Re: Unable to open uploaded pdf and docx file

2024-03-13 Thread Mahabir Gupta 
Dear Lukasz,

I am able to upload and download and open .txt file but for .pdf and .docx
files, I am able to upload but when I download the pdf file, the file
cannot be opened. For the .docx file when I try to click on the file, on
the console it does show the log successfully download attachment file but
on the frontend an error "System is unable to proceed with your request."
is being displayed.

public class getDotsMissionAction {

public void downloadAttach(){
try {
String filename =
DotsFormUtil.cleanStringFile(request.getParameter("filename"));t
String realname =
DotsFormUtil.cleanStringFile(request.getParameter("name"));

HttpSession session = (HttpSession) request.getSession();
String strDotsIdToken = (String)
session.getAttribute("strDotsIdToken");

try{
if(strDotsIdToken == null ||
!strDotsIdToken.equals(filename.split("_")[0]))
logger.error("strDotsIdToken is null or
strDotsIdToken is not equal and Exception is thrown");
}catch (Exception e){
logger.info(e);
}
try {
if(filename!= null){
try {
ResourceBundle bundle =
ResourceBundle.getBundle("resources.dotsDisplay");
String
strDirectory=DotsFormUtil.cleanpString(bundle.getString("dots.attachments.path"));
File f= new
File(FilenameUtils.normalize(DotsFormUtil.cleanString(strDirectory+File.separator
+ filename)));
String pattern =
"[a-zA-Z0-9]{1,50}\\.[a-zA-Z0-9]{1,10}";
if(realname.matches(pattern)){
response.reset();
response.setCharacterEncoding("UTF-8");
response.setContentType("application/pdf");

response.setContentType("application/vnd.openxmlformats-officedocument.wordprocessingml.document");

response.setHeader("Content-Disposition","attachment; fileName="
+realname);
}
try (
OutputStream out2 = response.getOutputStream()){
Files.copy(f,out2);
out2.flush();
}
} catch (FileNotFoundException e){
e.printStackTrace();
logger.error(e.getMessage());
}
}
}catch (FileNotFoundException e){
e.printStackTrace();
logger.error(e.getMessage());
}
logger.info("successfully download attachment file");
}catch (FileNotFoundException e){
e.printStackTrace();
logger.error(e.getMessage());
}
}

public static String cleanStringFile(String- aString){
if(aString==null) return null;
String cleanString = "";
char cleanChar = '\0';
for(int i=0; i

Re: Inline handlers and content security policy in struts2 6.3

2024-03-13 Thread Dave Newton 
On Wed, Mar 13, 2024 at 10:43 AM Aleksandr Kubar 
wrote:

> I would like to ask whether there is any inbuilt solution from struts2 to
> handle inline handlers or maybe something planned to do in next releases?
>

You mean like something that gathers up all the inline handlers and shovels
them into an external block?

I don't know of anything that does this or is planned. It seems like it'd
be a risky automation to generalize.

I would say that it's something that could likely be automated *locally* in
that JSP parsing is (reasonably) straightforward and could be done with
existing text-based tools.

I'd still probably just do it by hand, but I could see the usefulness of a
first-pass being done w/ some small scripting.

d.

Inline handlers and content security policy in struts2 6.3

2024-03-13 Thread Aleksandr Kubar 
Hello,

I migrate struts2 from version 2.5 to 6.3 and now I have observed lots of
Security Content Policy warnings. I found information about new struts
"script" and "link" tags and I introduced them in my app, but I still have
many warning regarding inline handlers like: onlick, onchange etc. I did
not find whether struts2 offers any tools to overcome this by placing a new
special tag or something, the only way I found is replacing inline handlers
with event listeners moved to JS file or block.


I would like to ask whether there is any inbuilt solution from struts2 to
handle inline handlers or maybe something planned to do in next releases?


Many thanks,

Aleksandr