This is an automated email from the ASF dual-hosted git repository.
snoopdave pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/roller.git
The following commit(s) were added to refs/heads/master by this push:
new 03919b6c1 Validate tz (#134)
03919b6c1 is described below
commit 03919b6c1e8100ebe0844a67b7925564647e3629
Author: David M. Johnson <snoopd...@users.noreply.github.com>
AuthorDate: Sat Feb 10 16:35:35 2024 -0500
Validate tz (#134)
* Validations for things not covered by Struts Validator.
---
app/pom.xml | 4 +--
.../business/jpa/JPABookmarkManagerImpl.java | 11 ++++----
.../weblogger/business/jpa/JPAUserManagerImpl.java | 4 +--
.../org/apache/roller/weblogger/pojos/User.java | 29 +++++++++++-----------
.../roller/weblogger/pojos/WeblogBookmark.java | 17 +++++++------
.../weblogger/pojos/WeblogBookmarkFolder.java | 8 +++---
.../roller/weblogger/ui/struts2/core/Profile.java | 26 ++++++++++++++++++-
.../weblogger/ui/struts2/editor/BookmarkEdit.java | 1 -
.../main/resources/ApplicationResources.properties | 2 ++
assembly-release/pom.xml | 2 +-
assembly-release/sign-release.sh | 2 +-
db-utils/pom.xml | 4 +--
it-selenium/pom.xml | 4 +--
pom.xml | 4 +--
14 files changed, 73 insertions(+), 45 deletions(-)
diff --git a/app/pom.xml b/app/pom.xml
index f31f90d4e..c94a2df3d 100644
--- a/app/pom.xml
+++ b/app/pom.xml
@@ -24,7 +24,7 @@ limitations under the License.
<parent>
<groupId>org.apache.roller</groupId>
<artifactId>roller-project</artifactId>
- <version>6.1.2</version>
+ <version>6.1.3</version>
<relativePath>../pom.xml</relativePath>
</parent>
@@ -627,7 +627,7 @@ limitations under the License.
<dependency>
<groupId>org.apache.roller</groupId>
<artifactId>db-utils</artifactId>
- <version>6.1.2</version>
+ <version>6.1.3</version>
</dependency>
<dependency>
<groupId>commons-dbcp</groupId>
diff --git
a/app/src/main/java/org/apache/roller/weblogger/business/jpa/JPABookmarkManagerImpl.java
b/app/src/main/java/org/apache/roller/weblogger/business/jpa/JPABookmarkManagerImpl.java
index bde6dc0ea..5b4224e09 100644
---
a/app/src/main/java/org/apache/roller/weblogger/business/jpa/JPABookmarkManagerImpl.java
+++
b/app/src/main/java/org/apache/roller/weblogger/business/jpa/JPABookmarkManagerImpl.java
@@ -148,15 +148,14 @@ public class JPABookmarkManagerImpl implements
BookmarkManager {
WeblogBookmarkFolder newFolder = getFolder(website, folderName);
if (newFolder == null) {
- newFolder = new WeblogBookmarkFolder(
- folderName, website);
+ newFolder = new WeblogBookmarkFolder(folderName, website);
this.strategy.store(newFolder);
}
// Iterate through children of OPML body, importing each
Element body = doc.getRootElement().getChild("body");
- for (Object elem : body.getChildren()) {
- importOpmlElement((Element) elem, newFolder );
+ for (Element elem : body.getChildren()) {
+ importOpmlElement(elem, newFolder );
}
} catch (Exception ex) {
throw new WebloggerException(ex);
@@ -216,8 +215,8 @@ public class JPABookmarkManagerImpl implements
BookmarkManager {
}
} else {
// Import suboutline's children into folder
- for (Object subelem : elem.getChildren("outline")) {
- importOpmlElement((Element) subelem, folder );
+ for (Element subelem : elem.getChildren("outline")) {
+ importOpmlElement(subelem, folder );
}
}
}
diff --git
a/app/src/main/java/org/apache/roller/weblogger/business/jpa/JPAUserManagerImpl.java
b/app/src/main/java/org/apache/roller/weblogger/business/jpa/JPAUserManagerImpl.java
index 0ccdcb8fb..d83bac426 100644
---
a/app/src/main/java/org/apache/roller/weblogger/business/jpa/JPAUserManagerImpl.java
+++
b/app/src/main/java/org/apache/roller/weblogger/business/jpa/JPAUserManagerImpl.java
@@ -67,8 +67,8 @@ public class JPAUserManagerImpl implements UserManager {
//--------------------------------------------------------------- user CRUD
@Override
- public void saveUser(User data) throws WebloggerException {
- this.strategy.store(data);
+ public void saveUser(User user) throws WebloggerException {
+ this.strategy.store(user);
}
diff --git a/app/src/main/java/org/apache/roller/weblogger/pojos/User.java
b/app/src/main/java/org/apache/roller/weblogger/pojos/User.java
index 5e6214632..da100e751 100644
--- a/app/src/main/java/org/apache/roller/weblogger/pojos/User.java
+++ b/app/src/main/java/org/apache/roller/weblogger/pojos/User.java
@@ -28,6 +28,7 @@ import org.apache.roller.weblogger.WebloggerException;
import org.apache.roller.util.UUIDGenerator;
import org.apache.roller.weblogger.business.WebloggerFactory;
import org.apache.roller.weblogger.ui.core.RollerContext;
+import org.apache.roller.weblogger.util.HTMLSanitizer;
import org.springframework.security.crypto.password.PasswordEncoder;
@@ -36,7 +37,7 @@ import
org.springframework.security.crypto.password.PasswordEncoder;
*/
public class User implements Serializable {
- public static final long serialVersionUID = -6354583200913127874L;
+ private static final long serialVersionUID = -6354583200913127874L;
private String id = UUIDGenerator.generateUUID();
private String userName;
@@ -60,15 +61,15 @@ public class User implements Serializable {
String locale, String timeZone,
Date dateCreated,
Boolean isEnabled) {
- //this.id = id;
+
this.userName = userName;
this.password = password;
- this.fullName = fullName;
this.emailAddress = emailAddress;
this.dateCreated = (Date)dateCreated.clone();
- this.locale = locale;
- this.timeZone = timeZone;
this.enabled = isEnabled;
+ setFullName(fullName);
+ setLocale(locale);
+ setTimeZone(timeZone);
}
/**
@@ -91,7 +92,7 @@ public class User implements Serializable {
}
public void setUserName( String userName ) {
- this.userName = userName;
+ this.userName = HTMLSanitizer.conditionallySanitize(userName);
}
/**
@@ -128,7 +129,7 @@ public class User implements Serializable {
}
public void setOpenIdUrl(String openIdUrl) {
- this.openIdUrl = openIdUrl;
+ this.openIdUrl = HTMLSanitizer.conditionallySanitize(openIdUrl);
}
/**
@@ -139,7 +140,7 @@ public class User implements Serializable {
}
public void setScreenName( String screenName ) {
- this.screenName = screenName;
+ this.screenName = HTMLSanitizer.conditionallySanitize(screenName);
}
/**
@@ -150,7 +151,7 @@ public class User implements Serializable {
}
public void setFullName( String fullName ) {
- this.fullName = fullName;
+ this.fullName = HTMLSanitizer.conditionallySanitize(fullName);
}
/**
@@ -161,7 +162,7 @@ public class User implements Serializable {
}
public void setEmailAddress( String emailAddress ) {
- this.emailAddress = emailAddress;
+ this.emailAddress = HTMLSanitizer.conditionallySanitize(emailAddress);
}
@@ -185,7 +186,7 @@ public class User implements Serializable {
}
/**
- * Locale of the user.
+ * Locale of the user, must be valid Java locale.
*/
public String getLocale() {
return this.locale;
@@ -196,7 +197,7 @@ public class User implements Serializable {
}
/**
- * Timezone of the user.
+ * Timezone of the user, must be valid Java timezone.
*/
public String getTimeZone() {
return this.timeZone;
@@ -223,7 +224,7 @@ public class User implements Serializable {
}
public void setActivationCode(String activationCode) {
- this.activationCode = activationCode;
+ this.activationCode =
HTMLSanitizer.conditionallySanitize(activationCode);
}
@@ -239,7 +240,7 @@ public class User implements Serializable {
return false;
}
}
-
+
//------------------------------------------------------- Good citizenship
@Override
diff --git
a/app/src/main/java/org/apache/roller/weblogger/pojos/WeblogBookmark.java
b/app/src/main/java/org/apache/roller/weblogger/pojos/WeblogBookmark.java
index ebb06f9e8..6c76b2222 100644
--- a/app/src/main/java/org/apache/roller/weblogger/pojos/WeblogBookmark.java
+++ b/app/src/main/java/org/apache/roller/weblogger/pojos/WeblogBookmark.java
@@ -18,10 +18,12 @@
package org.apache.roller.weblogger.pojos;
-import java.io.Serializable;
import org.apache.commons.lang3.builder.EqualsBuilder;
import org.apache.commons.lang3.builder.HashCodeBuilder;
import org.apache.roller.util.UUIDGenerator;
+import org.apache.roller.weblogger.util.HTMLSanitizer;
+
+import java.io.Serializable;
/**
@@ -56,16 +58,17 @@ public class WeblogBookmark implements Serializable,
Comparable<WeblogBookmark>
String url,
String feedUrl,
String image) {
+
+ setName(name);
+ setDescription(desc);
this.folder = parent;
- this.name = name;
- this.description = desc;
this.url = url;
this.feedUrl = feedUrl;
this.image = image;
folder.addBookmark(this);
calculatePriority();
}
-
+
//------------------------------------------------------------- Attributes
public String getId() {
return this.id;
@@ -92,7 +95,7 @@ public class WeblogBookmark implements Serializable,
Comparable<WeblogBookmark>
}
public void setName(String name) {
- this.name = name;
+ this.name = HTMLSanitizer.conditionallySanitize(name);
}
/**
@@ -103,7 +106,7 @@ public class WeblogBookmark implements Serializable,
Comparable<WeblogBookmark>
}
public void setDescription(String description) {
- this.description = description;
+ this.description = HTMLSanitizer.conditionallySanitize(description);
}
/**
@@ -143,7 +146,7 @@ public class WeblogBookmark implements Serializable,
Comparable<WeblogBookmark>
public void setFeedUrl(String feedUrl) {
this.feedUrl = feedUrl;
}
-
+
//---------------------------------------------------------- Relationships
public org.apache.roller.weblogger.pojos.WeblogBookmarkFolder getFolder() {
diff --git
a/app/src/main/java/org/apache/roller/weblogger/pojos/WeblogBookmarkFolder.java
b/app/src/main/java/org/apache/roller/weblogger/pojos/WeblogBookmarkFolder.java
index a4425471a..60a040aa6 100644
---
a/app/src/main/java/org/apache/roller/weblogger/pojos/WeblogBookmarkFolder.java
+++
b/app/src/main/java/org/apache/roller/weblogger/pojos/WeblogBookmarkFolder.java
@@ -28,6 +28,7 @@ import org.apache.roller.weblogger.WebloggerException;
import org.apache.roller.weblogger.business.BookmarkManager;
import org.apache.roller.weblogger.business.WebloggerFactory;
import org.apache.roller.util.UUIDGenerator;
+import org.apache.roller.weblogger.util.HTMLSanitizer;
/**
@@ -54,8 +55,8 @@ public class WeblogBookmarkFolder implements Serializable,
Comparable<WeblogBook
String name,
Weblog weblog) {
- this.name = name;
- this.weblog = weblog;
+ setName(name);
+ setWeblog(weblog);
weblog.addBookmarkFolder(this);
}
@@ -132,7 +133,7 @@ public class WeblogBookmarkFolder implements Serializable,
Comparable<WeblogBook
}
public void setName(String name) {
- this.name = name;
+ this.name = HTMLSanitizer.conditionallySanitize(name);
}
/**
@@ -187,5 +188,4 @@ public class WeblogBookmarkFolder implements Serializable,
Comparable<WeblogBook
BookmarkManager bmgr =
WebloggerFactory.getWeblogger().getBookmarkManager();
return bmgr.getBookmarks(this);
}
-
}
diff --git
a/app/src/main/java/org/apache/roller/weblogger/ui/struts2/core/Profile.java
b/app/src/main/java/org/apache/roller/weblogger/ui/struts2/core/Profile.java
index 198ce2b43..6f83a0ddb 100644
--- a/app/src/main/java/org/apache/roller/weblogger/ui/struts2/core/Profile.java
+++ b/app/src/main/java/org/apache/roller/weblogger/ui/struts2/core/Profile.java
@@ -22,14 +22,18 @@ import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.roller.weblogger.WebloggerException;
-import org.apache.roller.weblogger.business.WebloggerFactory;
import org.apache.roller.weblogger.business.UserManager;
+import org.apache.roller.weblogger.business.WebloggerFactory;
import org.apache.roller.weblogger.config.AuthMethod;
import org.apache.roller.weblogger.config.WebloggerConfig;
import org.apache.roller.weblogger.pojos.User;
import org.apache.roller.weblogger.ui.struts2.util.UIAction;
import org.apache.struts2.interceptor.validation.SkipValidation;
+import java.util.Arrays;
+import java.util.Locale;
+import java.util.Optional;
+import java.util.TimeZone;
/**
* Allows user to edit his/her profile.
@@ -150,6 +154,26 @@ public class Profile extends UIAction {
addError("generic.error.check.logs");
}
}
+
+ // validate that bean's timeZone field is a valid time zone
+ if (!StringUtils.isEmpty(getBean().getTimeZone())) {
+ // looking up the time zone by id did not work for me
+ final Optional<String> first =
Arrays.stream(TimeZone.getAvailableIDs())
+ .filter(id ->
id.equals(getBean().getTimeZone())).findFirst();
+ if (first.isEmpty()) {
+ addError("error.add.user.invalid.timezone");
+ }
+ }
+
+ // validate that bean's locale field is a valid locale
+ if (!StringUtils.isEmpty(getBean().getLocale())) {
+ // looking up the time zone by id did not work for me
+ final Optional<Locale> first =
Arrays.stream(Locale.getAvailableLocales())
+ .filter(locale ->
locale.toString().equals(getBean().getLocale())).findFirst();
+ if (first.isEmpty() || "".equals(first.get().getDisplayName())) {
+ addError("error.add.user.invalid.locale");
+ }
+ }
}
public String getAuthMethod() {
diff --git
a/app/src/main/java/org/apache/roller/weblogger/ui/struts2/editor/BookmarkEdit.java
b/app/src/main/java/org/apache/roller/weblogger/ui/struts2/editor/BookmarkEdit.java
index 9e556504a..ebb068c72 100644
---
a/app/src/main/java/org/apache/roller/weblogger/ui/struts2/editor/BookmarkEdit.java
+++
b/app/src/main/java/org/apache/roller/weblogger/ui/struts2/editor/BookmarkEdit.java
@@ -27,7 +27,6 @@ import org.apache.roller.weblogger.business.WebloggerFactory;
import org.apache.roller.weblogger.pojos.WeblogBookmark;
import org.apache.roller.weblogger.ui.struts2.util.UIAction;
import org.apache.roller.weblogger.util.cache.CacheManager;
-import org.apache.struts2.convention.annotation.AllowedMethods;
import org.apache.struts2.interceptor.validation.SkipValidation;
diff --git a/app/src/main/resources/ApplicationResources.properties
b/app/src/main/resources/ApplicationResources.properties
index d62710630..b318ff328 100644
--- a/app/src/main/resources/ApplicationResources.properties
+++ b/app/src/main/resources/ApplicationResources.properties
@@ -453,6 +453,8 @@ error.add.user.openIdInUse=Open ID already in use with
another account.
error.add.user.missingUserName=You must specify a username.
error.add.user.badUserName=Invalid user name (must be alpha-numerics only).
error.add.user.missingPassword=You must specify a password.
+error.add.user.invalid.timezone=Invalid timezone.
+error.add.user.invalid.locale=Invalid locale.
error.upload.dirmax=You cannot exceed the maximum directory size of {0} MB.
error.upload.disabled=File Upload has been turned off
error.upload.file=No file selected
diff --git a/assembly-release/pom.xml b/assembly-release/pom.xml
index a2401494b..e968240ae 100644
--- a/assembly-release/pom.xml
+++ b/assembly-release/pom.xml
@@ -22,7 +22,7 @@
<parent>
<groupId>org.apache.roller</groupId>
<artifactId>roller-project</artifactId>
- <version>6.1.2</version>
+ <version>6.1.3</version>
<relativePath>../pom.xml</relativePath>
</parent>
diff --git a/assembly-release/sign-release.sh b/assembly-release/sign-release.sh
index 09a7bd015..650ca2c87 100755
--- a/assembly-release/sign-release.sh
+++ b/assembly-release/sign-release.sh
@@ -1,7 +1,7 @@
#!/usr/bin/env bash
export rcstring="r2"
-export vstring="6.1.2"
+export vstring="6.1.3"
# for rc releases we rename the release files
if [ rcstring != "" ]; then
diff --git a/db-utils/pom.xml b/db-utils/pom.xml
index 785b17795..9e6bcdab5 100644
--- a/db-utils/pom.xml
+++ b/db-utils/pom.xml
@@ -7,13 +7,13 @@
<parent>
<groupId>org.apache.roller</groupId>
<artifactId>roller-project</artifactId>
- <version>6.1.2</version>
+ <version>6.1.3</version>
<relativePath>../pom.xml</relativePath>
</parent>
<name>Apache Roller DB Utilities</name>
<artifactId>db-utils</artifactId>
- <version>6.1.2</version>
+ <version>6.1.3</version>
<build>
<plugins>
diff --git a/it-selenium/pom.xml b/it-selenium/pom.xml
index e8742df1e..4e603999b 100644
--- a/it-selenium/pom.xml
+++ b/it-selenium/pom.xml
@@ -24,7 +24,7 @@
<parent>
<groupId>org.apache.roller</groupId>
<artifactId>roller-project</artifactId>
- <version>6.1.2</version>
+ <version>6.1.3</version>
<relativePath>../pom.xml</relativePath>
</parent>
@@ -188,7 +188,7 @@
<dependency>
<groupId>org.apache.roller</groupId>
<artifactId>db-utils</artifactId>
- <version>6.1.2</version>
+ <version>6.1.3</version>
</dependency>
<dependency>
<groupId>commons-dbcp</groupId>
diff --git a/pom.xml b/pom.xml
index 0acb7f7a6..41f099cc0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -22,7 +22,7 @@ limitations under the License.
<modelVersion>4.0.0</modelVersion>
<groupId>org.apache.roller</groupId>
<artifactId>roller-project</artifactId>
- <version>6.1.2</version>
+ <version>6.1.3</version>
<packaging>pom</packaging>
<name>Roller</name>
@@ -46,7 +46,7 @@ limitations under the License.
<jetty.plugin.version>10.0.19</jetty.plugin.version> <!-- Jetty 11
requires Jakarta package names -->
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
- <roller.version>6.1.2</roller.version>
+ <roller.version>6.1.3</roller.version>
<slf4j.version>1.7.36</slf4j.version>
</properties>
