ofbiz-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Scott Gray <scott.g...@hotwaxmedia.com>
Subject Re: svn commit: r1648403 - in /ofbiz/trunk: applications/content/src/org/ofbiz/content/content/ framework/base/src/org/ofbiz/base/util/ framework/base/src/org/ofbiz/base/util/template/ framework/base/src/org/ofbiz/base/util/test/ framework/base/testdef/ fr...
Date Tue, 30 Dec 2014 07:57:29 GMT
If everyone's in favor I'd say we just go for it and change them all in bulk
On 30 Dec 2014 20:31, "Jacopo Cappellato" <jacopo.cappellato@hotwaxmedia.com>
wrote:

> I agree with both of you: these strings should be private and should
> follow the naming convention of constants (MODULE); Adrian, I also agree it
> is a good time to discuss this with the community.
> There are currently 29 "module" strings that are private and 676 that are
> public.
> Should we bulk change them all to private or to public? It will be a
> rather easy string replacement.
> Bulk converting module to MODULE would be a little bit trickier but still
> possible; is it something we should do now or just something to do in small
> parts?
>
> Jacopo
>
>
> On Dec 29, 2014, at 8:17 PM, Scott Gray <scott.gray@hotwaxmedia.com>
> wrote:
>
> > I'm in favor of making them private, I'm also in favor using MODULE
> instead
> > of module.
> >
> > Regards
> > Scott
> > On 30 Dec 2014 07:36, "Adrian Crum" <adrian.crum@sandglass-software.com>
> > wrote:
> >
> >> +public class UtilCodec {
> >> +    private static final String module = UtilCodec.class.getName();
> >>
> >> The last time I made the module field private someone complained that it
> >> doesn't follow the de-facto standard of making it public. My personal
> >> preference is to make it private, but there needs to be an agreement
> within
> >> the community.
> >>
> >> Adrian Crum
> >> Sandglass Software
> >> www.sandglass-software.com
> >>
> >> On 12/29/2014 6:24 PM, jacopoc@apache.org wrote:
> >>
> >>> Author: jacopoc
> >>> Date: Mon Dec 29 18:24:57 2014
> >>> New Revision: 1648403
> >>>
> >>> URL: http://svn.apache.org/r1648403
> >>> Log:
> >>> Moved code dependent on OWASP ESAPI and utilities for codec tasks from
> >>> StringUtil to a new UtilCodec class: now the UtilCodec class is the
> only
> >>> class dependent on OWASP ESAPI.
> >>> The DefaultEncoder from OWASP ESAPI, used internally by UtilCodec is
> now
> >>> built with the default constructor that also adds the JavascriptCodec
> to
> >>> the list of codecs used to canonicalize and validate the input.
> >>> Renamed the UrlEncoder class to UrlCodec in order to better describe
> its
> >>> behavior.
> >>> Misc minor cleanups.
> >>> Added to the list of tests of the base component a series of Junit test
> >>> classes that were missing.
> >>>
> >>>
> >>> Added:
> >>>     ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilCodec.java
> >>> (with props)
> >>>
>  ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/UtilCodecTests.java
> >>> (with props)
> >>>
>  ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/UtilHttpTests.java
> >>> (with props)
> >>> Modified:
> >>>     ofbiz/trunk/applications/content/src/org/ofbiz/content/
> >>> content/ContentUrlFilter.java
> >>>     ofbiz/trunk/framework/base/src/org/ofbiz/base/util/StringUtil.java
> >>>     ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilHttp.java
> >>>     ofbiz/trunk/framework/base/src/org/ofbiz/base/util/
> >>> template/FreeMarkerWorker.java
> >>>     ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/
> >>> StringUtilTests.java
> >>>     ofbiz/trunk/framework/base/testdef/basetests.xml
> >>>     ofbiz/trunk/framework/common/src/org/ofbiz/common/
> >>> CommonServices.java
> >>>     ofbiz/trunk/framework/service/src/org/ofbiz/service/
> >>> ModelService.java
> >>>     ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/
> >>> ControlServlet.java
> >>>     ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/
> >>> RequestHandler.java
> >>>     ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/ftl/
> >>> OfbizContentTransform.java
> >>>     ofbiz/trunk/framework/webtools/src/org/ofbiz/webtools/labelmanager/
> >>> LabelManagerFactory.java
> >>>     ofbiz/trunk/framework/widget/src/org/ofbiz/widget/WidgetWorker.java
> >>>     ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/
> >>> MacroFormRenderer.java
> >>>     ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/
> >>> ModelForm.java
> >>>     ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/
> >>> ModelFormField.java
> >>>     ofbiz/trunk/framework/widget/src/org/ofbiz/widget/html/
> >>> HtmlFormRenderer.java
> >>>     ofbiz/trunk/framework/widget/src/org/ofbiz/widget/html/
> >>> HtmlMenuRenderer.java
> >>>     ofbiz/trunk/framework/widget/src/org/ofbiz/widget/menu/
> >>> MacroMenuRenderer.java
> >>>     ofbiz/trunk/framework/widget/src/org/ofbiz/widget/menu/
> >>> ModelMenuItem.java
> >>>     ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/
> >>> HtmlWidget.java
> >>>     ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/
> >>> MacroScreenViewHandler.java
> >>>     ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/
> >>> ModelScreenWidget.java
> >>>     ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/
> >>> ScreenFopViewHandler.java
> >>>     ofbiz/trunk/framework/widget/src/org/ofbiz/widget/tree/
> >>> ModelTree.java
> >>>     ofbiz/trunk/specialpurpose/ebay/src/org/ofbiz/ebay/
> >>> ProductsExportToEbay.java
> >>>
> >>> Modified: ofbiz/trunk/applications/content/src/org/ofbiz/content/
> >>> content/ContentUrlFilter.java
> >>> URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/
> >>> content/src/org/ofbiz/content/content/ContentUrlFilter.java?
> >>> rev=1648403&r1=1648402&r2=1648403&view=diff
> >>> ============================================================
> >>> ==================
> >>> ---
> ofbiz/trunk/applications/content/src/org/ofbiz/content/content/ContentUrlFilter.java
> >>> (original)
> >>> +++
> ofbiz/trunk/applications/content/src/org/ofbiz/content/content/ContentUrlFilter.java
> >>> Mon Dec 29 18:24:57 2014
> >>> @@ -31,7 +31,7 @@ import javax.servlet.http.HttpServletReq
> >>>  import javax.servlet.http.HttpServletResponse;
> >>>
> >>>  import org.ofbiz.base.util.Debug;
> >>> -import org.ofbiz.base.util.StringUtil;
> >>> +import org.ofbiz.base.util.UtilCodec;
> >>>  import org.ofbiz.base.util.UtilHttp;
> >>>  import org.ofbiz.base.util.UtilValidate;
> >>>  import org.ofbiz.common.UrlServletHelper;
> >>> @@ -117,7 +117,7 @@ public class ContentUrlFilter extends Co
> >>>                      .queryFirst();
> >>>              if (contentAssocDataResource != null) {
> >>>                  url = contentAssocDataResource.
> >>> getString("drObjectInfo");
> >>> -                url = StringUtil.getDecoder("url").decode(url);
> >>> +                url = UtilCodec.getDecoder("url").decode(url);
> >>>                  String mountPoint = request.getContextPath();
> >>>                  if (!(mountPoint.equals("/")) &&
> >>> !(mountPoint.equals(""))) {
> >>>                      url = mountPoint + url;
> >>>
> >>> Modified: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/
> >>> StringUtil.java
> >>> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/
> >>> src/org/ofbiz/base/util/StringUtil.java?rev=1648403&
> >>> r1=1648402&r2=1648403&view=diff
> >>> ============================================================
> >>> ==================
> >>> --- ofbiz/trunk/framework/base/src/org/ofbiz/base/util/StringUtil.java
> >>> (original)
> >>> +++ ofbiz/trunk/framework/base/src/org/ofbiz/base/util/StringUtil.java
> >>> Mon Dec 29 18:24:57 2014
> >>> @@ -21,7 +21,6 @@ package org.ofbiz.base.util;
> >>>  import java.io.UnsupportedEncodingException;
> >>>  import java.net.URLDecoder;
> >>>  import java.net.URLEncoder;
> >>> -import java.util.Arrays;
> >>>  import java.util.Collection;
> >>>  import java.util.HashMap;
> >>>  import java.util.HashSet;
> >>> @@ -36,12 +35,6 @@ import java.util.regex.Pattern;
> >>>  import org.apache.commons.codec.DecoderException;
> >>>  import org.apache.commons.codec.binary.Hex;
> >>>  import org.ofbiz.base.lang.Appender;
> >>> -import org.owasp.esapi.codecs.Codec;
> >>> -import org.owasp.esapi.codecs.HTMLEntityCodec;
> >>> -import org.owasp.esapi.codecs.PercentCodec;
> >>> -import org.owasp.esapi.errors.EncodingException;
> >>> -import org.owasp.esapi.errors.IntrusionException;
> >>> -import org.owasp.esapi.reference.DefaultEncoder;
> >>>
> >>>  /**
> >>>   * Misc String Utility Functions
> >>> @@ -54,11 +47,7 @@ public class StringUtil {
> >>>      // FIXME: Not thread safe
> >>>      protected static final Map<String, Pattern>
> substitutionPatternMap;
> >>>
> >>> -    private static final DefaultEncoder defaultWebEncoder;
> >>>      static {
> >>> -        // possible codecs: CSSCodec, HTMLEntityCodec,
> JavaScriptCodec,
> >>> MySQLCodec, OracleCodec, PercentCodec, UnixCodec, VBScriptCodec,
> >>> WindowsCodec
> >>> -        List<Codec> codecList = Arrays.asList(new HTMLEntityCodec(),
> new
> >>> PercentCodec());
> >>> -        defaultWebEncoder = new DefaultEncoder(codecList);
> >>>          substitutionPatternMap = new HashMap<String, Pattern>();
> >>>          substitutionPatternMap.put("&&", Pattern.compile("@and",
> >>> Pattern.LITERAL));
> >>>          substitutionPatternMap.put("||", Pattern.compile("@or",
> >>> Pattern.LITERAL));
> >>> @@ -68,87 +57,9 @@ public class StringUtil {
> >>>          substitutionPatternMap.put(">", Pattern.compile("@gt",
> >>> Pattern.LITERAL));
> >>>      }
> >>>
> >>> -    private static final HtmlEncoder htmlEncoder = new HtmlEncoder();
> >>> -    private static final XmlEncoder xmlEncoder = new XmlEncoder();
> >>> -    private static final StringEncoder stringEncoder = new
> >>> StringEncoder();
> >>> -    private static final UrlEncoder urlEncoder = new UrlEncoder();
> >>> -
> >>>      private StringUtil() {
> >>>      }
> >>>
> >>> -    public static interface SimpleEncoder {
> >>> -        public String encode(String original);
> >>> -    }
> >>> -
> >>> -    public static interface SimpleDecoder {
> >>> -        public String decode(String original);
> >>> -    }
> >>> -
> >>> -    public static class HtmlEncoder implements SimpleEncoder {
> >>> -        public String encode(String original) {
> >>> -            return
> StringUtil.defaultWebEncoder.encodeForHTML(original);
> >>> -        }
> >>> -    }
> >>> -
> >>> -    public static class XmlEncoder implements SimpleEncoder {
> >>> -        public String encode(String original) {
> >>> -            return
> StringUtil.defaultWebEncoder.encodeForXML(original);
> >>> -        }
> >>> -    }
> >>> -
> >>> -    public static class UrlEncoder implements SimpleEncoder,
> >>> SimpleDecoder {
> >>> -        public String encode(String original) {
> >>> -            try {
> >>> -                return StringUtil.defaultWebEncoder.
> >>> encodeForURL(original);
> >>> -            } catch (EncodingException ee) {
> >>> -                Debug.logError(ee, module);
> >>> -                return null;
> >>> -            }
> >>> -        }
> >>> -
> >>> -        public String decode(String original) {
> >>> -            try {
> >>> -                return StringUtil.defaultWebEncoder.
> >>> decodeFromURL(original);
> >>> -            } catch (EncodingException ee) {
> >>> -                Debug.logError(ee, module);
> >>> -                return null;
> >>> -            }
> >>> -        }
> >>> -    }
> >>> -
> >>> -    public static class StringEncoder implements SimpleEncoder {
> >>> -        public String encode(String original) {
> >>> -            if (original != null) {
> >>> -                original = original.replace("\"", "\\\"");
> >>> -            }
> >>> -            return original;
> >>> -        }
> >>> -    }
> >>> -
> >>> -    // ================== Begin General Functions ==================
> >>> -
> >>> -    public static SimpleEncoder getEncoder(String type) {
> >>> -        if ("url".equals(type)) {
> >>> -            return StringUtil.urlEncoder;
> >>> -        } else if ("xml".equals(type)) {
> >>> -            return StringUtil.xmlEncoder;
> >>> -        } else if ("html".equals(type)) {
> >>> -            return StringUtil.htmlEncoder;
> >>> -        } else if ("string".equals(type)) {
> >>> -            return StringUtil.stringEncoder;
> >>> -        } else {
> >>> -            return null;
> >>> -        }
> >>> -    }
> >>> -
> >>> -    public static SimpleDecoder getDecoder(String type) {
> >>> -        if ("url".equals(type)) {
> >>> -            return StringUtil.urlEncoder;
> >>> -        } else {
> >>> -            return null;
> >>> -        }
> >>> -    }
> >>> -
> >>>      public static String internString(String value) {
> >>>          return value != null ? value.intern() : null;
> >>>      }
> >>> @@ -623,70 +534,6 @@ public class StringUtil {
> >>>          return result;
> >>>      }
> >>>
> >>> -    public static String canonicalize(String value) throws
> >>> IntrusionException {
> >>> -        return defaultWebEncoder.canonicalize(value);
> >>> -    }
> >>> -
> >>> -    public static String canonicalize(String value, boolean strict)
> >>> throws IntrusionException {
> >>> -        return defaultWebEncoder.canonicalize(value, strict);
> >>> -    }
> >>> -    /**
> >>> -     * Uses a black-list approach for necessary characters for HTML.
> >>> -     * Does not allow various characters (after canonicalization),
> >>> including "<", ">", "&" (if not followed by a space), and "%" (if not
> >>> followed by a space).
> >>> -     *
> >>> -     * @param value
> >>> -     * @param errorMessageList
> >>> -     */
> >>> -    public static String checkStringForHtmlStrictNone(String
> valueName,
> >>> String value, List<String> errorMessageList) {
> >>> -        if (UtilValidate.isEmpty(value)) return value;
> >>> -
> >>> -        // canonicalize, strict (error on double-encoding)
> >>> -        try {
> >>> -            value = canonicalize(value, true);
> >>> -        } catch (IntrusionException e) {
> >>> -            // NOTE: using different log and user targeted error
> >>> messages to allow the end-user message to be less technical
> >>> -            Debug.logError("Canonicalization (format consistency,
> >>> character escaping that is mixed or double, etc) error for attribute
> named
> >>> [" + valueName + "], String [" + value + "]: " + e.toString(), module);
> >>> -            errorMessageList.add("In field [" + valueName + "] found
> >>> character escaping (mixed or double) that is not allowed or other
> format
> >>> consistency error: " + e.toString());
> >>> -        }
> >>> -
> >>> -        // check for "<", ">"
> >>> -        if (value.indexOf("<") >= 0 || value.indexOf(">") >= 0) {
> >>> -            errorMessageList.add("In field [" + valueName + "]
> less-than
> >>> (<) and greater-than (>) symbols are not allowed.");
> >>> -        }
> >>> -
> >>> -        /* NOTE DEJ 20090311: After playing with this more this
> doesn't
> >>> seem to be necessary; the canonicalize will convert all such characters
> >>> into actual text before this check is done, including other illegal
> chars
> >>> like &lt; which will canonicalize to < and then get caught
> >>> -        // check for & followed a semicolon within 7 characters, no
> >>> spaces in-between (and perhaps other things sometime?)
> >>> -        int curAmpIndex = value.indexOf("&");
> >>> -        while (curAmpIndex > -1) {
> >>> -            int semicolonIndex = value.indexOf(";", curAmpIndex + 1);
> >>> -            int spaceIndex = value.indexOf(" ", curAmpIndex + 1);
> >>> -            if (semicolonIndex > -1 && (semicolonIndex - curAmpIndex
> <=
> >>> 7) && (spaceIndex < 0 || (spaceIndex > curAmpIndex && spaceIndex <
> >>> semicolonIndex))) {
> >>> -                errorMessageList.add("In field [" + valueName + "] the
> >>> ampersand (&) symbol is only allowed if not used as an encoded
> character:
> >>> no semicolon (;) within 7 spaces or there is a space between.");
> >>> -                // once we find one like this we have the message so
> no
> >>> need to check for more
> >>> -                break;
> >>> -            }
> >>> -            curAmpIndex = value.indexOf("&", curAmpIndex + 1);
> >>> -        }
> >>> -         */
> >>> -
> >>> -        /* NOTE DEJ 20090311: After playing with this more this
> doesn't
> >>> seem to be necessary; the canonicalize will convert all such characters
> >>> into actual text before this check is done, including other illegal
> chars
> >>> like %3C which will canonicalize to < and then get caught
> >>> -        // check for % followed by 2 hex characters
> >>> -        int curPercIndex = value.indexOf("%");
> >>> -        while (curPercIndex >= 0) {
> >>> -            if (value.length() > (curPercIndex + 3) &&
> >>> UtilValidate.isHexDigit(value.charAt(curPercIndex + 1)) &&
> >>> UtilValidate.isHexDigit(value.charAt(curPercIndex + 2))) {
> >>> -                errorMessageList.add("In field [" + valueName + "] the
> >>> percent (%) symbol is only allowed if followed by a space.");
> >>> -                // once we find one like this we have the message so
> no
> >>> need to check for more
> >>> -                break;
> >>> -            }
> >>> -            curPercIndex = value.indexOf("%", curPercIndex + 1);
> >>> -        }
> >>> -         */
> >>> -
> >>> -        // TODO: anything else to check for that can be used to get
> HTML
> >>> or JavaScript going without these characters?
> >>> -
> >>> -        return value;
> >>> -    }
> >>> -
> >>>      /**
> >>>       * Remove/collapse multiple newline characters
> >>>       *
> >>> @@ -807,57 +654,4 @@ public class StringUtil {
> >>>              return this.theString;
> >>>          }
> >>>      }
> >>> -
> >>> -    /**
> >>> -     * A simple Map wrapper class that will do HTML encoding. To be
> used
> >>> for passing a Map to something that will expand Strings with it as a
> >>> context, etc.
> >>> -     */
> >>> -    public static class HtmlEncodingMapWrapper<K> implements Map<K,
> >>> Object> {
> >>> -        public static <K> HtmlEncodingMapWrapper<K>
> >>> getHtmlEncodingMapWrapper(Map<K, Object> mapToWrap, SimpleEncoder
> >>> encoder) {
> >>> -            if (mapToWrap == null) return null;
> >>> -
> >>> -            HtmlEncodingMapWrapper<K> mapWrapper = new
> >>> HtmlEncodingMapWrapper<K>();
> >>> -            mapWrapper.setup(mapToWrap, encoder);
> >>> -            return mapWrapper;
> >>> -        }
> >>> -
> >>> -        protected Map<K, Object> internalMap = null;
> >>> -        protected SimpleEncoder encoder = null;
> >>> -        protected HtmlEncodingMapWrapper() { }
> >>> -
> >>> -        public void setup(Map<K, Object> mapToWrap, SimpleEncoder
> >>> encoder) {
> >>> -            this.internalMap = mapToWrap;
> >>> -            this.encoder = encoder;
> >>> -        }
> >>> -        public void reset() {
> >>> -            this.internalMap = null;
> >>> -            this.encoder = null;
> >>> -        }
> >>> -
> >>> -        public int size() { return this.internalMap.size(); }
> >>> -        public boolean isEmpty() { return this.internalMap.isEmpty();
> }
> >>> -        public boolean containsKey(Object key) { return
> >>> this.internalMap.containsKey(key); }
> >>> -        public boolean containsValue(Object value) { return
> >>> this.internalMap.containsValue(value); }
> >>> -        public Object get(Object key) {
> >>> -            Object theObject = this.internalMap.get(key);
> >>> -            if (theObject instanceof String) {
> >>> -                if (this.encoder != null) {
> >>> -                    return encoder.encode((String) theObject);
> >>> -                } else {
> >>> -                    return
> StringUtil.defaultWebEncoder.encodeForHTML((String)
> >>> theObject);
> >>> -                }
> >>> -            } else if (theObject instanceof Map<?, ?>) {
> >>> -                return
> HtmlEncodingMapWrapper.getHtmlEncodingMapWrapper(UtilGenerics.<K,
> >>> Object>checkMap(theObject), this.encoder);
> >>> -            }
> >>> -            return theObject;
> >>> -        }
> >>> -        public Object put(K key, Object value) { return
> >>> this.internalMap.put(key, value); }
> >>> -        public Object remove(Object key) { return
> >>> this.internalMap.remove(key); }
> >>> -        public void putAll(Map<? extends K, ? extends Object> arg0) {
> >>> this.internalMap.putAll(arg0); }
> >>> -        public void clear() { this.internalMap.clear(); }
> >>> -        public Set<K> keySet() { return this.internalMap.keySet(); }
> >>> -        public Collection<Object> values() { return
> >>> this.internalMap.values(); }
> >>> -        public Set<Map.Entry<K, Object>> entrySet() { return
> >>> this.internalMap.entrySet(); }
> >>> -        @Override
> >>> -        public String toString() { return
> this.internalMap.toString(); }
> >>> -    }
> >>>  }
> >>>
> >>> Added:
> ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilCodec.java
> >>> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/
> >>> src/org/ofbiz/base/util/UtilCodec.java?rev=1648403&view=auto
> >>> ============================================================
> >>> ==================
> >>> --- ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilCodec.java
> >>> (added)
> >>> +++ ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilCodec.java
> >>> Mon Dec 29 18:24:57 2014
> >>> @@ -0,0 +1,232 @@
> >>> +/**********************************************************
> >>> *********************
> >>> + * Licensed to the Apache Software Foundation (ASF) under one
> >>> + * or more contributor license agreements.  See the NOTICE file
> >>> + * distributed with this work for additional information
> >>> + * regarding copyright ownership.  The ASF licenses this file
> >>> + * to you under the Apache License, Version 2.0 (the
> >>> + * "License"); you may not use this file except in compliance
> >>> + * with the License.  You may obtain a copy of the License at
> >>> + *
> >>> + * http://www.apache.org/licenses/LICENSE-2.0
> >>> + *
> >>> + * Unless required by applicable law or agreed to in writing,
> >>> + * software distributed under the License is distributed on an
> >>> + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
> >>> + * KIND, either express or implied.  See the License for the
> >>> + * specific language governing permissions and limitations
> >>> + * under the License.
> >>> + ************************************************************
> >>> *******************/
> >>> +package org.ofbiz.base.util;
> >>> +
> >>> +import org.owasp.esapi.errors.IntrusionException;
> >>> +import org.owasp.esapi.reference.DefaultEncoder;
> >>> +
> >>> +import java.io.UnsupportedEncodingException;
> >>> +import java.net.URLDecoder;
> >>> +import java.net.URLEncoder;
> >>> +import java.util.Collection;
> >>> +import java.util.List;
> >>> +import java.util.Map;
> >>> +import java.util.Set;
> >>> +
> >>> +public class UtilCodec {
> >>> +    private static final String module = UtilCodec.class.getName();
> >>> +    private static final DefaultEncoder defaultWebEncoder = new
> >>> DefaultEncoder();
> >>> +    private static final HtmlEncoder htmlEncoder = new HtmlEncoder();
> >>> +    private static final XmlEncoder xmlEncoder = new XmlEncoder();
> >>> +    private static final StringEncoder stringEncoder = new
> >>> StringEncoder();
> >>> +    private static final UrlCodec urlEncoder = new UrlCodec();
> >>> +
> >>> +    public static interface SimpleEncoder {
> >>> +        public String encode(String original);
> >>> +    }
> >>> +
> >>> +    public static interface SimpleDecoder {
> >>> +        public String decode(String original);
> >>> +    }
> >>> +
> >>> +    public static class HtmlEncoder implements SimpleEncoder {
> >>> +        public String encode(String original) {
> >>> +            return defaultWebEncoder.encodeForHTML(original);
> >>> +        }
> >>> +    }
> >>> +
> >>> +    public static class XmlEncoder implements SimpleEncoder {
> >>> +        public String encode(String original) {
> >>> +            return defaultWebEncoder.encodeForXML(original);
> >>> +        }
> >>> +    }
> >>> +
> >>> +    public static class UrlCodec implements SimpleEncoder,
> SimpleDecoder
> >>> {
> >>> +        public String encode(String original) {
> >>> +            try {
> >>> +                return URLEncoder.encode(original, "UTF-8");
> >>> +            } catch (UnsupportedEncodingException ee) {
> >>> +                Debug.logError(ee, module);
> >>> +                return null;
> >>> +            }
> >>> +        }
> >>> +
> >>> +        public String decode(String original) {
> >>> +            try {
> >>> +                String canonical = canonicalize(original);
> >>> +                return URLDecoder.decode(canonical, "UTF-8");
> >>> +            } catch (UnsupportedEncodingException ee) {
> >>> +                Debug.logError(ee, module);
> >>> +                return null;
> >>> +            }
> >>> +        }
> >>> +    }
> >>> +
> >>> +    public static class StringEncoder implements SimpleEncoder {
> >>> +        public String encode(String original) {
> >>> +            if (original != null) {
> >>> +                original = original.replace("\"", "\\\"");
> >>> +            }
> >>> +            return original;
> >>> +        }
> >>> +    }
> >>> +
> >>> +    // ================== Begin General Functions ==================
> >>> +
> >>> +    public static SimpleEncoder getEncoder(String type) {
> >>> +        if ("url".equals(type)) {
> >>> +            return urlEncoder;
> >>> +        } else if ("xml".equals(type)) {
> >>> +            return xmlEncoder;
> >>> +        } else if ("html".equals(type)) {
> >>> +            return htmlEncoder;
> >>> +        } else if ("string".equals(type)) {
> >>> +            return stringEncoder;
> >>> +        } else {
> >>> +            return null;
> >>> +        }
> >>> +    }
> >>> +
> >>> +    public static SimpleDecoder getDecoder(String type) {
> >>> +        if ("url".equals(type)) {
> >>> +            return urlEncoder;
> >>> +        } else {
> >>> +            return null;
> >>> +        }
> >>> +    }
> >>> +
> >>> +    public static String canonicalize(String value) throws
> >>> IntrusionException {
> >>> +        return defaultWebEncoder.canonicalize(value);
> >>> +    }
> >>> +
> >>> +    public static String canonicalize(String value, boolean strict)
> >>> throws IntrusionException {
> >>> +        return defaultWebEncoder.canonicalize(value, strict);
> >>> +    }
> >>> +
> >>> +    /**
> >>> +     * Uses a black-list approach for necessary characters for HTML.
> >>> +     * Does not allow various characters (after canonicalization),
> >>> including "<", ">", "&" (if not followed by a space), and "%" (if not
> >>> followed by a space).
> >>> +     *
> >>> +     * @param value
> >>> +     * @param errorMessageList
> >>> +     */
> >>> +    public static String checkStringForHtmlStrictNone(String
> valueName,
> >>> String value, List<String> errorMessageList) {
> >>> +        if (UtilValidate.isEmpty(value)) return value;
> >>> +
> >>> +        // canonicalize, strict (error on double-encoding)
> >>> +        try {
> >>> +            value = canonicalize(value, true);
> >>> +        } catch (IntrusionException e) {
> >>> +            // NOTE: using different log and user targeted error
> >>> messages to allow the end-user message to be less technical
> >>> +            Debug.logError("Canonicalization (format consistency,
> >>> character escaping that is mixed or double, etc) error for attribute
> named
> >>> [" + valueName + "], String [" + value + "]: " + e.toString(), module);
> >>> +            errorMessageList.add("In field [" + valueName + "] found
> >>> character escaping (mixed or double) that is not allowed or other
> format
> >>> consistency error: " + e.toString());
> >>> +        }
> >>> +
> >>> +        // check for "<", ">"
> >>> +        if (value.indexOf("<") >= 0 || value.indexOf(">") >= 0) {
> >>> +            errorMessageList.add("In field [" + valueName + "]
> less-than
> >>> (<) and greater-than (>) symbols are not allowed.");
> >>> +        }
> >>> +
> >>> +        /* NOTE DEJ 20090311: After playing with this more this
> doesn't
> >>> seem to be necessary; the canonicalize will convert all such characters
> >>> into actual text before this check is done, including other illegal
> chars
> >>> like &lt; which will canonicalize to < and then get caught
> >>> +        // check for & followed a semicolon within 7 characters, no
> >>> spaces in-between (and perhaps other things sometime?)
> >>> +        int curAmpIndex = value.indexOf("&");
> >>> +        while (curAmpIndex > -1) {
> >>> +            int semicolonIndex = value.indexOf(";", curAmpIndex + 1);
> >>> +            int spaceIndex = value.indexOf(" ", curAmpIndex + 1);
> >>> +            if (semicolonIndex > -1 && (semicolonIndex - curAmpIndex
> <=
> >>> 7) && (spaceIndex < 0 || (spaceIndex > curAmpIndex && spaceIndex <
> >>> semicolonIndex))) {
> >>> +                errorMessageList.add("In field [" + valueName + "] the
> >>> ampersand (&) symbol is only allowed if not used as an encoded
> character:
> >>> no semicolon (;) within 7 spaces or there is a space between.");
> >>> +                // once we find one like this we have the message so
> no
> >>> need to check for more
> >>> +                break;
> >>> +            }
> >>> +            curAmpIndex = value.indexOf("&", curAmpIndex + 1);
> >>> +        }
> >>> +         */
> >>> +
> >>> +        /* NOTE DEJ 20090311: After playing with this more this
> doesn't
> >>> seem to be necessary; the canonicalize will convert all such characters
> >>> into actual text before this check is done, including other illegal
> chars
> >>> like %3C which will canonicalize to < and then get caught
> >>> +        // check for % followed by 2 hex characters
> >>> +        int curPercIndex = value.indexOf("%");
> >>> +        while (curPercIndex >= 0) {
> >>> +            if (value.length() > (curPercIndex + 3) &&
> >>> UtilValidate.isHexDigit(value.charAt(curPercIndex + 1)) &&
> >>> UtilValidate.isHexDigit(value.charAt(curPercIndex + 2))) {
> >>> +                errorMessageList.add("In field [" + valueName + "] the
> >>> percent (%) symbol is only allowed if followed by a space.");
> >>> +                // once we find one like this we have the message so
> no
> >>> need to check for more
> >>> +                break;
> >>> +            }
> >>> +            curPercIndex = value.indexOf("%", curPercIndex + 1);
> >>> +        }
> >>> +         */
> >>> +
> >>> +        // TODO: anything else to check for that can be used to get
> HTML
> >>> or JavaScript going without these characters?
> >>> +
> >>> +        return value;
> >>> +    }
> >>> +
> >>> +    /**
> >>> +     * A simple Map wrapper class that will do HTML encoding. To be
> used
> >>> for passing a Map to something that will expand Strings with it as a
> >>> context, etc.
> >>> +     */
> >>> +    public static class HtmlEncodingMapWrapper<K> implements Map<K,
> >>> Object> {
> >>> +        public static <K> HtmlEncodingMapWrapper<K>
> >>> getHtmlEncodingMapWrapper(Map<K, Object> mapToWrap, SimpleEncoder
> >>> encoder) {
> >>> +            if (mapToWrap == null) return null;
> >>> +
> >>> +            HtmlEncodingMapWrapper<K> mapWrapper = new
> >>> HtmlEncodingMapWrapper<K>();
> >>> +            mapWrapper.setup(mapToWrap, encoder);
> >>> +            return mapWrapper;
> >>> +        }
> >>> +
> >>> +        protected Map<K, Object> internalMap = null;
> >>> +        protected SimpleEncoder encoder = null;
> >>> +        protected HtmlEncodingMapWrapper() { }
> >>> +
> >>> +        public void setup(Map<K, Object> mapToWrap, SimpleEncoder
> >>> encoder) {
> >>> +            this.internalMap = mapToWrap;
> >>> +            this.encoder = encoder;
> >>> +        }
> >>> +        public void reset() {
> >>> +            this.internalMap = null;
> >>> +            this.encoder = null;
> >>> +        }
> >>> +
> >>> +        public int size() { return this.internalMap.size(); }
> >>> +        public boolean isEmpty() { return this.internalMap.isEmpty();
> }
> >>> +        public boolean containsKey(Object key) { return
> >>> this.internalMap.containsKey(key); }
> >>> +        public boolean containsValue(Object value) { return
> >>> this.internalMap.containsValue(value); }
> >>> +        public Object get(Object key) {
> >>> +            Object theObject = this.internalMap.get(key);
> >>> +            if (theObject instanceof String) {
> >>> +                if (this.encoder != null) {
> >>> +                    return encoder.encode((String) theObject);
> >>> +                } else {
> >>> +                    return defaultWebEncoder.encodeForHTML((String)
> >>> theObject);
> >>> +                }
> >>> +            } else if (theObject instanceof Map<?, ?>) {
> >>> +                return
> HtmlEncodingMapWrapper.getHtmlEncodingMapWrapper(UtilGenerics.<K,
> >>> Object>checkMap(theObject), this.encoder);
> >>> +            }
> >>> +            return theObject;
> >>> +        }
> >>> +        public Object put(K key, Object value) { return
> >>> this.internalMap.put(key, value); }
> >>> +        public Object remove(Object key) { return
> >>> this.internalMap.remove(key); }
> >>> +        public void putAll(Map<? extends K, ? extends Object> arg0) {
> >>> this.internalMap.putAll(arg0); }
> >>> +        public void clear() { this.internalMap.clear(); }
> >>> +        public Set<K> keySet() { return this.internalMap.keySet(); }
> >>> +        public Collection<Object> values() { return
> >>> this.internalMap.values(); }
> >>> +        public Set<Map.Entry<K, Object>> entrySet() { return
> >>> this.internalMap.entrySet(); }
> >>> +        @Override
> >>> +        public String toString() { return
> this.internalMap.toString(); }
> >>> +    }
> >>> +
> >>> +}
> >>>
> >>> Propchange: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/
> >>> UtilCodec.java
> >>> ------------------------------------------------------------
> >>> ------------------
> >>>     svn:eol-style = native
> >>>
> >>> Propchange: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/
> >>> UtilCodec.java
> >>> ------------------------------------------------------------
> >>> ------------------
> >>>     svn:keywords = Date Rev Author URL Id
> >>>
> >>> Propchange: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/
> >>> UtilCodec.java
> >>> ------------------------------------------------------------
> >>> ------------------
> >>>     svn:mime-type = text/plain
> >>>
> >>> Modified: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/
> >>> UtilHttp.java
> >>> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/
> >>> src/org/ofbiz/base/util/UtilHttp.java?rev=1648403&r1=
> >>> 1648402&r2=1648403&view=diff
> >>> ============================================================
> >>> ==================
> >>> --- ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilHttp.java
> >>> (original)
> >>> +++ ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilHttp.java
> Mon
> >>> Dec 29 18:24:57 2014
> >>> @@ -250,7 +250,7 @@ public class UtilHttp {
> >>>      public static String canonicalizeParameter(String paramValue) {
> >>>          try {
> >>>              /** calling canonicalize with strict flag set to false so
> >>> we only get warnings about double encoding, etc; can be set to true for
> >>> exceptions and more security */
> >>> -            String cannedStr = StringUtil.canonicalize(paramValue,
> >>> false);
> >>> +            String cannedStr = UtilCodec.canonicalize(paramValue,
> >>> false);
> >>>              if (Debug.verboseOn()) Debug.logVerbose("Canonicalized
> >>> parameter with " + (cannedStr.equals(paramValue) ? "no " : "") +
> "change:
> >>> original [" + paramValue + "] canned [" + cannedStr + "]", module);
> >>>              return cannedStr;
> >>>          } catch (Exception e) {
> >>> @@ -790,14 +790,14 @@ public class UtilHttp {
> >>>                                  buf.append("&");
> >>>                              }
> >>>                          }
> >>> -                        buf.append(StringUtil.
> >>> getEncoder("url").encode(name));
> >>> +                        buf.append(UtilCodec.
> >>> getEncoder("url").encode(name));
> >>>                          /* the old way: try {
> >>>                              buf.append(URLEncoder.encode(name,
> >>> "UTF-8"));
> >>>                          } catch (UnsupportedEncodingException e) {
> >>>                              Debug.logError(e, module);
> >>>                          } */
> >>>                          buf.append('=');
> >>> -
> buf.append(StringUtil.getEncoder("url").encode(
> >>> valueStr));
> >>> +                        buf.append(UtilCodec.getEncoder("url").encode(
> >>> valueStr));
> >>>                          /* the old way: try {
> >>>                              buf.append(URLEncoder.encode(valueStr,
> >>> "UTF-8"));
> >>>                          } catch (UnsupportedEncodingException e) {
> >>>
> >>> Modified: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/
> >>> template/FreeMarkerWorker.java
> >>> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/
> >>> src/org/ofbiz/base/util/template/FreeMarkerWorker.
> >>> java?rev=1648403&r1=1648402&r2=1648403&view=diff
> >>> ============================================================
> >>> ==================
> >>> ---
> ofbiz/trunk/framework/base/src/org/ofbiz/base/util/template/FreeMarkerWorker.java
> >>> (original)
> >>> +++
> ofbiz/trunk/framework/base/src/org/ofbiz/base/util/template/FreeMarkerWorker.java
> >>> Mon Dec 29 18:24:57 2014
> >>> @@ -47,6 +47,7 @@ import javax.servlet.http.HttpServletReq
> >>>  import org.ofbiz.base.location.FlexibleLocation;
> >>>  import org.ofbiz.base.util.Debug;
> >>>  import org.ofbiz.base.util.StringUtil;
> >>> +import org.ofbiz.base.util.UtilCodec;
> >>>  import org.ofbiz.base.util.UtilGenerics;
> >>>  import org.ofbiz.base.util.UtilMisc;
> >>>  import org.ofbiz.base.util.UtilProperties;
> >>> @@ -687,7 +688,7 @@ public class FreeMarkerWorker {
> >>>              te.printStackTrace(pw);
> >>>              String stackTrace = tempWriter.toString();
> >>>
> >>> -            StringUtil.SimpleEncoder simpleEncoder = FreeMarkerWorker.
> >>> getWrappedObject("simpleEncoder", env);
> >>> +            UtilCodec.SimpleEncoder simpleEncoder = FreeMarkerWorker.
> >>> getWrappedObject("simpleEncoder", env);
> >>>              if (simpleEncoder != null) {
> >>>                  stackTrace = simpleEncoder.encode(stackTrace);
> >>>              }
> >>>
> >>> Modified: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/
> >>> StringUtilTests.java
> >>> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/
> >>> src/org/ofbiz/base/util/test/StringUtilTests.java?rev=
> >>> 1648403&r1=1648402&r2=1648403&view=diff
> >>> ============================================================
> >>> ==================
> >>> ---
> ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/StringUtilTests.java
> >>> (original)
> >>> +++
> ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/StringUtilTests.java
> >>> Mon Dec 29 18:24:57 2014
> >>> @@ -18,8 +18,6 @@
> >>>   ************************************************************
> >>> *******************/
> >>>  package org.ofbiz.base.util.test;
> >>>
> >>> -import java.util.ArrayList;
> >>> -import java.util.Arrays;
> >>>  import java.util.Collections;
> >>>  import java.util.HashMap;
> >>>  import java.util.List;
> >>> @@ -53,18 +51,6 @@ public class StringUtilTests extends Gen
> >>>          assertTrue("correct INSTANCE", StringUtil.INSTANCE instanceof
> >>> StringUtil);
> >>>      }
> >>>
> >>> -    private static void encoderTest(String label,
> >>> StringUtil.SimpleEncoder encoder, String wanted, String toEncode) {
> >>> -        assertNull(label + "(encoder):null", encoder.encode(null));
> >>> -        assertEquals(label + "(encoder):encode", wanted,
> >>> encoder.encode(toEncode));
> >>> -    }
> >>> -
> >>> -    public void testGetEncoder() {
> >>> -        encoderTest("string", StringUtil.getEncoder("string"),
> >>> "abc\\\"def", "abc\"def");
> >>> -        encoderTest("xml", StringUtil.getEncoder("xml"),
> >>> "&lt;&gt;&#39;&quot;", "<>'\"");
> >>> -        encoderTest("html", StringUtil.getEncoder("html"),
> >>> "&lt;&gt;&#39;&quot;", "<>'\"");
> >>> -        assertNull("invalid encoder",
> StringUtil.getEncoder("foobar"));
> >>> -    }
> >>> -
> >>>      public void testInternString() {
> >>>          assertSame("intern-constant", StringUtil.internString("foo"),
> >>> StringUtil.internString("foo"));
> >>>          assertSame("intern-new", StringUtil.internString("foo"),
> >>> StringUtil.internString(new String("foo")));
> >>> @@ -283,26 +269,6 @@ public class StringUtilTests extends Gen
> >>>          assertEquals("all converions", "one && two || three > four >=
> >>> five < six <= seven", StringUtil.convertOperatorSubstitutions("one @and
> >>> two @or three @gt four @gteq five @lt six @lteq seven"));
> >>>      }
> >>>
> >>> -    private static void checkStringForHtmlStrictNone_test(String
> label,
> >>> String fixed, String input, String... wantedMessages) {
> >>> -        List<String> gottenMessages = new ArrayList<String>();
> >>> -        assertEquals(label, fixed, StringUtil.
> >>> checkStringForHtmlStrictNone(label, input, gottenMessages));
> >>> -        assertEquals(label, Arrays.asList(wantedMessages),
> >>> gottenMessages);
> >>> -    }
> >>> -
> >>> -    public void testCheckStringForHtmlStrictNone() {
> >>> -        checkStringForHtmlStrictNone_test("null pass-thru", null,
> null);
> >>> -        checkStringForHtmlStrictNone_test("empty pass-thru", "", "");
> >>> -        checkStringForHtmlStrictNone_test("o-numeric-encode", "foo",
> >>> "f&#111;o");
> >>> -        checkStringForHtmlStrictNone_test("o-hex-encode", "foo",
> >>> "f%6fo");
> >>> -        checkStringForHtmlStrictNone_test("o-double-hex-encode",
> "foo",
> >>> "f%256fo");
> >>> -        checkStringForHtmlStrictNone_test("<-not-allowed", "f<oo",
> >>> "f<oo", "In field [<-not-allowed] less-than (<) and greater-than (>)
> >>> symbols are not allowed.");
> >>> -        checkStringForHtmlStrictNone_test(">-not-allowed", "f>oo",
> >>> "f>oo", "In field [>-not-allowed] less-than (<) and greater-than (>)
> >>> symbols are not allowed.");
> >>> -        checkStringForHtmlStrictNone_test("high-ascii", "fÀ®",
> >>> "f%C0%AE");
> >>> -        // this looks like a bug, namely the extra trailing ;
> >>> -        checkStringForHtmlStrictNone_test("double-ampersand",
> "f\";oo",
> >>> "f%26quot%3boo");
> >>> -        checkStringForHtmlStrictNone_test("double-encoding",
> >>> "%2%353Cscript", "%2%353Cscript", "In field [double-encoding] found
> >>> character escaping (mixed or double) that is not allowed or other
> format
> >>> consistency error: org.owasp.esapi.errors.IntrusionException: Input
> >>> validation failure");
> >>> -    }
> >>> -
> >>>      public void testCollapseNewlines() {
> >>>      }
> >>>
> >>>
> >>> Added: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/
> >>> UtilCodecTests.java
> >>> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/
> >>> src/org/ofbiz/base/util/test/UtilCodecTests.java?rev=1648403&view=auto
> >>> ============================================================
> >>> ==================
> >>> ---
> ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/UtilCodecTests.java
> >>> (added)
> >>> +++
> ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/UtilCodecTests.java
> >>> Mon Dec 29 18:24:57 2014
> >>> @@ -0,0 +1,64 @@
> >>> +/**********************************************************
> >>> *********************
> >>> + * Licensed to the Apache Software Foundation (ASF) under one
> >>> + * or more contributor license agreements.  See the NOTICE file
> >>> + * distributed with this work for additional information
> >>> + * regarding copyright ownership.  The ASF licenses this file
> >>> + * to you under the Apache License, Version 2.0 (the
> >>> + * "License"); you may not use this file except in compliance
> >>> + * with the License.  You may obtain a copy of the License at
> >>> + *
> >>> + * http://www.apache.org/licenses/LICENSE-2.0
> >>> + *
> >>> + * Unless required by applicable law or agreed to in writing,
> >>> + * software distributed under the License is distributed on an
> >>> + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
> >>> + * KIND, either express or implied.  See the License for the
> >>> + * specific language governing permissions and limitations
> >>> + * under the License.
> >>> + ************************************************************
> >>> *******************/
> >>> +package org.ofbiz.base.util.test;
> >>> +
> >>> +import org.ofbiz.base.test.GenericTestCaseBase;
> >>> +import org.ofbiz.base.util.UtilCodec;
> >>> +
> >>> +import java.util.ArrayList;
> >>> +import java.util.Arrays;
> >>> +import java.util.List;
> >>> +
> >>> +public class UtilCodecTests  extends GenericTestCaseBase {
> >>> +    public UtilCodecTests(String name) {
> >>> +        super(name);
> >>> +    }
> >>> +
> >>> +    private static void encoderTest(String label,
> >>> UtilCodec.SimpleEncoder encoder, String wanted, String toEncode) {
> >>> +        assertNull(label + "(encoder):null", encoder.encode(null));
> >>> +        assertEquals(label + "(encoder):encode", wanted,
> >>> encoder.encode(toEncode));
> >>> +    }
> >>> +
> >>> +    public void testGetEncoder() {
> >>> +        encoderTest("string", UtilCodec.getEncoder("string"),
> >>> "abc\\\"def", "abc\"def");
> >>> +        encoderTest("xml", UtilCodec.getEncoder("xml"),
> >>> "&lt;&gt;&#39;&quot;", "<>'\"");
> >>> +        encoderTest("html", UtilCodec.getEncoder("html"),
> >>> "&lt;&gt;&#39;&quot;", "<>'\"");
> >>> +        assertNull("invalid encoder", UtilCodec.getEncoder("foobar"));
> >>> +    }
> >>> +    private static void checkStringForHtmlStrictNone_test(String
> label,
> >>> String fixed, String input, String... wantedMessages) {
> >>> +        List<String> gottenMessages = new ArrayList<String>();
> >>> +        assertEquals(label, fixed, UtilCodec.
> >>> checkStringForHtmlStrictNone(label, input, gottenMessages));
> >>> +        assertEquals(label, Arrays.asList(wantedMessages),
> >>> gottenMessages);
> >>> +    }
> >>> +
> >>> +    public void testCheckStringForHtmlStrictNone() {
> >>> +        checkStringForHtmlStrictNone_test("null pass-thru", null,
> null);
> >>> +        checkStringForHtmlStrictNone_test("empty pass-thru", "", "");
> >>> +        checkStringForHtmlStrictNone_test("o-numeric-encode", "foo",
> >>> "f&#111;o");
> >>> +        checkStringForHtmlStrictNone_test("o-hex-encode", "foo",
> >>> "f%6fo");
> >>> +        checkStringForHtmlStrictNone_test("o-double-hex-encode",
> "foo",
> >>> "f%256fo");
> >>> +        checkStringForHtmlStrictNone_test("<-not-allowed", "f<oo",
> >>> "f<oo", "In field [<-not-allowed] less-than (<) and greater-than (>)
> >>> symbols are not allowed.");
> >>> +        checkStringForHtmlStrictNone_test(">-not-allowed", "f>oo",
> >>> "f>oo", "In field [>-not-allowed] less-than (<) and greater-than (>)
> >>> symbols are not allowed.");
> >>> +        checkStringForHtmlStrictNone_test("high-ascii", "fÀ®",
> >>> "f%C0%AE");
> >>> +        // this looks like a bug, namely the extra trailing ;
> >>> +        checkStringForHtmlStrictNone_test("double-ampersand",
> "f\";oo",
> >>> "f%26quot%3boo");
> >>> +        checkStringForHtmlStrictNone_test("double-encoding",
> >>> "%2%353Cscript", "%2%353Cscript", "In field [double-encoding] found
> >>> character escaping (mixed or double) that is not allowed or other
> format
> >>> consistency error: org.owasp.esapi.errors.IntrusionException: Input
> >>> validation failure");
> >>> +    }
> >>> +
> >>> +}
> >>>
> >>> Propchange: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/
> >>> UtilCodecTests.java
> >>> ------------------------------------------------------------
> >>> ------------------
> >>>     svn:eol-style = native
> >>>
> >>> Propchange: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/
> >>> UtilCodecTests.java
> >>> ------------------------------------------------------------
> >>> ------------------
> >>>     svn:keywords = Date Rev Author URL Id
> >>>
> >>> Propchange: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/
> >>> UtilCodecTests.java
> >>> ------------------------------------------------------------
> >>> ------------------
> >>>     svn:mime-type = text/plain
> >>>
> >>> Added: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/
> >>> UtilHttpTests.java
> >>> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/
> >>> src/org/ofbiz/base/util/test/UtilHttpTests.java?rev=1648403&view=auto
> >>> ============================================================
> >>> ==================
> >>> ---
> ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/UtilHttpTests.java
> >>> (added)
> >>> +++
> ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/UtilHttpTests.java
> >>> Mon Dec 29 18:24:57 2014
> >>> @@ -0,0 +1,30 @@
> >>> +/**********************************************************
> >>> *********************
> >>> + * Licensed to the Apache Software Foundation (ASF) under one
> >>> + * or more contributor license agreements.  See the NOTICE file
> >>> + * distributed with this work for additional information
> >>> + * regarding copyright ownership.  The ASF licenses this file
> >>> + * to you under the Apache License, Version 2.0 (the
> >>> + * "License"); you may not use this file except in compliance
> >>> + * with the License.  You may obtain a copy of the License at
> >>> + *
> >>> + * http://www.apache.org/licenses/LICENSE-2.0
> >>> + *
> >>> + * Unless required by applicable law or agreed to in writing,
> >>> + * software distributed under the License is distributed on an
> >>> + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
> >>> + * KIND, either express or implied.  See the License for the
> >>> + * specific language governing permissions and limitations
> >>> + * under the License.
> >>> + ************************************************************
> >>> *******************/
> >>> +package org.ofbiz.base.util.test;
> >>> +
> >>> +import org.ofbiz.base.test.GenericTestCaseBase;
> >>> +
> >>> +public class UtilHttpTests extends GenericTestCaseBase {
> >>> +    public UtilHttpTests(String name) {
> >>> +        super(name);
> >>> +    }
> >>> +
> >>> +    public void testGetParameterMap() throws Exception {
> >>> +    }
> >>> +}
> >>>
> >>> Propchange: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/
> >>> UtilHttpTests.java
> >>> ------------------------------------------------------------
> >>> ------------------
> >>>     svn:eol-style = native
> >>>
> >>> Propchange: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/
> >>> UtilHttpTests.java
> >>> ------------------------------------------------------------
> >>> ------------------
> >>>     svn:keywords = Date Rev Author URL Id
> >>>
> >>> Propchange: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/
> >>> UtilHttpTests.java
> >>> ------------------------------------------------------------
> >>> ------------------
> >>>     svn:mime-type = text/plain
> >>>
> >>> Modified: ofbiz/trunk/framework/base/testdef/basetests.xml
> >>> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/
> >>> testdef/basetests.xml?rev=1648403&r1=1648402&r2=1648403&view=diff
> >>> ============================================================
> >>> ==================
> >>> --- ofbiz/trunk/framework/base/testdef/basetests.xml (original)
> >>> +++ ofbiz/trunk/framework/base/testdef/basetests.xml Mon Dec 29
> 18:24:57
> >>> 2014
> >>> @@ -23,9 +23,14 @@
> >>>          xsi:noNamespaceSchemaLocation="http://ofbiz.apache.org/dtds/
> >>> test-suite.xsd">
> >>>      <test-group case-name="basetests">
> >>>          <junit-test-suite class-name="org.ofbiz.base.lang.test.
> >>> ComparableRangeTests"/>
> >>> +        <junit-test-suite class-name="org.ofbiz.base.
> >>> util.test.AssertTests"/>
> >>>          <junit-test-suite class-name="org.ofbiz.base.util.test.
> >>> IndentingWriterTests"/>
> >>>          <junit-test-suite class-name="org.ofbiz.base.
> >>> util.test.ObjectTypeTests"/>
> >>> +        <!--junit-test-suite class-name="org.ofbiz.base.util.test.
> >>> ReferenceCleanerTests"/-->
> >>>          <junit-test-suite class-name="org.ofbiz.base.
> >>> util.test.UtilObjectTests"/>
> >>> +        <junit-test-suite class-name="org.ofbiz.base.
> >>> util.test.StringUtilTests"/>
> >>> +        <junit-test-suite class-name="org.ofbiz.base.
> >>> util.test.UtilHttpTests"/>
> >>> +        <junit-test-suite class-name="org.ofbiz.base.
> >>> util.test.UtilCodecTests"/>
> >>>          <junit-test-suite class-name="org.ofbiz.base.util.string.test.
> >>> FlexibleStringExpanderTests"/>
> >>>          <junit-test-suite class-name="org.ofbiz.base.
> >>> util.collections.test.FlexibleMapAccessorTests"/>
> >>>          <junit-test-suite class-name="org.ofbiz.base.
> >>> util.test.TimeDurationTests"/>
> >>>
> >>> Modified: ofbiz/trunk/framework/common/src/org/ofbiz/common/
> >>> CommonServices.java
> >>> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/common/
> >>> src/org/ofbiz/common/CommonServices.java?rev=
> >>> 1648403&r1=1648402&r2=1648403&view=diff
> >>> ============================================================
> >>> ==================
> >>> ---
> ofbiz/trunk/framework/common/src/org/ofbiz/common/CommonServices.java
> >>> (original)
> >>> +++
> ofbiz/trunk/framework/common/src/org/ofbiz/common/CommonServices.java
> >>> Mon Dec 29 18:24:57 2014
> >>> @@ -46,7 +46,7 @@ import javax.mail.internet.MimeMessage;
> >>>  import org.ofbiz.base.metrics.Metrics;
> >>>  import org.ofbiz.base.metrics.MetricsFactory;
> >>>  import org.ofbiz.base.util.Debug;
> >>> -import org.ofbiz.base.util.StringUtil;
> >>> +import org.ofbiz.base.util.UtilCodec;
> >>>  import org.ofbiz.base.util.UtilDateTime;
> >>>  import org.ofbiz.base.util.UtilMisc;
> >>>  import org.ofbiz.base.util.UtilProperties;
> >>> @@ -539,7 +539,7 @@ public class CommonServices {
> >>>
> >>>      public static Map<String, Object> resetMetric(DispatchContext
> dctx,
> >>> Map<String, ?> context) {
> >>>          String originalName = (String) context.get("name");
> >>> -        String name =
> StringUtil.getDecoder("url").decode(originalName);
> >>> +        String name =
> UtilCodec.getDecoder("url").decode(originalName);
> >>>          if (name == null) {
> >>>              return ServiceUtil.returnError("Exception thrown while
> >>> decoding metric name \"" + originalName + "\"");
> >>>          }
> >>>
> >>> Modified: ofbiz/trunk/framework/service/src/org/ofbiz/service/
> >>> ModelService.java
> >>> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/service/
> >>> src/org/ofbiz/service/ModelService.java?rev=1648403&
> >>> r1=1648402&r2=1648403&view=diff
> >>> ============================================================
> >>> ==================
> >>> ---
> ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelService.java
> >>> (original)
> >>> +++
> ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelService.java
> >>> Mon Dec 29 18:24:57 2014
> >>> @@ -63,7 +63,7 @@ import org.ofbiz.base.metrics.Metrics;
> >>>  import org.ofbiz.base.util.Debug;
> >>>  import org.ofbiz.base.util.GeneralException;
> >>>  import org.ofbiz.base.util.ObjectType;
> >>> -import org.ofbiz.base.util.StringUtil;
> >>> +import org.ofbiz.base.util.UtilCodec;
> >>>  import org.ofbiz.base.util.UtilMisc;
> >>>  import org.ofbiz.base.util.UtilProperties;
> >>>  import org.ofbiz.base.util.UtilValidate;
> >>> @@ -584,7 +584,7 @@ public class ModelService extends Abstra
> >>>                  if (context.get(modelParam.name) != null &&
> >>> ("String".equals(modelParam.type) || "java.lang.String".equals(
> >>> modelParam.type))
> >>>                          && !"any".equals(modelParam.allowHtml) &&
> >>> ("INOUT".equals(modelParam.mode) || "IN".equals(modelParam.mode))) {
> >>>                      String value = (String)
> >>> context.get(modelParam.name);
> >>> -
> StringUtil.checkStringForHtmlStrictNone(modelParam.name,
> >>> value, errorMessageList);
> >>> +
> UtilCodec.checkStringForHtmlStrictNone(modelParam.name,
> >>> value, errorMessageList);
> >>>                  }
> >>>              }
> >>>              if (errorMessageList.size() > 0) {
> >>>
> >>> Modified: ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/
> >>> ControlServlet.java
> >>> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/
> >>> src/org/ofbiz/webapp/control/ControlServlet.java?rev=
> >>> 1648403&r1=1648402&r2=1648403&view=diff
> >>> ============================================================
> >>> ==================
> >>> ---
> ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ControlServlet.java
> >>> (original)
> >>> +++
> ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ControlServlet.java
> >>> Mon Dec 29 18:24:57 2014
> >>> @@ -32,7 +32,7 @@ import javax.servlet.http.HttpSession;
> >>>
> >>>  import org.apache.bsf.BSFManager;
> >>>  import org.ofbiz.base.util.Debug;
> >>> -import org.ofbiz.base.util.StringUtil;
> >>> +import org.ofbiz.base.util.UtilCodec;
> >>>  import org.ofbiz.base.util.UtilGenerics;
> >>>  import org.ofbiz.base.util.UtilHttp;
> >>>  import org.ofbiz.base.util.UtilTimer;
> >>> @@ -217,8 +217,7 @@ public class ControlServlet extends Http
> >>>                  if (Debug.verboseOn()) Debug.logVerbose(throwable,
> >>> module);
> >>>              } else {
> >>>                  Debug.logError(throwable, "Error in request handler:
> ",
> >>> module);
> >>> -                StringUtil.HtmlEncoder encoder = new
> >>> StringUtil.HtmlEncoder();
> >>> -                request.setAttribute("_ERROR_MESSAGE_",
> >>> encoder.encode(throwable.toString()));
> >>> +                request.setAttribute("_ERROR_MESSAGE_",
> >>> UtilCodec.getEncoder("html").encode(throwable.toString()));
> >>>                  errorPage = requestHandler.
> >>> getDefaultErrorPage(request);
> >>>              }
> >>>           } catch (RequestHandlerExceptionAllowExternalRequests e) {
> >>> @@ -226,8 +225,7 @@ public class ControlServlet extends Http
> >>>                Debug.logInfo("Going to external page: " +
> >>> request.getPathInfo(), module);
> >>>          } catch (Exception e) {
> >>>              Debug.logError(e, "Error in request handler: ", module);
> >>> -            StringUtil.HtmlEncoder encoder = new
> >>> StringUtil.HtmlEncoder();
> >>> -            request.setAttribute("_ERROR_MESSAGE_",
> >>> encoder.encode(e.toString()));
> >>> +            request.setAttribute("_ERROR_MESSAGE_",
> >>> UtilCodec.getEncoder("html").encode(e.toString()));
> >>>              errorPage = requestHandler.getDefaultErrorPage(request);
> >>>          }
> >>>
> >>>
> >>> Modified: ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/
> >>> RequestHandler.java
> >>> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/
> >>> src/org/ofbiz/webapp/control/RequestHandler.java?rev=
> >>> 1648403&r1=1648402&r2=1648403&view=diff
> >>> ============================================================
> >>> ==================
> >>> ---
> ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java
> >>> (original)
> >>> +++
> ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java
> >>> Mon Dec 29 18:24:57 2014
> >>> @@ -40,6 +40,7 @@ import org.ofbiz.base.start.Start;
> >>>  import org.ofbiz.base.util.Debug;
> >>>  import org.ofbiz.base.util.SSLUtil;
> >>>  import org.ofbiz.base.util.StringUtil;
> >>> +import org.ofbiz.base.util.UtilCodec;
> >>>  import org.ofbiz.base.util.UtilFormatOut;
> >>>  import org.ofbiz.base.util.UtilGenerics;
> >>>  import org.ofbiz.base.util.UtilHttp;
> >>> @@ -1115,11 +1116,11 @@ public class RequestHandler {
> >>>              if (queryString.length() > 1) {
> >>>                  queryString.append("&");
> >>>              }
> >>> -            String encodedName = StringUtil.getEncoder("url").
> >>> encode(name);
> >>> +            String encodedName = UtilCodec.getEncoder("url").
> >>> encode(name);
> >>>              if (encodedName != null) {
> >>>                  queryString.append(encodedName);
> >>>                  queryString.append("=");
> >>> -
> queryString.append(StringUtil.getEncoder("url").encode(
> >>> value));
> >>> +                queryString.append(UtilCodec.getEncoder("url").encode(
> >>> value));
> >>>              }
> >>>          }
> >>>      }
> >>>
> >>> Modified: ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/ftl/
> >>> OfbizContentTransform.java
> >>> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/
> >>> src/org/ofbiz/webapp/ftl/OfbizContentTransform.java?
> >>> rev=1648403&r1=1648402&r2=1648403&view=diff
> >>> ============================================================
> >>> ==================
> >>> ---
> ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/ftl/OfbizContentTransform.java
> >>> (original)
> >>> +++
> ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/ftl/OfbizContentTransform.java
> >>> Mon Dec 29 18:24:57 2014
> >>> @@ -25,7 +25,7 @@ import java.util.Map;
> >>>  import javax.servlet.http.HttpServletRequest;
> >>>
> >>>  import org.ofbiz.base.util.Debug;
> >>> -import org.ofbiz.base.util.StringUtil;
> >>> +import org.ofbiz.base.util.UtilCodec;
> >>>  import org.ofbiz.base.util.UtilValidate;
> >>>  import org.ofbiz.webapp.taglib.ContentUrlTag;
> >>>
> >>> @@ -92,7 +92,7 @@ public class OfbizContentTransform imple
> >>>                          return;
> >>>                      }
> >>>
> >>> -                    requestUrl = StringUtil.getDecoder("url").
> >>> decode(requestUrl);
> >>> +                    requestUrl = UtilCodec.getDecoder("url").
> >>> decode(requestUrl);
> >>>
> >>>                      // make the link
> >>>                      StringBuilder newURL = new StringBuilder();
> >>>
> >>> Modified: ofbiz/trunk/framework/webtools/src/org/ofbiz/
> >>> webtools/labelmanager/LabelManagerFactory.java
> >>> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/
> >>> webtools/src/org/ofbiz/webtools/labelmanager/
> >>> LabelManagerFactory.java?rev=1648403&r1=1648402&r2=1648403&view=diff
> >>> ============================================================
> >>> ==================
> >>> ---
> ofbiz/trunk/framework/webtools/src/org/ofbiz/webtools/labelmanager/LabelManagerFactory.java
> >>> (original)
> >>> +++
> ofbiz/trunk/framework/webtools/src/org/ofbiz/webtools/labelmanager/LabelManagerFactory.java
> >>> Mon Dec 29 18:24:57 2014
> >>> @@ -37,7 +37,7 @@ import org.ofbiz.base.component.Componen
> >>>  import org.ofbiz.base.util.Debug;
> >>>  import org.ofbiz.base.util.FileUtil;
> >>>  import org.ofbiz.base.util.GeneralException;
> >>> -import org.ofbiz.base.util.StringUtil;
> >>> +import org.ofbiz.base.util.UtilCodec;
> >>>  import org.ofbiz.base.util.UtilValidate;
> >>>  import org.ofbiz.base.util.UtilXml;
> >>>  import org.w3c.dom.Comment;
> >>> @@ -123,7 +123,7 @@ public class LabelManagerFactory {
> >>>              for (Node propertyNode :
> UtilXml.childNodeList(resourceElem.getFirstChild()))
> >>> {
> >>>                  if (propertyNode instanceof Element) {
> >>>                      Element propertyElem = (Element) propertyNode;
> >>> -                    String labelKey = StringUtil.canonicalize(
> >>> propertyElem.getAttribute("key"));
> >>> +                    String labelKey = UtilCodec.canonicalize(
> >>> propertyElem.getAttribute("key"));
> >>>                      String labelComment = "";
> >>>                      for (Node valueNode :
> UtilXml.childNodeList(propertyElem.getFirstChild()))
> >>> {
> >>>                          if (valueNode instanceof Element) {
> >>> @@ -134,7 +134,7 @@ public class LabelManagerFactory {
> >>>                              if( localeName.contains("_")) {
> >>>                                  localeName = localeName.replace('_',
> >>> '-');
> >>>                              }
> >>> -                            String labelValue =
> StringUtil.canonicalize(
> >>> UtilXml.nodeValue(valueElem.getFirstChild()));
> >>> +                            String labelValue =
> UtilCodec.canonicalize(
> >>> UtilXml.nodeValue(valueElem.getFirstChild()));
> >>>                              LabelInfo label = labels.get(labelKey +
> >>> keySeparator + fileInfo.getFileName());
> >>>
> >>>                              if (UtilValidate.isEmpty(label)) {
> >>> @@ -148,12 +148,12 @@ public class LabelManagerFactory {
> >>>                              localesFound.add(localeName);
> >>>                              labelComment = "";
> >>>                          } else if (valueNode instanceof Comment) {
> >>> -                            labelComment = labelComment +
> >>> StringUtil.canonicalize(valueNode.getNodeValue());
> >>> +                            labelComment = labelComment +
> >>> UtilCodec.canonicalize(valueNode.getNodeValue());
> >>>                          }
> >>>                      }
> >>>                      labelKeyComment = "";
> >>>                  } else if (propertyNode instanceof Comment) {
> >>> -                    labelKeyComment = labelKeyComment +
> >>> StringUtil.canonicalize(propertyNode.getNodeValue());
> >>> +                    labelKeyComment = labelKeyComment +
> >>> UtilCodec.canonicalize(propertyNode.getNodeValue());
> >>>                  }
> >>>              }
> >>>          }
> >>>
> >>> Modified: ofbiz/trunk/framework/widget/src/org/ofbiz/widget/
> >>> WidgetWorker.java
> >>> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/widget/
> >>> src/org/ofbiz/widget/WidgetWorker.java?rev=1648403&
> >>> r1=1648402&r2=1648403&view=diff
> >>> ============================================================
> >>> ==================
> >>> --- ofbiz/trunk/framework/widget/src/org/ofbiz/widget/WidgetWorker.java
> >>> (original)
> >>> +++ ofbiz/trunk/framework/widget/src/org/ofbiz/widget/WidgetWorker.java
> >>> Mon Dec 29 18:24:57 2014
> >>> @@ -36,7 +36,7 @@ import javax.servlet.http.HttpServletReq
> >>>  import javax.servlet.http.HttpServletResponse;
> >>>
> >>>  import org.ofbiz.base.util.Debug;
> >>> -import org.ofbiz.base.util.StringUtil;
> >>> +import org.ofbiz.base.util.UtilCodec;
> >>>  import org.ofbiz.base.util.UtilDateTime;
> >>>  import org.ofbiz.base.util.UtilGenerics;
> >>>  import org.ofbiz.base.util.UtilHttp;
> >>> @@ -71,7 +71,7 @@ public class WidgetWorker {
> >>>          // We may get an encoded request like:
> >>> &#47;projectmgr&#47;control&#47;EditTaskContents&#63;
> >>> workEffortId&#61;10003
> >>>          // Try to reducing a possibly encoded string down to its
> >>> simplest form: /projectmgr/control/EditTaskContents?workEffortId=10003
> >>>          // This step make sure the following appending
> externalLoginKey
> >>> operation to work correctly
> >>> -        localRequestName = StringUtil.canonicalize(localRequestName);
> >>> +        localRequestName = UtilCodec.canonicalize(localRequestName);
> >>>          Appendable localWriter = new StringWriter();
> >>>
> >>>          if ("intra-app".equals(targetType)) {
> >>> @@ -143,7 +143,7 @@ public class WidgetWorker {
> >>>                  }
> >>>                  externalWriter.append(parameter.getKey());
> >>>                  externalWriter.append('=');
> >>> -                StringUtil.SimpleEncoder simpleEncoder =
> >>> (StringUtil.SimpleEncoder) context.get("simpleEncoder");
> >>> +                UtilCodec.SimpleEncoder simpleEncoder =
> >>> (UtilCodec.SimpleEncoder) context.get("simpleEncoder");
> >>>                  if (simpleEncoder != null && parameterValue != null) {
> >>>                      externalWriter.append(simpleEncoder.encode(
> >>> URLEncoder.encode(parameterValue, Charset.forName("UTF-8").
> >>> displayName())));
> >>>                  } else {
> >>> @@ -300,7 +300,7 @@ public class WidgetWorker {
> >>>                  writer.append("<input name=\"");
> >>>                  writer.append(parameter.getKey());
> >>>                  writer.append("\" value=\"");
> >>> -                writer.append(StringUtil.getEncoder("html").encode(
> >>> parameter.getValue()));
> >>> +                writer.append(UtilCodec.getEncoder("html").encode(
> >>> parameter.getValue()));
> >>>                  writer.append("\" type=\"hidden\"/>");
> >>>              }
> >>>          }
> >>>
> >>> Modified: ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/
> >>> MacroFormRenderer.java
> >>> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/widget/
> >>> src/org/ofbiz/widget/form/MacroFormRenderer.java?rev=
> >>> 1648403&r1=1648402&r2=1648403&view=diff
> >>> ============================================================
> >>> ==================
> >>> ---
> ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/MacroFormRenderer.java
> >>> (original)
> >>> +++
> ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/MacroFormRenderer.java
> >>> Mon Dec 29 18:24:57 2014
> >>> @@ -40,6 +40,7 @@ import javax.servlet.http.HttpServletRes
> >>>
> >>>  import org.ofbiz.base.util.Debug;
> >>>  import org.ofbiz.base.util.StringUtil;
> >>> +import org.ofbiz.base.util.UtilCodec;
> >>>  import org.ofbiz.base.util.UtilFormatOut;
> >>>  import org.ofbiz.base.util.UtilGenerics;
> >>>  import org.ofbiz.base.util.UtilHttp;
> >>> @@ -75,7 +76,6 @@ import org.ofbiz.widget.form.ModelFormFi
> >>>  import org.ofbiz.widget.form.ModelFormField.TextField;
> >>>  import org.ofbiz.widget.form.ModelFormField.TextFindField;
> >>>  import org.ofbiz.widget.form.ModelFormField.TextareaField;
> >>> -import org.ofbiz.widget.form.ModelFormFieldBuilder;
> >>>  import org.ofbiz.widget.screen.ModelScreenWidget;
> >>>
> >>>  import com.ibm.icu.util.Calendar;
> >>> @@ -93,7 +93,7 @@ public final class MacroFormRenderer imp
> >>>      public static final String module = MacroFormRenderer.class.
> >>> getName();
> >>>      private final Template macroLibrary;
> >>>      private final WeakHashMap<Appendable, Environment> environments =
> >>> new WeakHashMap<Appendable, Environment>();
> >>> -    private final StringUtil.SimpleEncoder internalEncoder;
> >>> +    private final UtilCodec.SimpleEncoder internalEncoder;
> >>>      private final RequestHandler rh;
> >>>      private final HttpServletRequest request;
> >>>      private final HttpServletResponse response;
> >>> @@ -108,7 +108,7 @@ public final class MacroFormRenderer imp
> >>>          ServletContext ctx = (ServletContext) request.getAttribute("
> >>> servletContext");
> >>>          this.rh = (RequestHandler) ctx.getAttribute("_REQUEST_
> >>> HANDLER_");
> >>>          this.javaScriptEnabled =
> UtilHttp.isJavaScriptEnabled(request);
> >>> -        internalEncoder = StringUtil.getEncoder("string");
> >>> +        internalEncoder = UtilCodec.getEncoder("string");
> >>>      }
> >>>
> >>>      @Deprecated
> >>> @@ -158,7 +158,7 @@ public final class MacroFormRenderer imp
> >>>          if (UtilValidate.isEmpty(value)) {
> >>>              return value;
> >>>          }
> >>> -        StringUtil.SimpleEncoder encoder = (StringUtil.SimpleEncoder)
> >>> context.get("simpleEncoder");
> >>> +        UtilCodec.SimpleEncoder encoder = (UtilCodec.SimpleEncoder)
> >>> context.get("simpleEncoder");
> >>>          if (modelFormField.getEncodeOutput() && encoder != null) {
> >>>              value = encoder.encode(value);
> >>>          } else {
> >>> @@ -3088,7 +3088,7 @@ public final class MacroFormRenderer imp
> >>>              parameters.append(parameter.getName());
> >>>              parameters.append("'");
> >>>              parameters.append(",'value':'");
> >>> -            parameters.append(StringUtil.getEncoder("html").encode(
> >>> parameter.getValue(context)));
> >>> +            parameters.append(UtilCodec.getEncoder("html").encode(
> >>> parameter.getValue(context)));
> >>>              parameters.append("'}");
> >>>          }
> >>>          parameters.append("]");
> >>>
> >>> Modified: ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/
> >>> ModelForm.java
> >>> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/widget/
> >>> src/org/ofbiz/widget/form/ModelForm.java?rev=1648403&r1=
> >>> 1648402&r2=1648403&view=diff
> >>> ============================================================
> >>> ==================
> >>> ---
> ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/ModelForm.java
> >>> (original)
> >>> +++
> ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/ModelForm.java
> >>> Mon Dec 29 18:24:57 2014
> >>> @@ -34,6 +34,7 @@ import java.util.concurrent.atomic.Atomi
> >>>  import org.ofbiz.base.util.BshUtil;
> >>>  import org.ofbiz.base.util.Debug;
> >>>  import org.ofbiz.base.util.StringUtil;
> >>> +import org.ofbiz.base.util.UtilCodec;
> >>>  import org.ofbiz.base.util.UtilGenerics;
> >>>  import org.ofbiz.base.util.UtilProperties;
> >>>  import org.ofbiz.base.util.UtilValidate;
> >>> @@ -1515,9 +1516,9 @@ public class ModelForm extends ModelWidg
> >>>       */
> >>>      public String getTarget(Map<String, Object> context, String
> >>> targetType) {
> >>>          Map<String, Object> expanderContext = context;
> >>> -        StringUtil.SimpleEncoder simpleEncoder =
> >>> (StringUtil.SimpleEncoder) context.get("simpleEncoder");
> >>> +        UtilCodec.SimpleEncoder simpleEncoder =
> >>> (UtilCodec.SimpleEncoder) context.get("simpleEncoder");
> >>>          if (simpleEncoder != null) {
> >>> -            expanderContext = StringUtil.HtmlEncodingMapWrapper.
> >>> getHtmlEncodingMapWrapper(context, simpleEncoder);
> >>> +            expanderContext = UtilCodec.HtmlEncodingMapWrapper.
> >>> getHtmlEncodingMapWrapper(context, simpleEncoder);
> >>>          }
> >>>          try {
> >>>              // use the same Interpreter (ie with the same context
> >>> setup) for all evals
> >>>
> >>> Modified: ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/
> >>> ModelFormField.java
> >>> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/widget/
> >>> src/org/ofbiz/widget/form/ModelFormField.java?rev=
> >>> 1648403&r1=1648402&r2=1648403&view=diff
> >>> ============================================================
> >>> ==================
> >>> ---
> ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/ModelFormField.java
> >>> (original)
> >>> +++
> ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/ModelFormField.java
> >>> Mon Dec 29 18:24:57 2014
> >>> @@ -42,6 +42,7 @@ import org.ofbiz.base.util.Debug;
> >>>  import org.ofbiz.base.util.GeneralException;
> >>>  import org.ofbiz.base.util.ObjectType;
> >>>  import org.ofbiz.base.util.StringUtil;
> >>> +import org.ofbiz.base.util.UtilCodec;
> >>>  import org.ofbiz.base.util.UtilDateTime;
> >>>  import org.ofbiz.base.util.UtilFormatOut;
> >>>  import org.ofbiz.base.util.UtilGenerics;
> >>> @@ -343,7 +344,7 @@ public class ModelFormField {
> >>>          }
> >>>
> >>>          if (this.getEncodeOutput() && returnValue != null) {
> >>> -            StringUtil.SimpleEncoder simpleEncoder =
> >>> (StringUtil.SimpleEncoder) context.get("simpleEncoder");
> >>> +            UtilCodec.SimpleEncoder simpleEncoder =
> >>> (UtilCodec.SimpleEncoder) context.get("simpleEncoder");
> >>>              if (simpleEncoder != null)
> >>>                  returnValue = simpleEncoder.encode(returnValue);
> >>>          }
> >>> @@ -602,7 +603,7 @@ public class ModelFormField {
> >>>          if (UtilValidate.isNotEmpty(tooltip))
> >>>              tooltipString = tooltip.expandString(context);
> >>>          if (this.getEncodeOutput()) {
> >>> -            StringUtil.SimpleEncoder simpleEncoder =
> >>> (StringUtil.SimpleEncoder) context.get("simpleEncoder");
> >>> +            UtilCodec.SimpleEncoder simpleEncoder =
> >>> (UtilCodec.SimpleEncoder) context.get("
> >>
> >> ...
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message