mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-07-31 17:39:05 +00:00
RM-825 (Records Search by XSS query works wrong)
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@54092 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Tuna Aksoy
@@ -1,44 +1,48 @@
|
||||
<#escape x as jsonUtils.encodeJSONString(x)>
|
||||
{
|
||||
"items":
|
||||
[
|
||||
<#list items as item>
|
||||
{
|
||||
"nodeRef": "${item.nodeRef}",
|
||||
"type": "${item.type}",
|
||||
"name": "${item.name}",
|
||||
"title": "${item.title!''}",
|
||||
"description": "${item.description!''}",
|
||||
"modifiedOn": "${xmldate(item.modifiedOn)}",
|
||||
"modifiedByUser": "${item.modifiedByUser}",
|
||||
"modifiedBy": "${item.modifiedBy}",
|
||||
"createdOn": "${xmldate(item.createdOn)}",
|
||||
"createdByUser": "${item.createdByUser}",
|
||||
"createdBy": "${item.createdBy}",
|
||||
"author": "${item.author!''}",
|
||||
"size": ${item.size?c},
|
||||
<#if item.browseUrl??>"browseUrl": "${item.browseUrl}",</#if>
|
||||
"parentFolder": "${item.parentFolder!""}",
|
||||
"properties":
|
||||
{
|
||||
<#assign first=true>
|
||||
<#list item.properties?keys as k>
|
||||
<#if item.properties[k]??>
|
||||
<#if !first>,<#else><#assign first=false></#if>"${k}":
|
||||
<#assign prop = item.properties[k]>
|
||||
<#if prop?is_date>"${xmldate(prop)}"
|
||||
<#elseif prop?is_boolean>${prop?string("true", "false")}
|
||||
<#elseif prop?is_enumerable>[<#list prop as p>"${p}"<#if p_has_next>, </#if></#list>]
|
||||
<#elseif prop?is_number>${prop?c}
|
||||
<#elseif prop?is_string>"${prop}"
|
||||
<#elseif prop?is_hash_ex>[<#list prop?values as p>"${p}"<#if p_has_next>, </#if></#list>]
|
||||
<#else>"${prop}"
|
||||
</#if>
|
||||
</#if>
|
||||
</#list>
|
||||
}
|
||||
}<#if item_has_next>,</#if>
|
||||
</#list>
|
||||
]
|
||||
<#if !errorMessage??>
|
||||
"items":
|
||||
[
|
||||
<#list items as item>
|
||||
{
|
||||
"nodeRef": "${item.nodeRef}",
|
||||
"type": "${item.type}",
|
||||
"name": "${item.name}",
|
||||
"title": "${item.title!''}",
|
||||
"description": "${item.description!''}",
|
||||
"modifiedOn": "${xmldate(item.modifiedOn)}",
|
||||
"modifiedByUser": "${item.modifiedByUser}",
|
||||
"modifiedBy": "${item.modifiedBy}",
|
||||
"createdOn": "${xmldate(item.createdOn)}",
|
||||
"createdByUser": "${item.createdByUser}",
|
||||
"createdBy": "${item.createdBy}",
|
||||
"author": "${item.author!''}",
|
||||
"size": ${item.size?c},
|
||||
<#if item.browseUrl??>"browseUrl": "${item.browseUrl}",</#if>
|
||||
"parentFolder": "${item.parentFolder!""}",
|
||||
"properties":
|
||||
{
|
||||
<#assign first=true>
|
||||
<#list item.properties?keys as k>
|
||||
<#if item.properties[k]??>
|
||||
<#if !first>,<#else><#assign first=false></#if>"${k}":
|
||||
<#assign prop = item.properties[k]>
|
||||
<#if prop?is_date>"${xmldate(prop)}"
|
||||
<#elseif prop?is_boolean>${prop?string("true", "false")}
|
||||
<#elseif prop?is_enumerable>[<#list prop as p>"${p}"<#if p_has_next>, </#if></#list>]
|
||||
<#elseif prop?is_number>${prop?c}
|
||||
<#elseif prop?is_string>"${prop}"
|
||||
<#elseif prop?is_hash_ex>[<#list prop?values as p>"${p}"<#if p_has_next>, </#if></#list>]
|
||||
<#else>"${prop}"
|
||||
</#if>
|
||||
</#if>
|
||||
</#list>
|
||||
}
|
||||
}<#if item_has_next>,</#if>
|
||||
</#list>
|
||||
]
|
||||
<#else>
|
||||
"errorMessage": "${errorMessage}"
|
||||
</#if>
|
||||
}
|
||||
</#escape>
|
||||
@@ -162,62 +162,69 @@ public class RMSearchGet extends DeclarativeWebScript
|
||||
@Override
|
||||
protected Map<String, Object> executeImpl(WebScriptRequest req, Status status, Cache cache)
|
||||
{
|
||||
// Get the site id and confirm it is valid
|
||||
Map<String, String> templateVars = req.getServiceMatch().getTemplateVars();
|
||||
String siteId = templateVars.get("site");
|
||||
if (siteId == null || siteId.length() == 0)
|
||||
{
|
||||
throw new WebScriptException(Status.STATUS_BAD_REQUEST, "Site id not provided.");
|
||||
}
|
||||
if (siteService.getSite(siteId) == null)
|
||||
{
|
||||
throw new WebScriptException(Status.STATUS_NOT_FOUND, "Site not found.");
|
||||
}
|
||||
|
||||
// Get the query parameter
|
||||
String query = req.getParameter(PARAM_QUERY);
|
||||
// TODO check that this is there
|
||||
|
||||
String sortby = req.getParameter(PARAM_SORTBY);
|
||||
// TODO this is optional
|
||||
|
||||
String filters = req.getParameter(PARAM_FILTERS);
|
||||
// TODO this is optional
|
||||
|
||||
// Convert into a rm search parameter object
|
||||
RecordsManagementSearchParameters searchParameters =
|
||||
SavedSearchDetailsCompatibility.createSearchParameters(filters, new String[]{",", "/"}, sortby, namespaceService);
|
||||
|
||||
// Set the max results
|
||||
String maxItems = req.getParameter(PARAM_MAX_ITEMS);
|
||||
if (maxItems != null && maxItems.length() != 0)
|
||||
{
|
||||
searchParameters.setMaxItems(Integer.parseInt(maxItems));
|
||||
}
|
||||
|
||||
// Execute search
|
||||
List<NodeRef> results = recordsManagementSearchService.search(siteId, query, searchParameters);
|
||||
|
||||
// Reset person data cache
|
||||
personDataCache = new HashMap<String, String>(57);
|
||||
|
||||
// Process the result items
|
||||
List<Item> items = new ArrayList<Item>(results.size());
|
||||
for (NodeRef nodeRef : results)
|
||||
{
|
||||
// FIXME: This is a workaround for DOD Recert
|
||||
// TC 3-3 Create User Groups
|
||||
try
|
||||
{
|
||||
Item item = new Item(nodeRef);
|
||||
items.add(item);
|
||||
}
|
||||
catch(Exception e) {}
|
||||
}
|
||||
|
||||
// Return model
|
||||
Map<String, Object> model = new HashMap<String, Object>(1);
|
||||
model.put("items", items);
|
||||
try
|
||||
{
|
||||
// Get the site id and confirm it is valid
|
||||
Map<String, String> templateVars = req.getServiceMatch().getTemplateVars();
|
||||
String siteId = templateVars.get("site");
|
||||
if (siteId == null || siteId.length() == 0)
|
||||
{
|
||||
throw new WebScriptException(Status.STATUS_BAD_REQUEST, "Site id not provided.");
|
||||
}
|
||||
if (siteService.getSite(siteId) == null)
|
||||
{
|
||||
throw new WebScriptException(Status.STATUS_NOT_FOUND, "Site not found.");
|
||||
}
|
||||
|
||||
// Get the query parameter
|
||||
String query = req.getParameter(PARAM_QUERY);
|
||||
// TODO check that this is there
|
||||
|
||||
String sortby = req.getParameter(PARAM_SORTBY);
|
||||
// TODO this is optional
|
||||
|
||||
String filters = req.getParameter(PARAM_FILTERS);
|
||||
// TODO this is optional
|
||||
|
||||
// Convert into a rm search parameter object
|
||||
RecordsManagementSearchParameters searchParameters =
|
||||
SavedSearchDetailsCompatibility.createSearchParameters(filters, new String[]{",", "/"}, sortby, namespaceService);
|
||||
|
||||
// Set the max results
|
||||
String maxItems = req.getParameter(PARAM_MAX_ITEMS);
|
||||
if (maxItems != null && maxItems.length() != 0)
|
||||
{
|
||||
searchParameters.setMaxItems(Integer.parseInt(maxItems));
|
||||
}
|
||||
|
||||
// Execute search
|
||||
List<NodeRef> results = recordsManagementSearchService.search(siteId, query, searchParameters);
|
||||
|
||||
// Reset person data cache
|
||||
personDataCache = new HashMap<String, String>(57);
|
||||
|
||||
// Process the result items
|
||||
List<Item> items = new ArrayList<Item>(results.size());
|
||||
for (NodeRef nodeRef : results)
|
||||
{
|
||||
// FIXME: This is a workaround for DOD Recert
|
||||
// TC 3-3 Create User Groups
|
||||
try
|
||||
{
|
||||
Item item = new Item(nodeRef);
|
||||
items.add(item);
|
||||
}
|
||||
catch(Exception e) {}
|
||||
}
|
||||
|
||||
// Return model
|
||||
model.put("items", items);
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
model.put("errorMessage", ex.toString());
|
||||
}
|
||||
return model;
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user