git commit: DELTASPIKE-752 ensure a secure maximum length of the window-id

Sat, 25 Oct 2014 12:30:01 -0700 

Repository: deltaspike
Updated Branches:
  refs/heads/master f7e4ff47a -> 167b7bcf2


DELTASPIKE-752 ensure a secure maximum length of the window-id


Project: http://git-wip-us.apache.org/repos/asf/deltaspike/repo
Commit: http://git-wip-us.apache.org/repos/asf/deltaspike/commit/167b7bcf
Tree: http://git-wip-us.apache.org/repos/asf/deltaspike/tree/167b7bcf
Diff: http://git-wip-us.apache.org/repos/asf/deltaspike/diff/167b7bcf

Branch: refs/heads/master
Commit: 167b7bcf21fdde0f9ed25a1e2f9575040b080887
Parents: f7e4ff4
Author: gpetracek <[email protected]>
Authored: Sat Oct 25 21:28:38 2014 +0200
Committer: gpetracek <[email protected]>
Committed: Sat Oct 25 21:28:38 2014 +0200

----------------------------------------------------------------------
 .../jsf/impl/scope/window/DefaultClientWindow.java  | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/deltaspike/blob/167b7bcf/deltaspike/modules/jsf/impl/src/main/java/org/apache/deltaspike/jsf/impl/scope/window/DefaultClientWindow.java
----------------------------------------------------------------------
diff --git 
a/deltaspike/modules/jsf/impl/src/main/java/org/apache/deltaspike/jsf/impl/scope/window/DefaultClientWindow.java
 
b/deltaspike/modules/jsf/impl/src/main/java/org/apache/deltaspike/jsf/impl/scope/window/DefaultClientWindow.java
index 0389425..9d0bc8c 100644
--- 
a/deltaspike/modules/jsf/impl/src/main/java/org/apache/deltaspike/jsf/impl/scope/window/DefaultClientWindow.java
+++ 
b/deltaspike/modules/jsf/impl/src/main/java/org/apache/deltaspike/jsf/impl/scope/window/DefaultClientWindow.java
@@ -95,7 +95,10 @@ public class DefaultClientWindow implements ClientWindow
 
     private static final String CACHE_QUERY_URL_PARAMETERS =
             "CACHE:" + DefaultClientWindow.class + "#getQueryURLParameters";
-    
+
+    /*enough for the integer generated by #generateNewWindowId - see 
DELTASPIKE-752 */
+    private static final int SECURE_ID_LENGTH = 10;
+
     @Inject
     private ClientWindowConfig clientWindowConfig;
 
@@ -109,6 +112,17 @@ public class DefaultClientWindow implements ClientWindow
     @Override
     public String getWindowId(FacesContext facesContext)
     {
+        String windowId = getOrCreateWindowId(facesContext);
+
+        if (windowId != null && windowId.length() > SECURE_ID_LENGTH)
+        {
+            windowId = windowId.substring(0, SECURE_ID_LENGTH);
+        }
+        return windowId;
+    }
+
+    protected String getOrCreateWindowId(FacesContext facesContext)
+    {
         ExternalContext externalContext = facesContext.getExternalContext();
         Map<String, Object> requestMap = externalContext.getRequestMap();

Reply via email to