Author: jleroux
Date: Thu Jan 5 11:20:50 2017
New Revision: 1777448
URL: http://svn.apache.org/viewvc?rev=1777448&view=rev
Log:
Reverts previous commit which contained unexpected changes which were not yet
ready to be committed.
Only remains a not functional change, only formatting and imports cleaning of
FormRenderer.java
Sorry for the trouble
Modified:
ofbiz/trunk/applications/content/src/main/java/org/apache/ofbiz/content/content/ContentWorker.java
ofbiz/trunk/applications/content/src/main/java/org/apache/ofbiz/content/data/DataResourceWorker.java
ofbiz/trunk/applications/order/src/main/java/org/apache/ofbiz/order/order/OrderContentWrapper.java
ofbiz/trunk/applications/party/src/main/java/org/apache/ofbiz/party/content/PartyContentWrapper.java
ofbiz/trunk/applications/product/src/main/java/org/apache/ofbiz/product/category/CategoryContentWrapper.java
ofbiz/trunk/applications/product/src/main/java/org/apache/ofbiz/product/config/ProductConfigItemContentWrapper.java
ofbiz/trunk/applications/product/src/main/java/org/apache/ofbiz/product/product/ProductContentWrapper.java
ofbiz/trunk/applications/product/src/main/java/org/apache/ofbiz/product/product/ProductPromoContentWrapper.java
ofbiz/trunk/applications/workeffort/src/main/java/org/apache/ofbiz/workeffort/content/WorkEffortContentWrapper.java
Modified:
ofbiz/trunk/applications/content/src/main/java/org/apache/ofbiz/content/content/ContentWorker.java
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/applications/content/src/main/java/org/apache/ofbiz/content/content/ContentWorker.java?rev=1777448&r1=1777447&r2=1777448&view=diff
==============================================================================
---
ofbiz/trunk/applications/content/src/main/java/org/apache/ofbiz/content/content/ContentWorker.java
(original)
+++
ofbiz/trunk/applications/content/src/main/java/org/apache/ofbiz/content/content/ContentWorker.java
Thu Jan 5 11:20:50 2017
@@ -335,22 +335,18 @@ public class ContentWorker implements or
String mimeTypeId, boolean cache) throws GeneralException,
IOException {
Writer writer = new StringWriter();
renderContentAsText(dispatcher, contentId, writer, templateContext,
locale, mimeTypeId, null, null, cache);
- GenericValue content =
EntityQuery.use(dispatcher.getDelegator()).from("Content").where("contentId",
contentId).queryOne();
- String contentTypeId = content.getString("contentTypeId");
String rendered = writer.toString();
// According to
https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#XSS_Prevention_Rules_Summary
// Normally head is protected by X-XSS-Protection Response Header by
default
- if (!"REPORT".equals(contentTypeId)) { // FIXME here
BIRT_REPORT_BUILDER_USAGE_POLICY should be used but I could not tweak it yet:
the content of <script> are removed and should not. Also a more annoying no yet
spotted issue with contentId dissapearing
- if (rendered.contains("<script>")
- || rendered.contains("<!--")
- || rendered.contains("<div")
- || rendered.contains("<style>")
- || rendered.contains("<span")
- || rendered.contains("<input")
- || rendered.contains("<iframe")
- || rendered.contains("<a")) {
- rendered = encoder.sanitize(rendered, contentTypeId);
- }
+ if (rendered.contains("<script>")
+ || rendered.contains("<!--")
+ || rendered.contains("<div")
+ || rendered.contains("<style>")
+ || rendered.contains("<span")
+ || rendered.contains("<input")
+ || rendered.contains("<iframe")
+ || rendered.contains("<a")) {
+ rendered = encoder.sanitize(rendered);
}
return rendered;
}
Modified:
ofbiz/trunk/applications/content/src/main/java/org/apache/ofbiz/content/data/DataResourceWorker.java
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/applications/content/src/main/java/org/apache/ofbiz/content/data/DataResourceWorker.java?rev=1777448&r1=1777447&r2=1777448&view=diff
==============================================================================
---
ofbiz/trunk/applications/content/src/main/java/org/apache/ofbiz/content/data/DataResourceWorker.java
(original)
+++
ofbiz/trunk/applications/content/src/main/java/org/apache/ofbiz/content/data/DataResourceWorker.java
Thu Jan 5 11:20:50 2017
@@ -747,37 +747,12 @@ public class DataResourceWorker impleme
} else {
throw new GeneralException("The dataResource file [" +
dataResourceId + "] could not be found");
}
- } catch (SAXException | ParserConfigurationException e) {
+ } catch (SAXException e) {
throw new GeneralException("Error rendering Screen
template", e);
- } catch (TemplateException e) {
- throw new GeneralException("Error creating Screen
renderer", e);
- }
- } else if ("FORM_COMBINED".equals(dataTemplateTypeId)){
- try {
- Map<String, Object> context =
UtilGenerics.checkMap(templateContext.get("globalContext"));
- context.put("locale", locale);
- context.put("simpleEncoder",
UtilCodec.getEncoder(UtilProperties.getPropertyValue("widget",
"screen.encoder")));
- HttpServletRequest request = (HttpServletRequest)
context.get("request");
- HttpServletResponse response = (HttpServletResponse)
context.get("response");
- ModelForm modelForm = null;
- ModelReader entityModelReader = delegator.getModelReader();
- String formText = getDataResourceText(dataResource,
targetMimeTypeId, locale, templateContext, delegator, cache);
- Document formXml = UtilXml.readXmlDocument(formText, true,
true);
- Map<String, ModelForm> modelFormMap =
FormFactory.readFormDocument(formXml, entityModelReader,
dispatcher.getDispatchContext(), null);
-
- if (UtilValidate.isNotEmpty(modelFormMap)) {
- Map.Entry<String, ModelForm> entry =
modelFormMap.entrySet().iterator().next(); // get first entry, only one form
allowed per file
- modelForm = entry.getValue();
- }
- MacroFormRenderer renderer = new
MacroFormRenderer(formrenderer, request, response);
- FormRenderer formRenderer = new FormRenderer(modelForm,
renderer);
- formRenderer.render(out, context);
- } catch (SAXException | ParserConfigurationException e) {
+ } catch (ParserConfigurationException e) {
throw new GeneralException("Error rendering Screen
template", e);
} catch (TemplateException e) {
throw new GeneralException("Error creating Screen
renderer", e);
- } catch (Exception e) {
- throw new GeneralException("Error rendering Screen
template", e);
}
} else {
throw new GeneralException("The dataTemplateTypeId [" +
dataTemplateTypeId + "] is not yet supported");
Modified:
ofbiz/trunk/applications/order/src/main/java/org/apache/ofbiz/order/order/OrderContentWrapper.java
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/applications/order/src/main/java/org/apache/ofbiz/order/order/OrderContentWrapper.java?rev=1777448&r1=1777447&r2=1777448&view=diff
==============================================================================
---
ofbiz/trunk/applications/order/src/main/java/org/apache/ofbiz/order/order/OrderContentWrapper.java
(original)
+++
ofbiz/trunk/applications/order/src/main/java/org/apache/ofbiz/order/order/OrderContentWrapper.java
Thu Jan 5 11:20:50 2017
@@ -111,7 +111,7 @@ public class OrderContentWrapper impleme
if (UtilValidate.isEmpty(outString)) {
outString = outString == null? "" : outString;
}
- outString = encoder.sanitize(outString, null);
+ outString = encoder.sanitize(outString);
if (orderContentCache != null) {
orderContentCache.put(cacheKey, outString);
}
Modified:
ofbiz/trunk/applications/party/src/main/java/org/apache/ofbiz/party/content/PartyContentWrapper.java
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/applications/party/src/main/java/org/apache/ofbiz/party/content/PartyContentWrapper.java?rev=1777448&r1=1777447&r2=1777448&view=diff
==============================================================================
---
ofbiz/trunk/applications/party/src/main/java/org/apache/ofbiz/party/content/PartyContentWrapper.java
(original)
+++
ofbiz/trunk/applications/party/src/main/java/org/apache/ofbiz/party/content/PartyContentWrapper.java
Thu Jan 5 11:20:50 2017
@@ -168,7 +168,7 @@ public class PartyContentWrapper impleme
outString = party.getModelEntity().isField(candidateFieldName)
? party.getString(candidateFieldName): "";
outString = outString == null? "" : outString;
}
- outString = encoder.sanitize(outString, null);
+ outString = encoder.sanitize(outString);
if (partyContentCache != null) {
partyContentCache.put(cacheKey, outString);
}
@@ -176,11 +176,11 @@ public class PartyContentWrapper impleme
} catch (GeneralException e) {
Debug.logError(e, "Error rendering PartyContent, inserting empty
String", module);
String candidateOut =
party.getModelEntity().isField(candidateFieldName) ?
party.getString(candidateFieldName): "";
- return candidateOut == null? "" : encoder.sanitize(candidateOut,
null);
+ return candidateOut == null? "" : encoder.sanitize(candidateOut);
} catch (IOException e) {
Debug.logError(e, "Error rendering PartyContent, inserting empty
String", module);
String candidateOut =
party.getModelEntity().isField(candidateFieldName) ?
party.getString(candidateFieldName): "";
- return candidateOut == null? "" : encoder.sanitize(candidateOut,
null);
+ return candidateOut == null? "" : encoder.sanitize(candidateOut);
}
}
Modified:
ofbiz/trunk/applications/product/src/main/java/org/apache/ofbiz/product/category/CategoryContentWrapper.java
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/src/main/java/org/apache/ofbiz/product/category/CategoryContentWrapper.java?rev=1777448&r1=1777447&r2=1777448&view=diff
==============================================================================
---
ofbiz/trunk/applications/product/src/main/java/org/apache/ofbiz/product/category/CategoryContentWrapper.java
(original)
+++
ofbiz/trunk/applications/product/src/main/java/org/apache/ofbiz/product/category/CategoryContentWrapper.java
Thu Jan 5 11:20:50 2017
@@ -110,7 +110,7 @@ public class CategoryContentWrapper impl
outString =
productCategory.getModelEntity().isField(candidateFieldName) ?
productCategory.getString(candidateFieldName): "";
outString = outString == null? "" : outString;
}
- outString = encoder.sanitize(outString, null);
+ outString = encoder.sanitize(outString);
if (categoryContentCache != null) {
categoryContentCache.put(cacheKey, outString);
}
Modified:
ofbiz/trunk/applications/product/src/main/java/org/apache/ofbiz/product/config/ProductConfigItemContentWrapper.java
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/src/main/java/org/apache/ofbiz/product/config/ProductConfigItemContentWrapper.java?rev=1777448&r1=1777447&r2=1777448&view=diff
==============================================================================
---
ofbiz/trunk/applications/product/src/main/java/org/apache/ofbiz/product/config/ProductConfigItemContentWrapper.java
(original)
+++
ofbiz/trunk/applications/product/src/main/java/org/apache/ofbiz/product/config/ProductConfigItemContentWrapper.java
Thu Jan 5 11:20:50 2017
@@ -133,7 +133,7 @@ public class ProductConfigItemContentWra
outString =
productConfigItem.getModelEntity().isField(candidateFieldName) ?
productConfigItem.getString(candidateFieldName): "";
outString = outString == null? "" : outString;
}
- outString = encoder.sanitize(outString, null);
+ outString = encoder.sanitize(outString);
if (configItemContentCache != null) {
configItemContentCache.put(cacheKey, outString);
}
@@ -141,11 +141,11 @@ public class ProductConfigItemContentWra
} catch (GeneralException e) {
Debug.logError(e, "Error rendering ProdConfItemContent, inserting
empty String", module);
String candidateOut =
productConfigItem.getModelEntity().isField(candidateFieldName) ?
productConfigItem.getString(candidateFieldName): "";
- return candidateOut == null? "" : encoder.sanitize(candidateOut,
null);
+ return candidateOut == null? "" : encoder.sanitize(candidateOut);
} catch (IOException e) {
Debug.logError(e, "Error rendering ProdConfItemContent, inserting
empty String", module);
String candidateOut =
productConfigItem.getModelEntity().isField(candidateFieldName) ?
productConfigItem.getString(candidateFieldName): "";
- return candidateOut == null? "" : encoder.sanitize(candidateOut,
null);
+ return candidateOut == null? "" : encoder.sanitize(candidateOut);
}
}
Modified:
ofbiz/trunk/applications/product/src/main/java/org/apache/ofbiz/product/product/ProductContentWrapper.java
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/src/main/java/org/apache/ofbiz/product/product/ProductContentWrapper.java?rev=1777448&r1=1777447&r2=1777448&view=diff
==============================================================================
---
ofbiz/trunk/applications/product/src/main/java/org/apache/ofbiz/product/product/ProductContentWrapper.java
(original)
+++
ofbiz/trunk/applications/product/src/main/java/org/apache/ofbiz/product/product/ProductContentWrapper.java
Thu Jan 5 11:20:50 2017
@@ -123,7 +123,7 @@ public class ProductContentWrapper imple
outString =
product.getModelEntity().isField(candidateFieldName) ?
product.getString(candidateFieldName): "";
outString = outString == null? "" : outString;
}
- outString = encoder.sanitize(outString, null);
+ outString = encoder.sanitize(outString);
if (productContentCache != null) {
productContentCache.put(cacheKey, outString);
}
@@ -131,11 +131,11 @@ public class ProductContentWrapper imple
} catch (GeneralException e) {
Debug.logError(e, "Error rendering ProductContent, inserting empty
String", module);
String candidateOut =
product.getModelEntity().isField(candidateFieldName) ?
product.getString(candidateFieldName): "";
- return candidateOut == null? "" : encoder.sanitize(candidateOut,
null);
+ return candidateOut == null? "" : encoder.sanitize(candidateOut);
} catch (IOException e) {
Debug.logError(e, "Error rendering ProductContent, inserting empty
String", module);
String candidateOut =
product.getModelEntity().isField(candidateFieldName) ?
product.getString(candidateFieldName): "";
- return candidateOut == null? "" : encoder.sanitize(candidateOut,
null);
+ return candidateOut == null? "" : encoder.sanitize(candidateOut);
}
}
Modified:
ofbiz/trunk/applications/product/src/main/java/org/apache/ofbiz/product/product/ProductPromoContentWrapper.java
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/src/main/java/org/apache/ofbiz/product/product/ProductPromoContentWrapper.java?rev=1777448&r1=1777447&r2=1777448&view=diff
==============================================================================
---
ofbiz/trunk/applications/product/src/main/java/org/apache/ofbiz/product/product/ProductPromoContentWrapper.java
(original)
+++
ofbiz/trunk/applications/product/src/main/java/org/apache/ofbiz/product/product/ProductPromoContentWrapper.java
Thu Jan 5 11:20:50 2017
@@ -128,7 +128,7 @@ public class ProductPromoContentWrapper
outString =
productPromo.getModelEntity().isField(candidateFieldName) ?
productPromo.getString(candidateFieldName): "";
outString = outString == null? "" : outString;
}
- outString = encoder.sanitize(outString, null);
+ outString = encoder.sanitize(outString);
if (productPromoContentCache != null) {
productPromoContentCache.put(cacheKey, outString);
}
@@ -136,11 +136,11 @@ public class ProductPromoContentWrapper
} catch (GeneralException e) {
Debug.logError(e, "Error rendering ProductPromoContent, inserting
empty String", module);
String candidateOut =
productPromo.getModelEntity().isField(candidateFieldName) ?
productPromo.getString(candidateFieldName): "";
- return candidateOut == null? "" : encoder.sanitize(candidateOut,
null);
+ return candidateOut == null? "" : encoder.sanitize(candidateOut);
} catch (IOException e) {
Debug.logError(e, "Error rendering ProductPromoContent, inserting
empty String", module);
String candidateOut =
productPromo.getModelEntity().isField(candidateFieldName) ?
productPromo.getString(candidateFieldName): "";
- return candidateOut == null? "" : encoder.sanitize(candidateOut,
null);
+ return candidateOut == null? "" : encoder.sanitize(candidateOut);
}
}
Modified:
ofbiz/trunk/applications/workeffort/src/main/java/org/apache/ofbiz/workeffort/content/WorkEffortContentWrapper.java
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/applications/workeffort/src/main/java/org/apache/ofbiz/workeffort/content/WorkEffortContentWrapper.java?rev=1777448&r1=1777447&r2=1777448&view=diff
==============================================================================
---
ofbiz/trunk/applications/workeffort/src/main/java/org/apache/ofbiz/workeffort/content/WorkEffortContentWrapper.java
(original)
+++
ofbiz/trunk/applications/workeffort/src/main/java/org/apache/ofbiz/workeffort/content/WorkEffortContentWrapper.java
Thu Jan 5 11:20:50 2017
@@ -256,7 +256,7 @@ public class WorkEffortContentWrapper im
outString =
workEffort.getModelEntity().isField(candidateFieldName) ?
workEffort.getString(candidateFieldName): "";
outString = outString == null? "" : outString;
}
- outString = encoder.sanitize(outString, null);
+ outString = encoder.sanitize(outString);
if (workEffortContentCache != null) {
workEffortContentCache.put(cacheKey, outString);
}
@@ -264,11 +264,11 @@ public class WorkEffortContentWrapper im
} catch (GeneralException e) {
Debug.logError(e, "Error rendering WorkEffortContent, inserting
empty String", module);
String candidateOut =
workEffort.getModelEntity().isField(candidateFieldName) ?
workEffort.getString(candidateFieldName): "";
- return candidateOut == null? "" : encoder.sanitize(candidateOut,
null);
+ return candidateOut == null? "" : encoder.sanitize(candidateOut);
} catch (IOException e) {
Debug.logError(e, "Error rendering WorkEffortContent, inserting
empty String", module);
String candidateOut =
workEffort.getModelEntity().isField(candidateFieldName) ?
workEffort.getString(candidateFieldName): "";
- return candidateOut == null? "" : encoder.sanitize(candidateOut,
null);
+ return candidateOut == null? "" : encoder.sanitize(candidateOut);
}
}
