inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-07 17:49:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

ALF-11700: Possible to generate feed entries with malformed NodeRefs

Browse Source 
* ActivityPostService checks incoming nodeRef values in JSON - they must at least work in a NodeRef constructor.
* FeedTaskProcessor ignores nodeRef values that cannot be used in a NodeRef constructor.



git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@32321 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Matt Ward
2011-11-25 17:28:38 +00:00
parent 44c5efe514
commit 70722a9a3b
3 changed files with 69 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
source/java/org/alfresco/repo/activities/feed/FeedTaskProcessor.java
View File

@@ -45,6 +45,7 @@ import org.alfresco.repo.domain.activities.ActivityPostEntity;
import org.alfresco.repo.domain.activities.FeedControlEntity;
import org.alfresco.repo.template.ISO8601DateFormatMethod;
import org.alfresco.repo.tenant.TenantService;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.util.JSONtoFmModel;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -209,6 +210,24 @@ public abstract class FeedTaskProcessor
continue;
}
String nodeRefStr = (String) model.get(PostLookup.JSON_NODEREF);
try
{
// If a nodeRef is present, then it must be valid.
if (nodeRefStr != null)
{
// Attempt to create a nodeRef, making use of the constructor's validation.
new NodeRef(nodeRefStr);
}
}
catch (Exception e)
{
logger.error("Skipping activity post " + activityPost.getId() +
" due to invalid nodeRef: " + nodeRefStr);
updatePostStatus(activityPost.getId(), ActivityPostEntity.STATUS.ERROR);
continue;
}
// note: for MT share, site id should already be mangled - in addition to extra tenant domain info
String thisSite = activityPost.getSiteNetwork();