I'm in favor of making them private, I'm also in favor using MODULE instead of module.
Regards Scott On 30 Dec 2014 07:36, "Adrian Crum" <[email protected]> wrote: > +public class UtilCodec { > + private static final String module = UtilCodec.class.getName(); > > The last time I made the module field private someone complained that it > doesn't follow the de-facto standard of making it public. My personal > preference is to make it private, but there needs to be an agreement within > the community. > > Adrian Crum > Sandglass Software > www.sandglass-software.com > > On 12/29/2014 6:24 PM, [email protected] wrote: > >> Author: jacopoc >> Date: Mon Dec 29 18:24:57 2014 >> New Revision: 1648403 >> >> URL: http://svn.apache.org/r1648403 >> Log: >> Moved code dependent on OWASP ESAPI and utilities for codec tasks from >> StringUtil to a new UtilCodec class: now the UtilCodec class is the only >> class dependent on OWASP ESAPI. >> The DefaultEncoder from OWASP ESAPI, used internally by UtilCodec is now >> built with the default constructor that also adds the JavascriptCodec to >> the list of codecs used to canonicalize and validate the input. >> Renamed the UrlEncoder class to UrlCodec in order to better describe its >> behavior. >> Misc minor cleanups. >> Added to the list of tests of the base component a series of Junit test >> classes that were missing. >> >> >> Added: >> ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilCodec.java >> (with props) >> >> ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/UtilCodecTests.java >> (with props) >> >> ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/UtilHttpTests.java >> (with props) >> Modified: >> ofbiz/trunk/applications/content/src/org/ofbiz/content/ >> content/ContentUrlFilter.java >> ofbiz/trunk/framework/base/src/org/ofbiz/base/util/StringUtil.java >> ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilHttp.java >> ofbiz/trunk/framework/base/src/org/ofbiz/base/util/ >> template/FreeMarkerWorker.java >> ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/ >> StringUtilTests.java >> ofbiz/trunk/framework/base/testdef/basetests.xml >> ofbiz/trunk/framework/common/src/org/ofbiz/common/ >> CommonServices.java >> ofbiz/trunk/framework/service/src/org/ofbiz/service/ >> ModelService.java >> ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ >> ControlServlet.java >> ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ >> RequestHandler.java >> ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/ftl/ >> OfbizContentTransform.java >> ofbiz/trunk/framework/webtools/src/org/ofbiz/webtools/labelmanager/ >> LabelManagerFactory.java >> ofbiz/trunk/framework/widget/src/org/ofbiz/widget/WidgetWorker.java >> ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/ >> MacroFormRenderer.java >> ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/ >> ModelForm.java >> ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/ >> ModelFormField.java >> ofbiz/trunk/framework/widget/src/org/ofbiz/widget/html/ >> HtmlFormRenderer.java >> ofbiz/trunk/framework/widget/src/org/ofbiz/widget/html/ >> HtmlMenuRenderer.java >> ofbiz/trunk/framework/widget/src/org/ofbiz/widget/menu/ >> MacroMenuRenderer.java >> ofbiz/trunk/framework/widget/src/org/ofbiz/widget/menu/ >> ModelMenuItem.java >> ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/ >> HtmlWidget.java >> ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/ >> MacroScreenViewHandler.java >> ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/ >> ModelScreenWidget.java >> ofbiz/trunk/framework/widget/src/org/ofbiz/widget/screen/ >> ScreenFopViewHandler.java >> ofbiz/trunk/framework/widget/src/org/ofbiz/widget/tree/ >> ModelTree.java >> ofbiz/trunk/specialpurpose/ebay/src/org/ofbiz/ebay/ >> ProductsExportToEbay.java >> >> Modified: ofbiz/trunk/applications/content/src/org/ofbiz/content/ >> content/ContentUrlFilter.java >> URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/ >> content/src/org/ofbiz/content/content/ContentUrlFilter.java? >> rev=1648403&r1=1648402&r2=1648403&view=diff >> ============================================================ >> ================== >> --- >> ofbiz/trunk/applications/content/src/org/ofbiz/content/content/ContentUrlFilter.java >> (original) >> +++ >> ofbiz/trunk/applications/content/src/org/ofbiz/content/content/ContentUrlFilter.java >> Mon Dec 29 18:24:57 2014 >> @@ -31,7 +31,7 @@ import javax.servlet.http.HttpServletReq >> import javax.servlet.http.HttpServletResponse; >> >> import org.ofbiz.base.util.Debug; >> -import org.ofbiz.base.util.StringUtil; >> +import org.ofbiz.base.util.UtilCodec; >> import org.ofbiz.base.util.UtilHttp; >> import org.ofbiz.base.util.UtilValidate; >> import org.ofbiz.common.UrlServletHelper; >> @@ -117,7 +117,7 @@ public class ContentUrlFilter extends Co >> .queryFirst(); >> if (contentAssocDataResource != null) { >> url = contentAssocDataResource. >> getString("drObjectInfo"); >> - url = StringUtil.getDecoder("url").decode(url); >> + url = UtilCodec.getDecoder("url").decode(url); >> String mountPoint = request.getContextPath(); >> if (!(mountPoint.equals("/")) && >> !(mountPoint.equals(""))) { >> url = mountPoint + url; >> >> Modified: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/ >> StringUtil.java >> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/ >> src/org/ofbiz/base/util/StringUtil.java?rev=1648403& >> r1=1648402&r2=1648403&view=diff >> ============================================================ >> ================== >> --- ofbiz/trunk/framework/base/src/org/ofbiz/base/util/StringUtil.java >> (original) >> +++ ofbiz/trunk/framework/base/src/org/ofbiz/base/util/StringUtil.java >> Mon Dec 29 18:24:57 2014 >> @@ -21,7 +21,6 @@ package org.ofbiz.base.util; >> import java.io.UnsupportedEncodingException; >> import java.net.URLDecoder; >> import java.net.URLEncoder; >> -import java.util.Arrays; >> import java.util.Collection; >> import java.util.HashMap; >> import java.util.HashSet; >> @@ -36,12 +35,6 @@ import java.util.regex.Pattern; >> import org.apache.commons.codec.DecoderException; >> import org.apache.commons.codec.binary.Hex; >> import org.ofbiz.base.lang.Appender; >> -import org.owasp.esapi.codecs.Codec; >> -import org.owasp.esapi.codecs.HTMLEntityCodec; >> -import org.owasp.esapi.codecs.PercentCodec; >> -import org.owasp.esapi.errors.EncodingException; >> -import org.owasp.esapi.errors.IntrusionException; >> -import org.owasp.esapi.reference.DefaultEncoder; >> >> /** >> * Misc String Utility Functions >> @@ -54,11 +47,7 @@ public class StringUtil { >> // FIXME: Not thread safe >> protected static final Map<String, Pattern> substitutionPatternMap; >> >> - private static final DefaultEncoder defaultWebEncoder; >> static { >> - // possible codecs: CSSCodec, HTMLEntityCodec, JavaScriptCodec, >> MySQLCodec, OracleCodec, PercentCodec, UnixCodec, VBScriptCodec, >> WindowsCodec >> - List<Codec> codecList = Arrays.asList(new HTMLEntityCodec(), new >> PercentCodec()); >> - defaultWebEncoder = new DefaultEncoder(codecList); >> substitutionPatternMap = new HashMap<String, Pattern>(); >> substitutionPatternMap.put("&&", Pattern.compile("@and", >> Pattern.LITERAL)); >> substitutionPatternMap.put("||", Pattern.compile("@or", >> Pattern.LITERAL)); >> @@ -68,87 +57,9 @@ public class StringUtil { >> substitutionPatternMap.put(">", Pattern.compile("@gt", >> Pattern.LITERAL)); >> } >> >> - private static final HtmlEncoder htmlEncoder = new HtmlEncoder(); >> - private static final XmlEncoder xmlEncoder = new XmlEncoder(); >> - private static final StringEncoder stringEncoder = new >> StringEncoder(); >> - private static final UrlEncoder urlEncoder = new UrlEncoder(); >> - >> private StringUtil() { >> } >> >> - public static interface SimpleEncoder { >> - public String encode(String original); >> - } >> - >> - public static interface SimpleDecoder { >> - public String decode(String original); >> - } >> - >> - public static class HtmlEncoder implements SimpleEncoder { >> - public String encode(String original) { >> - return StringUtil.defaultWebEncoder.encodeForHTML(original); >> - } >> - } >> - >> - public static class XmlEncoder implements SimpleEncoder { >> - public String encode(String original) { >> - return StringUtil.defaultWebEncoder.encodeForXML(original); >> - } >> - } >> - >> - public static class UrlEncoder implements SimpleEncoder, >> SimpleDecoder { >> - public String encode(String original) { >> - try { >> - return StringUtil.defaultWebEncoder. >> encodeForURL(original); >> - } catch (EncodingException ee) { >> - Debug.logError(ee, module); >> - return null; >> - } >> - } >> - >> - public String decode(String original) { >> - try { >> - return StringUtil.defaultWebEncoder. >> decodeFromURL(original); >> - } catch (EncodingException ee) { >> - Debug.logError(ee, module); >> - return null; >> - } >> - } >> - } >> - >> - public static class StringEncoder implements SimpleEncoder { >> - public String encode(String original) { >> - if (original != null) { >> - original = original.replace("\"", "\\\""); >> - } >> - return original; >> - } >> - } >> - >> - // ================== Begin General Functions ================== >> - >> - public static SimpleEncoder getEncoder(String type) { >> - if ("url".equals(type)) { >> - return StringUtil.urlEncoder; >> - } else if ("xml".equals(type)) { >> - return StringUtil.xmlEncoder; >> - } else if ("html".equals(type)) { >> - return StringUtil.htmlEncoder; >> - } else if ("string".equals(type)) { >> - return StringUtil.stringEncoder; >> - } else { >> - return null; >> - } >> - } >> - >> - public static SimpleDecoder getDecoder(String type) { >> - if ("url".equals(type)) { >> - return StringUtil.urlEncoder; >> - } else { >> - return null; >> - } >> - } >> - >> public static String internString(String value) { >> return value != null ? value.intern() : null; >> } >> @@ -623,70 +534,6 @@ public class StringUtil { >> return result; >> } >> >> - public static String canonicalize(String value) throws >> IntrusionException { >> - return defaultWebEncoder.canonicalize(value); >> - } >> - >> - public static String canonicalize(String value, boolean strict) >> throws IntrusionException { >> - return defaultWebEncoder.canonicalize(value, strict); >> - } >> - /** >> - * Uses a black-list approach for necessary characters for HTML. >> - * Does not allow various characters (after canonicalization), >> including "<", ">", "&" (if not followed by a space), and "%" (if not >> followed by a space). >> - * >> - * @param value >> - * @param errorMessageList >> - */ >> - public static String checkStringForHtmlStrictNone(String valueName, >> String value, List<String> errorMessageList) { >> - if (UtilValidate.isEmpty(value)) return value; >> - >> - // canonicalize, strict (error on double-encoding) >> - try { >> - value = canonicalize(value, true); >> - } catch (IntrusionException e) { >> - // NOTE: using different log and user targeted error >> messages to allow the end-user message to be less technical >> - Debug.logError("Canonicalization (format consistency, >> character escaping that is mixed or double, etc) error for attribute named >> [" + valueName + "], String [" + value + "]: " + e.toString(), module); >> - errorMessageList.add("In field [" + valueName + "] found >> character escaping (mixed or double) that is not allowed or other format >> consistency error: " + e.toString()); >> - } >> - >> - // check for "<", ">" >> - if (value.indexOf("<") >= 0 || value.indexOf(">") >= 0) { >> - errorMessageList.add("In field [" + valueName + "] less-than >> (<) and greater-than (>) symbols are not allowed."); >> - } >> - >> - /* NOTE DEJ 20090311: After playing with this more this doesn't >> seem to be necessary; the canonicalize will convert all such characters >> into actual text before this check is done, including other illegal chars >> like < which will canonicalize to < and then get caught >> - // check for & followed a semicolon within 7 characters, no >> spaces in-between (and perhaps other things sometime?) >> - int curAmpIndex = value.indexOf("&"); >> - while (curAmpIndex > -1) { >> - int semicolonIndex = value.indexOf(";", curAmpIndex + 1); >> - int spaceIndex = value.indexOf(" ", curAmpIndex + 1); >> - if (semicolonIndex > -1 && (semicolonIndex - curAmpIndex <= >> 7) && (spaceIndex < 0 || (spaceIndex > curAmpIndex && spaceIndex < >> semicolonIndex))) { >> - errorMessageList.add("In field [" + valueName + "] the >> ampersand (&) symbol is only allowed if not used as an encoded character: >> no semicolon (;) within 7 spaces or there is a space between."); >> - // once we find one like this we have the message so no >> need to check for more >> - break; >> - } >> - curAmpIndex = value.indexOf("&", curAmpIndex + 1); >> - } >> - */ >> - >> - /* NOTE DEJ 20090311: After playing with this more this doesn't >> seem to be necessary; the canonicalize will convert all such characters >> into actual text before this check is done, including other illegal chars >> like %3C which will canonicalize to < and then get caught >> - // check for % followed by 2 hex characters >> - int curPercIndex = value.indexOf("%"); >> - while (curPercIndex >= 0) { >> - if (value.length() > (curPercIndex + 3) && >> UtilValidate.isHexDigit(value.charAt(curPercIndex + 1)) && >> UtilValidate.isHexDigit(value.charAt(curPercIndex + 2))) { >> - errorMessageList.add("In field [" + valueName + "] the >> percent (%) symbol is only allowed if followed by a space."); >> - // once we find one like this we have the message so no >> need to check for more >> - break; >> - } >> - curPercIndex = value.indexOf("%", curPercIndex + 1); >> - } >> - */ >> - >> - // TODO: anything else to check for that can be used to get HTML >> or JavaScript going without these characters? >> - >> - return value; >> - } >> - >> /** >> * Remove/collapse multiple newline characters >> * >> @@ -807,57 +654,4 @@ public class StringUtil { >> return this.theString; >> } >> } >> - >> - /** >> - * A simple Map wrapper class that will do HTML encoding. To be used >> for passing a Map to something that will expand Strings with it as a >> context, etc. >> - */ >> - public static class HtmlEncodingMapWrapper<K> implements Map<K, >> Object> { >> - public static <K> HtmlEncodingMapWrapper<K> >> getHtmlEncodingMapWrapper(Map<K, Object> mapToWrap, SimpleEncoder >> encoder) { >> - if (mapToWrap == null) return null; >> - >> - HtmlEncodingMapWrapper<K> mapWrapper = new >> HtmlEncodingMapWrapper<K>(); >> - mapWrapper.setup(mapToWrap, encoder); >> - return mapWrapper; >> - } >> - >> - protected Map<K, Object> internalMap = null; >> - protected SimpleEncoder encoder = null; >> - protected HtmlEncodingMapWrapper() { } >> - >> - public void setup(Map<K, Object> mapToWrap, SimpleEncoder >> encoder) { >> - this.internalMap = mapToWrap; >> - this.encoder = encoder; >> - } >> - public void reset() { >> - this.internalMap = null; >> - this.encoder = null; >> - } >> - >> - public int size() { return this.internalMap.size(); } >> - public boolean isEmpty() { return this.internalMap.isEmpty(); } >> - public boolean containsKey(Object key) { return >> this.internalMap.containsKey(key); } >> - public boolean containsValue(Object value) { return >> this.internalMap.containsValue(value); } >> - public Object get(Object key) { >> - Object theObject = this.internalMap.get(key); >> - if (theObject instanceof String) { >> - if (this.encoder != null) { >> - return encoder.encode((String) theObject); >> - } else { >> - return >> StringUtil.defaultWebEncoder.encodeForHTML((String) >> theObject); >> - } >> - } else if (theObject instanceof Map<?, ?>) { >> - return >> HtmlEncodingMapWrapper.getHtmlEncodingMapWrapper(UtilGenerics.<K, >> Object>checkMap(theObject), this.encoder); >> - } >> - return theObject; >> - } >> - public Object put(K key, Object value) { return >> this.internalMap.put(key, value); } >> - public Object remove(Object key) { return >> this.internalMap.remove(key); } >> - public void putAll(Map<? extends K, ? extends Object> arg0) { >> this.internalMap.putAll(arg0); } >> - public void clear() { this.internalMap.clear(); } >> - public Set<K> keySet() { return this.internalMap.keySet(); } >> - public Collection<Object> values() { return >> this.internalMap.values(); } >> - public Set<Map.Entry<K, Object>> entrySet() { return >> this.internalMap.entrySet(); } >> - @Override >> - public String toString() { return this.internalMap.toString(); } >> - } >> } >> >> Added: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilCodec.java >> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/ >> src/org/ofbiz/base/util/UtilCodec.java?rev=1648403&view=auto >> ============================================================ >> ================== >> --- ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilCodec.java >> (added) >> +++ ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilCodec.java >> Mon Dec 29 18:24:57 2014 >> @@ -0,0 +1,232 @@ >> +/********************************************************** >> ********************* >> + * Licensed to the Apache Software Foundation (ASF) under one >> + * or more contributor license agreements. See the NOTICE file >> + * distributed with this work for additional information >> + * regarding copyright ownership. The ASF licenses this file >> + * to you under the Apache License, Version 2.0 (the >> + * "License"); you may not use this file except in compliance >> + * with the License. You may obtain a copy of the License at >> + * >> + * http://www.apache.org/licenses/LICENSE-2.0 >> + * >> + * Unless required by applicable law or agreed to in writing, >> + * software distributed under the License is distributed on an >> + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY >> + * KIND, either express or implied. See the License for the >> + * specific language governing permissions and limitations >> + * under the License. >> + ************************************************************ >> *******************/ >> +package org.ofbiz.base.util; >> + >> +import org.owasp.esapi.errors.IntrusionException; >> +import org.owasp.esapi.reference.DefaultEncoder; >> + >> +import java.io.UnsupportedEncodingException; >> +import java.net.URLDecoder; >> +import java.net.URLEncoder; >> +import java.util.Collection; >> +import java.util.List; >> +import java.util.Map; >> +import java.util.Set; >> + >> +public class UtilCodec { >> + private static final String module = UtilCodec.class.getName(); >> + private static final DefaultEncoder defaultWebEncoder = new >> DefaultEncoder(); >> + private static final HtmlEncoder htmlEncoder = new HtmlEncoder(); >> + private static final XmlEncoder xmlEncoder = new XmlEncoder(); >> + private static final StringEncoder stringEncoder = new >> StringEncoder(); >> + private static final UrlCodec urlEncoder = new UrlCodec(); >> + >> + public static interface SimpleEncoder { >> + public String encode(String original); >> + } >> + >> + public static interface SimpleDecoder { >> + public String decode(String original); >> + } >> + >> + public static class HtmlEncoder implements SimpleEncoder { >> + public String encode(String original) { >> + return defaultWebEncoder.encodeForHTML(original); >> + } >> + } >> + >> + public static class XmlEncoder implements SimpleEncoder { >> + public String encode(String original) { >> + return defaultWebEncoder.encodeForXML(original); >> + } >> + } >> + >> + public static class UrlCodec implements SimpleEncoder, SimpleDecoder >> { >> + public String encode(String original) { >> + try { >> + return URLEncoder.encode(original, "UTF-8"); >> + } catch (UnsupportedEncodingException ee) { >> + Debug.logError(ee, module); >> + return null; >> + } >> + } >> + >> + public String decode(String original) { >> + try { >> + String canonical = canonicalize(original); >> + return URLDecoder.decode(canonical, "UTF-8"); >> + } catch (UnsupportedEncodingException ee) { >> + Debug.logError(ee, module); >> + return null; >> + } >> + } >> + } >> + >> + public static class StringEncoder implements SimpleEncoder { >> + public String encode(String original) { >> + if (original != null) { >> + original = original.replace("\"", "\\\""); >> + } >> + return original; >> + } >> + } >> + >> + // ================== Begin General Functions ================== >> + >> + public static SimpleEncoder getEncoder(String type) { >> + if ("url".equals(type)) { >> + return urlEncoder; >> + } else if ("xml".equals(type)) { >> + return xmlEncoder; >> + } else if ("html".equals(type)) { >> + return htmlEncoder; >> + } else if ("string".equals(type)) { >> + return stringEncoder; >> + } else { >> + return null; >> + } >> + } >> + >> + public static SimpleDecoder getDecoder(String type) { >> + if ("url".equals(type)) { >> + return urlEncoder; >> + } else { >> + return null; >> + } >> + } >> + >> + public static String canonicalize(String value) throws >> IntrusionException { >> + return defaultWebEncoder.canonicalize(value); >> + } >> + >> + public static String canonicalize(String value, boolean strict) >> throws IntrusionException { >> + return defaultWebEncoder.canonicalize(value, strict); >> + } >> + >> + /** >> + * Uses a black-list approach for necessary characters for HTML. >> + * Does not allow various characters (after canonicalization), >> including "<", ">", "&" (if not followed by a space), and "%" (if not >> followed by a space). >> + * >> + * @param value >> + * @param errorMessageList >> + */ >> + public static String checkStringForHtmlStrictNone(String valueName, >> String value, List<String> errorMessageList) { >> + if (UtilValidate.isEmpty(value)) return value; >> + >> + // canonicalize, strict (error on double-encoding) >> + try { >> + value = canonicalize(value, true); >> + } catch (IntrusionException e) { >> + // NOTE: using different log and user targeted error >> messages to allow the end-user message to be less technical >> + Debug.logError("Canonicalization (format consistency, >> character escaping that is mixed or double, etc) error for attribute named >> [" + valueName + "], String [" + value + "]: " + e.toString(), module); >> + errorMessageList.add("In field [" + valueName + "] found >> character escaping (mixed or double) that is not allowed or other format >> consistency error: " + e.toString()); >> + } >> + >> + // check for "<", ">" >> + if (value.indexOf("<") >= 0 || value.indexOf(">") >= 0) { >> + errorMessageList.add("In field [" + valueName + "] less-than >> (<) and greater-than (>) symbols are not allowed."); >> + } >> + >> + /* NOTE DEJ 20090311: After playing with this more this doesn't >> seem to be necessary; the canonicalize will convert all such characters >> into actual text before this check is done, including other illegal chars >> like < which will canonicalize to < and then get caught >> + // check for & followed a semicolon within 7 characters, no >> spaces in-between (and perhaps other things sometime?) >> + int curAmpIndex = value.indexOf("&"); >> + while (curAmpIndex > -1) { >> + int semicolonIndex = value.indexOf(";", curAmpIndex + 1); >> + int spaceIndex = value.indexOf(" ", curAmpIndex + 1); >> + if (semicolonIndex > -1 && (semicolonIndex - curAmpIndex <= >> 7) && (spaceIndex < 0 || (spaceIndex > curAmpIndex && spaceIndex < >> semicolonIndex))) { >> + errorMessageList.add("In field [" + valueName + "] the >> ampersand (&) symbol is only allowed if not used as an encoded character: >> no semicolon (;) within 7 spaces or there is a space between."); >> + // once we find one like this we have the message so no >> need to check for more >> + break; >> + } >> + curAmpIndex = value.indexOf("&", curAmpIndex + 1); >> + } >> + */ >> + >> + /* NOTE DEJ 20090311: After playing with this more this doesn't >> seem to be necessary; the canonicalize will convert all such characters >> into actual text before this check is done, including other illegal chars >> like %3C which will canonicalize to < and then get caught >> + // check for % followed by 2 hex characters >> + int curPercIndex = value.indexOf("%"); >> + while (curPercIndex >= 0) { >> + if (value.length() > (curPercIndex + 3) && >> UtilValidate.isHexDigit(value.charAt(curPercIndex + 1)) && >> UtilValidate.isHexDigit(value.charAt(curPercIndex + 2))) { >> + errorMessageList.add("In field [" + valueName + "] the >> percent (%) symbol is only allowed if followed by a space."); >> + // once we find one like this we have the message so no >> need to check for more >> + break; >> + } >> + curPercIndex = value.indexOf("%", curPercIndex + 1); >> + } >> + */ >> + >> + // TODO: anything else to check for that can be used to get HTML >> or JavaScript going without these characters? >> + >> + return value; >> + } >> + >> + /** >> + * A simple Map wrapper class that will do HTML encoding. To be used >> for passing a Map to something that will expand Strings with it as a >> context, etc. >> + */ >> + public static class HtmlEncodingMapWrapper<K> implements Map<K, >> Object> { >> + public static <K> HtmlEncodingMapWrapper<K> >> getHtmlEncodingMapWrapper(Map<K, Object> mapToWrap, SimpleEncoder >> encoder) { >> + if (mapToWrap == null) return null; >> + >> + HtmlEncodingMapWrapper<K> mapWrapper = new >> HtmlEncodingMapWrapper<K>(); >> + mapWrapper.setup(mapToWrap, encoder); >> + return mapWrapper; >> + } >> + >> + protected Map<K, Object> internalMap = null; >> + protected SimpleEncoder encoder = null; >> + protected HtmlEncodingMapWrapper() { } >> + >> + public void setup(Map<K, Object> mapToWrap, SimpleEncoder >> encoder) { >> + this.internalMap = mapToWrap; >> + this.encoder = encoder; >> + } >> + public void reset() { >> + this.internalMap = null; >> + this.encoder = null; >> + } >> + >> + public int size() { return this.internalMap.size(); } >> + public boolean isEmpty() { return this.internalMap.isEmpty(); } >> + public boolean containsKey(Object key) { return >> this.internalMap.containsKey(key); } >> + public boolean containsValue(Object value) { return >> this.internalMap.containsValue(value); } >> + public Object get(Object key) { >> + Object theObject = this.internalMap.get(key); >> + if (theObject instanceof String) { >> + if (this.encoder != null) { >> + return encoder.encode((String) theObject); >> + } else { >> + return defaultWebEncoder.encodeForHTML((String) >> theObject); >> + } >> + } else if (theObject instanceof Map<?, ?>) { >> + return >> HtmlEncodingMapWrapper.getHtmlEncodingMapWrapper(UtilGenerics.<K, >> Object>checkMap(theObject), this.encoder); >> + } >> + return theObject; >> + } >> + public Object put(K key, Object value) { return >> this.internalMap.put(key, value); } >> + public Object remove(Object key) { return >> this.internalMap.remove(key); } >> + public void putAll(Map<? extends K, ? extends Object> arg0) { >> this.internalMap.putAll(arg0); } >> + public void clear() { this.internalMap.clear(); } >> + public Set<K> keySet() { return this.internalMap.keySet(); } >> + public Collection<Object> values() { return >> this.internalMap.values(); } >> + public Set<Map.Entry<K, Object>> entrySet() { return >> this.internalMap.entrySet(); } >> + @Override >> + public String toString() { return this.internalMap.toString(); } >> + } >> + >> +} >> >> Propchange: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/ >> UtilCodec.java >> ------------------------------------------------------------ >> ------------------ >> svn:eol-style = native >> >> Propchange: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/ >> UtilCodec.java >> ------------------------------------------------------------ >> ------------------ >> svn:keywords = Date Rev Author URL Id >> >> Propchange: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/ >> UtilCodec.java >> ------------------------------------------------------------ >> ------------------ >> svn:mime-type = text/plain >> >> Modified: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/ >> UtilHttp.java >> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/ >> src/org/ofbiz/base/util/UtilHttp.java?rev=1648403&r1= >> 1648402&r2=1648403&view=diff >> ============================================================ >> ================== >> --- ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilHttp.java >> (original) >> +++ ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilHttp.java Mon >> Dec 29 18:24:57 2014 >> @@ -250,7 +250,7 @@ public class UtilHttp { >> public static String canonicalizeParameter(String paramValue) { >> try { >> /** calling canonicalize with strict flag set to false so >> we only get warnings about double encoding, etc; can be set to true for >> exceptions and more security */ >> - String cannedStr = StringUtil.canonicalize(paramValue, >> false); >> + String cannedStr = UtilCodec.canonicalize(paramValue, >> false); >> if (Debug.verboseOn()) Debug.logVerbose("Canonicalized >> parameter with " + (cannedStr.equals(paramValue) ? "no " : "") + "change: >> original [" + paramValue + "] canned [" + cannedStr + "]", module); >> return cannedStr; >> } catch (Exception e) { >> @@ -790,14 +790,14 @@ public class UtilHttp { >> buf.append("&"); >> } >> } >> - buf.append(StringUtil. >> getEncoder("url").encode(name)); >> + buf.append(UtilCodec. >> getEncoder("url").encode(name)); >> /* the old way: try { >> buf.append(URLEncoder.encode(name, >> "UTF-8")); >> } catch (UnsupportedEncodingException e) { >> Debug.logError(e, module); >> } */ >> buf.append('='); >> - buf.append(StringUtil.getEncoder("url").encode( >> valueStr)); >> + buf.append(UtilCodec.getEncoder("url").encode( >> valueStr)); >> /* the old way: try { >> buf.append(URLEncoder.encode(valueStr, >> "UTF-8")); >> } catch (UnsupportedEncodingException e) { >> >> Modified: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/ >> template/FreeMarkerWorker.java >> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/ >> src/org/ofbiz/base/util/template/FreeMarkerWorker. >> java?rev=1648403&r1=1648402&r2=1648403&view=diff >> ============================================================ >> ================== >> --- >> ofbiz/trunk/framework/base/src/org/ofbiz/base/util/template/FreeMarkerWorker.java >> (original) >> +++ >> ofbiz/trunk/framework/base/src/org/ofbiz/base/util/template/FreeMarkerWorker.java >> Mon Dec 29 18:24:57 2014 >> @@ -47,6 +47,7 @@ import javax.servlet.http.HttpServletReq >> import org.ofbiz.base.location.FlexibleLocation; >> import org.ofbiz.base.util.Debug; >> import org.ofbiz.base.util.StringUtil; >> +import org.ofbiz.base.util.UtilCodec; >> import org.ofbiz.base.util.UtilGenerics; >> import org.ofbiz.base.util.UtilMisc; >> import org.ofbiz.base.util.UtilProperties; >> @@ -687,7 +688,7 @@ public class FreeMarkerWorker { >> te.printStackTrace(pw); >> String stackTrace = tempWriter.toString(); >> >> - StringUtil.SimpleEncoder simpleEncoder = FreeMarkerWorker. >> getWrappedObject("simpleEncoder", env); >> + UtilCodec.SimpleEncoder simpleEncoder = FreeMarkerWorker. >> getWrappedObject("simpleEncoder", env); >> if (simpleEncoder != null) { >> stackTrace = simpleEncoder.encode(stackTrace); >> } >> >> Modified: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/ >> StringUtilTests.java >> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/ >> src/org/ofbiz/base/util/test/StringUtilTests.java?rev= >> 1648403&r1=1648402&r2=1648403&view=diff >> ============================================================ >> ================== >> --- >> ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/StringUtilTests.java >> (original) >> +++ >> ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/StringUtilTests.java >> Mon Dec 29 18:24:57 2014 >> @@ -18,8 +18,6 @@ >> ************************************************************ >> *******************/ >> package org.ofbiz.base.util.test; >> >> -import java.util.ArrayList; >> -import java.util.Arrays; >> import java.util.Collections; >> import java.util.HashMap; >> import java.util.List; >> @@ -53,18 +51,6 @@ public class StringUtilTests extends Gen >> assertTrue("correct INSTANCE", StringUtil.INSTANCE instanceof >> StringUtil); >> } >> >> - private static void encoderTest(String label, >> StringUtil.SimpleEncoder encoder, String wanted, String toEncode) { >> - assertNull(label + "(encoder):null", encoder.encode(null)); >> - assertEquals(label + "(encoder):encode", wanted, >> encoder.encode(toEncode)); >> - } >> - >> - public void testGetEncoder() { >> - encoderTest("string", StringUtil.getEncoder("string"), >> "abc\\\"def", "abc\"def"); >> - encoderTest("xml", StringUtil.getEncoder("xml"), >> "<>'"", "<>'\""); >> - encoderTest("html", StringUtil.getEncoder("html"), >> "<>'"", "<>'\""); >> - assertNull("invalid encoder", StringUtil.getEncoder("foobar")); >> - } >> - >> public void testInternString() { >> assertSame("intern-constant", StringUtil.internString("foo"), >> StringUtil.internString("foo")); >> assertSame("intern-new", StringUtil.internString("foo"), >> StringUtil.internString(new String("foo"))); >> @@ -283,26 +269,6 @@ public class StringUtilTests extends Gen >> assertEquals("all converions", "one && two || three > four >= >> five < six <= seven", StringUtil.convertOperatorSubstitutions("one @and >> two @or three @gt four @gteq five @lt six @lteq seven")); >> } >> >> - private static void checkStringForHtmlStrictNone_test(String label, >> String fixed, String input, String... wantedMessages) { >> - List<String> gottenMessages = new ArrayList<String>(); >> - assertEquals(label, fixed, StringUtil. >> checkStringForHtmlStrictNone(label, input, gottenMessages)); >> - assertEquals(label, Arrays.asList(wantedMessages), >> gottenMessages); >> - } >> - >> - public void testCheckStringForHtmlStrictNone() { >> - checkStringForHtmlStrictNone_test("null pass-thru", null, null); >> - checkStringForHtmlStrictNone_test("empty pass-thru", "", ""); >> - checkStringForHtmlStrictNone_test("o-numeric-encode", "foo", >> "foo"); >> - checkStringForHtmlStrictNone_test("o-hex-encode", "foo", >> "f%6fo"); >> - checkStringForHtmlStrictNone_test("o-double-hex-encode", "foo", >> "f%256fo"); >> - checkStringForHtmlStrictNone_test("<-not-allowed", "f<oo", >> "f<oo", "In field [<-not-allowed] less-than (<) and greater-than (>) >> symbols are not allowed."); >> - checkStringForHtmlStrictNone_test(">-not-allowed", "f>oo", >> "f>oo", "In field [>-not-allowed] less-than (<) and greater-than (>) >> symbols are not allowed."); >> - checkStringForHtmlStrictNone_test("high-ascii", "fÀ®", >> "f%C0%AE"); >> - // this looks like a bug, namely the extra trailing ; >> - checkStringForHtmlStrictNone_test("double-ampersand", "f\";oo", >> "f%26quot%3boo"); >> - checkStringForHtmlStrictNone_test("double-encoding", >> "%2%353Cscript", "%2%353Cscript", "In field [double-encoding] found >> character escaping (mixed or double) that is not allowed or other format >> consistency error: org.owasp.esapi.errors.IntrusionException: Input >> validation failure"); >> - } >> - >> public void testCollapseNewlines() { >> } >> >> >> Added: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/ >> UtilCodecTests.java >> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/ >> src/org/ofbiz/base/util/test/UtilCodecTests.java?rev=1648403&view=auto >> ============================================================ >> ================== >> --- >> ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/UtilCodecTests.java >> (added) >> +++ >> ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/UtilCodecTests.java >> Mon Dec 29 18:24:57 2014 >> @@ -0,0 +1,64 @@ >> +/********************************************************** >> ********************* >> + * Licensed to the Apache Software Foundation (ASF) under one >> + * or more contributor license agreements. See the NOTICE file >> + * distributed with this work for additional information >> + * regarding copyright ownership. The ASF licenses this file >> + * to you under the Apache License, Version 2.0 (the >> + * "License"); you may not use this file except in compliance >> + * with the License. You may obtain a copy of the License at >> + * >> + * http://www.apache.org/licenses/LICENSE-2.0 >> + * >> + * Unless required by applicable law or agreed to in writing, >> + * software distributed under the License is distributed on an >> + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY >> + * KIND, either express or implied. See the License for the >> + * specific language governing permissions and limitations >> + * under the License. >> + ************************************************************ >> *******************/ >> +package org.ofbiz.base.util.test; >> + >> +import org.ofbiz.base.test.GenericTestCaseBase; >> +import org.ofbiz.base.util.UtilCodec; >> + >> +import java.util.ArrayList; >> +import java.util.Arrays; >> +import java.util.List; >> + >> +public class UtilCodecTests extends GenericTestCaseBase { >> + public UtilCodecTests(String name) { >> + super(name); >> + } >> + >> + private static void encoderTest(String label, >> UtilCodec.SimpleEncoder encoder, String wanted, String toEncode) { >> + assertNull(label + "(encoder):null", encoder.encode(null)); >> + assertEquals(label + "(encoder):encode", wanted, >> encoder.encode(toEncode)); >> + } >> + >> + public void testGetEncoder() { >> + encoderTest("string", UtilCodec.getEncoder("string"), >> "abc\\\"def", "abc\"def"); >> + encoderTest("xml", UtilCodec.getEncoder("xml"), >> "<>'"", "<>'\""); >> + encoderTest("html", UtilCodec.getEncoder("html"), >> "<>'"", "<>'\""); >> + assertNull("invalid encoder", UtilCodec.getEncoder("foobar")); >> + } >> + private static void checkStringForHtmlStrictNone_test(String label, >> String fixed, String input, String... wantedMessages) { >> + List<String> gottenMessages = new ArrayList<String>(); >> + assertEquals(label, fixed, UtilCodec. >> checkStringForHtmlStrictNone(label, input, gottenMessages)); >> + assertEquals(label, Arrays.asList(wantedMessages), >> gottenMessages); >> + } >> + >> + public void testCheckStringForHtmlStrictNone() { >> + checkStringForHtmlStrictNone_test("null pass-thru", null, null); >> + checkStringForHtmlStrictNone_test("empty pass-thru", "", ""); >> + checkStringForHtmlStrictNone_test("o-numeric-encode", "foo", >> "foo"); >> + checkStringForHtmlStrictNone_test("o-hex-encode", "foo", >> "f%6fo"); >> + checkStringForHtmlStrictNone_test("o-double-hex-encode", "foo", >> "f%256fo"); >> + checkStringForHtmlStrictNone_test("<-not-allowed", "f<oo", >> "f<oo", "In field [<-not-allowed] less-than (<) and greater-than (>) >> symbols are not allowed."); >> + checkStringForHtmlStrictNone_test(">-not-allowed", "f>oo", >> "f>oo", "In field [>-not-allowed] less-than (<) and greater-than (>) >> symbols are not allowed."); >> + checkStringForHtmlStrictNone_test("high-ascii", "fÀ®", >> "f%C0%AE"); >> + // this looks like a bug, namely the extra trailing ; >> + checkStringForHtmlStrictNone_test("double-ampersand", "f\";oo", >> "f%26quot%3boo"); >> + checkStringForHtmlStrictNone_test("double-encoding", >> "%2%353Cscript", "%2%353Cscript", "In field [double-encoding] found >> character escaping (mixed or double) that is not allowed or other format >> consistency error: org.owasp.esapi.errors.IntrusionException: Input >> validation failure"); >> + } >> + >> +} >> >> Propchange: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/ >> UtilCodecTests.java >> ------------------------------------------------------------ >> ------------------ >> svn:eol-style = native >> >> Propchange: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/ >> UtilCodecTests.java >> ------------------------------------------------------------ >> ------------------ >> svn:keywords = Date Rev Author URL Id >> >> Propchange: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/ >> UtilCodecTests.java >> ------------------------------------------------------------ >> ------------------ >> svn:mime-type = text/plain >> >> Added: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/ >> UtilHttpTests.java >> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/ >> src/org/ofbiz/base/util/test/UtilHttpTests.java?rev=1648403&view=auto >> ============================================================ >> ================== >> --- >> ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/UtilHttpTests.java >> (added) >> +++ >> ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/UtilHttpTests.java >> Mon Dec 29 18:24:57 2014 >> @@ -0,0 +1,30 @@ >> +/********************************************************** >> ********************* >> + * Licensed to the Apache Software Foundation (ASF) under one >> + * or more contributor license agreements. See the NOTICE file >> + * distributed with this work for additional information >> + * regarding copyright ownership. The ASF licenses this file >> + * to you under the Apache License, Version 2.0 (the >> + * "License"); you may not use this file except in compliance >> + * with the License. You may obtain a copy of the License at >> + * >> + * http://www.apache.org/licenses/LICENSE-2.0 >> + * >> + * Unless required by applicable law or agreed to in writing, >> + * software distributed under the License is distributed on an >> + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY >> + * KIND, either express or implied. See the License for the >> + * specific language governing permissions and limitations >> + * under the License. >> + ************************************************************ >> *******************/ >> +package org.ofbiz.base.util.test; >> + >> +import org.ofbiz.base.test.GenericTestCaseBase; >> + >> +public class UtilHttpTests extends GenericTestCaseBase { >> + public UtilHttpTests(String name) { >> + super(name); >> + } >> + >> + public void testGetParameterMap() throws Exception { >> + } >> +} >> >> Propchange: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/ >> UtilHttpTests.java >> ------------------------------------------------------------ >> ------------------ >> svn:eol-style = native >> >> Propchange: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/ >> UtilHttpTests.java >> ------------------------------------------------------------ >> ------------------ >> svn:keywords = Date Rev Author URL Id >> >> Propchange: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/test/ >> UtilHttpTests.java >> ------------------------------------------------------------ >> ------------------ >> svn:mime-type = text/plain >> >> Modified: ofbiz/trunk/framework/base/testdef/basetests.xml >> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/ >> testdef/basetests.xml?rev=1648403&r1=1648402&r2=1648403&view=diff >> ============================================================ >> ================== >> --- ofbiz/trunk/framework/base/testdef/basetests.xml (original) >> +++ ofbiz/trunk/framework/base/testdef/basetests.xml Mon Dec 29 18:24:57 >> 2014 >> @@ -23,9 +23,14 @@ >> xsi:noNamespaceSchemaLocation="http://ofbiz.apache.org/dtds/ >> test-suite.xsd"> >> <test-group case-name="basetests"> >> <junit-test-suite class-name="org.ofbiz.base.lang.test. >> ComparableRangeTests"/> >> + <junit-test-suite class-name="org.ofbiz.base. >> util.test.AssertTests"/> >> <junit-test-suite class-name="org.ofbiz.base.util.test. >> IndentingWriterTests"/> >> <junit-test-suite class-name="org.ofbiz.base. >> util.test.ObjectTypeTests"/> >> + <!--junit-test-suite class-name="org.ofbiz.base.util.test. >> ReferenceCleanerTests"/--> >> <junit-test-suite class-name="org.ofbiz.base. >> util.test.UtilObjectTests"/> >> + <junit-test-suite class-name="org.ofbiz.base. >> util.test.StringUtilTests"/> >> + <junit-test-suite class-name="org.ofbiz.base. >> util.test.UtilHttpTests"/> >> + <junit-test-suite class-name="org.ofbiz.base. >> util.test.UtilCodecTests"/> >> <junit-test-suite class-name="org.ofbiz.base.util.string.test. >> FlexibleStringExpanderTests"/> >> <junit-test-suite class-name="org.ofbiz.base. >> util.collections.test.FlexibleMapAccessorTests"/> >> <junit-test-suite class-name="org.ofbiz.base. >> util.test.TimeDurationTests"/> >> >> Modified: ofbiz/trunk/framework/common/src/org/ofbiz/common/ >> CommonServices.java >> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/common/ >> src/org/ofbiz/common/CommonServices.java?rev= >> 1648403&r1=1648402&r2=1648403&view=diff >> ============================================================ >> ================== >> --- ofbiz/trunk/framework/common/src/org/ofbiz/common/CommonServices.java >> (original) >> +++ ofbiz/trunk/framework/common/src/org/ofbiz/common/CommonServices.java >> Mon Dec 29 18:24:57 2014 >> @@ -46,7 +46,7 @@ import javax.mail.internet.MimeMessage; >> import org.ofbiz.base.metrics.Metrics; >> import org.ofbiz.base.metrics.MetricsFactory; >> import org.ofbiz.base.util.Debug; >> -import org.ofbiz.base.util.StringUtil; >> +import org.ofbiz.base.util.UtilCodec; >> import org.ofbiz.base.util.UtilDateTime; >> import org.ofbiz.base.util.UtilMisc; >> import org.ofbiz.base.util.UtilProperties; >> @@ -539,7 +539,7 @@ public class CommonServices { >> >> public static Map<String, Object> resetMetric(DispatchContext dctx, >> Map<String, ?> context) { >> String originalName = (String) context.get("name"); >> - String name = StringUtil.getDecoder("url").decode(originalName); >> + String name = UtilCodec.getDecoder("url").decode(originalName); >> if (name == null) { >> return ServiceUtil.returnError("Exception thrown while >> decoding metric name \"" + originalName + "\""); >> } >> >> Modified: ofbiz/trunk/framework/service/src/org/ofbiz/service/ >> ModelService.java >> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/service/ >> src/org/ofbiz/service/ModelService.java?rev=1648403& >> r1=1648402&r2=1648403&view=diff >> ============================================================ >> ================== >> --- ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelService.java >> (original) >> +++ ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelService.java >> Mon Dec 29 18:24:57 2014 >> @@ -63,7 +63,7 @@ import org.ofbiz.base.metrics.Metrics; >> import org.ofbiz.base.util.Debug; >> import org.ofbiz.base.util.GeneralException; >> import org.ofbiz.base.util.ObjectType; >> -import org.ofbiz.base.util.StringUtil; >> +import org.ofbiz.base.util.UtilCodec; >> import org.ofbiz.base.util.UtilMisc; >> import org.ofbiz.base.util.UtilProperties; >> import org.ofbiz.base.util.UtilValidate; >> @@ -584,7 +584,7 @@ public class ModelService extends Abstra >> if (context.get(modelParam.name) != null && >> ("String".equals(modelParam.type) || "java.lang.String".equals( >> modelParam.type)) >> && !"any".equals(modelParam.allowHtml) && >> ("INOUT".equals(modelParam.mode) || "IN".equals(modelParam.mode))) { >> String value = (String) >> context.get(modelParam.name); >> - StringUtil.checkStringForHtmlStrictNone(modelParam.name, >> value, errorMessageList); >> + UtilCodec.checkStringForHtmlStrictNone(modelParam.name, >> value, errorMessageList); >> } >> } >> if (errorMessageList.size() > 0) { >> >> Modified: ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ >> ControlServlet.java >> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/ >> src/org/ofbiz/webapp/control/ControlServlet.java?rev= >> 1648403&r1=1648402&r2=1648403&view=diff >> ============================================================ >> ================== >> --- >> ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ControlServlet.java >> (original) >> +++ >> ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ControlServlet.java >> Mon Dec 29 18:24:57 2014 >> @@ -32,7 +32,7 @@ import javax.servlet.http.HttpSession; >> >> import org.apache.bsf.BSFManager; >> import org.ofbiz.base.util.Debug; >> -import org.ofbiz.base.util.StringUtil; >> +import org.ofbiz.base.util.UtilCodec; >> import org.ofbiz.base.util.UtilGenerics; >> import org.ofbiz.base.util.UtilHttp; >> import org.ofbiz.base.util.UtilTimer; >> @@ -217,8 +217,7 @@ public class ControlServlet extends Http >> if (Debug.verboseOn()) Debug.logVerbose(throwable, >> module); >> } else { >> Debug.logError(throwable, "Error in request handler: ", >> module); >> - StringUtil.HtmlEncoder encoder = new >> StringUtil.HtmlEncoder(); >> - request.setAttribute("_ERROR_MESSAGE_", >> encoder.encode(throwable.toString())); >> + request.setAttribute("_ERROR_MESSAGE_", >> UtilCodec.getEncoder("html").encode(throwable.toString())); >> errorPage = requestHandler. >> getDefaultErrorPage(request); >> } >> } catch (RequestHandlerExceptionAllowExternalRequests e) { >> @@ -226,8 +225,7 @@ public class ControlServlet extends Http >> Debug.logInfo("Going to external page: " + >> request.getPathInfo(), module); >> } catch (Exception e) { >> Debug.logError(e, "Error in request handler: ", module); >> - StringUtil.HtmlEncoder encoder = new >> StringUtil.HtmlEncoder(); >> - request.setAttribute("_ERROR_MESSAGE_", >> encoder.encode(e.toString())); >> + request.setAttribute("_ERROR_MESSAGE_", >> UtilCodec.getEncoder("html").encode(e.toString())); >> errorPage = requestHandler.getDefaultErrorPage(request); >> } >> >> >> Modified: ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ >> RequestHandler.java >> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/ >> src/org/ofbiz/webapp/control/RequestHandler.java?rev= >> 1648403&r1=1648402&r2=1648403&view=diff >> ============================================================ >> ================== >> --- >> ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java >> (original) >> +++ >> ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java >> Mon Dec 29 18:24:57 2014 >> @@ -40,6 +40,7 @@ import org.ofbiz.base.start.Start; >> import org.ofbiz.base.util.Debug; >> import org.ofbiz.base.util.SSLUtil; >> import org.ofbiz.base.util.StringUtil; >> +import org.ofbiz.base.util.UtilCodec; >> import org.ofbiz.base.util.UtilFormatOut; >> import org.ofbiz.base.util.UtilGenerics; >> import org.ofbiz.base.util.UtilHttp; >> @@ -1115,11 +1116,11 @@ public class RequestHandler { >> if (queryString.length() > 1) { >> queryString.append("&"); >> } >> - String encodedName = StringUtil.getEncoder("url"). >> encode(name); >> + String encodedName = UtilCodec.getEncoder("url"). >> encode(name); >> if (encodedName != null) { >> queryString.append(encodedName); >> queryString.append("="); >> - queryString.append(StringUtil.getEncoder("url").encode( >> value)); >> + queryString.append(UtilCodec.getEncoder("url").encode( >> value)); >> } >> } >> } >> >> Modified: ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/ftl/ >> OfbizContentTransform.java >> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/ >> src/org/ofbiz/webapp/ftl/OfbizContentTransform.java? >> rev=1648403&r1=1648402&r2=1648403&view=diff >> ============================================================ >> ================== >> --- >> ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/ftl/OfbizContentTransform.java >> (original) >> +++ >> ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/ftl/OfbizContentTransform.java >> Mon Dec 29 18:24:57 2014 >> @@ -25,7 +25,7 @@ import java.util.Map; >> import javax.servlet.http.HttpServletRequest; >> >> import org.ofbiz.base.util.Debug; >> -import org.ofbiz.base.util.StringUtil; >> +import org.ofbiz.base.util.UtilCodec; >> import org.ofbiz.base.util.UtilValidate; >> import org.ofbiz.webapp.taglib.ContentUrlTag; >> >> @@ -92,7 +92,7 @@ public class OfbizContentTransform imple >> return; >> } >> >> - requestUrl = StringUtil.getDecoder("url"). >> decode(requestUrl); >> + requestUrl = UtilCodec.getDecoder("url"). >> decode(requestUrl); >> >> // make the link >> StringBuilder newURL = new StringBuilder(); >> >> Modified: ofbiz/trunk/framework/webtools/src/org/ofbiz/ >> webtools/labelmanager/LabelManagerFactory.java >> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/ >> webtools/src/org/ofbiz/webtools/labelmanager/ >> LabelManagerFactory.java?rev=1648403&r1=1648402&r2=1648403&view=diff >> ============================================================ >> ================== >> --- >> ofbiz/trunk/framework/webtools/src/org/ofbiz/webtools/labelmanager/LabelManagerFactory.java >> (original) >> +++ >> ofbiz/trunk/framework/webtools/src/org/ofbiz/webtools/labelmanager/LabelManagerFactory.java >> Mon Dec 29 18:24:57 2014 >> @@ -37,7 +37,7 @@ import org.ofbiz.base.component.Componen >> import org.ofbiz.base.util.Debug; >> import org.ofbiz.base.util.FileUtil; >> import org.ofbiz.base.util.GeneralException; >> -import org.ofbiz.base.util.StringUtil; >> +import org.ofbiz.base.util.UtilCodec; >> import org.ofbiz.base.util.UtilValidate; >> import org.ofbiz.base.util.UtilXml; >> import org.w3c.dom.Comment; >> @@ -123,7 +123,7 @@ public class LabelManagerFactory { >> for (Node propertyNode : >> UtilXml.childNodeList(resourceElem.getFirstChild())) >> { >> if (propertyNode instanceof Element) { >> Element propertyElem = (Element) propertyNode; >> - String labelKey = StringUtil.canonicalize( >> propertyElem.getAttribute("key")); >> + String labelKey = UtilCodec.canonicalize( >> propertyElem.getAttribute("key")); >> String labelComment = ""; >> for (Node valueNode : >> UtilXml.childNodeList(propertyElem.getFirstChild())) >> { >> if (valueNode instanceof Element) { >> @@ -134,7 +134,7 @@ public class LabelManagerFactory { >> if( localeName.contains("_")) { >> localeName = localeName.replace('_', >> '-'); >> } >> - String labelValue = StringUtil.canonicalize( >> UtilXml.nodeValue(valueElem.getFirstChild())); >> + String labelValue = UtilCodec.canonicalize( >> UtilXml.nodeValue(valueElem.getFirstChild())); >> LabelInfo label = labels.get(labelKey + >> keySeparator + fileInfo.getFileName()); >> >> if (UtilValidate.isEmpty(label)) { >> @@ -148,12 +148,12 @@ public class LabelManagerFactory { >> localesFound.add(localeName); >> labelComment = ""; >> } else if (valueNode instanceof Comment) { >> - labelComment = labelComment + >> StringUtil.canonicalize(valueNode.getNodeValue()); >> + labelComment = labelComment + >> UtilCodec.canonicalize(valueNode.getNodeValue()); >> } >> } >> labelKeyComment = ""; >> } else if (propertyNode instanceof Comment) { >> - labelKeyComment = labelKeyComment + >> StringUtil.canonicalize(propertyNode.getNodeValue()); >> + labelKeyComment = labelKeyComment + >> UtilCodec.canonicalize(propertyNode.getNodeValue()); >> } >> } >> } >> >> Modified: ofbiz/trunk/framework/widget/src/org/ofbiz/widget/ >> WidgetWorker.java >> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/widget/ >> src/org/ofbiz/widget/WidgetWorker.java?rev=1648403& >> r1=1648402&r2=1648403&view=diff >> ============================================================ >> ================== >> --- ofbiz/trunk/framework/widget/src/org/ofbiz/widget/WidgetWorker.java >> (original) >> +++ ofbiz/trunk/framework/widget/src/org/ofbiz/widget/WidgetWorker.java >> Mon Dec 29 18:24:57 2014 >> @@ -36,7 +36,7 @@ import javax.servlet.http.HttpServletReq >> import javax.servlet.http.HttpServletResponse; >> >> import org.ofbiz.base.util.Debug; >> -import org.ofbiz.base.util.StringUtil; >> +import org.ofbiz.base.util.UtilCodec; >> import org.ofbiz.base.util.UtilDateTime; >> import org.ofbiz.base.util.UtilGenerics; >> import org.ofbiz.base.util.UtilHttp; >> @@ -71,7 +71,7 @@ public class WidgetWorker { >> // We may get an encoded request like: >> /projectmgr/control/EditTaskContents? >> workEffortId=10003 >> // Try to reducing a possibly encoded string down to its >> simplest form: /projectmgr/control/EditTaskContents?workEffortId=10003 >> // This step make sure the following appending externalLoginKey >> operation to work correctly >> - localRequestName = StringUtil.canonicalize(localRequestName); >> + localRequestName = UtilCodec.canonicalize(localRequestName); >> Appendable localWriter = new StringWriter(); >> >> if ("intra-app".equals(targetType)) { >> @@ -143,7 +143,7 @@ public class WidgetWorker { >> } >> externalWriter.append(parameter.getKey()); >> externalWriter.append('='); >> - StringUtil.SimpleEncoder simpleEncoder = >> (StringUtil.SimpleEncoder) context.get("simpleEncoder"); >> + UtilCodec.SimpleEncoder simpleEncoder = >> (UtilCodec.SimpleEncoder) context.get("simpleEncoder"); >> if (simpleEncoder != null && parameterValue != null) { >> externalWriter.append(simpleEncoder.encode( >> URLEncoder.encode(parameterValue, Charset.forName("UTF-8"). >> displayName()))); >> } else { >> @@ -300,7 +300,7 @@ public class WidgetWorker { >> writer.append("<input name=\""); >> writer.append(parameter.getKey()); >> writer.append("\" value=\""); >> - writer.append(StringUtil.getEncoder("html").encode( >> parameter.getValue())); >> + writer.append(UtilCodec.getEncoder("html").encode( >> parameter.getValue())); >> writer.append("\" type=\"hidden\"/>"); >> } >> } >> >> Modified: ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/ >> MacroFormRenderer.java >> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/widget/ >> src/org/ofbiz/widget/form/MacroFormRenderer.java?rev= >> 1648403&r1=1648402&r2=1648403&view=diff >> ============================================================ >> ================== >> --- >> ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/MacroFormRenderer.java >> (original) >> +++ >> ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/MacroFormRenderer.java >> Mon Dec 29 18:24:57 2014 >> @@ -40,6 +40,7 @@ import javax.servlet.http.HttpServletRes >> >> import org.ofbiz.base.util.Debug; >> import org.ofbiz.base.util.StringUtil; >> +import org.ofbiz.base.util.UtilCodec; >> import org.ofbiz.base.util.UtilFormatOut; >> import org.ofbiz.base.util.UtilGenerics; >> import org.ofbiz.base.util.UtilHttp; >> @@ -75,7 +76,6 @@ import org.ofbiz.widget.form.ModelFormFi >> import org.ofbiz.widget.form.ModelFormField.TextField; >> import org.ofbiz.widget.form.ModelFormField.TextFindField; >> import org.ofbiz.widget.form.ModelFormField.TextareaField; >> -import org.ofbiz.widget.form.ModelFormFieldBuilder; >> import org.ofbiz.widget.screen.ModelScreenWidget; >> >> import com.ibm.icu.util.Calendar; >> @@ -93,7 +93,7 @@ public final class MacroFormRenderer imp >> public static final String module = MacroFormRenderer.class. >> getName(); >> private final Template macroLibrary; >> private final WeakHashMap<Appendable, Environment> environments = >> new WeakHashMap<Appendable, Environment>(); >> - private final StringUtil.SimpleEncoder internalEncoder; >> + private final UtilCodec.SimpleEncoder internalEncoder; >> private final RequestHandler rh; >> private final HttpServletRequest request; >> private final HttpServletResponse response; >> @@ -108,7 +108,7 @@ public final class MacroFormRenderer imp >> ServletContext ctx = (ServletContext) request.getAttribute(" >> servletContext"); >> this.rh = (RequestHandler) ctx.getAttribute("_REQUEST_ >> HANDLER_"); >> this.javaScriptEnabled = UtilHttp.isJavaScriptEnabled(request); >> - internalEncoder = StringUtil.getEncoder("string"); >> + internalEncoder = UtilCodec.getEncoder("string"); >> } >> >> @Deprecated >> @@ -158,7 +158,7 @@ public final class MacroFormRenderer imp >> if (UtilValidate.isEmpty(value)) { >> return value; >> } >> - StringUtil.SimpleEncoder encoder = (StringUtil.SimpleEncoder) >> context.get("simpleEncoder"); >> + UtilCodec.SimpleEncoder encoder = (UtilCodec.SimpleEncoder) >> context.get("simpleEncoder"); >> if (modelFormField.getEncodeOutput() && encoder != null) { >> value = encoder.encode(value); >> } else { >> @@ -3088,7 +3088,7 @@ public final class MacroFormRenderer imp >> parameters.append(parameter.getName()); >> parameters.append("'"); >> parameters.append(",'value':'"); >> - parameters.append(StringUtil.getEncoder("html").encode( >> parameter.getValue(context))); >> + parameters.append(UtilCodec.getEncoder("html").encode( >> parameter.getValue(context))); >> parameters.append("'}"); >> } >> parameters.append("]"); >> >> Modified: ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/ >> ModelForm.java >> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/widget/ >> src/org/ofbiz/widget/form/ModelForm.java?rev=1648403&r1= >> 1648402&r2=1648403&view=diff >> ============================================================ >> ================== >> --- ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/ModelForm.java >> (original) >> +++ ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/ModelForm.java >> Mon Dec 29 18:24:57 2014 >> @@ -34,6 +34,7 @@ import java.util.concurrent.atomic.Atomi >> import org.ofbiz.base.util.BshUtil; >> import org.ofbiz.base.util.Debug; >> import org.ofbiz.base.util.StringUtil; >> +import org.ofbiz.base.util.UtilCodec; >> import org.ofbiz.base.util.UtilGenerics; >> import org.ofbiz.base.util.UtilProperties; >> import org.ofbiz.base.util.UtilValidate; >> @@ -1515,9 +1516,9 @@ public class ModelForm extends ModelWidg >> */ >> public String getTarget(Map<String, Object> context, String >> targetType) { >> Map<String, Object> expanderContext = context; >> - StringUtil.SimpleEncoder simpleEncoder = >> (StringUtil.SimpleEncoder) context.get("simpleEncoder"); >> + UtilCodec.SimpleEncoder simpleEncoder = >> (UtilCodec.SimpleEncoder) context.get("simpleEncoder"); >> if (simpleEncoder != null) { >> - expanderContext = StringUtil.HtmlEncodingMapWrapper. >> getHtmlEncodingMapWrapper(context, simpleEncoder); >> + expanderContext = UtilCodec.HtmlEncodingMapWrapper. >> getHtmlEncodingMapWrapper(context, simpleEncoder); >> } >> try { >> // use the same Interpreter (ie with the same context >> setup) for all evals >> >> Modified: ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/ >> ModelFormField.java >> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/widget/ >> src/org/ofbiz/widget/form/ModelFormField.java?rev= >> 1648403&r1=1648402&r2=1648403&view=diff >> ============================================================ >> ================== >> --- >> ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/ModelFormField.java >> (original) >> +++ >> ofbiz/trunk/framework/widget/src/org/ofbiz/widget/form/ModelFormField.java >> Mon Dec 29 18:24:57 2014 >> @@ -42,6 +42,7 @@ import org.ofbiz.base.util.Debug; >> import org.ofbiz.base.util.GeneralException; >> import org.ofbiz.base.util.ObjectType; >> import org.ofbiz.base.util.StringUtil; >> +import org.ofbiz.base.util.UtilCodec; >> import org.ofbiz.base.util.UtilDateTime; >> import org.ofbiz.base.util.UtilFormatOut; >> import org.ofbiz.base.util.UtilGenerics; >> @@ -343,7 +344,7 @@ public class ModelFormField { >> } >> >> if (this.getEncodeOutput() && returnValue != null) { >> - StringUtil.SimpleEncoder simpleEncoder = >> (StringUtil.SimpleEncoder) context.get("simpleEncoder"); >> + UtilCodec.SimpleEncoder simpleEncoder = >> (UtilCodec.SimpleEncoder) context.get("simpleEncoder"); >> if (simpleEncoder != null) >> returnValue = simpleEncoder.encode(returnValue); >> } >> @@ -602,7 +603,7 @@ public class ModelFormField { >> if (UtilValidate.isNotEmpty(tooltip)) >> tooltipString = tooltip.expandString(context); >> if (this.getEncodeOutput()) { >> - StringUtil.SimpleEncoder simpleEncoder = >> (StringUtil.SimpleEncoder) context.get("simpleEncoder"); >> + UtilCodec.SimpleEncoder simpleEncoder = >> (UtilCodec.SimpleEncoder) context.get(" > > ...
