run servlet util

ajamtli Wed, 16 Jan 2008 01:34:04 -0800

Author: ajamtli
Date: 2006-03-31 12:40:20 +0200 (Fri, 31 Mar 2006)
New Revision: 2680


Added:
   trunk/src/java/no/schibstedsok/front/searchportal/util/QueryStringHelper.java
Modified:
   
trunk/src/java/no/schibstedsok/front/searchportal/query/run/QueryFactoryImpl.java
   trunk/src/java/no/schibstedsok/front/searchportal/servlet/SearchServlet.java
Log:
Added class for safe handling of query string. Checks that a parameter is 
decoded correctly. Supports ISO-8859-1 (ex: %E5) and UTF-8 (ex: %C3%A5) encoded 
URLs.

Modified: 
trunk/src/java/no/schibstedsok/front/searchportal/query/run/QueryFactoryImpl.java
===================================================================
--- 
trunk/src/java/no/schibstedsok/front/searchportal/query/run/QueryFactoryImpl.java
   2006-03-31 10:38:28 UTC (rev 2679)
+++ 
trunk/src/java/no/schibstedsok/front/searchportal/query/run/QueryFactoryImpl.java
   2006-03-31 10:40:20 UTC (rev 2680)
@@ -7,6 +7,7 @@
 import javax.servlet.http.HttpServletResponse;
 import java.util.HashMap;
 import no.schibstedsok.front.searchportal.query.*;
+import no.schibstedsok.front.searchportal.util.QueryStringHelper;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
@@ -57,7 +58,7 @@
             query = new RunningWebQuery(cxt, q, request, response);
 
         } else {
-            final String q = request.getParameter("q");
+            final String q = QueryStringHelper.safeGetParameter(request, "q");
 
             query = new RunningWebQuery(cxt, q, request, response);
 

Modified: 
trunk/src/java/no/schibstedsok/front/searchportal/servlet/SearchServlet.java
===================================================================
--- 
trunk/src/java/no/schibstedsok/front/searchportal/servlet/SearchServlet.java    
    2006-03-31 10:38:28 UTC (rev 2679)
+++ 
trunk/src/java/no/schibstedsok/front/searchportal/servlet/SearchServlet.java    
    2006-03-31 10:40:20 UTC (rev 2680)
@@ -8,6 +8,7 @@
 import no.schibstedsok.front.searchportal.configuration.SearchTabs;
 import no.schibstedsok.front.searchportal.configuration.loader.DocumentLoader;
 import no.schibstedsok.front.searchportal.site.Site;
+import no.schibstedsok.front.searchportal.util.QueryStringHelper;
 import no.schibstedsok.front.searchportal.configuration.XMLSearchTabsCreator;
 import 
no.schibstedsok.front.searchportal.configuration.loader.PropertiesLoader;
 import 
no.schibstedsok.front.searchportal.configuration.loader.UrlResourceLoader;
@@ -157,7 +158,8 @@
         }
 
         if (httpServletRequest.getParameter("q") != null) {
-            httpServletRequest.setAttribute("q", 
httpServletRequest.getParameter("q"));
+            httpServletRequest.setAttribute("q", 
+                QueryStringHelper.safeGetParameter(httpServletRequest, "q"));
         }
 
         httpServletRequest.setAttribute("c", searchModeKey);
@@ -172,10 +174,8 @@
             stopWatch.stop();
             LOG.info("doGet(): Search took " + stopWatch + " " + 
query.getQueryString());
         }
-
-
     }
-
+    
     private SearchTabs loadSearchTabs(final Site site) {
         return XMLSearchTabsCreator.valueOf(site).getSearchTabs();
     }

Added: 
trunk/src/java/no/schibstedsok/front/searchportal/util/QueryStringHelper.java
===================================================================
--- 
trunk/src/java/no/schibstedsok/front/searchportal/util/QueryStringHelper.java   
                            (rev 0)
+++ 
trunk/src/java/no/schibstedsok/front/searchportal/util/QueryStringHelper.java   
    2006-03-31 10:40:20 UTC (rev 2680)
@@ -0,0 +1,52 @@
+// Copyright (2006) Schibsted Søk AS
+package no.schibstedsok.front.searchportal.util;
+
+import java.io.UnsupportedEncodingException;
+import java.net.URLDecoder;
+import java.net.URLEncoder;
+import java.util.StringTokenizer;
+
+import javax.servlet.http.HttpServletRequest;
+
+/**
+ * Helper for parsing query string.
+ * 
+ * @author <a href="mailto:[EMAIL PROTECTED]">Anders Johan Jamtli</a>
+ */
+public class QueryStringHelper {
+    /** A safer way to get parameters for the query string. 
+     * Handles ISO-8859-1 and UTF-8 URL encodings. 
+     * 
+     * @param req The servlet request we are processing
+     * @param parameter The parameter to retrieve
+     * @return The correct decoded parameter
+     */
+    public static String safeGetParameter(HttpServletRequest req, String 
parameter){
+        StringTokenizer st = new StringTokenizer(req.getQueryString(), "&");
+        String reqValue = req.getParameter(parameter);
+        String queryStringValue = null;
+        
+        parameter += "=";
+        while(st.hasMoreTokens()) {
+            String tmp = st.nextToken();
+            if (tmp.startsWith(parameter)) {
+                queryStringValue = tmp.substring(parameter.length());
+                break;
+            }
+        }
+       
+        if (reqValue == null) {
+            return null;
+        }
+        
+        try {
+               String encodedReqValue = URLEncoder.encode(reqValue, "UTF-8");
+               if (!queryStringValue.equals(encodedReqValue)){
+                   reqValue = URLDecoder.decode(queryStringValue, 
"ISO-8859-1");
+               }
+        } catch (UnsupportedEncodingException e) {
+            /* IGNORED */
+        }
+        return reqValue;
+    }
+}

_______________________________________________
Kernel-commits mailing list
[email protected]
http://sesat.no/mailman/listinfo/kernel-commits

[Kernel-commits] r2680 - in trunk/src/java/no/schibstedsok/front/searchportal: query/run servlet util

Reply via email to