From 7bc8557a1e332fdfcbde65d514ef476c27d24a50 Mon Sep 17 00:00:00 2001 From: Kevin Roast Date: Thu, 18 Dec 2008 15:08:14 +0000 Subject: [PATCH] Merged V3.0 to HEAD 11982: Fix for ETHREEOH-906 - Writing the TICKET value directly to the page during template processing is a potential XSS security hole. 11983: Added back .html suffix to plain HTML form upload api call - added code comment to explain why it's there. 11984: Added debug/info level logging to Invite process. 11985: ETHREEOH-184: thumbnail assocs do not double up on check-in and thumbnail updates are done in one action 11986: Fix for ETHREEOH-905 - missing url encoding step for user password during webscript based login process. 11995: Unit test fixed up, fallout from runAs merge. 11998: Part of a fix for ETHREEOH-546 - Cannot save document to the any space for Microsoft Office 11999: Merged V2.2 to V3.0 11996: Fix for open Lucene ResultSet memory leaks 12000: ETHREEOH-692 - It is impossible to login to Alfresco from Microsoft Office add-in using NTLM authentication. ETHREEOH-546 - Cannot save document to the any space for Microsoft Office. 12001: Paging enabled by default in all Document Libraries git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@12494 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261 --- .../web/bean/admin/AdminNodeBrowseBean.java | 1 + .../web/bean/groups/AddUsersDialog.java | 14 +- .../web/bean/users/DeleteUserDialog.java | 16 +- .../alfresco/web/bean/users/UsersDialog.java | 12 +- .../alfresco/web/bean/wcm/EditFormWizard.java | 66 ++++---- .../bean/wcm/RegenerateRenditionsWizard.java | 142 ++++++++++-------- .../web/bean/wcm/SetPermissionsDialog.java | 12 +- .../bean/wizard/BaseInviteUsersWizard.java | 12 +- .../web/bean/workflow/BaseReassignDialog.java | 10 +- .../org/alfresco/web/forms/FormsService.java | 44 ++++-- .../forms/xforms/Schema2XFormsProperties.java | 25 +-- 11 files changed, 232 insertions(+), 122 deletions(-) diff --git a/source/java/org/alfresco/web/bean/admin/AdminNodeBrowseBean.java b/source/java/org/alfresco/web/bean/admin/AdminNodeBrowseBean.java index fe12a0b53b..f06671461b 100644 --- a/source/java/org/alfresco/web/bean/admin/AdminNodeBrowseBean.java +++ b/source/java/org/alfresco/web/bean/admin/AdminNodeBrowseBean.java @@ -1009,6 +1009,7 @@ public class AdminNodeBrowseBean implements Serializable { rows.setWrappedData(resultSet.getChildAssocRefs()); length = resultSet.length(); + resultSet.close(); } } diff --git a/source/java/org/alfresco/web/bean/groups/AddUsersDialog.java b/source/java/org/alfresco/web/bean/groups/AddUsersDialog.java index cae1b4175d..988ddf8237 100644 --- a/source/java/org/alfresco/web/bean/groups/AddUsersDialog.java +++ b/source/java/org/alfresco/web/bean/groups/AddUsersDialog.java @@ -220,12 +220,20 @@ public class AddUsersDialog extends BaseDialogBean query.append("*\" @").append(NamespaceService.CONTENT_MODEL_PREFIX).append("\\:userName:"); query.append(term); query.append("*"); + List nodes; ResultSet resultSet = Repository.getServiceRegistry(context).getSearchService().query( Repository.getStoreRef(), SearchService.LANGUAGE_LUCENE, - query.toString()); - List nodes = resultSet.getNodeRefs(); - + query.toString()); + try + { + nodes = resultSet.getNodeRefs(); + } + finally + { + resultSet.close(); + } + ArrayList itemList = new ArrayList(nodes.size()); for (NodeRef personRef : nodes) { diff --git a/source/java/org/alfresco/web/bean/users/DeleteUserDialog.java b/source/java/org/alfresco/web/bean/users/DeleteUserDialog.java index d688314ce0..d7b03b5dda 100644 --- a/source/java/org/alfresco/web/bean/users/DeleteUserDialog.java +++ b/source/java/org/alfresco/web/bean/users/DeleteUserDialog.java @@ -37,6 +37,7 @@ import javax.transaction.UserTransaction; import org.alfresco.repo.security.authentication.AuthenticationException; import org.alfresco.service.cmr.repository.InvalidNodeRefException; import org.alfresco.service.cmr.repository.NodeRef; +import org.alfresco.service.cmr.search.ResultSet; import org.alfresco.service.cmr.search.SearchParameters; import org.alfresco.service.cmr.search.SearchService; import org.alfresco.service.cmr.security.AuthenticationService; @@ -153,9 +154,18 @@ public class DeleteUserDialog extends BaseDialogBean params.setLanguage(SearchService.LANGUAGE_LUCENE); params.addStore(Repository.getStoreRef()); params.setQuery(query); - - List people = this.getSearchService().query(params).getNodeRefs(); - + + ResultSet results = this.getSearchService().query(params); + List people; + try + { + people = results.getNodeRefs(); + } + finally + { + results.close(); + } + if (logger.isDebugEnabled()) logger.debug("Found " + people.size() + " users"); diff --git a/source/java/org/alfresco/web/bean/users/UsersDialog.java b/source/java/org/alfresco/web/bean/users/UsersDialog.java index ab6c31ad58..6bc5597b8f 100644 --- a/source/java/org/alfresco/web/bean/users/UsersDialog.java +++ b/source/java/org/alfresco/web/bean/users/UsersDialog.java @@ -41,6 +41,7 @@ import org.alfresco.repo.search.impl.lucene.QueryParser; import org.alfresco.repo.security.authentication.AuthenticationException; import org.alfresco.service.cmr.repository.InvalidNodeRefException; import org.alfresco.service.cmr.repository.NodeRef; +import org.alfresco.service.cmr.search.ResultSet; import org.alfresco.service.cmr.search.SearchParameters; import org.alfresco.service.cmr.search.SearchService; import org.alfresco.service.namespace.NamespaceService; @@ -343,7 +344,16 @@ public class UsersDialog extends BaseDialogBean implements IContextListener, Cha params.addStore(Repository.getStoreRef()); params.setQuery(query.toString()); - List people = properties.getSearchService().query(params).getNodeRefs(); + ResultSet results = properties.getSearchService().query(params); + List people; + try + { + people = results.getNodeRefs(); + } + finally + { + results.close(); + } if (logger.isDebugEnabled()) logger.debug("Found " + people.size() + " users"); diff --git a/source/java/org/alfresco/web/bean/wcm/EditFormWizard.java b/source/java/org/alfresco/web/bean/wcm/EditFormWizard.java index 3521da094d..d25ecd8c7e 100644 --- a/source/java/org/alfresco/web/bean/wcm/EditFormWizard.java +++ b/source/java/org/alfresco/web/bean/wcm/EditFormWizard.java @@ -272,13 +272,20 @@ public class EditFormWizard for (WebProject wp: webProjects) { ResultSet results = searchRenderingEngineTemplateInWebProject(wp, retd.getName()); - for (int i=0; i result = new ArrayList(rs.length()); - for (final ResultSetRow row : rs) + try { - final String avmPath = AVMNodeConverter.ToAVMVersionPath(row.getNodeRef()).getSecond(); - final String previewAvmPath = AVMUtil.getCorrespondingPathInPreviewStore(avmPath); - result.add(getFormsService().getFormInstanceData(-1, previewAvmPath)); + final List result = new ArrayList(rs.length()); + for (final ResultSetRow row : rs) + { + final String avmPath = AVMNodeConverter.ToAVMVersionPath(row.getNodeRef()).getSecond(); + final String previewAvmPath = AVMUtil.getCorrespondingPathInPreviewStore(avmPath); + result.add(getFormsService().getFormInstanceData(-1, previewAvmPath)); + } + + return result; + } + finally + { + rs.close(); } - return result; } private List getRelatedRenditions(final WebProject webProject, final RenderingEngineTemplate ret) @@ -516,14 +524,21 @@ public class RegenerateRenditionsWizard LOGGER.debug("running query " + query); sp.setQuery(query.toString()); final ResultSet rs = getSearchService().query(sp); - final List result = new ArrayList(rs.length()); - for (final ResultSetRow row : rs) + try { - final String avmPath = AVMNodeConverter.ToAVMVersionPath(row.getNodeRef()).getSecond(); - final String previewAvmPath = AVMUtil.getCorrespondingPathInPreviewStore(avmPath); - result.add(getFormsService().getRendition(-1, previewAvmPath)); + final List result = new ArrayList(rs.length()); + for (final ResultSetRow row : rs) + { + final String avmPath = AVMNodeConverter.ToAVMVersionPath(row.getNodeRef()).getSecond(); + final String previewAvmPath = AVMUtil.getCorrespondingPathInPreviewStore(avmPath); + result.add(getFormsService().getRendition(-1, previewAvmPath)); + } + return result; + } + finally + { + rs.close(); } - return result; } private List regenerateRenditions() @@ -596,65 +611,72 @@ public class RegenerateRenditionsWizard LOGGER.debug("running query " + query); sp.setQuery(query.toString()); final ResultSet rs = getSearchService().query(sp); - if (LOGGER.isDebugEnabled()) - LOGGER.debug("received " + rs.length() + " results"); - - final List result = new ArrayList(rs.length()); - for (final ResultSetRow row : rs) + try { - final String avmPath = AVMNodeConverter.ToAVMVersionPath(row.getNodeRef()).getSecond(); - final String previewAvmPath = AVMUtil.getCorrespondingPathInPreviewStore(avmPath); - if (this.regenerateScope.equals(REGENERATE_SCOPE_ALL) || - this.regenerateScope.equals(REGENERATE_SCOPE_FORM)) + if (LOGGER.isDebugEnabled()) + LOGGER.debug("received " + rs.length() + " results"); + + final List result = new ArrayList(rs.length()); + for (final ResultSetRow row : rs) { - final FormInstanceData fid = getFormsService().getFormInstanceData(-1, previewAvmPath); - try + final String avmPath = AVMNodeConverter.ToAVMVersionPath(row.getNodeRef()).getSecond(); + final String previewAvmPath = AVMUtil.getCorrespondingPathInPreviewStore(avmPath); + if (this.regenerateScope.equals(REGENERATE_SCOPE_ALL) || + this.regenerateScope.equals(REGENERATE_SCOPE_FORM)) { - final List regenResults = fid.regenerateRenditions(); - for (final FormInstanceData.RegenerateResult rr : regenResults) + final FormInstanceData fid = this.formsService.getFormInstanceData(-1, previewAvmPath); + try { - if (rr.getException() != null) + final List regenResults = fid.regenerateRenditions(); + for (final FormInstanceData.RegenerateResult rr : regenResults) { - Utils.addErrorMessage("error regenerating rendition using " + - rr.getRenderingEngineTemplate().getName() + - ": " + rr.getException().getMessage(), - rr.getException()); - } - else - { - result.add(rr.getRendition()); - } - if (rr.getRendition() != null) - { - getAvmLockingService().removeLock(AVMUtil.getStoreId(rr.getRendition().getPath()), - AVMUtil.getStoreRelativePath(rr.getRendition().getPath())); + if (rr.getException() != null) + { + Utils.addErrorMessage("error regenerating rendition using " + + rr.getRenderingEngineTemplate().getName() + + ": " + rr.getException().getMessage(), + rr.getException()); + } + else + { + result.add(rr.getRendition()); + } + if (rr.getRendition() != null) + { + this.avmLockingService.removeLock(AVMUtil.getStoreId(rr.getRendition().getPath()), + AVMUtil.getStoreRelativePath(rr.getRendition().getPath())); + } } } + catch (FormNotFoundException fnfe) + { + Utils.addErrorMessage("error regenerating renditions of " + fid.getPath() + + ": " + fnfe.getMessage(), + fnfe); + } } - catch (FormNotFoundException fnfe) + else { - Utils.addErrorMessage("error regenerating renditions of " + fid.getPath() + - ": " + fnfe.getMessage(), - fnfe); - } - } - else - { - final Rendition r = getFormsService().getRendition(-1, previewAvmPath); - try - { - r.regenerate(); - result.add(r); - } - catch (Exception e) - { - Utils.addErrorMessage("error regenerating rendition using " + - r.getRenderingEngineTemplate().getName() + - ": " + e.getMessage(), - e); + final Rendition r = this.formsService.getRendition(-1, previewAvmPath); + try + { + r.regenerate(); + result.add(r); + } + catch (Exception e) + { + Utils.addErrorMessage("error regenerating rendition using " + + r.getRenderingEngineTemplate().getName() + + ": " + e.getMessage(), + e); + } } } + return result; + } + finally + { + rs.close(); } - return result; } } diff --git a/source/java/org/alfresco/web/bean/wcm/SetPermissionsDialog.java b/source/java/org/alfresco/web/bean/wcm/SetPermissionsDialog.java index 7f1c118867..163dc6cd6c 100644 --- a/source/java/org/alfresco/web/bean/wcm/SetPermissionsDialog.java +++ b/source/java/org/alfresco/web/bean/wcm/SetPermissionsDialog.java @@ -259,8 +259,16 @@ public class SetPermissionsDialog extends UpdatePermissionsDialog query.append(term); query.append("*"); ResultSet resultSet = Repository.getServiceRegistry(context).getSearchService().query(Repository.getStoreRef(), SearchService.LANGUAGE_LUCENE, query.toString()); - List nodes = resultSet.getNodeRefs(); - + List nodes; + try + { + nodes = resultSet.getNodeRefs(); + } + finally + { + resultSet.close(); + } + for (int index = 0; index < nodes.size(); index++) { NodeRef personRef = nodes.get(index); diff --git a/source/java/org/alfresco/web/bean/wizard/BaseInviteUsersWizard.java b/source/java/org/alfresco/web/bean/wizard/BaseInviteUsersWizard.java index 57c39deccd..e5c74e0bc7 100644 --- a/source/java/org/alfresco/web/bean/wizard/BaseInviteUsersWizard.java +++ b/source/java/org/alfresco/web/bean/wizard/BaseInviteUsersWizard.java @@ -391,8 +391,16 @@ public abstract class BaseInviteUsersWizard extends BaseWizardBean searchParams.setLimitBy(LimitBy.FINAL_SIZE); } - ResultSet resultSet = Repository.getServiceRegistry(context).getSearchService().query(searchParams); - List nodes = resultSet.getNodeRefs(); + ResultSet resultSet = Repository.getServiceRegistry(context).getSearchService().query(searchParams); + List nodes; + try + { + nodes = resultSet.getNodeRefs(); + } + finally + { + resultSet.close(); + } // set the maximum users returned flag if appropriate if (nodes.size() == maxResults) diff --git a/source/java/org/alfresco/web/bean/workflow/BaseReassignDialog.java b/source/java/org/alfresco/web/bean/workflow/BaseReassignDialog.java index 31edeef6af..b1d18d987c 100644 --- a/source/java/org/alfresco/web/bean/workflow/BaseReassignDialog.java +++ b/source/java/org/alfresco/web/bean/workflow/BaseReassignDialog.java @@ -128,6 +128,7 @@ public abstract class BaseReassignDialog extends BaseDialogBean SelectItem[] items; UserTransaction tx = null; + ResultSet resultSet = null; try { tx = Repository.getUserTransaction(context, true); @@ -143,7 +144,7 @@ public abstract class BaseReassignDialog extends BaseDialogBean query.append("*\" @").append(NamespaceService.CONTENT_MODEL_PREFIX).append("\\:userName:"); query.append(term); query.append("*"); - ResultSet resultSet = Repository.getServiceRegistry(context).getSearchService().query( + resultSet = Repository.getServiceRegistry(context).getSearchService().query( Repository.getStoreRef(), SearchService.LANGUAGE_LUCENE, query.toString()); List nodes = resultSet.getNodeRefs(); @@ -175,6 +176,13 @@ public abstract class BaseReassignDialog extends BaseDialogBean items = new SelectItem[0]; } + finally + { + if (resultSet != null) + { + resultSet.close(); + } + } return items; } diff --git a/source/java/org/alfresco/web/forms/FormsService.java b/source/java/org/alfresco/web/forms/FormsService.java index 9b29a2b4e7..0f8c7ea1d0 100644 --- a/source/java/org/alfresco/web/forms/FormsService.java +++ b/source/java/org/alfresco/web/forms/FormsService.java @@ -218,17 +218,24 @@ public final class FormsService final ResultSet rs = this.searchService.query(Repository.getStoreRef(), SearchService.LANGUAGE_LUCENE, query); - if (LOGGER.isDebugEnabled()) - LOGGER.debug("found " + rs.length() + " form definitions"); - final Collection
result = new ArrayList(rs.length()); - for (final ResultSetRow row : rs) + try { - result.add(this.getForm(row.getNodeRef())); + if (LOGGER.isDebugEnabled()) + LOGGER.debug("found " + rs.length() + " form definitions"); + final Collection result = new ArrayList(rs.length()); + for (final ResultSetRow row : rs) + { + result.add(this.getForm(row.getNodeRef())); + } + QuickSort sorter = new QuickSort((List)result, "name", true, IDataContainer.SORT_CASEINSENSITIVE); + sorter.sort(); + + return result; + } + finally + { + rs.close(); } - QuickSort sorter = new QuickSort((List)result, "name", true, IDataContainer.SORT_CASEINSENSITIVE); - sorter.sort(); - - return result; } /** @@ -400,15 +407,22 @@ public final class FormsService final ResultSet rs = this.searchService.query(Repository.getStoreRef(), SearchService.LANGUAGE_LUCENE, query); - if (LOGGER.isDebugEnabled()) + try { - LOGGER.debug("query " + query + " returned " + rs.length() + " results"); + if (LOGGER.isDebugEnabled()) + { + LOGGER.debug("query " + query + " returned " + rs.length() + " results"); + } + final List result = new ArrayList(rs.length()); + for (final ResultSetRow row : rs) + { + result.add(row.getNodeRef()); + } + return result; } - final List result = new ArrayList(rs.length()); - for (final ResultSetRow row : rs) + finally { - result.add(row.getNodeRef()); + rs.close(); } - return result; } } diff --git a/source/java/org/alfresco/web/forms/xforms/Schema2XFormsProperties.java b/source/java/org/alfresco/web/forms/xforms/Schema2XFormsProperties.java index 6227873f60..080d654a26 100644 --- a/source/java/org/alfresco/web/forms/xforms/Schema2XFormsProperties.java +++ b/source/java/org/alfresco/web/forms/xforms/Schema2XFormsProperties.java @@ -145,18 +145,25 @@ public class Schema2XFormsProperties searchService.query(Repository.getStoreRef(), SearchService.LANGUAGE_LUCENE, "PATH:\"" + name + "\""); - LOGGER.debug("search returned " + results.length() + - " results"); - if (results.length() == 1) + try { - final NodeRef nr = results.getNodeRef(0); - final ContentReader reader = - contentService.getReader(nr, ContentModel.PROP_CONTENT); - return reader.getContentInputStream(); + LOGGER.debug("search returned " + results.length() + + " results"); + if (results.length() == 1) + { + final NodeRef nr = results.getNodeRef(0); + final ContentReader reader = + contentService.getReader(nr, ContentModel.PROP_CONTENT); + return reader.getContentInputStream(); + } + else + { + return super.getResourceAsStream(name); + } } - else + finally { - return super.getResourceAsStream(name); + results.close(); } } };