-Igor
On 12/3/05, Gili <
[EMAIL PROTECTED]> wrote:
There you go, this is the CVS diff I was commenting on.
bookmarkablePage is replaced with "5".
-------- Original Message --------
Subject: [Wicket-autocvs] wicket/src/java/wicket/protocol/http
WebResponseWithCryptedUrl.java,1.7,1.8
WebRequestWithCryptedUrl.java ,1.10,1.11
Date: Sun, 20 Nov 2005 14:20:33 +0000
From: Juergen Donnerstag <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Update of /cvsroot/wicket/wicket/src/java/wicket/protocol/http
In directory
sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv5227/src/java/wicket/protocol/http
Modified Files:
WebResponseWithCryptedUrl.java WebRequestWithCryptedUrl.java
Log Message:
fixed [ 1348681 ] Crypted URLs break onSelectionChanged handling
Index: WebRequestWithCryptedUrl.java
===================================================================
RCS file:
/cvsroot/wicket/wicket/src/java/wicket/protocol/http/WebRequestWithCryptedUrl.java,v
retrieving revision 1.10
retrieving revision 1.11
diff -C2 -d -r1.10 -r1.11
*** WebRequestWithCryptedUrl.java 21 Oct 2005 15:21:59 -0000 1.10
--- WebRequestWithCryptedUrl.java 20 Nov 2005 14:20:31 -0000 1.11
***************
*** 35,39 ****
/**
! * it extends WebRequest and decodes URLs encoded by
* WebResponseWithCryptedUrl. One reason for obfuscating the URL's
query string
* might be, that you don't want the details to be visible to the user to
--- 35,39 ----
/**
! * It extends WebRequest and decodes URLs encoded by
* WebResponseWithCryptedUrl. One reason for obfuscating the URL's
query string
* might be, that you don't want the details to be visible to the user to
***************
*** 46,53 ****
/** URL querystring decoded */
private final String queryString;
!
/** URL query parameters decoded */
private final ValueMap parameters;
!
/**
* Constructor.
--- 46,53 ----
/** URL querystring decoded */
private final String queryString;
!
/** URL query parameters decoded */
private final ValueMap parameters;
!
/**
* Constructor.
***************
*** 66,76 ****
// Get the crypt implementation from the application
ICrypt urlCrypt = Application.get().newCrypt();
// Decrypt the query string
final String queryString = urlCrypt.decrypt(secureParam);
!
// The querystring might have been shortened (length
reduced).
// In that case, lengthen the query string again.
this.queryString = rebuildUrl(queryString);
!
// extract parameter key/value pairs from the query string
this.parameters = analyzeQueryString(this.queryString);
--- 66,77 ----
// Get the crypt implementation from the application
ICrypt urlCrypt = Application.get().newCrypt();
+
// Decrypt the query string
final String queryString = urlCrypt.decrypt(secureParam);
!
// The querystring might have been shortened (length
reduced).
// In that case, lengthen the query string again.
this.queryString = rebuildUrl(queryString);
!
// extract parameter key/value pairs from the query string
this.parameters = analyzeQueryString(this.queryString);
***************
*** 85,101 ****
this.parameters = new ValueMap();
}
!
// If available, add POST parameters as well. They are not
encrypted.
// The parameters from HttpRequest
final Enumeration paramNames = request.getParameterNames();
// For all parameters (POST + URL query string)
while ( paramNames.hasMoreElements())
{
! String paramName = (String)paramNames.nextElement();
!
// Ignore the "x" parameter
if (!"x".equalsIgnoreCase(paramName))
{
! String[] values = request.getParameterValues(paramName);
// add key/value to our parameter map
this.parameters.put(paramName, values);
--- 86,103 ----
this.parameters = new ValueMap();
}
!
// If available, add POST parameters as well. They are not
encrypted.
// The parameters from HttpRequest
final Enumeration paramNames = request.getParameterNames();
+
// For all parameters (POST + URL query string)
while (paramNames.hasMoreElements())
{
! String paramName = (String)paramNames.nextElement();
!
// Ignore the "x" parameter
if (!"x".equalsIgnoreCase(paramName))
{
! String[] values =
request.getParameterValues(paramName);
// add key/value to our parameter map
this.parameters.put(paramName, values);
***************
*** 118,122 ****
queryString = Strings.replaceAll(queryString, "3=",
"interface=");
queryString = Strings.replaceAll(queryString, "5=",
"bookmarkablePage=");
!
return queryString;
}
--- 120,124 ----
queryString = Strings.replaceAll(queryString, "3=",
"interface=");
queryString = Strings.replaceAll(queryString, "5=",
"bookmarkablePage=");
!
return queryString;
}
***************
*** 134,138 ****
// Get a list of strings separated by the delimiter
final StringList pairs = StringList.tokenize(queryString, "&");
!
// Go through each string in the list
for (IStringIterator iterator = pairs.iterator();
iterator.hasNext();)
--- 136,140 ----
// Get a list of strings separated by the delimiter
final StringList pairs = StringList.tokenize (queryString, "&");
!
// Go through each string in the list
for (IStringIterator iterator = pairs.iterator();
iterator.hasNext();)
***************
*** 178,185 ****
}
}
!
return params;
}
!
/**
* Gets the request parameter with the given key.
--- 180,187 ----
}
}
!
return params;
}
!
/**
* Gets the request parameter with the given key.
Index: WebResponseWithCryptedUrl.java
===================================================================
RCS file:
/cvsroot/wicket/wicket/src/java/wicket/protocol/http/WebResponseWithCryptedUrl.java,v
retrieving revision 1.7
retrieving revision 1.8
diff -C2 -d -r1.7 -r1.8
*** WebResponseWithCryptedUrl.java 6 Oct 2005 21:17:33 -0000 1.7
--- WebResponseWithCryptedUrl.java 20 Nov 2005 14:20:31 -0000 1.8
***************
*** 71,78 ****
// The url's path
String urlPrefix = url.substring(0, pos);
!
// Extract the querystring
String queryString = url.substring(pos + 1);
!
// if the querystring starts with a parameter like
// "x=", than don#t change the querystring as it
--- 71,78 ----
// The url's path
String urlPrefix = url.substring(0, pos);
!
// Extract the querystring
String queryString = url.substring(pos + 1);
!
// if the querystring starts with a parameter like
// "x=", than don#t change the querystring as it
***************
*** 85,93 ****
// information.
queryString = shortenUrl(queryString);
!
// encrypt the query string
-
final String encryptedQueryString =
urlCrypt.encrypt(queryString);
!
// build the new complete url
final String encryptedUrl = urlPrefix + "?x=" +
escapeUrl(encryptedQueryString);
--- 85,92 ----
// information.
queryString = shortenUrl(queryString);
!
// encrypt the query string
final String encryptedQueryString =
urlCrypt.encrypt(queryString);
!
// build the new complete url
final String encryptedUrl = urlPrefix + "?x=" +
escapeUrl(encryptedQueryString);
***************
*** 96,104 ****
}
}
!
// we didn't change anything
return url;
}
!
/**
* Escape invalid URL characters
--- 95,103 ----
}
}
!
// we didn't change anything
return url;
}
!
/**
* Escape invalid URL characters
***************
*** 109,125 ****
private String escapeUrl(String queryString)
{
! queryString = Strings.replaceAll(queryString, " ", "%20");
! queryString = Strings.replaceAll(queryString, "\"", "%22");
! queryString = Strings.replaceAll(queryString, "%", "%26");
! queryString = Strings.replaceAll(queryString, "=", "%3D");
! queryString = Strings.replaceAll (queryString, "/", "%2F");
! queryString = Strings.replaceAll(queryString, "+", "%2B");
! queryString = Strings.replaceAll(queryString, "&", "%26");
! queryString = Strings.replaceAll(queryString, "~", "%7E");
! queryString = Strings.replaceAll(queryString, "?", "%3F");
! return queryString;
}
!
/**
* Try to shorten the querystring without loosing information
--- 108,148 ----
private String escapeUrl(String queryString)
{
! StringBuffer buf = new StringBuffer( queryString.length() * 2);
! for (int i=0; i < queryString.length(); i++)
! {
! char ch = queryString.charAt(i);
! switch (ch)
! {
! case ' ': buf.append("%20"); break;
! case '<': buf.append("%3C"); break;
! case '>': buf.append("%3E"); break;
! case '#': buf.append("%23"); break;
! case '{': buf.append("%7B"); break;
! case '}': buf.append("%7D"); break;
! case '|': buf.append("%7C"); break;
! case '^': buf.append("%5E"); break;
! case '\"': buf.append("%22"); break;
! case '%': buf.append("%26"); break;
! case '=': buf.append("%3D"); break;
! case '/': buf.append("%2F"); break;
! case '+': buf.append("%2B"); break;
! case '&': buf.append("%26"); break;
! case '~': buf.append("%7E"); break;
! case '?': buf.append("%3F"); break;
! case '\\': buf.append("%5C"); break;
! case '[': buf.append("%5B"); break;
! case ']': buf.append("%5D"); break;
! case '`': buf.append("%60"); break;
! case ';': buf.append("%3B"); break;
! case ':': buf.append("%3A"); break;
! case '@': buf.append("%40"); break;
! case '$': buf.append("%24"); break;
! default: buf.append(ch);
! }
! }
! return buf.toString();
}
!
/**
* Try to shorten the querystring without loosing information
***************
*** 135,139 ****
queryString = Strings.replaceAll(queryString, "interface=",
"3=");
queryString = Strings.replaceAll(queryString,
"bookmarkablePage=", "5=");
!
// For debugging only: determine possibilities to further shorten
// the query string
--- 158,162 ----
queryString = Strings.replaceAll(queryString, "interface=",
"3=");
queryString = Strings.replaceAll(queryString,
"bookmarkablePage=", "5=");
!
// For debugging only: determine possibilities to further shorten
// the query string
***************
*** 149,153 ****
}
}
!
return queryString;
}
--- 172,176 ----
}
}
!
return queryString;
}
-------------------------------------------------------
This SF.Net email is sponsored by the JBoss Inc. Get Certified Today
Register for a JBoss Training Course. Free Certification Exam
for All Training Attendees Through End of 2005. For more info visit:
http://ads.osdn.com/?ad_id=7628&alloc_id=16845&op=click
_______________________________________________
Wicket-autocvs mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/wicket-autocvs
Gili wrote:
>
> No problem. I was simply basing this on CVS diffs I saw on the
mailing list, so I didn't pull this out of the air. I'll check it out now.
>
> Gili
>
> Eelco Hillenius wrote:
>
>>> I haven't taken a look at the latest code yet
>>
>>
>>
>>
>> Well, please do that first before commenting :)
>>
>> Eelco
>>
>>
>> -------------------------------------------------------
>> This SF.net email is sponsored by: Splunk Inc. Do you grep through
log files
>> for problems? Stop! Download the new AJAX search engine that makes
>> searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
>> http://ads.osdn.com/?ad_idv37&alloc_id865&op=click
>> _______________________________________________
>> Wicket-user mailing list
>> Wicket-user@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/wicket-user
>>
>
--
http://www.desktopbeautifier.com/
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user