This is an automated email from the ASF dual-hosted git repository. juanpablo pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/jspwiki.git
commit d4e7a1bb0c98751871b6eb7568fd22135ec29092 Author: Juan Pablo Santos RodrÃguez <[email protected]> AuthorDate: Thu Oct 28 11:38:20 2021 +0200 leftovers from #141 --- .../src/main/java/org/apache/wiki/WikiSession.java | 10 +++--- .../org/apache/wiki/ui/DefaultCommandResolver.java | 2 +- .../java/org/apache/wiki/plugin/DenounceTest.java | 40 ++++++++++++++++++++++ 3 files changed, 46 insertions(+), 6 deletions(-) diff --git a/jspwiki-main/src/main/java/org/apache/wiki/WikiSession.java b/jspwiki-main/src/main/java/org/apache/wiki/WikiSession.java index b59445e..424f2b2 100644 --- a/jspwiki-main/src/main/java/org/apache/wiki/WikiSession.java +++ b/jspwiki-main/src/main/java/org/apache/wiki/WikiSession.java @@ -220,10 +220,10 @@ public class WikiSession implements Session { public Principal[] getRoles() { final Set< Principal > roles = new HashSet<>(); - // Add all of the Roles possessed by the Subject directly + // Add all the Roles possessed by the Subject directly roles.addAll( m_subject.getPrincipals( Role.class ) ); - // Add all of the GroupPrincipals possessed by the Subject directly + // Add all the GroupPrincipals possessed by the Subject directly roles.addAll( m_subject.getPrincipals( GroupPrincipal.class ) ); // Return a defensive copy @@ -388,7 +388,7 @@ public class WikiSession implements Session { * This method should generally be called after a user's {@link org.apache.wiki.auth.user.UserProfile} is saved. If the wiki session * is null, or there is no matching user profile, the method returns silently. */ - void injectGroupPrincipals() { + protected void injectGroupPrincipals() { // Flush the existing GroupPrincipals m_subject.getPrincipals().removeAll( m_subject.getPrincipals(GroupPrincipal.class) ); @@ -406,7 +406,7 @@ public class WikiSession implements Session { * and login name. These Principals will be WikiPrincipals, and they will replace all other WikiPrincipals in the Subject. <em>Note: * this method is never called during anonymous or asserted sessions.</em> */ - void injectUserProfilePrincipals() { + protected void injectUserProfilePrincipals() { // Search for the user profile final String searchId = m_loginPrincipal.getName(); if ( searchId == null ) { @@ -460,7 +460,7 @@ public class WikiSession implements Session { * logout process. * * @param engine the wiki engine - * @param request the users's HTTP request + * @param request the user's HTTP request */ public static void removeWikiSession( final Engine engine, final HttpServletRequest request ) { if ( engine == null || request == null ) { diff --git a/jspwiki-main/src/main/java/org/apache/wiki/ui/DefaultCommandResolver.java b/jspwiki-main/src/main/java/org/apache/wiki/ui/DefaultCommandResolver.java index 57a5ad9..71dda83 100644 --- a/jspwiki-main/src/main/java/org/apache/wiki/ui/DefaultCommandResolver.java +++ b/jspwiki-main/src/main/java/org/apache/wiki/ui/DefaultCommandResolver.java @@ -325,7 +325,7 @@ public class DefaultCommandResolver implements CommandResolver { * @throws ProviderException if the underlyng page provider that locates pages * throws an exception */ - boolean simplePageExists( final String page ) throws ProviderException { + protected boolean simplePageExists( final String page ) throws ProviderException { if ( m_specialPages.containsKey( page ) ) { return true; } diff --git a/jspwiki-main/src/test/java/org/apache/wiki/plugin/DenounceTest.java b/jspwiki-main/src/test/java/org/apache/wiki/plugin/DenounceTest.java new file mode 100755 index 0000000..4d2c41b --- /dev/null +++ b/jspwiki-main/src/test/java/org/apache/wiki/plugin/DenounceTest.java @@ -0,0 +1,40 @@ +/* + Copyright (C) 2003 Janne Jalkanen ([email protected]) + + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + */ +package org.apache.wiki.plugin; + +import org.junit.jupiter.api.Assertions; +import org.junit.jupiter.api.Test; + +public class DenounceTest { + + @Test + void shouldCheckLinkIsValid() { + final Denounce d = new Denounce(); + Assertions.assertFalse( d.isLinkValid( "javascript:alert( 'boohoo' )" ) ); + Assertions.assertFalse( d.isLinkValid( "http://"; ) ); + Assertions.assertTrue( d.isLinkValid( "https://www.google.com"; ) ); + Assertions.assertFalse( d.isLinkValid( ":/www.google.com" ) ); + Assertions.assertFalse( d.isLinkValid( "htptp://www.google.com" ) ); + //Assertions.assertFalse( d.isLinkValid( "mailto:server"; ) ); + Assertions.assertFalse( d.isLinkValid( "http://www.google.com:asd"; ) ); + } + +}
