This is an automated email from the ASF dual-hosted git repository. juanpablo pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/jspwiki.git
commit cdfb63d26e595fbddab92971bdafce23cd78c665 Author: Juan Pablo Santos RodrÃguez <juanpablo.san...@gmail.com> AuthorDate: Tue Jul 12 22:56:16 2022 +0200 new wiki:CsrfProtection custom tag --- .../org/apache/wiki/tags/CsrfProtectionTag.java | 53 ++++++++++++++++++++++ .../src/main/resources/META-INF/jspwiki.tld | 9 ++++ 2 files changed, 62 insertions(+) diff --git a/jspwiki-main/src/main/java/org/apache/wiki/tags/CsrfProtectionTag.java b/jspwiki-main/src/main/java/org/apache/wiki/tags/CsrfProtectionTag.java new file mode 100644 index 000000000..43a613aad --- /dev/null +++ b/jspwiki-main/src/main/java/org/apache/wiki/tags/CsrfProtectionTag.java @@ -0,0 +1,53 @@ +/* + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + */ +package org.apache.wiki.tags; + +import org.apache.wiki.api.core.Session; +import org.apache.wiki.http.filter.CsrfProtectionFilter; + +/** + * Outputs the hidden {@link CsrfProtectionFilter#ANTICSRF_PARAM}. + */ +public class CsrfProtectionTag extends WikiTagBase { + + private boolean meta; + + public void setFormat( final String format ) { + meta = "meta".equalsIgnoreCase( format ); + } + + /** + * {@inheritDoc} + */ + @Override + public int doWikiStartTag() throws Exception { + final Session session = m_wikiContext.getWikiSession(); + final String csrfProtectionHidden; + if( meta ) { + csrfProtectionHidden = "<meta name=\"wikiCsrfProtection\" content='" + session.antiCsrfToken() + "'/>"; + } else { + csrfProtectionHidden = "<input type=\"hidden\" name=\"" + CsrfProtectionFilter.ANTICSRF_PARAM + "\" " + + "id=\"" + CsrfProtectionFilter.ANTICSRF_PARAM + "\" " + + "value=\"" + session.antiCsrfToken() + "\"/>"; + } + pageContext.getOut().print( csrfProtectionHidden ); + return SKIP_BODY; + } + +} diff --git a/jspwiki-main/src/main/resources/META-INF/jspwiki.tld b/jspwiki-main/src/main/resources/META-INF/jspwiki.tld index 64d72b504..90ae4dbfe 100644 --- a/jspwiki-main/src/main/resources/META-INF/jspwiki.tld +++ b/jspwiki-main/src/main/resources/META-INF/jspwiki.tld @@ -196,6 +196,15 @@ <body-content>empty</body-content> </tag> + <tag> + <name>CsrfProtection</name> + <tag-class>org.apache.wiki.tags.CsrfProtectionTag</tag-class> + <body-content>empty</body-content> + <attribute> + <name>format</name> + </attribute> + </tag> + <tag> <name>DiffLink</name> <tag-class>org.apache.wiki.tags.DiffLinkTag</tag-class>