Author: ghuber
Date: Fri Apr 5 12:50:13 2013
New Revision: 1464959
URL: http://svn.apache.org/r1464959
Log:
Salt on media files, multipart/form-data no parameters. Media file Tags not
saving (could not fix?)
Modified:
roller/trunk/weblogger-business/src/main/resources/org/apache/roller/weblogger/config/roller.properties
roller/trunk/weblogger-web/src/main/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilter.java
roller/trunk/weblogger-web/src/main/java/org/apache/roller/weblogger/ui/struts2/editor/MediaFileBean.java
Modified:
roller/trunk/weblogger-business/src/main/resources/org/apache/roller/weblogger/config/roller.properties
URL:
http://svn.apache.org/viewvc/roller/trunk/weblogger-business/src/main/resources/org/apache/roller/weblogger/config/roller.properties?rev=1464959&r1=1464958&r2=1464959&view=diff
==============================================================================
---
roller/trunk/weblogger-business/src/main/resources/org/apache/roller/weblogger/config/roller.properties
(original)
+++
roller/trunk/weblogger-business/src/main/resources/org/apache/roller/weblogger/config/roller.properties
Fri Apr 5 12:50:13 2013
@@ -402,6 +402,9 @@ schemeenforcement.https.urls=/roller_j_s
# Ignored extensions otherwise we get SSL mixed content issues
schemeenforcement.https.ignored=css,gif,png,js
+# Ignored urls for salt. These are for multipart/form-data submissions as we
do not get any parameters
+salt.ignored.urls=mediaFileAdd!save.rol,mediaFileEdit!save.rol
+
#----------------------------------
# Single-Sign-On
Modified:
roller/trunk/weblogger-web/src/main/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilter.java
URL:
http://svn.apache.org/viewvc/roller/trunk/weblogger-web/src/main/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilter.java?rev=1464959&r1=1464958&r2=1464959&view=diff
==============================================================================
---
roller/trunk/weblogger-web/src/main/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilter.java
(original)
+++
roller/trunk/weblogger-web/src/main/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilter.java
Fri Apr 5 12:50:13 2013
@@ -17,12 +17,23 @@
*/
package org.apache.roller.weblogger.ui.core.filters;
-
+
import java.io.IOException;
-import javax.servlet.*;
+import java.util.HashSet;
+import java.util.Set;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
+
+import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.apache.roller.weblogger.config.WebloggerConfig;
import org.apache.roller.weblogger.ui.rendering.util.cache.SaltCache;
/**
@@ -30,29 +41,63 @@ import org.apache.roller.weblogger.ui.re
* those without a salt value or with a salt value not generated by this Roller
* instance.
*/
-public class ValidateSaltFilter implements Filter {
- private static Log log = LogFactory.getLog(ValidateSaltFilter.class);
+public class ValidateSaltFilter implements Filter {
+ private static Log log = LogFactory.getLog(ValidateSaltFilter.class);
+ private Set<String> ignored = new HashSet<String>();
+
+ // @Override
+ public void doFilter(ServletRequest request, ServletResponse response,
+ FilterChain chain) throws IOException, ServletException
{
+ HttpServletRequest httpReq = (HttpServletRequest) request;
- //@Override
- public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain)
- throws IOException, ServletException {
- HttpServletRequest httpReq = (HttpServletRequest) request;
-
if (httpReq.getMethod().equals("POST")) {
- String salt = (String) httpReq.getParameter("salt");
- SaltCache saltCache = SaltCache.getInstance();
- if (salt == null || saltCache.get(salt) == null ||
saltCache.get(salt).equals(false)) {
- throw new ServletException("Security Violation");
+
+ // TODO multipart/form-data does not send parameters
+ if (!isIgnoredURL(((HttpServletRequest)
request).getServletPath())) {
+ String salt = (String)
httpReq.getParameter("salt");
+ SaltCache saltCache = SaltCache.getInstance();
+ if (salt == null || saltCache.get(salt) == null
+ ||
saltCache.get(salt).equals(false)) {
+ throw new ServletException("Security
Violation");
+ }
}
+
}
- chain.doFilter(request, response);
- }
-
- //@Override
- public void init(FilterConfig filterConfig) throws ServletException {
- }
-
- //@Override
- public void destroy() {
- }
+ chain.doFilter(request, response);
+ }
+
+ // @Override
+ public void init(FilterConfig filterConfig) throws ServletException {
+
+ // Construct our list of ignord urls
+ String urls = WebloggerConfig.getProperty("salt.ignored.urls");
+ String[] urlsArray =
StringUtils.stripAll(StringUtils.split(urls, ","));
+ for (int i = 0; i < urlsArray.length; i++)
+ this.ignored.add(urlsArray[i]);
+
+ }
+
+ // @Override
+ public void destroy() {
+ }
+
+ /**
+ * Checks if this is an ignored url.
+ *
+ * @param theUrl
+ * the the url
+ *
+ * @return true, if is ignored resource
+ */
+ private boolean isIgnoredURL(String theUrl) {
+
+ int i = theUrl.lastIndexOf("/");
+
+ // If its not a resource then do not ignore it
+ if (i <= 0 || i == theUrl.length() - 1)
+ return false;
+
+ return ignored.contains(theUrl.substring(i + 1));
+
+ }
}
\ No newline at end of file
Modified:
roller/trunk/weblogger-web/src/main/java/org/apache/roller/weblogger/ui/struts2/editor/MediaFileBean.java
URL:
http://svn.apache.org/viewvc/roller/trunk/weblogger-web/src/main/java/org/apache/roller/weblogger/ui/struts2/editor/MediaFileBean.java?rev=1464959&r1=1464958&r2=1464959&view=diff
==============================================================================
---
roller/trunk/weblogger-web/src/main/java/org/apache/roller/weblogger/ui/struts2/editor/MediaFileBean.java
(original)
+++
roller/trunk/weblogger-web/src/main/java/org/apache/roller/weblogger/ui/struts2/editor/MediaFileBean.java
Fri Apr 5 12:50:13 2013
@@ -20,6 +20,7 @@ package org.apache.roller.weblogger.ui.s
import java.util.HashSet;
import java.util.Set;
+import org.apache.commons.lang.StringUtils;
import org.apache.roller.weblogger.WebloggerException;
import org.apache.roller.weblogger.pojos.MediaFile;
import org.apache.roller.weblogger.pojos.MediaFileTag;
@@ -111,11 +112,15 @@ public class MediaFileBean {
dataHolder.setDescription(this.description);
dataHolder.setCopyrightText(this.copyrightText);
- Set<MediaFileTag> tagsSet = new HashSet<MediaFileTag>();
- for (String tag : this.tags.split(" ")) {
- tagsSet.add(new MediaFileTag(tag, dataHolder));
- }
- dataHolder.setTags(tagsSet);
+ if (StringUtils.isNotEmpty(tags)) {
+ Set<MediaFileTag> tagsSet = new HashSet<MediaFileTag>();
+ for (String tag : this.tags.split(" ")) {
+ tagsSet.add(new MediaFileTag(tag, dataHolder));
+ }
+ dataHolder.setTags(tagsSet);
+ } else {
+ dataHolder.setTags(null);
+ }
dataHolder.setSharedForGallery(this.isSharedForGallery);
dataHolder.setOriginalPath(this.originalPath);
}
@@ -132,13 +137,17 @@ public class MediaFileBean {
Set<MediaFileTag> tags = dataHolder.getTags();
if (tags != null && !tags.isEmpty()) {
- StringBuffer tagDisplayBuffer = new StringBuffer();
+ StringBuilder tagDisplayBuilder = new StringBuilder();
for (MediaFileTag tag : dataHolder.getTags()) {
- tagDisplayBuffer.append(tag.getName());
- tagDisplayBuffer.append(" ");
+ if (StringUtils.isNotEmpty(tag.getName())) {
+ tagDisplayBuilder.append(tag.getName());
+ tagDisplayBuilder.append(" ");
+ }
}
- tagDisplayBuffer.deleteCharAt(tagDisplayBuffer.length() - 1);
- this.setTags(tagDisplayBuffer.toString());
+ if (tagDisplayBuilder.length() > 0) {
+
tagDisplayBuilder.deleteCharAt(tagDisplayBuilder.length() - 1);
+ }
+ this.setTags(tagDisplayBuilder.toString());
}
this.setSharedForGallery(dataHolder.isSharedForGallery());