roller-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ghu...@apache.org
Subject svn commit: r1464959 - in /roller/trunk: weblogger-business/src/main/resources/org/apache/roller/weblogger/config/ weblogger-web/src/main/java/org/apache/roller/weblogger/ui/core/filters/ weblogger-web/src/main/java/org/apache/roller/weblogger/ui/strut...
Date Fri, 05 Apr 2013 12:50:13 GMT
Author: ghuber
Date: Fri Apr  5 12:50:13 2013
New Revision: 1464959

URL: http://svn.apache.org/r1464959
Log:
Salt on media files, multipart/form-data no parameters. Media file Tags not saving (could
not fix?)

Modified:
    roller/trunk/weblogger-business/src/main/resources/org/apache/roller/weblogger/config/roller.properties
    roller/trunk/weblogger-web/src/main/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilter.java
    roller/trunk/weblogger-web/src/main/java/org/apache/roller/weblogger/ui/struts2/editor/MediaFileBean.java

Modified: roller/trunk/weblogger-business/src/main/resources/org/apache/roller/weblogger/config/roller.properties
URL: http://svn.apache.org/viewvc/roller/trunk/weblogger-business/src/main/resources/org/apache/roller/weblogger/config/roller.properties?rev=1464959&r1=1464958&r2=1464959&view=diff
==============================================================================
--- roller/trunk/weblogger-business/src/main/resources/org/apache/roller/weblogger/config/roller.properties
(original)
+++ roller/trunk/weblogger-business/src/main/resources/org/apache/roller/weblogger/config/roller.properties
Fri Apr  5 12:50:13 2013
@@ -402,6 +402,9 @@ schemeenforcement.https.urls=/roller_j_s
 # Ignored extensions otherwise we get SSL mixed content issues
 schemeenforcement.https.ignored=css,gif,png,js
 
+# Ignored urls for salt.  These are for multipart/form-data submissions as we do not get
any parameters
+salt.ignored.urls=mediaFileAdd!save.rol,mediaFileEdit!save.rol
+
 #----------------------------------
 # Single-Sign-On
 

Modified: roller/trunk/weblogger-web/src/main/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilter.java
URL: http://svn.apache.org/viewvc/roller/trunk/weblogger-web/src/main/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilter.java?rev=1464959&r1=1464958&r2=1464959&view=diff
==============================================================================
--- roller/trunk/weblogger-web/src/main/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilter.java
(original)
+++ roller/trunk/weblogger-web/src/main/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilter.java
Fri Apr  5 12:50:13 2013
@@ -17,12 +17,23 @@
  */
 
 package org.apache.roller.weblogger.ui.core.filters;
- 
+
 import java.io.IOException;
-import javax.servlet.*;
+import java.util.HashSet;
+import java.util.Set;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
+
+import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.apache.roller.weblogger.config.WebloggerConfig;
 import org.apache.roller.weblogger.ui.rendering.util.cache.SaltCache;
 
 /**
@@ -30,29 +41,63 @@ import org.apache.roller.weblogger.ui.re
  * those without a salt value or with a salt value not generated by this Roller
  * instance.
  */
-public class ValidateSaltFilter implements Filter  {
-    private static Log log = LogFactory.getLog(ValidateSaltFilter.class);
+public class ValidateSaltFilter implements Filter {
+	private static Log log = LogFactory.getLog(ValidateSaltFilter.class);
+	private Set<String> ignored = new HashSet<String>();
+
+	// @Override
+	public void doFilter(ServletRequest request, ServletResponse response,
+			FilterChain chain) throws IOException, ServletException {
+		HttpServletRequest httpReq = (HttpServletRequest) request;
 
-    //@Override
-    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
-        throws IOException, ServletException {
-        HttpServletRequest httpReq = (HttpServletRequest) request;
- 
 		if (httpReq.getMethod().equals("POST")) {
-        	String salt = (String) httpReq.getParameter("salt");
-			SaltCache saltCache = SaltCache.getInstance();
-			if (salt == null || saltCache.get(salt) == null || saltCache.get(salt).equals(false))
{
-            	throw new ServletException("Security Violation");
+
+			// TODO multipart/form-data does not send parameters
+			if (!isIgnoredURL(((HttpServletRequest) request).getServletPath())) {
+				String salt = (String) httpReq.getParameter("salt");
+				SaltCache saltCache = SaltCache.getInstance();
+				if (salt == null || saltCache.get(salt) == null
+						|| saltCache.get(salt).equals(false)) {
+					throw new ServletException("Security Violation");
+				}
 			}
+
 		}
-        chain.doFilter(request, response);
-    }
- 
-    //@Override
-    public void init(FilterConfig filterConfig) throws ServletException {
-    }
- 
-    //@Override
-    public void destroy() {
-    }
+		chain.doFilter(request, response);
+	}
+
+	// @Override
+	public void init(FilterConfig filterConfig) throws ServletException {
+
+		// Construct our list of ignord urls
+		String urls = WebloggerConfig.getProperty("salt.ignored.urls");
+		String[] urlsArray = StringUtils.stripAll(StringUtils.split(urls, ","));
+		for (int i = 0; i < urlsArray.length; i++)
+			this.ignored.add(urlsArray[i]);
+
+	}
+
+	// @Override
+	public void destroy() {
+	}
+
+	/**
+	 * Checks if this is an ignored url.
+	 * 
+	 * @param theUrl
+	 *            the the url
+	 * 
+	 * @return true, if is ignored resource
+	 */
+	private boolean isIgnoredURL(String theUrl) {
+
+		int i = theUrl.lastIndexOf("/");
+
+		// If its not a resource then do not ignore it
+		if (i <= 0 || i == theUrl.length() - 1)
+			return false;
+
+		return ignored.contains(theUrl.substring(i + 1));
+
+	}
 }
\ No newline at end of file

Modified: roller/trunk/weblogger-web/src/main/java/org/apache/roller/weblogger/ui/struts2/editor/MediaFileBean.java
URL: http://svn.apache.org/viewvc/roller/trunk/weblogger-web/src/main/java/org/apache/roller/weblogger/ui/struts2/editor/MediaFileBean.java?rev=1464959&r1=1464958&r2=1464959&view=diff
==============================================================================
--- roller/trunk/weblogger-web/src/main/java/org/apache/roller/weblogger/ui/struts2/editor/MediaFileBean.java
(original)
+++ roller/trunk/weblogger-web/src/main/java/org/apache/roller/weblogger/ui/struts2/editor/MediaFileBean.java
Fri Apr  5 12:50:13 2013
@@ -20,6 +20,7 @@ package org.apache.roller.weblogger.ui.s
 import java.util.HashSet;
 import java.util.Set;
 
+import org.apache.commons.lang.StringUtils;
 import org.apache.roller.weblogger.WebloggerException;
 import org.apache.roller.weblogger.pojos.MediaFile;
 import org.apache.roller.weblogger.pojos.MediaFileTag;
@@ -111,11 +112,15 @@ public class MediaFileBean {
         dataHolder.setDescription(this.description);
         dataHolder.setCopyrightText(this.copyrightText);
 
-        Set<MediaFileTag> tagsSet = new HashSet<MediaFileTag>();
-        for (String tag : this.tags.split(" ")) {
-            tagsSet.add(new MediaFileTag(tag, dataHolder));
-        }
-        dataHolder.setTags(tagsSet);
+		if (StringUtils.isNotEmpty(tags)) {
+			Set<MediaFileTag> tagsSet = new HashSet<MediaFileTag>();
+			for (String tag : this.tags.split(" ")) {
+				tagsSet.add(new MediaFileTag(tag, dataHolder));
+			}
+			dataHolder.setTags(tagsSet);
+		} else {
+			dataHolder.setTags(null);
+		}
         dataHolder.setSharedForGallery(this.isSharedForGallery);
         dataHolder.setOriginalPath(this.originalPath);
     }
@@ -132,13 +137,17 @@ public class MediaFileBean {
 
         Set<MediaFileTag> tags = dataHolder.getTags();
         if (tags != null && !tags.isEmpty()) {
-            StringBuffer tagDisplayBuffer = new StringBuffer();
+            StringBuilder tagDisplayBuilder = new StringBuilder();
             for (MediaFileTag tag : dataHolder.getTags()) {
-                tagDisplayBuffer.append(tag.getName());
-                tagDisplayBuffer.append(" ");
+            	if (StringUtils.isNotEmpty(tag.getName())) {
+            		tagDisplayBuilder.append(tag.getName());
+                    tagDisplayBuilder.append(" ");
+				}
             }
-            tagDisplayBuffer.deleteCharAt(tagDisplayBuffer.length() - 1);
-            this.setTags(tagDisplayBuffer.toString());
+			if (tagDisplayBuilder.length() > 0) {
+				tagDisplayBuilder.deleteCharAt(tagDisplayBuilder.length() - 1);
+			}
+            this.setTags(tagDisplayBuilder.toString());
         }
 
         this.setSharedForGallery(dataHolder.isSharedForGallery());



Mime
View raw message