From 4a03e8cc985933ff9e09417d7ab8af58bb17351b Mon Sep 17 00:00:00 2001 From: evasques Date: Thu, 17 Jun 2021 12:00:17 +0100 Subject: [PATCH] MNT-20500 - Admin console breaks with serialised objects (#538) * MNT-20500 - Admin console breaks with serialised objects (#291) * Added macro convertToJSON to recursively parse hashes and enumerables * Added attempt/recover in macros to handle errors and not break the page * Changed the output of serialized objects to JSON format (cherry picked from commit ce62fb1da39a3a84c3e4b2d5cf2aa30524107c79) * MNT-20500 - Admin console breaks with serialised objects (#536) * In node browser: ** Added macro convertToJSON to recursively parse hashes and enumerables ** Added attempt/recover in macros to handle errors and not break the page ** Changed the output of serialized objects to JSON format * In both admin console and node browser: ** Adjusted consistency of the ouput when an error occurs ** Validate the depth of each hash. When we find a hash with over 1000 elements, we throw an error instead of displaying the object. Used the stop tag to effectively force an abort of the template processing preventing performance or security issues regarding very large objects. (cherry picked from commit d7ec1307567600c9475775b76fe14871b3b72a59) --- .../admin-nodebrowser.get.html.ftl | 90 ++++++++++++++----- 1 file changed, 66 insertions(+), 24 deletions(-) diff --git a/remote-api/src/main/resources/alfresco/templates/webscripts/org/alfresco/repository/admin/support-tools/admin-nodebrowser.get.html.ftl b/remote-api/src/main/resources/alfresco/templates/webscripts/org/alfresco/repository/admin/support-tools/admin-nodebrowser.get.html.ftl index 6ef2adfe95..4c5b7cd0c5 100644 --- a/remote-api/src/main/resources/alfresco/templates/webscripts/org/alfresco/repository/admin/support-tools/admin-nodebrowser.get.html.ftl +++ b/remote-api/src/main/resources/alfresco/templates/webscripts/org/alfresco/repository/admin/support-tools/admin-nodebrowser.get.html.ftl @@ -1,34 +1,76 @@ <#assign null>${msg("nodebrowser.null")?html} <#assign none>${msg("nodebrowser.none")?html} <#assign collection>${msg("nodebrowser.collection")?html} - +<#assign maxDepth=1000 /> <#macro dateFormat date>${date?string("dd MMM yyyy HH:mm:ss 'GMT'Z '('zzz')'")} <#macro propValue p> -<#if p.value??> - <#if p.value?is_date> - <@dateFormat p.value /> - <#elseif p.value?is_boolean> - ${p.value?string} - <#elseif p.value?is_number> - ${p.value?c} - <#elseif p.value?is_string> - ${p.value?html} - <#elseif p.value?is_hash> - <#assign result = "{"/> - <#assign first = true /> - <#list p.value?keys as key> - <#if first = false> - <#assign result = result + ", "/> + <#attempt> + <#if p.value??> + <#if p.value?is_date> + <@dateFormat p.value /> + <#elseif p.value?is_boolean> + ${p.value?string} + <#elseif p.value?is_number> + ${p.value?c} + <#elseif p.value?is_string> + ${p.value?html} + <#elseif p.value?is_hash || p.value?is_enumerable> + <@convertToJSON p.value /> + + <#else> + ${null} + + <#recover> + ${.error} + + +<#macro convertToJSON v> + <#if v??> + <#if v?is_date> + <@dateFormat v /> + <#elseif v?is_boolean> + ${v?string} + <#elseif v?is_number> + ${v?c} + <#elseif v?is_string> + "${v?string}" + <#elseif v?is_hash> + <#if v?keys?size gt maxDepth > + <#stop "Max depth of object achieved"> - <#assign result = result + "${key}=${p.value[key]?html}" /> - <#assign first = false/> - - <#assign result = result + "}"/> - ${result} + <@compress single_line=true> + { + <#assign first = true /> + <#list v?keys as key> + <#if first = false>, + "${key}": + <#if v[key]??> + <@convertToJSON v[key] /> + <#else> + ${null} + + <#assign first = false/> + + } + + <#elseif v?is_enumerable> + <#if v?size gt maxDepth> + <#stop "Max depth of object achieved" > + + <#assign first = true /> + <@compress single_line=true> + [ + <#list v as item> + <#if first = false>, + <@convertToJSON item /> + <#assign first = false/> + + ] + + + <#else> + ${null} -<#else> - ${null} - <#macro contentUrl nodeRef prop> ${url.serviceContext}/api/node/${nodeRef?replace("://","/")}/content;${prop?url}