inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-31 17:39:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

RM-825 (Records Search by XSS query works wrong)

Browse Source 
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@54092 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Tuna Aksoy
2013-08-14 19:36:33 +00:00
parent b446ae8e07
commit 0ced9a82ba
2 changed files with 106 additions and 95 deletions
Download Patch File Download Diff File Expand all files Collapse all files

84
rm-server/config/alfresco/templates/webscripts/org/alfresco/slingshot/rmsearch/rmsearch.get.json.ftl
View File

@@ -1,44 +1,48 @@
<#escape x as jsonUtils.encodeJSONString(x)> <#escape x as jsonUtils.encodeJSONString(x)>
{ {
"items": <#if !errorMessage??>
[ "items":
<#list items as item> [
{ <#list items as item>
"nodeRef": "${item.nodeRef}", {
"type": "${item.type}", "nodeRef": "${item.nodeRef}",
"name": "${item.name}", "type": "${item.type}",
"title": "${item.title!''}", "name": "${item.name}",
"description": "${item.description!''}", "title": "${item.title!''}",
"modifiedOn": "${xmldate(item.modifiedOn)}", "description": "${item.description!''}",
"modifiedByUser": "${item.modifiedByUser}", "modifiedOn": "${xmldate(item.modifiedOn)}",
"modifiedBy": "${item.modifiedBy}", "modifiedByUser": "${item.modifiedByUser}",
"createdOn": "${xmldate(item.createdOn)}", "modifiedBy": "${item.modifiedBy}",
"createdByUser": "${item.createdByUser}", "createdOn": "${xmldate(item.createdOn)}",
"createdBy": "${item.createdBy}", "createdByUser": "${item.createdByUser}",
"author": "${item.author!''}", "createdBy": "${item.createdBy}",
"size": ${item.size?c}, "author": "${item.author!''}",
<#if item.browseUrl??>"browseUrl": "${item.browseUrl}",</#if> "size": ${item.size?c},
"parentFolder": "${item.parentFolder!""}", <#if item.browseUrl??>"browseUrl": "${item.browseUrl}",</#if>
"properties": "parentFolder": "${item.parentFolder!""}",
{ "properties":
<#assign first=true> {
<#list item.properties?keys as k> <#assign first=true>
<#if item.properties[k]??> <#list item.properties?keys as k>
<#if !first>,<#else><#assign first=false></#if>"${k}": <#if item.properties[k]??>
<#assign prop = item.properties[k]> <#if !first>,<#else><#assign first=false></#if>"${k}":
<#if prop?is_date>"${xmldate(prop)}" <#assign prop = item.properties[k]>
<#elseif prop?is_boolean>${prop?string("true", "false")} <#if prop?is_date>"${xmldate(prop)}"
<#elseif prop?is_enumerable>[<#list prop as p>"${p}"<#if p_has_next>, </#if></#list>] <#elseif prop?is_boolean>${prop?string("true", "false")}
<#elseif prop?is_number>${prop?c} <#elseif prop?is_enumerable>[<#list prop as p>"${p}"<#if p_has_next>, </#if></#list>]
<#elseif prop?is_string>"${prop}" <#elseif prop?is_number>${prop?c}
<#elseif prop?is_hash_ex>[<#list prop?values as p>"${p}"<#if p_has_next>, </#if></#list>] <#elseif prop?is_string>"${prop}"
<#else>"${prop}" <#elseif prop?is_hash_ex>[<#list prop?values as p>"${p}"<#if p_has_next>, </#if></#list>]
</#if> <#else>"${prop}"
</#if> </#if>
</#list> </#if>
} </#list>
}<#if item_has_next>,</#if> }
</#list> }<#if item_has_next>,</#if>
] </#list>
]
<#else>
"errorMessage": "${errorMessage}"
</#if>
} }
</#escape> </#escape>

117
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/script/slingshot/RMSearchGet.java
View File

@@ -162,62 +162,69 @@ public class RMSearchGet extends DeclarativeWebScript
@Override @Override
protected Map<String, Object> executeImpl(WebScriptRequest req, Status status, Cache cache) protected Map<String, Object> executeImpl(WebScriptRequest req, Status status, Cache cache)
{ {
// Get the site id and confirm it is valid
Map<String, String> templateVars = req.getServiceMatch().getTemplateVars();
String siteId = templateVars.get("site");
if (siteId == null || siteId.length() == 0)
{
throw new WebScriptException(Status.STATUS_BAD_REQUEST, "Site id not provided.");
}
if (siteService.getSite(siteId) == null)
{
throw new WebScriptException(Status.STATUS_NOT_FOUND, "Site not found.");
}
// Get the query parameter
String query = req.getParameter(PARAM_QUERY);
// TODO check that this is there
String sortby = req.getParameter(PARAM_SORTBY);
// TODO this is optional
String filters = req.getParameter(PARAM_FILTERS);
// TODO this is optional
// Convert into a rm search parameter object
RecordsManagementSearchParameters searchParameters =
SavedSearchDetailsCompatibility.createSearchParameters(filters, new String[]{",", "/"}, sortby, namespaceService);
// Set the max results
String maxItems = req.getParameter(PARAM_MAX_ITEMS);
if (maxItems != null && maxItems.length() != 0)
{
searchParameters.setMaxItems(Integer.parseInt(maxItems));
}
// Execute search
List<NodeRef> results = recordsManagementSearchService.search(siteId, query, searchParameters);
// Reset person data cache
personDataCache = new HashMap<String, String>(57);
// Process the result items
List<Item> items = new ArrayList<Item>(results.size());
for (NodeRef nodeRef : results)
{
// FIXME: This is a workaround for DOD Recert
// TC 3-3 Create User Groups
try
{
Item item = new Item(nodeRef);
items.add(item);
}
catch(Exception e) {}
}
// Return model
Map<String, Object> model = new HashMap<String, Object>(1); Map<String, Object> model = new HashMap<String, Object>(1);
model.put("items", items); try
{
// Get the site id and confirm it is valid
Map<String, String> templateVars = req.getServiceMatch().getTemplateVars();
String siteId = templateVars.get("site");
if (siteId == null || siteId.length() == 0)
{
throw new WebScriptException(Status.STATUS_BAD_REQUEST, "Site id not provided.");
}
if (siteService.getSite(siteId) == null)
{
throw new WebScriptException(Status.STATUS_NOT_FOUND, "Site not found.");
}
// Get the query parameter
String query = req.getParameter(PARAM_QUERY);
// TODO check that this is there
String sortby = req.getParameter(PARAM_SORTBY);
// TODO this is optional
String filters = req.getParameter(PARAM_FILTERS);
// TODO this is optional
// Convert into a rm search parameter object
RecordsManagementSearchParameters searchParameters =
SavedSearchDetailsCompatibility.createSearchParameters(filters, new String[]{",", "/"}, sortby, namespaceService);
// Set the max results
String maxItems = req.getParameter(PARAM_MAX_ITEMS);
if (maxItems != null && maxItems.length() != 0)
{
searchParameters.setMaxItems(Integer.parseInt(maxItems));
}
// Execute search
List<NodeRef> results = recordsManagementSearchService.search(siteId, query, searchParameters);
// Reset person data cache
personDataCache = new HashMap<String, String>(57);
// Process the result items
List<Item> items = new ArrayList<Item>(results.size());
for (NodeRef nodeRef : results)
{
// FIXME: This is a workaround for DOD Recert
// TC 3-3 Create User Groups
try
{
Item item = new Item(nodeRef);
items.add(item);
}
catch(Exception e) {}
}
// Return model
model.put("items", items);
}
catch (Exception ex)
{
model.put("errorMessage", ex.toString());
}
return model; return model;
} }