urlEncoder;
>>>>> -        } else {
>>>>> -            return null;
>>>>> -        }
>>>>> -    }
>>>>> -
>>>>>       public static String internString(String value) {
>>>>>           return value != null ? value.intern() : null;
>>>>>       }
>>>>> @@ -623,70 +534,6 @@ public class StringUtil {
>>>>>           return result;
>>>>>       }
>>>>>
>>>>> -    public static String canonicalize(String value) throws
>>>>> IntrusionException {
>>>>> -        return defaultWebEncoder.canonicalize(value);
>>>>> -    }
>>>>> -
>>>>> -    public static String canonicalize(String value, boolean strict)
>>>>> throws IntrusionException {
>>>>> -        return defaultWebEncoder.canonicalize(value, strict);
>>>>> -    }
>>>>> -    /**
>>>>> -     * Uses a black-list approach for necessary characters for HTML.
>>>>> -     * Does not allow various characters (after canonicalization),
>>>>> including "<", ">", "&" (if not followed by a space), and "%" (if not
>>>>> followed by a space).
>>>>> -     *
>>>>> -     * @param value
>>>>> -     * @param errorMessageList
>>>>> -     */
>>>>> -    public static String checkStringForHtmlStrictNone(String
>> valueName,
>>>>> String value, List<String> errorMessageList) {
>>>>> -        if (UtilValidate.isEmpty(value)) return value;
>>>>> -
>>>>> -        // canonicalize, strict (error on double-encoding)
>>>>> -        try {
>>>>> -            value = canonicalize(value, true);
>>>>> -        } catch (IntrusionException e) {
>>>>> -            // NOTE: using different log and user targeted error
>>>>> messages to allow the end-user message to be less technical
>>>>> -            Debug.logError("Canonicalization (format consistency,
>>>>> character escaping that is mixed or double, etc) error for attribute
>> named
>>>>> [" + valueName + "], String [" + value + "]: " + e.toString(), module);
>>>>> -            errorMessageList.add("In field [" + valueName + "] found
>>>>> character escaping (mixed or double) that is not allowed or other
>> format
>>>>> consistency error: " + e.toString());
>>>>> -        }
>>>>> -
>>>>> -        // check for "<", ">"
>>>>> -        if (value.indexOf("<") >= 0 || value.indexOf(">") >= 0) {
>>>>> -            errorMessageList.add("In field [" + valueName + "]
>> less-than
>>>>> (<) and greater-than (>) symbols are not allowed.");
>>>>> -        }
>>>>> -
>>>>> -        /* NOTE DEJ 20090311: After playing with this more this
>> doesn't
>>>>> seem to be necessary; the canonicalize will convert all such characters
>>>>> into actual text before this check is done, including other illegal
>> chars
>>>>> like &lt; which will canonicalize to < and then get caught
>>>>> -        // check for & followed a semicolon within 7 characters, no
>>>>> spaces in-between (and perhaps other things sometime?)
>>>>> -        int curAmpIndex = value.indexOf("&");
>>>>> -        while (curAmpIndex > -1) {
>>>>> -            int semicolonIndex = value.indexOf(";", curAmpIndex + 1);
>>>>> -            int spaceIndex = value.indexOf(" ", curAmpIndex + 1);
>>>>> -            if (semicolonIndex > -1 && (semicolonIndex - curAmpIndex
>> <=
>>>>> 7) && (spaceIndex < 0 || (spaceIndex > curAmpIndex && spaceIndex <
>>>>> semicolonIndex))) {
>>>>> -                errorMessageList.add("In field [" + valueName + "] the
>>>>> ampersand (&) symbol is only allowed if not used as an encoded
>> character:
>>>>> no semicolon (;) within 7 spaces or there is a space between.");
>>>>> -                // once we find one like this we have the message so
>> no
>>>>> need to check for more
>>>>> -                break;
>>>>> -            }
>>>>> -            curAmpIndex = value.indexOf("&", curAmpIndex + 1);
>>>>> -        }
>>>>> -         */
>>>>> -
>>>>> -        /* NOTE DEJ 20090311: After playing with this more this
>> doesn't
>>>>> seem to be necessary; the canonicalize will convert all such characters
>>>>> into actual text before this check is done, including other illegal
>> chars
>>>>> like %3C which will canonicalize to < and then get caught
>>>>> -        // check for % followed by 2 hex characters
>>>>> -        int curPercIndex = value.indexOf("%");
>>>>> -        while (curPercIndex >= 0) {
>>>>> -            if (value.length() > (curPercIndex + 3) &&
>>>>> UtilValidate.isHexDigit(value.charAt(curPercIndex + 1)) &&
>>>>> UtilValidate.isHexDigit(value.charAt(curPercIndex + 2))) {
>>>>> -                errorMessageList.add("In field [" + valueName + "] the
>>>>> percent (%) symbol is only allowed if followed by a space.");
>>>>> -                // once we find one like this we have the message so
>> no
>>>>> need to check for more
>>>>> -                break;
>>>>> -            }
>>>>> -            curPercIndex = value.indexOf("%", curPercIndex + 1);
>>>>> -        }
>>>>> -         */
>>>>> -
>>>>> -        // TODO: anything else to check for that can be used to get
>> HTML
>>>>> or JavaScript going without these characters?
>>>>> -
>>>>> -        return value;
>>>>> -    }
>>>>> -
>>>>>       /**
>>>>>        * Remove/collapse multiple newline characters
>>>>>        *
>>>>> @@ -807,57 +654,4 @@ public class StringUtil {
>>>>>               return this.theString;
>>>>>           }
>>>>>       }
>>>>> -
>>>>> -    /**
>>>>> -     * A simple Map wrapper class that will do HTML encoding. To be
>> used
>>>>> for passing a Map to something that will expand Strings with it as a
>>>>> context, etc.
>>>>> -     */
>>>>> -    public static class HtmlEncodingMapWrapper<K> implements Map<K,
>>>>> Object> {
>>>>> -        public static <K> HtmlEncodingMapWrapper<K>
>>>>> getHtmlEncodingMapWrapper(Map<K, Object> mapToWrap, SimpleEncoder
>>>>> encoder) {
>>>>> -            if (mapToWrap == null) return null;
>>>>> -
>>>>> -            HtmlEncodingMapWrapper<K> mapWrapper = new
>>>>> HtmlEncodingMapWrapper<K>();
>>>>> -            mapWrapper.setup(mapToWrap, encoder);
>>>>> -            return mapWrapper;
>>>>> -        }
>>>>> -
>>>>> -        protected Map<K, Object> internalMap = null;
>>>>> -        protected SimpleEncoder encoder = null;
>>>>> -        protected HtmlEncodingMapWrapper() { }
>>>>> -
>>>>> -        public void setup(Map<K, Object> mapToWrap, SimpleEncoder
>>>>> encoder) {
>>>>> -            this.internalMap = mapToWrap;
>>>>> -            this.encoder = encoder;
>>>>> -        }
>>>>> -        public void reset() {
>>>>> -            this.internalMap = null;
>>>>> -            this.encoder = null;
>>>>> -        }
>>>>> -
>>>>> -        public int size() { return this.internalMap.size(); }
>>>>> -        public boolean isEmpty() { return this.internalMap.isEmpty();
>> }
>>>>> -        public boolean containsKey(Object key) { return
>>>>> this.internalMap.containsKey(key); }
>>>>> -        public boolean containsValue(Object value) { return
>>>>> this.internalMap.containsValue(value); }
>>>>> -        public Object get(Object key) {
>>>>> -            Object theObject = this.internalMap.get(key);
>>>>> -            if (theObject instanceof String) {
>>>>> -                if (this.encoder != null) {
>>>>> -                    return encoder.encode((String) theObject);
>>>>> -                } else {
>>>>> -                    return
>> StringUtil.defaultWebEncoder.encodeForHTML((String)
>>>>> theObject);
>>>>> -                }
>>>>> -            } else if (theObject instanceof Map<?, ?>) {
>>>>> -                return
>> HtmlEncodingMapWrapper.getHtmlEncodingMapWrapper(UtilGenerics.<K,
>>>>> Object>checkMap(theObject), this.encoder);
>>>>> -            }
>>>>> -            return theObject;
>>>>> -        }
>>>>> -        public Object put(K key, Object value) { return
>>>>> this.internalMap.put(key, value); }
>>>>> -        public Object remove(Object key) { return
>>>>> this.internalMap.remove(key); }
>>>>> -        public void putAll(Map<? extends K, ? extends Object> arg0) {
>>>>> this.internalMap.putAll(arg0); }
>>>>> -        public void clear() { this.internalMap.clear(); }
>>>>> -        public Set<K> keySet() { return this.internalMap.keySet(); }
>>>>> -        public Collection<Object> values() { return
>>>>> this.internalMap.values(); }
>>>>> -        public Set<Map.Entry<K, Object>> entrySet() { return
>>>>> this.internalMap.entrySet(); }
>>>>> -        @Override
>>>>> -        public String toString() { return
>> this.internalMap.toString(); }
>>>>> -    }
>>>>>   }
>>>>>
>>>>> Added:
>> ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilCodec.java
>>>>> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/
>>>>> src/org/ofbiz/base/util/UtilCodec.java?rev=1648403&view=auto
>>>>> ============================================================
>>>>> ==================
>>>>> --- ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilCodec.java
>>>>> (added)
>>>>> +++ ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilCodec.java
>>>>> Mon Dec 29 18:24:57 2014
>>>>> @@ -0,0 +1,232 @@
>>>>> +/**********************************************************
>>>>> *********************
>>>>> + * Licensed to the Apache Software Foundation (ASF) under one
>>>>> + * or more contributor license agreements.  See the NOTICE file
>>>>> + * distributed with this work for additional information
>>>>> + * regarding copyright ownership.  The ASF licenses this file
>>>>> + * to you under the Apache License, Version 2.0 (the
>>>>> + * "License"); you may not use this file except in compliance
>>>>> + * with the License.  You may obtain a copy of the License at
>>>>> + *
>>>>> + * http://www.apache.org/licenses/LICENSE-2.0
>>>>> + *
>>>>> + * Unless required by applicable law or agreed to in writing,
>>>>> + * software distributed under the License is distributed on an
>>>>> + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
>>>>> + * KIND, either express or implied.  See the License for the
>>>>> + * specific language governing permissions and limitations
>>>>> + * under the License.
>>>>> + ************************************************************
>>>>> *******************/
>>>>> +package org.ofbiz.base.util;
>>>>> +
>>>>> +import org.owasp.esapi.errors.IntrusionException;
>>>>> +import org.owasp.esapi.reference.DefaultEncoder;
>>>>> +
>>>>> +import java.io.UnsupportedEncodingException;
>>>>> +import java.net.URLDecoder;
>>>>> +import java.net.URLEncoder;
>>>>> +import java.util.Collection;
>>>>> +import java.util.List;
>>>>> +import java.util.Map;
>>>>> +import java.util.Set;
>>>>> +
>>>>> +public class UtilCodec {
>>>>> +    private static final String module = UtilCodec.class.getName();
>>>>> +    private static final DefaultEncoder defaultWebEncoder = new
>>>>> DefaultEncoder();
>>>>> +    private static final HtmlEncoder htmlEncoder = new HtmlEncoder();
>>>>> +    private static final XmlEncoder xmlEncoder = new XmlEncoder();
>>>>> +    private static final StringEncoder stringEncoder = new
>>>>> StringEncoder();
>>>>> +    private static final UrlCodec urlEncoder = new UrlCodec();
>>>>> +
>>>>> +    public static interface SimpleEncoder {
>>>>> +        public String encode(String original);
>>>>> +    }
>>>>> +
>>>>> +    public static interface SimpleDecoder {
>>>>> +        public String decode(String original);
>>>>> +    }
>>>>> +
>>>>> +    public static class HtmlEncoder implements SimpleEncoder {
>>>>> +        public String encode(String original) {
>>>>> +            return defaultWebEncoder.encodeForHTML(original);
>>>>> +        }
>>>>> +    }
>>>>> +
>>>>> +    public static class XmlEncoder implements SimpleEncoder {
>>>>> +        public String encode(String original) {
>>>>> +            return defaultWebEncoder.encodeForXML(original);
>>>>> +        }
>>>>> +    }
>>>>> +
>>>>> +    public static class UrlCodec implements SimpleEncoder,
>> SimpleDecoder
>>>>> {
>>>>> +        public String encode(String original) {
>>>>> +            try {
>>>>> +                return URLEncoder.encode(original, "UTF-8");
>>>>> +            } catch (UnsupportedEncodingException ee) {
>>>>> +                Debug.logError(ee, module);
>>>>> +                return null;
>>>>> +            }
>>>>> +        }
>>>>> +
>>>>> +        public String decode(String original) {
>>>>> +            try {
>>>>> +                String canonical = canonicalize(original);
>>>>> +                return URLDecoder.decode(canonical, "UTF-8");
>>>>> +            } catch (UnsupportedEncodingException ee) {
>>>>> +                Debug.logError(ee, module);
>>>>> +                return null;
>>>>> +            }
>>>>> +        }
>>>>> +    }
>>>>> +
>>>>> +    public static class StringEncoder implements SimpleEncoder {
>>>>> +        public String encode(String original) {
>>>>> +            if (original != null) {
>>>>> +                original = original.replace("\"", "\\\"");
>>>>> +            }
>>>>> +            return original;
>>>>> +        }
>>>>> +    }
>>>>> +
>>>>> +    // ================== Begin General Functions ==================
>>>>> +
>>>>> +    public static SimpleEncoder getEncoder(String type) {
>>>>> +        if ("url".equals(type)) {
>>>>> +            return urlEncoder;
>>>>> +        } else if ("xml".equals(type)) {
>>>>> +            return xmlEncoder;
>>>>> +        } else if ("html".equals(type)) {
>>>>> +            return htmlEncoder;
>>>>> +        } else if ("string".equals(type)) {
>>>>> +            return stringEncoder;
>>>>> +        } else {
>>>>> +            return null;
>>>>> +        }
>>>>> +    }
>>>>> +
>>>>> +    public static SimpleDecoder getDecoder(String type) {
>>>>> +        if ("url".equals(type)) {
>>>>> +            return urlEncoder;
>>>>> +        } else {
>>>>> +            return null;
>>>>> +        }
>>>>> +    }
>>>>> +
>>>>> +    public static String canonicalize(String value) throws
>>>>> IntrusionException {
>>>>> +        return defaultWebEncoder.canonicalize(value);
>>>>> +    }
>>>>> +
>>>>> +    public static String canonicalize(String value, boolean strict)
>>>>> throws IntrusionException {
>>>>> +        return defaultWebEncoder.canonicalize(value, strict);
>>>>> +    }
>>>>> +
>>>>> +    /**
>>>>> +     * Uses a black-list approach for necessary characters for HTML.
>>>>> +     * Does not allow various characters (after canonicalization),
>>>>> including "<", ">", "&" (if not followed by a space), and "%" (if not
>>>>> followed by a space).
>>>>> +     *
>>>>> +     * @param value
>>>>> +     * @param errorMessageList
>>>>> +     */
>>>>> +    public static String checkStringForHtmlStrictNone(String
>> valueName,
>>>>> String value, List<String> errorMessageList) {
>>>>> +        if (UtilValidate.isEmpty(value)) return value;
>>>>> +
>>>>> +        // canonicalize, strict (error on double-encoding)
>>>>> +        try {
>>>>> +            value = canonicalize(value, true);
>>>>> +        } catch (IntrusionException e) {
>>>>> +            // NOTE: using different log and user targeted error
>>>>> messages to allow the end-user message to be less technical
>>>>> +            Debug.logError("Canonicalization (format consistency,
>>>>> character escaping that is mixed or double, etc) error for attribute
>> named
>>>>> [" + valueName + "], String [" + value + "]: " + e.toString(), module);
>>>>> +            errorMessageList.add("In field [" + valueName + "] found
>>>>> character escaping (mixed or double) that is not allowed or other
>> format
>>>>> consistency error: " + e.toString());
>>>>> +        }
>>>>> +
>>>>> +        // check for "<", ">"
>>>>> +        if (value.indexOf("<") >= 0 || value.indexOf(">") >= 0) {
>>>>> +            errorMessageList.add("In field [" + valueName + "]
>> less-than
>>>>> (<) and greater-than (>) symbols are not allowed.");
>>>>> +        }
>>>>> +
>>>>> +        /* NOTE DEJ 20090311: After playing with this more this
>> doesn't
>>>>> seem to be necessary; the canonicalize will convert all such characters
>>>>> into actual text before this check is done, including other illegal
>> chars
>>>>> like &lt; which will canonicalize to < and then get caught
>>>>> +        // check for & followed a semicolon within 7 characters, no
>>>>> spaces in-between (and perhaps other things sometime?)
>>>>> +        int curAmpIndex = value.indexOf("&");
>>>>> +        while (curAmpIndex > -1) {
>>>>> +            int semicolonIndex = value.indexOf(";", curAmpIndex + 1);
>>>>> +            int spaceIndex = value.indexOf(" ", curAmpIndex + 1);
>>>>> +            if (semicolonIndex > -1 && (semicolonIndex - curAmpIndex
>> <=
>>>>> 7) && (spaceIndex < 0 || (spaceIndex > curAmpIndex && spaceIndex <
>>>>> semicolonIndex))) {
>>>>> +                errorMessageList.add("In field [" + valueName + "] the
>>>>> ampersand (&) symbol is only allowed if not used as an encoded
>> character:
>>>>> no semicolon (;) within 7 spaces or there is a space between.");
>>>>> +                // once we find one like this we have the message so
>> no
>>>>> need to check for more
>>>>> +                break;
>>>>> +            }
>>>>> +            curAmpIndex = value.indexOf("&", curAmpIndex + 1);
>>>>> +        }
>>>>> +         */
>>>>> +
>>>>> +        /* NOTE DEJ 20090311: After playing with this more this
>> doesn't
>>>>> seem to be necessary; the canonicalize will convert all such characters
>>>>> into actual text before this check is done, including other illegal
>> chars
>>>>> like %3C which will canonicalize to < and then get caught
>>>>> +        // check for % followed by 2 hex characters
>>>>> +        int curPercIndex = value.indexOf("%");
>>>>> +        while (curPercIndex >= 0) {
>>>>> +            if (value.length() > (curPercIndex + 3) &&
>>>>> UtilValidate.isHexDigit(value.charAt(curPercIndex + 1)) &&
>>>>> UtilValidate.isHexDigit(value.charAt(curPercIndex + 2))) {
>>>>> +                errorMessageList.add("In field [" + valueName + "] the
>>>>> percent (%) symbol is only allowed if followed by a space.");
>>>>> +                // once we find one like this we have the message so
>> no
>>>>> need to check for more
>>>>> +                break;
>>>>> +            }
>>>>> +            curPercIndex = value.indexOf("%", curPercIndex + 1);
>>>>> +        }
>>>>> +         */
>>>>> +
>>>>> +        // TODO: anything else to check for that can be used to get
>> HTML
>>>>> or JavaScript going without these characters?
>>>>> +
>>>>> +        return value;
>>>>> +    }
>>>>> +
>>>>> +    /**
>>>>> +     * A simple Map wrapper class that will do HTML encoding. To be
>> used
>>>>> for passing a Map to something that will expand Strings with it as a
>>>>> context, etc.
>>>>> +     */
>>>>> +    public static class HtmlEncodingMapWrapper<K> implements Map<K,
>>>>> Object> {
>>>>> +        public static <K> HtmlEncodingMapWrapper<K>
>>>>> getHtmlEncodingMapWrapper(Map<K, Object> mapToWrap, SimpleEncoder
>>>>> encoder) {
>>>>> +            if (mapToWrap == null) return null;
>>>>> +
>>>>> +            HtmlEncodingMapWrapper<K> mapWrapper = new
>>>>> HtmlEncodingMapWrapper<K>();
>>>>> +            mapWrapper.setup(mapToWrap, encoder);
>>>>> +            return mapWrapper;
>>>>> +        }
>>>>> +
>>>>> +        protected Map<K, Object> internalMap = null;
>>>>> +        protected SimpleEncoder encoder = null;
>>>>> +        protected HtmlEncodingMapWrapper() { }
>>>>> +
>>>>> +        public void setup(Map<K, Object> mapToWrap, SimpleEncoder
>>>>> encoder) {
>>>>> +            this.internalMap = mapToWrap;
>>>>> +            this.encoder = encoder;
>>>>> +        }
>>>>> +        public void reset() {
>>>>> +            this.internalMap = null;
>>>>> +            this.encoder = null;
>>>>> +        }
>>>>> +
>>>>> +        public int size() { return this.internalMap.size(); }
>>>>> +        public boolean isEmpty() { return this.internalMap.isEmpty();
>> }
>>>>> +        public boolean containsKey(Object key) { return
>>>>> this.internalMap.containsKey(key); }
>>>>> +        public boolean containsValue(Object value) { return
>>>>> this.internalMap.containsValue(value); }
>>>>> +        public Object get(Object key) {
>>>>> +            Object theObject = this.internalMap.get(key);
>>>>> +            if (theObject instanceof String) {
>>>>> +                if (this.encoder != null) {
>>>>> +                    return encoder.encode((String) theObject);
>>>>> +                } else {
>>>>> +                    return defaultWebEncoder.encodeForHTML((String)
>>>>> theObject);
>>>>> +                }
>>>>> +            } else if (theObject instanceof Map<?, ?>) {
>>>>> +                return
>> HtmlEncodingMapWrapper.getHtmlEncodingMapWrapper(UtilGenerics.<K,
>>>>> Object>checkMap(theObject), this.encoder);
>>>>> +            }
>>>>> +            return theObject;
>>>>> +        }
>>>>> +        public Object put(K key, Object value) { return
>>>>> this.internalMap.put(key, value); }
>>>>> +        public Object remove(Object key) { return
>>>>> this.internalMap.remove(key); }
>>>>> +        public void putAll(Map<? extends K, ? extends Object> arg0) {
>>>>> this.internalMap.putAll(arg0); }
>>>>> +        public void clear() { this.internalMap.clear(); }
>>>>> +        public Set<K> keySet() { return this.internalMap.keySet(); }
>>>>> +        public Collection<Object> values() { return
>>>>> this.internalMap.values(); }
>>>>> +        public Set<Map.Entry<K, Object>> entrySet() { return
>>>>> this.internalMap.entrySet(); }
>>>>> +        @Override
>>>>> +        public String toString() { return
>> this.internalMap.toString(); }
>>>>> +    }
>>>>> +
>>>>> +}
>>>>>
>>>>> Propchange: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/
>>>>> UtilCodec.java
>>>>> ------------------------------------------------------------
>>>>> ------------------
>>>>>      svn:eol-style = native
>>>>>
>>>>> Propchange: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/
>>>>> UtilCodec.java
>>>>> ------------------------------------------------------------
>>>>> ------------------
>>>>>      svn:keywords = Date Rev Author URL Id
>>>>>
>>>>> Propchange: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/
>>>>> UtilCodec.java
>>>>> ------------------------------------------------------------
>>>>> ------------------
>>>>>      svn:mime-type = text/plain
>>>>>
>>>>> Modified: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/
>>>>> UtilHttp.java
>>>>> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/
>>>>> src/org/ofbiz/base/util/UtilHttp.java?rev=1648403&r1=
>>>>> 1648402&r2=1648403&view=diff
>>>>> ============================================================
>>>>> ==================
>>>>> --- ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilHttp.java
>>>>> (original)
>>>>> +++ ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilHttp.java
>> Mon
>>>>> Dec 29 18:24:57 2014
>>>>> @@ -250,7 +250,7 @@ public class UtilHttp {
>>>>>       public static String canonicalizeParameter(String paramValue) {
>>>>>           try {
>>>>>               /** calling canonicalize with strict flag set to false so
>>>>> we only get warnings about double encoding, etc; can be set to true for
>>>>> exceptions and more security */
>>>>> -            String cannedStr = StringUtil.canonicalize(paramValue,
>>>>> false);
>>>>> +            String cannedStr = UtilCodec.canonicalize(paramValue,
>>>>> false);
>>>>>               if (Debug.verboseOn()) Debug.logVerbose("Canonicalized
>>>>> parameter with " + (cannedStr.equals(paramValue) ? "no " : "") +
>> "change:
>>>>> original [" + paramValue + "] canned [" + cannedStr + "]", module);
>>>>>               return cannedStr;
>>>>>           } catch (Exception e) {
>>>>> @@ -790,14 +790,14 @@ public class UtilHttp {
>>>>>                                   buf.append("&");
>>>>>                               }
>>>>>                           }
>>>>> -                        buf.append(StringUtil.
>>>>> getEncoder("url").encode(name));
>>>>> +                        buf.append(UtilCodec.
>>>>> getEncoder("url").encode(name));
>>>>>                           /* the old way: try {
>>>>>                               buf.append(URLEncoder.encode(name,
>>>>> "UTF-8"));
>>>>>                           } catch (UnsupportedEncodingException e) {
>>>>>                               Debug.logError(e, module);
>>>>>                           } */
>>>>>                           buf.append('=');
>>>>> -
>> buf.append(StringUtil.getEncoder("url").encode(
>>>>> valueStr));
>>>>> +                        buf.append(UtilCodec.getEncoder("url").encode(
>>>>> valueStr));
>>>>>                           /* the old way: try {
>>>>>                               buf.append(URLEncoder.encode(valueStr,
>>>>> "UTF-8"));
>>>>>                           } catch (UnsupportedEncodingException e) {
>>>>>
>>>>> Modified: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/
>>>>> template/FreeMarkerWorker.java
>>>>> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/
>>>>> src/org/ofbiz/base/util/template/FreeMarkerWorker.
>>>>> java?rev=1648403&r1=1648402&r2=1648403&view=diff
>>>>> ============================================================
>>>>> ==================
>>>>> ---
>> ofbiz/trunk/framework/base/src/org/ofbiz/base/util/template/FreeMarkerWorker.java
>>>>> (original)
>>>>> +++
>> ofbiz/trunk/framework/base/src/org/ofbiz/base/util/template/FreeMarkerWorker.java
>>>>> Mon Dec 29 18:24:57 2014
>>>>> @@ -47,6 +47,7 @@ import javax.servlet.http.HttpServletReq
>>>>>   import org.ofbiz.base.location.FlexibleLocation;
>>>>>   import org.ofbiz.base.util.Debug;
>>>>>   import org.ofbiz.base.util.StringUtil;
>>>>> +import org.ofbiz.base.util.UtilCodec;
>>>>>   import org.ofbiz.base.util.UtilGenerics;
>>>>>   import org.ofbiz.base.util.UtilMisc;
>>>>>   import org.ofbiz.base.util.UtilProperties;
>>>>> @@ -687,7 +688,7 @@ public class FreeMarkerWorker {
>>>>>               te.printStackTrace(pw);
>>>>>               String stackTrace = tempWriter.toString();
>>>>>
>>>>> -            StringUtil.SimpleEncoder simpleEncoder = FreeMarkerWorker.
>>>>> getWrappedObject("simpleEncoder", env);
>>>>> +            UtilCodec.SimpleEncoder simpleEncoder = FreeMarkerWorker.
>>>>> getWrappedObject("simpleEncoder", env);
>>>>>               if (simpleEncoder != null) {
>>>>>                   stackTrace = simpleEncoder.encode(stackTrace);
>>>>>               }
>>>>>
>>>>> Modified: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/
>>>>> StringUtilTests.java
>>>>> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/
>>>>> src/org/ofbiz/base/util/test/StringUtilTests.java?rev=
>>>>> 1648403&r1=1648402&r2=1648403&view=diff
>>>>> ============================================================
>>>>> ==================
>>>>> ---
>> ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/StringUtilTests.java
>>>>> (original)
>>>>> +++
>> ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/StringUtilTests.java
>>>>> Mon Dec 29 18:24:57 2014
>>>>> @@ -18,8 +18,6 @@
>>>>>    ************************************************************
>>>>> *******************/
>>>>>   package org.ofbiz.base.util.test;
>>>>>
>>>>> -import java.util.ArrayList;
>>>>> -import java.util.Arrays;
>>>>>   import java.util.Collections;
>>>>>   import java.util.HashMap;
>>>>>   import java.util.List;
>>>>> @@ -53,18 +51,6 @@ public class StringUtilTests extends Gen
>>>>>           assertTrue("correct INSTANCE", StringUtil.INSTANCE instanceof
>>>>> StringUtil);
>>>>>       }
>>>>>
>>>>> -    private static void encoderTest(String label,
>>>>> StringUtil.SimpleEncoder encoder, String wanted, String toEncode) {
>>>>> -        assertNull(label + "(encoder):null", encoder.encode(null));
>>>>> -        assertEquals(label + "(encoder):encode", wanted,
>>>>> encoder.encode(toEncode));
>>>>> -    }
>>>>> -
>>>>> -    public void testGetEncoder() {
>>>>> -        encoderTest("string", StringUtil.getEncoder("string"),
>>>>> "abc\\\"def", "abc\"def");
>>>>> -        encoderTest("xml", StringUtil.getEncoder("xml"),
>>>>> "&lt;&gt;&#39;&quot;", "<>'\"");
>>>>> -        encoderTest("html", StringUtil.getEncoder("html"),
>>>>> "&lt;&gt;&#39;&quot;", "<>'\"");
>>>>> -        assertNull("invalid encoder",
>> StringUtil.getEncoder("foobar"));
>>>>> -    }
>>>>> -
>>>>>       public void testInternString() {
>>>>>           assertSame("intern-constant", StringUtil.internString("foo"),
>>>>> StringUtil.internString("foo"));
>>>>>           assertSame("intern-new", StringUtil.internString("foo"),
>>>>> StringUtil.internString(new String("foo")));
>>>>> @@ -283,26 +269,6 @@ public class StringUtilTests extends Gen
>>>>>           assertEquals("all converions", "one && two || three > four >=
>>>>> five < six <= seven", StringUtil.convertOperatorSubstitutions("one @and
>>>>> two @or three @gt four @gteq five @lt six @lteq seven"));
>>>>>       }
>>>>>
>>>>> -    private static void checkStringForHtmlStrictNone_test(String
>> label,
>>>>> String fixed, String input, String... wantedMessages) {
>>>>> -        List<String> gottenMessages = new ArrayList<String>();
>>>>> -        assertEquals(label, fixed, StringUtil.
>>>>> checkStringForHtmlStrictNone(label, input, gottenMessages));
>>>>> -        assertEquals(label, Arrays.asList(wantedMessages),
>>>>> gottenMessages);
>>>>> -    }
>>>>> -
>>>>> -    public void testCheckStringForHtmlStrictNone() {
>>>>> -        checkStringForHtmlStrictNone_test("null pass-thru", null,
>> null);
>>>>> -        checkStringForHtmlStrictNone_test("empty pass-thru", "", "");
>>>>> -        checkStringForHtmlStrictNone_test("o-numeric-encode", "foo",
>>>>> "f&#111;o");
>>>>> -        checkStringForHtmlStrictNone_test("o-hex-encode", "foo",
>>>>> "f%6fo");
>>>>> -        checkStringForHtmlStrictNone_test("o-double-hex-encode",
>> "foo",
>>>>> "f%256fo");
>>>>> -        checkStringForHtmlStrictNone_test("<-not-allowed", "f<oo",
>>>>> "f<oo", "In field [<-not-allowed] less-than (<) and greater-than (>)
>>>>> symbols are not allowed.");
>>>>> -        checkStringForHtmlStrictNone_test(">-not-allowed", "f>oo",
>>>>> "f>oo", "In field [>-not-allowed] less-than (<) and greater-than (>)
>>>>> symbols are not allowed.");
>>>>> -        checkStringForHtmlStrictNone_test("high-ascii", "fÀ®",
>>>>> "f%C0%AE");
>>>>> -        // this looks like a bug, namely the extra trailing ;
>>>>> -        checkStringForHtmlStrictNone_test("double-ampersand",
>> "f\";oo",
>>>>> "f%26quot%3boo");
>>>>> -        checkStringForHtmlStrictNone_test("double-encoding",
>>>>> "%2%353Cscript", "%2%353Cscript", "In field [double-encoding] found
>>>>> character escaping (mixed or double) that is not allowed or other
>> format
>>>>> consistency error: org.owasp.esapi.errors.IntrusionException: Input
>>>>> validation failure");
>>>>> -    }
>>>>> -
>>>>>       public void testCollapseNewlines() {
>>>>>       }
>>>>>
>>>>>
>>>>> Added: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/
>>>>> UtilCodecTests.java
>>>>> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/
>>>>> src/org/ofbiz/base/util/test/UtilCodecTests.java?rev=1648403&view=auto
>>>>> ============================================================
>>>>> ==================
>>>>> ---
>> ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/UtilCodecTests.java
>>>>> (added)
>>>>> +++
>> ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/UtilCodecTests.java
>>>>> Mon Dec 29 18:24:57 2014
>>>>> @@ -0,0 +1,64 @@
>>>>> +/**********************************************************
>>>>> *********************
>>>>> + * Licensed to the Apache Software Foundation (ASF) under one
>>>>> + * or more contributor license agreements.  See the NOTICE file
>>>>> + * distributed with this work for additional information
>>>>> + * regarding copyright ownership.  The ASF licenses this file
>>>>> + * to you under the Apache License, Version 2.0 (the
>>>>> + * "License"); you may not use this file except in compliance
>>>>> + * with the License.  You may obtain a copy of the License at
>>>>> + *
>>>>> + * http://www.apache.org/licenses/LICENSE-2.0
>>>>> + *
>>>>> + * Unless required by applicable law or agreed to in writing,
>>>>> + * software distributed under the License is distributed on an
>>>>> + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
>>>>> + * KIND, either express or implied.  See the License for the
>>>>> + * specific language governing permissions and limitations
>>>>> + * under the License.
>>>>> + ************************************************************
>>>>> *******************/
>>>>> +package org.ofbiz.base.util.test;
>>>>> +
>>>>> +import org.ofbiz.base.test.GenericTestCaseBase;
>>>>> +import org.ofbiz.base.util.UtilCodec;
>>>>> +
>>>>> +import java.util.ArrayList;
>>>>> +import java.util.Arrays;
>>>>> +import java.util.List;
>>>>> +
>>>>> +public class UtilCodecTests  extends GenericTestCaseBase {
>>>>> +    public UtilCodecTests(String name) {
>>>>> +        super(name);
>>>>> +    }
>>>>> +
>>>>> +    private static void encoderTest(String label,
>>>>> UtilCodec.SimpleEncoder encoder, String wanted, String toEncode) {
>>>>> +        assertNull(label + "(encoder):null", encoder.encode(null));
>>>>> +        assertEquals(label + "(encoder):encode", wanted,
>>>>> encoder.encode(toEncode));
>>>>> +    }
>>>>> +
>>>>> +    public void testGetEncoder() {
>>>>> +        encoderTest("string", UtilCodec.getEncoder("string"),
>>>>> "abc\\\"def", "abc\"def");
>>>>> +        encoderTest("xml", UtilCodec.getEncoder("xml"),
>>>>> "&lt;&gt;&#39;&quot;", "<>'\"");
>>>>> +        encoderTest("html", UtilCodec.getEncoder("html"),
>>>>> "&lt;&gt;&#39;&quot;", "<>'\"");
>>>>> +        assertNull("invalid encoder", UtilCodec.getEncoder("foobar"));
>>>>> +    }
>>>>> +    private static void checkStringForHtmlStrictNone_test(String
>> label,
>>>>> String fixed, String input, String... wantedMessages) {
>>>>> +        List<String> gottenMessages = new ArrayList<String>();
>>>>> +        assertEquals(label, fixed, UtilCodec.
>>>>> checkStringForHtmlStrictNone(label, input, gottenMessages));
>>>>> +        assertEquals(label, Arrays.asList(wantedMessages),
>>>>> gottenMessages);
>>>>> +    }
>>>>> +
>>>>> +    public void testCheckStringForHtmlStrictNone() {
>>>>> +        checkStringForHtmlStrictNone_test("null pass-thru", null,
>> null);
>>>>> +        checkStringForHtmlStrictNone_test("empty pass-thru", "", "");
>>>>> +        checkStringForHtmlStrictNone_test("o-numeric-encode", "foo",
>>>>> "f&#111;o");
>>>>> +        checkStringForHtmlStrictNone_test("o-hex-encode", "foo",
>>>>> "f%6fo");
>>>>> +        checkStringForHtmlStrictNone_test("o-double-hex-encode",
>> "foo",
>>>>> "f%256fo");
>>>>> +        checkStringForHtmlStrictNone_test("<-not-allowed", "f<oo",
>>>>> "f<oo", "In field [<-not-allowed] less-than (<) and greater-than (>)
>>>>> symbols are not allowed.");
>>>>> +        checkStringForHtmlStrictNone_test(">-not-allowed", "f>oo",
>>>>> "f>oo", "In field [>-not-allowed] less-than (<) and greater-than (>)
>>>>> symbols are not allowed.");
>>>>> +        checkStringForHtmlStrictNone_test("high-ascii", "fÀ®",
>>>>> "f%C0%AE");
>>>>> +        // this looks like a bug, namely the extra trailing ;
>>>>> +        checkStringForHtmlStrictNone_test("double-ampersand",
>> "f\";oo",
>>>>> "f%26quot%3boo");
>>>>> +        checkStringForHtmlStrictNone_test("double-encoding",
>>>>> "%2%353Cscript", "%2%353Cscript", "In field [double-encoding] found
>>>>> character escaping (mixed or double) that is not allowed or other
>> format
>>>>> consistency error: org.owasp.esapi.errors.IntrusionException: Input
>>>>> validation failure");
>>>>> +    }
>>>>> +
>>>>> +}
>>>>>
>>>>> Propchange: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/
>>>>> UtilCodecTests.java
>>>>> ------------------------------------------------------------
>>>>> ------------------
>>>>>      svn:eol-style = native
>>>>>
>>>>> Propchange: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/
>>>>> UtilCodecTests.java
>>>>> ------------------------------------------------------------
>>>>> ------------------
>>>>>      svn:keywords = Date Rev Author URL Id
>>>>>
>>>>> Propchange: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/
>>>>> UtilCodecTests.java
>>>>> ------------------------------------------------------------
>>>>> ------------------
>>>>>      svn:mime-type = text/plain
>>>>>
>>>>> Added: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/
>>>>> UtilHttpTests.java
>>>>> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/
>>>>> src/org/ofbiz/base/util/test/UtilHttpTests.java?rev=1648403&view=auto
>>>>> ============================================================
>>>>> ==================
>>>>> ---
>> ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/UtilHttpTests.java
>>>>> (added)
>>>>> +++
>> ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/UtilHttpTests.java
>>>>> Mon Dec 29 18:24:57 2014
>>>>> @@ -0,0 +1,30 @@
>>>>> +/**********************************************************
>>>>> *********************
>>>>> + * Licensed to the Apache Software Foundation (ASF) under one
>>>>> + * or more contributor license agreements.  See the NOTICE file
>>>>> + * distributed with this work for additional information
>>>>> + * regarding copyright ownership.  The ASF licenses this file
>>>>> + * to you under the Apache License, Version 2.0 (the
>>>>> + * "License"); you may not use this file except in compliance
>>>>> + * with the License.  You may obtain a copy of the License at
>>>>> + *
>>>>> + * http://www.apache.org/licenses/LICENSE-2.0
>>>>> + *
>>>>> + * Unless required by applicable law or agreed to in writing,
>>>>> + * software distributed under the License is distributed on an
>>>>> + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
>>>>> + * KIND, either express or implied.  See the License for the
>>>>> + * specific language governing permissions and limitations
>>>>> + * under the License.
>>>>> + ************************************************************
>>>>> *******************/
>>>>> +package org.ofbiz.base.util.test;
>>>>> +
>>>>> +import org.ofbiz.base.test.GenericTestCaseBase;
>>>>> +
>>>>> +public class UtilHttpTests extends GenericTestCaseBase {
>>>>> +    public UtilHttpTests(String name) {
>>>>> +        super(name);
>>>>> +    }
>>>>> +
>>>>> +    public void testGetParameterMap() throws Exception {
>>>>> +    }
>>>>> +}
>>>>>
>>>>> Propchange: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/
>>>>> UtilHttpTests.java
>>>>> ------------------------------------------------------------
>>>>> ------------------
>>>>>      svn:eol-style = native
>>>>>
>>>>> Propchange: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/
>>>>> UtilHttpTests.java
>>>>> ------------------------------------------------------------
>>>>> ------------------
>>>>>      svn:keywords = Date Rev Author URL Id
>>>>>
>>>>> Propchange: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/
>>>>> UtilHttpTests.java
>>>>> ------------------------------------------------------------
>>>>> ------------------
>>>>>      svn:mime-type = text/plain
>>>>>
>>>>> Modified: ofbiz/trunk/framework/base/testdef/basetests.xml
>>>>> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/
>>>>> testdef/basetests.xml?rev=1648403&r1=1648402&r2=1648403&view=diff
>>>>> ============================================================
>>>>> ==================
>>>>> --- ofbiz/trunk/framework/base/testdef/basetests.xml (original)
>>>>> +++ ofbiz/trunk/framework/base/testdef/basetests.xml Mon Dec 29
>> 18:24:57
>>>>> 2014
>>>>> @@ -23,9 +23,14 @@
>>>>>           xsi:noNamespaceSchemaLocation="http://ofbiz.apache.org/dtds/
>>>>> test-suite.xsd">
>>>>>       <test-group case-name="basetests">
>>>>>           <junit-test-suite class-name="org.ofbiz.base.lang.test.
>>>>> ComparableRangeTests"/>
>>>>> +        <junit-test-suite class-name="org.ofbiz.base.
>>>>> util.test.AssertTests"/>
>>>>>           <junit-test-suite class-name="org.ofbiz.base.util.test.
>>>>> IndentingWriterTests"/>
>>>>>           <junit-test-suite class-name="org.ofbiz.base.
>>>>> util.test.ObjectTypeTests"/>
>>>>> +        <!--junit-test-suite class-name="org.ofbiz.base.util.test.
>>>>> ReferenceCleanerTests"/-->
>>>>>           <junit-test-suite class-name="org.ofbiz.base.
>>>>> util.test.UtilObjectTests"/>
>>>>> +        <junit-test-suite class-name="org.ofbiz.base.
>>>>> util.test.StringUtilTests"/>
>>>>> +        <junit-test-suite class-name="org.ofbiz.base.
>>>>> util.test.UtilHttpTests"/>
>>>>> +        <junit-test-suite class-name="org.ofbiz.base.
>>>>> util.test.UtilCodecTests"/>
>>>>>           <junit-test-suite class-name="org.ofbiz.base.util.string.test.
>>>>> FlexibleStringExpanderTests"/>
>>>>>           <junit-test-suite class-name="org.ofbiz.base.
>>>>> util.collections.test.FlexibleMapAccessorTests"/>
>>>>>           <junit-test-suite class-name="org.ofbiz.base.
>>>>> util.test.TimeDurationTests"/>
>>>>>
>>>>> Modified: ofbiz/trunk/framework/common/src/org/ofbiz/common/
>>>>> CommonServices.java
>>>>> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/common/
>>>>> src/org/ofbiz/common/CommonServices.java?rev=
>>>>> 1648403&r1=1648402&r2=1648403&view=diff
>>>>> ============================================================
>>>>> ==================
>>>>> ---
>> ofbiz/trunk/framework/common/src/org/ofbiz/common/CommonServices.java
>>>>> (original)
>>>>> +++
>> ofbiz/trunk/framework/common/src/org/ofbiz/common/CommonServices.java
>>>>> Mon Dec 29 18:24:57 2014
>>>>> @@ -46,7 +46,7 @@ import javax.mail.internet.MimeMessage;
>>>>>   import org.ofbiz.base.metrics.Metrics;
>>>>>   import org.ofbiz.base.metrics.MetricsFactory;
>>>>>   import org.ofbiz.base.util.Debug;
>>>>> -import org.ofbiz.base.util.StringUtil;
>>>>> +import org.ofbiz.base.util.UtilCodec;
>>>>>   import org.ofbiz.base.util.UtilDateTime;
>>>>>   import org.ofbiz.base.util.UtilMisc;
>>>>>   import org.ofbiz.base.util.UtilProperties;
>>>>> @@ -539,7 +539,7 @@ public class CommonServices {
>>>>>
>>>>>       public static Map<String, Object> resetMetric(DispatchContext
>> dctx,
>>>>> Map<String, ?> context) {
>>>>>           String originalName = (String) context.get("name");
>>>>> -        String name =
>> StringUtil.getDecoder("url").decode(originalName);
>>>>> +        String name =
>> UtilCodec.getDecoder("url").decode(originalName);
>>>>>           if (name == null) {
>>>>>               return ServiceUtil.returnError("Exception thrown while
>>>>> decoding metric name \"" + originalName + "\"");
>>>>>           }
>>>>>
>>>>> Modified: ofbiz/trunk/framework/service/src/org/ofbiz/service/
>>>>> ModelService.java
>>>>> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/service/
>>>>> src/org/ofbiz/service/ModelService.java?rev=1648403&
>>>>> r1=1648402&r2=1648403&view=diff
>>>>> ============================================================
>>>>> ==================
>>>>> ---
>> ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelService.java
>>>>> (original)
>>>>> +++
>> ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelService.java
>>>>> Mon Dec 29 18:24:57 2014
>>>>> @@ -63,7 +63,7 @@ import org.ofbiz.base.metrics.Metrics;
>>>>>   import org.ofbiz.base.util.Debug;
>>>>>   import org.ofbiz.base.util.GeneralException;
>>>>>   import org.ofbiz.base.util.ObjectType;
>>>>> -import org.ofbiz.base.util.StringUtil;
>>>>> +import org.ofbiz.base.util.UtilCodec;
>>>>>   import org.ofbiz.base.util.UtilMisc;
>>>>>   import org.ofbiz.base.util.UtilProperties;
>>>>>   import org.ofbiz.base.util.UtilValidate;
>>>>> @@ -584,7 +584,7 @@ public class ModelService extends Abstra
>>>>>                   if (context.get(modelParam.name) != null &&
>>>>> ("String".equals(modelParam.type) || "java.lang.String".equals(
>>>>> modelParam.type))
>>>>>                           && !"any".equals(modelParam.allowHtml) &&
>>>>> ("INOUT".equals(modelParam.mode) || "IN".equals(modelParam.mode))) {
>>>>>                       String value = (String)
>>>>> context.get(modelParam.name);
>>>>> -
>> StringUtil.checkStringForHtmlStrictNone(modelParam.name,
>>>>> value, errorMessageList);
>>>>> +
>> UtilCodec.checkStringForHtmlStrictNone(modelParam.name,
>>>>> value, errorMessageList);
>>>>>                   }
>>>>>               }
>>>>>               if (errorMessageList.size() > 0) {
>>>>>
>>>>> Modified: ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/
>>>>> ControlServlet.java
>>>>> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/
>>>>> src/org/ofbiz/webapp/control/ControlServlet.java?rev=
>>>>> 1648403&r1=1648402&r2=1648403&view=diff
>>>>> ============================================================
>>>>> ==================
>>>>> ---
>> ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ControlServlet.java
>>>>> (original)
>>>>> +++
>> ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ControlServlet.java
>>>>> Mon Dec 29 18:24:57 2014
>>>>> @@ -32,7 +32,7 @@ import javax.servlet.http.HttpSession;
>>>>>
>>>>>   import org.apache.bsf.BSFManager;
>>>>>   import org.ofbiz.base.util.Debug;
>>>>> -import org.ofbiz.base.util.StringUtil;
>>>>> +import org.ofbiz.base.util.UtilCodec;
>>>>>   import org.ofbiz.base.util.UtilGenerics;
>>>>>   import org.ofbiz.base.util.UtilHttp;
>>>>>   import org.ofbiz.base.util.UtilTimer;
>>>>> @@ -217,8 +217,7 @@ public class ControlServlet extends Http
>>>>>                   if (Debug.verboseOn()) Debug.logVerbose(throwable,
>>>>> module);
>>>>>               } else {
>>>>>                   Debug.logError(throwable, "Error in request handler:
>> ",
>>>>> module);
>>>>> -                StringUtil.HtmlEncoder encoder = new
>>>>> StringUtil.HtmlEncoder();
>>>>> -                request.setAttribute("_ERROR_MESSAGE_",
>>>>> encoder.encode(throwable.toString()));
>>>>> +                request.setAttribute("_ERROR_MESSAGE_",
>>>>> UtilCodec.getEncoder("html").encode(throwable.toString()));
>>>>>                   errorPage = requestHandler.
>>>>> getDefaultErrorPage(request);
>>>>>               }
>>>>>            } catch (RequestHandlerExceptionAllowExternalRequests e) {
>>>>> @@ -226,8 +225,7 @@ public class ControlServlet extends Http
>>>>>                 Debug.logInfo("Going to external page: " +
>>>>> request.getPathInfo(), module);
>>>>>           } catch (Exception e) {
>>>>>               Debug.logError(e, "Error in request handler: ", module);
>>>>> -            StringUtil.HtmlEncoder encoder = new
>>>>> StringUtil.HtmlEncoder();
>>>>> -            request.setAttribute("_ERROR_MESSAGE_",
>>>>> encoder.encode(e.toString()));
>>>>> +            request.setAttribute("_ERROR_MESSAGE_",
>>>>> UtilCodec.getEncoder("html").encode(e.toString()));
>>>>>               errorPage = requestHandler.getDefaultErrorPage(request);
>>>>>           }
>>>>>
>>>>>
>>>>> Modified: ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/
>>>>> RequestHandler.java
>>>>> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/
>>>>> src/org/ofbiz/webapp/control/RequestHandler.java?rev=
>>>>> 1648403&r1=1648402&r2=1648403&view=diff
>>>>> ============================================================
>>>>> ==================
>>>>> ---
>> ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java
>>>>> (original)
>>>>> +++
>> ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java
>>>>> Mon Dec 29 18:24:57 2014
>>>>> @@ -40,6 +40,7 @@ import org.ofbiz.base.start.Start;
>>>>>   import org.ofbiz.base.util.Debug;
>>>>>   import org.ofbiz.base.util.SSLUtil;
>>>>>   import org.ofbiz.base.util.StringUtil;
>>>>> +import org.ofbiz.base.util.UtilCodec;
>>>>>   import org.ofbiz.base.util.UtilFormatOut;
>>>>>   import org.ofbiz.base.util.UtilGenerics;
>>>>>   import org.ofbiz.base.util.UtilHttp;
>>>>> @@ -1115,11 +1116,11 @@ public class RequestHandler {
>>>>>               if (queryString.length() > 1) {
>>>>>                   queryString.append("&");
>>>>>               }
>>>>> -            String encodedName = StringUtil.getEncoder("url").
>>>>> encode(name);
>>>>> +            String encodedName = UtilCodec.getEncoder("url").
>>>>> encode(name);
>>>>>               if (encodedName != null) {
>>>>>                   queryString.append(encodedName);
>>>>>                   queryString.append("=");
>>>>> -
>> queryString.append(StringUtil.getEncoder("url").encode(
>>>>> value));
>>>>> +                queryString.append(UtilCodec.getEncoder("url").encode(
>>>>> value));
>>>>>               }
>>>>>           }
>>>>>       }
>>>>>
>>>>> Modified: ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/ftl/
>>>>> OfbizContentTransform.java
>>>>> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/
>>>>> src/org/ofbiz/webapp/ftl/OfbizContentTransform.java?
>>>>> rev=1648403&r1=1648402&r2=1648403&view=diff
>>>>> ============================================================
>>>>> ==================
>>>>> ---
>> ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/ftl/OfbizContentTransform.java
>>>>> (original)
>>>>> +++
>> ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/ftl/OfbizContentTransform.java
>>>>> Mon Dec 29 18:24:57 2014
>>>>> @@ -25,7 +25,7 @@ import java.util.Map;
>>>>>   import javax.servlet.http.HttpServletRequest;
>>>>>
>>>>>   import org.ofbiz.base.util.Debug;
>>>>> -import org.ofbiz.base.util.StringUtil;
>>>>> +import org.ofbiz.base.util.UtilCodec;
>>>>>   import org.ofbiz.base.util.UtilValidate;
>>>>>   import org.ofbiz.webapp.taglib.ContentUrlTag;
>>>>>
>>>>> @@ -92,7 +92,7 @@ public class OfbizContentTransform imple
>>>>>                           return;
>>>>>                       }
>>>>>
>>>>> -                    requestUrl = StringUtil.getDecoder("url").
>>>>> decode(requestUrl);
>>>>> +                    requestUrl = UtilCodec.getDecoder("url").
>>>>> decode(requestUrl);
>>>>>
>>>>>                       // make the link
>>>>>                       StringBuilder newURL = new StringBuilder();
>>>>>
>>>>> Modified: ofbiz/trunk/framework/webtools/src/org/ofbiz/
>>>>> webtools/labelmanager/LabelManagerFactory.java
>>>>> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/
>>>>> webtools/src/org/ofbiz/webtools/labelmanager/
>>>>> LabelManagerFactory.java?rev=1648403&r1=1648402&r2=1648403&view=diff
>>>>> ============================================================
>>>>> ==================
>>>>> ---
>> ofbiz/trunk/framework/webtools/src/org/ofbiz/webtools/labelmanager/LabelManagerFactory.java
>>>>> (original)
>>>>> +++
>> ofbiz/trunk/framework/webtools/src/org/ofbiz/webtools/labelmanager/LabelManagerFactory.java
>>>>> Mon Dec 29 18:24:57 2014
>>>>> @@ -37,7 +37,7 @@ import org.ofbiz.base.component.Componen
>>>>>   import org.ofbiz.base.util.Debug;
>>>>>   import org.ofbiz.base.util.FileUtil;
>>>>>   import org.ofbiz.base.util.GeneralException;
>>>>> -import org.ofbiz.base.util.StringUtil;
>>>>> +import org.ofbiz.base.util.UtilCodec;
>>>>>   import org.ofbiz.base.util.UtilValidate;
>>>>>   import org.ofbiz.base.util.UtilXml;
>>>>>   import org.w3c.dom.Comment;
>>>>> @@ -123,7 +123,7 @@ public class LabelManagerFactory {
>>>>>               for (Node propertyNode :
>> UtilXml.childNodeList(resourceElem.getFirstChild()))
>>>>> {
>>>>>                   if (propertyNode instanceof Element) {
>>>>>                       Element propertyElem = (Element) propertyNode;
>>>>> -                    String labelKey = StringUtil.canonicalize(
>>>>> propertyElem.getAttribute("key"));
>>>>> +                    String labelKey = UtilCodec.canonicalize(
>>>>> propertyElem.getAttribute("key"));
>>>>>                       String labelComment = "";
>>>>>                       for (Node valueNode :
>> UtilXml.childNodeList(propertyElem.getFirstChild()))
>>>>> {
>>>>>                           if (valueNode instanceof Element) {
>>>>> @@ -134,7 +134,7 @@ public class LabelManagerFactory {
>>>>>                               if( localeName.contains("_")) {
>>>>>                                   localeName = localeName.replace('_',
>>>>> '-');
>>>>>                               }
>>>>> -                            String labelValue =
>> StringUtil.canonicalize(
>>>>> UtilXml.nodeValue(valueElem.getFirstChild()));
>>>>> +                            String labelValue =
>> UtilCodec.canonicalize(
>>>>> UtilXml.nodeValue(valueElem.getFirstChild()));
>>>>>                               LabelInfo label = labels.get(labelKey +
>>>>> keySeparator + fileInfo.getFileName());
>>>>>
>>>>>                               if (UtilValidate.isEmpty(label)) {
>>>>> @@ -148,12 +148,12 @@ public class LabelManagerFactory {
>>>>>                               localesFound.add(localeName);
>>>>>                               labelComment = "";
>>>>>                           } else if (valueNode instanceof Comment) {
>>>>> -                            labelComment = labelComment +
>>>>> StringUtil.canonicalize(valueNode.getNodeValue());
>>>>> +                            labelComment = labelComment +
>>>>> UtilCodec.canonicalize(valueNode.getNodeValue());
>>>>>                           }
>>>>>                       }
>>>>>                       labelKeyComment = "";
>>>>>                   } else if (propertyNode instanceof Comment) {
>>>>> -                    labelKeyComment = labelKeyComment +
>>>>> StringUtil.canonicalize(propertyNode.getNodeValue());
>>>>> +                    labelKeyComment = labelKeyComment +
>>>>> UtilCodec.canonicalize(propertyNode.getNodeValue());
>>>>>                   }
>>>>>               }
>>>>>           }
>>>>>
>>>>> Modified: ofbiz/trunk/framework/widget/src/org/ofbiz/widget/
>>>>> WidgetWorker.java
>>>>> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/widget/
>>>>> src/org/ofbiz/widget/WidgetWorker.java?rev=1648403&
>>>>> r1=1648402&r2=1648403&view=diff
>>>>> ============================================================
>>>>> ==================
>>>>> --- ofbiz/trunk/framework/widget/src/org/ofbiz/widget/WidgetWorker.java
>>>>> (original)
>>>>> +++ ofbiz/trunk/framework/widget/src/org/ofbiz/widget/WidgetWorker.java
>>>>> Mon Dec 29 18:24:57 2014
>>>>> @@ -36,7 +36,7 @@ import javax.servlet.http.HttpServletReq
>>>>>   import javax.servlet.http.HttpServletResponse;
>>>>>
>>>>>   import org.ofbiz.base.util.Debug;
>>>>> -import org.ofbiz.base.util.StringUtil;
>>>>> +import org.ofbiz.base.util.UtilCodec;
>>>>>   import org.ofbiz.base.util.UtilDateTime;
>>>>>   import org.ofbiz.base.util.UtilGenerics;
>>>>>   import org.ofbiz.base.util.UtilHttp;
>>>>> @@ -71,7 +71,7 @@ public class WidgetWorker {
>>>>>           // We may get an encoded request like:
>>>>> &#47;projectmgr&#47;control&#47;EditTaskContents&#63;
>>>>> workEffortId&#61;10003
>>>>>           // Try to reducing a possibly encoded string down to its
>>>>> simplest form: /projectmgr/control/EditTaskContents?workEffortId=10003
>>>>>           // This step make sure the following appending
>> externalLoginKey
>>>>> operation to work correctly
>>>>> -        localRequestName = StringUtil.canonicalize(localRequestName);
>>>>> +        localRequestName = UtilCodec.canonicalize(localRequestName);
>>>>>           Appendable localWriter = new StringWriter();
>>>>>
>>>>>           if ("intra-app".equals(targetType)) {
>>>>> @@ -143,7 +143,7 @@ public class WidgetWorker {
>>>>>                   }
>>>>>                   externalWriter.append(parameter.getKey());
>>>>>                   externalWriter.append('=');
>>>>> -                StringUtil.SimpleEncoder simpleEncoder =
>>>>> (StringUtil.SimpleEncoder) context.get("simpleEncoder");
>>>>> +                UtilCodec.SimpleEncoder simpleEncoder =
>>>>> (UtilCodec.SimpleEncoder) context.get("simpleEncoder");
>>>>>                   if (simpleEncoder != null && parameterValue != null) {
>>>>>                       externalWriter.append(simpleEncoder.encode(
>>>>> URLEncoder.encode(parameterValue, Charset.forName("UTF-8").
>>>>> displayName())));
>>>>>                   } else {
>>>>> @@ -300,7 +300,7 @@ public class WidgetWorker {
>>>>>                   writer.append("<input name=\"");
>>>>>                   writer.append(parameter.getKey());
>>>>>                   writer.append("\" value=\"");
>>>>> -                writer.append(StringUtil.getEncoder("html").encode(
>>>>> parameter.getValue()));
>>>>> +                writer.append(UtilCodec.getEncoder("html").encode(
>>>>> parameter.getValue()));
>>>>>                   writer.append("\" type=\"hidden\"/>");
>>>>>               }
>>>>>           }
>>>>>
>>>>> Modified: ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/
>>>>> MacroFormRenderer.java
>>>>> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/widget/
>>>>> src/org/ofbiz/widget/form/MacroFormRenderer.java?rev=
>>>>> 1648403&r1=1648402&r2=1648403&view=diff
>>>>> ============================================================
>>>>> ==================
>>>>> ---
>> ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/MacroFormRenderer.java
>>>>> (original)
>>>>> +++
>> ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/MacroFormRenderer.java
>>>>> Mon Dec 29 18:24:57 2014
>>>>> @@ -40,6 +40,7 @@ import javax.servlet.http.HttpServletRes
>>>>>
>>>>>   import org.ofbiz.base.util.Debug;
>>>>>   import org.ofbiz.base.util.StringUtil;
>>>>> +import org.ofbiz.base.util.UtilCodec;
>>>>>   import org.ofbiz.base.util.UtilFormatOut;
>>>>>   import org.ofbiz.base.util.UtilGenerics;
>>>>>   import org.ofbiz.base.util.UtilHttp;
>>>>> @@ -75,7 +76,6 @@ import org.ofbiz.widget.form.ModelFormFi
>>>>>   import org.ofbiz.widget.form.ModelFormField.TextField;
>>>>>   import org.ofbiz.widget.form.ModelFormField.TextFindField;
>>>>>   import org.ofbiz.widget.form.ModelFormField.TextareaField;
>>>>> -import org.ofbiz.widget.form.ModelFormFieldBuilder;
>>>>>   import org.ofbiz.widget.screen.ModelScreenWidget;
>>>>>
>>>>>   import com.ibm.icu.util.Calendar;
>>>>> @@ -93,7 +93,7 @@ public final class MacroFormRenderer imp
>>>>>       public static final String module = MacroFormRenderer.class.
>>>>> getName();
>>>>>       private final Template macroLibrary;
>>>>>       private final WeakHashMap<Appendable, Environment> environments =
>>>>> new WeakHashMap<Appendable, Environment>();
>>>>> -    private final StringUtil.SimpleEncoder internalEncoder;
>>>>> +    private final UtilCodec.SimpleEncoder internalEncoder;
>>>>>       private final RequestHandler rh;
>>>>>       private final HttpServletRequest request;
>>>>>       private final HttpServletResponse response;
>>>>> @@ -108,7 +108,7 @@ public final class MacroFormRenderer imp
>>>>>           ServletContext ctx = (ServletContext) request.getAttribute("
>>>>> servletContext");
>>>>>           this.rh = (RequestHandler) ctx.getAttribute("_REQUEST_
>>>>> HANDLER_");
>>>>>           this.javaScriptEnabled =
>> UtilHttp.isJavaScriptEnabled(request);
>>>>> -        internalEncoder = StringUtil.getEncoder("string");
>>>>> +        internalEncoder = UtilCodec.getEncoder("string");
>>>>>       }
>>>>>
>>>>>       @Deprecated
>>>>> @@ -158,7 +158,7 @@ public final class MacroFormRenderer imp
>>>>>           if (UtilValidate.isEmpty(value)) {
>>>>>               return value;
>>>>>           }
>>>>> -        StringUtil.SimpleEncoder encoder = (StringUtil.SimpleEncoder)
>>>>> context.get("simpleEncoder");
>>>>> +        UtilCodec.SimpleEncoder encoder = (UtilCodec.SimpleEncoder)
>>>>> context.get("simpleEncoder");
>>>>>           if (modelFormField.getEncodeOutput() && encoder != null) {
>>>>>               value = encoder.encode(value);
>>>>>           } else {
>>>>> @@ -3088,7 +3088,7 @@ public final class MacroFormRenderer imp
>>>>>               parameters.append(parameter.getName());
>>>>>               parameters.append("'");
>>>>>               parameters.append(",'value':'");
>>>>> -            parameters.append(StringUtil.getEncoder("html").encode(
>>>>> parameter.getValue(context)));
>>>>> +            parameters.append(UtilCodec.getEncoder("html").encode(
>>>>> parameter.getValue(context)));
>>>>>               parameters.append("'}");
>>>>>           }
>>>>>           parameters.append("]");
>>>>>
>>>>> Modified: ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/
>>>>> ModelForm.java
>>>>> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/widget/
>>>>> src/org/ofbiz/widget/form/ModelForm.java?rev=1648403&r1=
>>>>> 1648402&r2=1648403&view=diff
>>>>> ============================================================
>>>>> ==================
>>>>> ---
>> ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/ModelForm.java
>>>>> (original)
>>>>> +++
>> ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/ModelForm.java
>>>>> Mon Dec 29 18:24:57 2014
>>>>> @@ -34,6 +34,7 @@ import java.util.concurrent.atomic.Atomi
>>>>>   import org.ofbiz.base.util.BshUtil;
>>>>>   import org.ofbiz.base.util.Debug;
>>>>>   import org.ofbiz.base.util.StringUtil;
>>>>> +import org.ofbiz.base.util.UtilCodec;
>>>>>   import org.ofbiz.base.util.UtilGenerics;
>>>>>   import org.ofbiz.base.util.UtilProperties;
>>>>>   import org.ofbiz.base.util.UtilValidate;
>>>>> @@ -1515,9 +1516,9 @@ public class ModelForm extends ModelWidg
>>>>>        */
>>>>>       public String getTarget(Map<String, Object> context, String
>>>>> targetType) {
>>>>>           Map<String, Object> expanderContext = context;
>>>>> -        StringUtil.SimpleEncoder simpleEncoder =
>>>>> (StringUtil.SimpleEncoder) context.get("simpleEncoder");
>>>>> +        UtilCodec.SimpleEncoder simpleEncoder =
>>>>> (UtilCodec.SimpleEncoder) context.get("simpleEncoder");
>>>>>           if (simpleEncoder != null) {
>>>>> -            expanderContext = StringUtil.HtmlEncodingMapWrapper.
>>>>> getHtmlEncodingMapWrapper(context, simpleEncoder);
>>>>> +            expanderContext = UtilCodec.HtmlEncodingMapWrapper.
>>>>> getHtmlEncodingMapWrapper(context, simpleEncoder);
>>>>>           }
>>>>>           try {
>>>>>               // use the same Interpreter (ie with the same context
>>>>> setup) for all evals
>>>>>
>>>>> Modified: ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/
>>>>> ModelFormField.java
>>>>> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/widget/
>>>>> src/org/ofbiz/widget/form/ModelFormField.java?rev=
>>>>> 1648403&r1=1648402&r2=1648403&view=diff
>>>>> ============================================================
>>>>> ==================
>>>>> ---
>> ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/ModelFormField.java
>>>>> (original)
>>>>> +++
>> ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/ModelFormField.java
>>>>> Mon Dec 29 18:24:57 2014
>>>>> @@ -42,6 +42,7 @@ import org.ofbiz.base.util.Debug;
>>>>>   import org.ofbiz.base.util.GeneralException;
>>>>>   import org.ofbiz.base.util.ObjectType;
>>>>>   import org.ofbiz.base.util.StringUtil;
>>>>> +import org.ofbiz.base.util.UtilCodec;
>>>>>   import org.ofbiz.base.util.UtilDateTime;
>>>>>   import org.ofbiz.base.util.UtilFormatOut;
>>>>>   import org.ofbiz.base.util.UtilGenerics;
>>>>> @@ -343,7 +344,7 @@ public class ModelFormField {
>>>>>           }
>>>>>
>>>>>           if (this.getEncodeOutput() && returnValue != null) {
>>>>> -            StringUtil.SimpleEncoder simpleEncoder =
>>>>> (StringUtil.SimpleEncoder) context.get("simpleEncoder");
>>>>> +            UtilCodec.SimpleEncoder simpleEncoder =
>>>>> (UtilCodec.SimpleEncoder) context.get("simpleEncoder");
>>>>>               if (simpleEncoder != null)
>>>>>                   returnValue = simpleEncoder.encode(returnValue);
>>>>>           }
>>>>> @@ -602,7 +603,7 @@ public class ModelFormField {
>>>>>           if (UtilValidate.isNotEmpty(tooltip))
>>>>>               tooltipString = tooltip.expandString(context);
>>>>>           if (this.getEncodeOutput()) {
>>>>> -            StringUtil.SimpleEncoder simpleEncoder =
>>>>> (StringUtil.SimpleEncoder) context.get("simpleEncoder");
>>>>> +            UtilCodec.SimpleEncoder simpleEncoder =
>>>>> (UtilCodec.SimpleEncoder) context.get("
>>>>
>>>> ...
>>
>>
>

Mime
View raw message