[freenet-cvs] r16303 - in trunk/apps/Echo/src/plugins/echo: . editor

Wed, 5 Dec 2007 10:20:58 +0000 (UTC) 

Author: nextgens
Date: 2007-12-05 10:20:58 +0000 (Wed, 05 Dec 2007)
New Revision: 16303

Modified:
   trunk/apps/Echo/src/plugins/echo/Echo.java
   trunk/apps/Echo/src/plugins/echo/editor/BlocksPage.java
   trunk/apps/Echo/src/plugins/echo/editor/CategoriesPage.java
   trunk/apps/Echo/src/plugins/echo/editor/GeneratePage.java
   trunk/apps/Echo/src/plugins/echo/editor/InsertPage.java
   trunk/apps/Echo/src/plugins/echo/editor/NodePage.java
   trunk/apps/Echo/src/plugins/echo/editor/NodesPage.java
   trunk/apps/Echo/src/plugins/echo/editor/Page.java
   trunk/apps/Echo/src/plugins/echo/editor/StaticPage.java
Log:
Echo: reinstate the insecure behaviour... so that it works.
Put a REDFLAG comment where needed

Modified: trunk/apps/Echo/src/plugins/echo/Echo.java
===================================================================
--- trunk/apps/Echo/src/plugins/echo/Echo.java  2007-12-05 10:08:47 UTC (rev 
16302)
+++ trunk/apps/Echo/src/plugins/echo/Echo.java  2007-12-05 10:20:58 UTC (rev 
16303)
@@ -145,13 +145,8 @@

                }

-               try {
-                       welcomePage.handleHTTPRequest(request);
-                       return transform.transform(new 
Document(welcomePage.toXML())).get(0).toXML();
-               } catch (Exception e) {
-                       e.printStackTrace();
-                       return e.toString();
-               }
+               return handleRequest(request, false);
+               
 //             String passwd = request.getParam("formPassword");
 //             if((passwd == null) || 
!passwd.equals(respirator.getNode().clientCore.formPassword))
 //                     throw new AccessDeniedPluginHTTPException("The 
formPassword hasn't been set!", BASE_URL);
@@ -164,6 +159,10 @@
        }

        public String handleHTTPPost(HTTPRequest request) throws 
PluginHTTPException {  
+               return handleRequest(request, true);
+       }
+       
+       private String handleRequest(HTTPRequest request, boolean isPost) {     
                try {
                        String fileName = (new 
File(request.getPath())).getName();
                        Page p;
@@ -173,7 +172,7 @@
                        else
                                p = StaticPage.createFromContentFile("404 
error", "http404error.xml");

-                       p.handleHTTPRequest(request);
+                       p.handleHTTPRequest(request, isPost);

                        /*
                                Nice but input white space are not respected
@@ -187,7 +186,6 @@
                        */

                        return transform.transform(new 
Document(p.toXML())).get(0).toXML();
-                       
                } catch (Exception e) {
                        e.printStackTrace();
                        return e.toString();

Modified: trunk/apps/Echo/src/plugins/echo/editor/BlocksPage.java
===================================================================
--- trunk/apps/Echo/src/plugins/echo/editor/BlocksPage.java     2007-12-05 
10:08:47 UTC (rev 16302)
+++ trunk/apps/Echo/src/plugins/echo/editor/BlocksPage.java     2007-12-05 
10:20:58 UTC (rev 16303)
@@ -22,7 +22,7 @@
                this.formPsw = formPassword;
        }

-       public void handleHTTPRequest(HTTPRequest request) {
+       public void handleHTTPRequest(HTTPRequest request, boolean isPost) {

                clear();


Modified: trunk/apps/Echo/src/plugins/echo/editor/CategoriesPage.java
===================================================================
--- trunk/apps/Echo/src/plugins/echo/editor/CategoriesPage.java 2007-12-05 
10:08:47 UTC (rev 16302)
+++ trunk/apps/Echo/src/plugins/echo/editor/CategoriesPage.java 2007-12-05 
10:20:58 UTC (rev 16303)
@@ -25,7 +25,7 @@

        }

-       public void handleHTTPRequest(HTTPRequest request) {
+       public void handleHTTPRequest(HTTPRequest request, boolean isPost) {

                clear();


Modified: trunk/apps/Echo/src/plugins/echo/editor/GeneratePage.java
===================================================================
--- trunk/apps/Echo/src/plugins/echo/editor/GeneratePage.java   2007-12-05 
10:08:47 UTC (rev 16302)
+++ trunk/apps/Echo/src/plugins/echo/editor/GeneratePage.java   2007-12-05 
10:20:58 UTC (rev 16303)
@@ -19,7 +19,7 @@

        }

-       public void handleHTTPRequest(HTTPRequest request) {
+       public void handleHTTPRequest(HTTPRequest request, boolean isPost) {

                clear();
                project = projectManager.getCurrentProject();

Modified: trunk/apps/Echo/src/plugins/echo/editor/InsertPage.java
===================================================================
--- trunk/apps/Echo/src/plugins/echo/editor/InsertPage.java     2007-12-05 
10:08:47 UTC (rev 16302)
+++ trunk/apps/Echo/src/plugins/echo/editor/InsertPage.java     2007-12-05 
10:20:58 UTC (rev 16303)
@@ -34,7 +34,7 @@
                this.fcpServer = server;
        }

-       public void handleHTTPRequest(HTTPRequest request) {
+       public void handleHTTPRequest(HTTPRequest request, boolean isPost) {

                clear();
                project = projectManager.getCurrentProject();

Modified: trunk/apps/Echo/src/plugins/echo/editor/NodePage.java
===================================================================
--- trunk/apps/Echo/src/plugins/echo/editor/NodePage.java       2007-12-05 
10:08:47 UTC (rev 16302)
+++ trunk/apps/Echo/src/plugins/echo/editor/NodePage.java       2007-12-05 
10:20:58 UTC (rev 16303)
@@ -29,7 +29,7 @@

        }

-       public void handleHTTPRequest(HTTPRequest request) {
+       public void handleHTTPRequest(HTTPRequest request, boolean isPost) {

                clear();
                Node node = null;               

Modified: trunk/apps/Echo/src/plugins/echo/editor/NodesPage.java
===================================================================
--- trunk/apps/Echo/src/plugins/echo/editor/NodesPage.java      2007-12-05 
10:08:47 UTC (rev 16302)
+++ trunk/apps/Echo/src/plugins/echo/editor/NodesPage.java      2007-12-05 
10:20:58 UTC (rev 16303)
@@ -21,7 +21,7 @@

        }

-       public void handleHTTPRequest(HTTPRequest req) {
+       public void handleHTTPRequest(HTTPRequest req, boolean isPost) {

                clear();


Modified: trunk/apps/Echo/src/plugins/echo/editor/Page.java
===================================================================
--- trunk/apps/Echo/src/plugins/echo/editor/Page.java   2007-12-05 10:08:47 UTC 
(rev 16302)
+++ trunk/apps/Echo/src/plugins/echo/editor/Page.java   2007-12-05 10:20:58 UTC 
(rev 16303)
@@ -38,7 +38,8 @@

        }

-       public abstract void handleHTTPRequest(HTTPRequest request);
+       // REDFLAG: ensure that only safe operations are allowed if !isPost
+       public abstract void handleHTTPRequest(HTTPRequest request, boolean 
isPost);

        /**
        *       Appends XML content to this page

Modified: trunk/apps/Echo/src/plugins/echo/editor/StaticPage.java
===================================================================
--- trunk/apps/Echo/src/plugins/echo/editor/StaticPage.java     2007-12-05 
10:08:47 UTC (rev 16302)
+++ trunk/apps/Echo/src/plugins/echo/editor/StaticPage.java     2007-12-05 
10:20:58 UTC (rev 16303)
@@ -44,7 +44,6 @@

        }

-       public void handleHTTPRequest(HTTPRequest request) {    }
-
+       public void handleHTTPRequest(HTTPRequest request, boolean isPost) {}
 }

Reply via email to