> on 12/11/2000 10:34 PM, "Leon Messerschmidt" <[EMAIL PROTECTED]> wrote:
>
> > I added an xslt Service to the cvs.
>
> It needs more documentation and javadocs. I would appreciate it
> if you would get that done as soon as possible.
>
I looked through the code to get it running and took the liberty
to add some javadocs. A patch follows, but if it gets broken in the mailer,
I can send it as an attachment to jon or another committer.
> I also want to see us start using code that is secure with regards to
> reading file paths. I recently added a method I borrowed from
> Tomcat to the StringUtils.java class in Velocity
> (it is called normalizePath()). I would like to see your code use
> that method as well. It prevents people from trying to do
> a "/../../../" type of path to get out of the document root.
>
> thanks,
>
> -jon
>
I am not familiar with this but then again, I don't fully understand
the wider question of the directory relativity used in
TurbineResources.properties.
logfile=../logs/turbine.log
gets evaluated relative to the java startup directory
services.TurbineVelocityService.templates=/templates
gets evaluated relative to the webapp root
1) Is this a general rule, that paths beginning with a slash
are to be evaluated relative to the webroot, and that
paths without a beginning slash should be evaluated relative
to the java startup dir?
2) Jon, is this what you use normalizePath() for?
3) Is failure to conform with this rule to be considered a bug,
or are services and other functionality allowed to choose
how they wish to understand paths?
------------------------------
cvs server: Diffing src/java/org/apache/turbine/services/xslt
Index: src/java/org/apache/turbine/services/xslt/TurbineXSLT.java
===================================================================
RCS file:
/products/cvs/turbine/turbine/src/java/org/apache/turbine/services/xslt/Turb
ineXSLT.java,v
retrieving revision 1.1
diff -u -r1.1 TurbineXSLT.java
--- src/java/org/apache/turbine/services/xslt/TurbineXSLT.java 2000/12/12
06:17:14 1.1
+++ src/java/org/apache/turbine/services/xslt/TurbineXSLT.java 2000/12/12
11:01:19
@@ -74,32 +74,50 @@
/**
+ * This class is a static accessor for the XSLTService.
*
- *
* @author <a href="mailto:[EMAIL PROTECTED]">Leon Messerschmidt</a>
+ * @see org.apache.turbine.services.xslt.XSLTService
*/
public class TurbineXSLT
{
+ /**
+ * This method uses a given stylesheet to process an xml
+ * reader, writing it's result to a writer.
+ *
+ * @param xslName The name of the stylesheet to use.
+ * @param in The xml reader.
+ * @param out The processed xml is written to this parameter.
+ * @exception Thrown if anything goes wrong.
+ */
public static void transform (String xslName, Reader in, Writer out)
throws Exception
{
XSLTService xslt =
(XSLTService)TurbineServices
.getInstance()
.getService(XSLTService.SERVICE_NAME);
-
- xslt.transform (xslName,in,out);
+
+ xslt.transform (xslName,in,out);
}
-
+
+ /**
+ * This method uses a given stylesheet to process an xml
+ * reader and returns the result in a String.
+ *
+ * @param xslName The name of the stylesheet to use.
+ * @param in The xml reader.
+ * @return The processed xml.
+ * @exception Thrown if anything goes wrong.
+ */
public static String transform (String xslName, Reader in) throws
Exception
{
XSLTService xslt =
(XSLTService)TurbineServices
.getInstance()
.getService(XSLTService.SERVICE_NAME);
-
+
return xslt.transform (xslName,in);
}
-
-
+
}
Index: src/java/org/apache/turbine/services/xslt/TurbineXSLTService.java
===================================================================
RCS file:
/products/cvs/turbine/turbine/src/java/org/apache/turbine/services/xslt/Turb
ineXSLTService.java,v
retrieving revision 1.1
diff -u -r1.1 TurbineXSLTService.java
--- src/java/org/apache/turbine/services/xslt/TurbineXSLTService.java
2000/12/12 06:17:13 1.1
+++ src/java/org/apache/turbine/services/xslt/TurbineXSLTService.java
2000/12/12 11:01:20
@@ -74,8 +74,9 @@
/**
+ * This class is an implementation of the XSLTService interface.
*
- *
+ * @see org.apache.turbine.services.xslt.XSLTService.java
* @author <a href="mailto:[EMAIL PROTECTED]">Leon Messerschmidt</a>
*/
public class TurbineXSLTService
@@ -83,10 +84,28 @@
implements XSLTService
{
+ /**
+ * If caching is configured, this Hashtable is used to store
+ * cached stylesheets
+ */
private Hashtable cache = new Hashtable();
+
+ /**
+ * Is caching configured?
+ */
private boolean caching = false;
- private String path;
-
+
+ /**
+ * The pathname of the directory containing our stylesheets.
+ */
+ private String path;
+
+
+ /**
+ * This method initializes the service. It's main duties
+ * are getting the settings of the service and configuring
+ * caching.
+ */
public void init()
{
if (getInit()) return;
@@ -96,27 +115,31 @@
path = TurbineResources.getString (TurbineServices.SERVICE_PREFIX+
XSLTService.SERVICE_NAME+
".path");
-
+
if (!path.endsWith("/") && !path.endsWith ("\\"))
{
path=path+File.separator;
}
-
+
caching = TurbineResources.getBoolean
(TurbineServices.SERVICE_PREFIX+
XSLTService.SERVICE_NAME+
".cache");
-
+
setInit(true);
org.apache.turbine.util.Log.note ( "XSLT init()....finished!");
}
-
+
/**
- * Get a valid and existing filename from a template name.
- * The extension is removed and replaced with .xsl. If this
- * file does not exist the method attempts to find default.xsl.
- * If it fails to find default.xsl it returns null.
+ * This method constructs a valid and existing filename from a
+ * template name. The extension, if any, is removed and replaced
+ * with .xsl. If this file does not exist the method attempts to
+ * find default.xsl. If it fails to find default.xsl it returns null.
+ *
+ * @param templateName The name of the stylesheet we want to use.
+ * @return The fully qualified file name of the stylesheet, or null
+ * if no applicable stylesheet was found.
*/
protected String getFileName (String templateName)
{
@@ -126,11 +149,12 @@
{
templateName = templateName.substring (0,colon);
}
-
+
// Now we try to find the file ...
File f = new File (path+templateName+".xsl");
if (f.exists())
{
+ System.out.println("Found specified stylesheet");
return path+templateName+".xsl";
}
else
@@ -139,22 +163,24 @@
f = new File (path+"default.xsl");
if (f.exists())
{
+ System.out.println("Found defoult stylesheet");
return path+"default.xsl";
}
else
{
+ System.out.println("FOUND NO STYLESHEET!");
return null;
}
}
}
-
+
/**
* Compile a new StylesheetRoot from an input file.
*/
protected StylesheetRoot compileStylesheetRoot (String source) throws
Exception
{
XSLTProcessor processor = XSLTProcessorFactory.getProcessor();
-
+
//FileReader fr = new FileReader(source);
//BufferedReader br = new BufferedReader (fr);
@@ -170,11 +196,18 @@
* If caching is switched of or if the Stylesheet is not found
* in the cache a new StyleSheetRoot is compiled from an input
* file.
+ *
* <p>
+ *
* This method is synchronized on the xsl cache so that a thread
* does not attempt to load a StyleSheetRoot from the cache while
* it is still being compiled.
- */
+ *
+ * @param The name of the stylesheet we are requesting.
+ * @return A StylesheetRoot object reprecenting the stylesheet
+ * we want to use.
+ * @exception Thrown if anything goes wrong.
+ */
protected StylesheetRoot getStylesheetRoot(String xslName) throws
Exception
{
synchronized (cache)
@@ -183,34 +216,40 @@
{
return (StylesheetRoot)cache.get(xslName);
}
-
+
String fn = getFileName (xslName);
-
+
if (fn == null) return null;
-
- StylesheetRoot sr = compileStylesheetRoot (fn);
-
+
+ StylesheetRoot sr = compileStylesheetRoot (fn);
+
if (caching)
{
cache.put (xslName,sr);
}
-
+
return sr;
}
-
+
}
-
+
/**
- * Execute an xslt
+ * This method uses a given stylesheet to process an xml
+ * reader, writing it's result to a writer.
+ *
+ * @param xslName The name of the stylesheet to use.
+ * @param in The xml reader.
+ * @param out The processed xml is written to this parameter.
+ * @exception Thrown if anything goes wrong.
*/
public void transform (String xslName, Reader in, Writer out) throws
Exception
{
XSLTProcessor processor = XSLTProcessorFactory.getProcessor();
XSLTInputSource xmlin = new XSLTInputSource(in);
XSLTResultTarget xmlout = new XSLTResultTarget(out);
-
+
StylesheetRoot sr = getStylesheetRoot(xslName);
-
+
// If there is no stylesheet we just echo the xml
if (sr == null)
{
@@ -229,15 +268,23 @@
processor.setStylesheet (sr);
processor.process(xmlin, null, xmlout);
}
-
+
}
-
+
+ /**
+ * This method uses a given stylesheet to process an xml
+ * reader and returns the result in a String.
+ *
+ * @param xslName The name of the stylesheet to use.
+ * @param in The xml reader.
+ * @return The processed xml.
+ * @exception Thrown if anything goes wrong.
+ */
public String transform (String xslName, Reader in) throws Exception
{
StringWriter sw = new StringWriter();
transform (xslName,in,sw);
return sw.toString();
}
-
-
+
}
Index: src/java/org/apache/turbine/services/xslt/XSLTService.java
===================================================================
RCS file:
/products/cvs/turbine/turbine/src/java/org/apache/turbine/services/xslt/XSLT
Service.java,v
retrieving revision 1.1
diff -u -r1.1 XSLTService.java
--- src/java/org/apache/turbine/services/xslt/XSLTService.java 2000/12/12
06:17:13 1.1
+++ src/java/org/apache/turbine/services/xslt/XSLTService.java 2000/12/12
11:01:20
@@ -73,8 +73,31 @@
public interface XSLTService
extends Service
{
+ /**
+ * The name of the service.
+ */
public static final String SERVICE_NAME = "TurbineXSLTService";
+ /**
+ * This method uses a given stylesheet to process an xml
+ * reader, writing it's result to a writer.
+ *
+ * @param xslName The name of the stylesheet to use.
+ * @param in The xml input stream.
+ * @param out The processed xml is written to this parameter.
+ * @exception Thrown if anything goes wrong.
+ */
public void transform (String xslName, Reader in, Writer out) throws
Exception;
+
+ /**
+ * This method uses a given stylesheet to process an xml
+ * reader and returns the result in a String.
+ *
+ * @param xslName The name of the stylesheet to use.
+ * @param in The xml input stream.
+ * @return The processed xml.
+ * @exception Thrown if anything goes wrong.
+ */
public String transform (String xslName, Reader in) throws Exception;
+
}
------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Search: <http://www.mail-archive.com/turbine%40list.working-dogs.com/>
Problems?: [EMAIL PROTECTED]
