Merged HEAD-BUG-FIX (5.1/Cloud) to HEAD (5.1/Cloud)

93834: Merged 5.0.N (5.0.1) to HEAD-BUG-FIX (5.1/Cloud)
      93734: Merged V4.2-BUG-FIX (4.2.5) to 5.0.N (5.0.1)
         - SOURCE/root/projects/remote-api/config/alfresco/templates/webscripts/org/alfresco/collaboration/calendar.get.html.ftl
           was removed from 5.0 as part of an EOL activity
         93559: Merged V4.2.4 (4.2.4) to V4.2-BUG-FIX (4.2.5)
            93544: Merged DEV to V4.2.4 (4.2.4)
               93482: MNT-13174: /share/service/components/form {htmlid} unsanitized: XSS vulnerability
                - Add html escape to avoid XSS vulnerability 
            93545: Merged DEV to V4.2.4 (4.2.4)
               93508 : MNT-13177 : /alfresco/wcservice/search/keyword {l} unsanitized: XSS vulnerability 
                  - Escape search.localeId property
            93549: Merged DEV to V4.2.4 (4.2.4)
               93540 : MNT-13173 : /share/service/components/form {destination} unsanitized: XSS vulnerability
                  - Add html escape to avoid XSS vulnerability
            93555: Merged DEV to V4.2.4 (4.2.4)
               93476: MNT-13178: /alfresco/wcservice/api/search/person {l} unsanitized: XSS vulnerability
                  - Add url escape to avoid XSS vulnerability
            93556: Merged DEV to V4.2.4 (4.2.4)
               93477: MNT-13176 : /alfresco/wcservice/collaboration/calendar {nodeRef} unsanitized: XSS vulnerability
                  - Added ?html built-in processing for nodeRef argument. 
         93718: Merged V4.2.4 (4.2.4) to V4.2-BUG-FIX (4.2.5)
            93671: Merged DEV to PATCHES/V4.2.4 (4.2.4)
               93661: MNT-13180: go through all API URI and confirm all parameters are sanitized
                  - Add unit test that checks all webscripts for sanitized parameters
            93672: MNT-13190: /alfresco/wcservice/sample/blog/search {q} unsanitized: XSS vulnerability
               Add html escape to fix XSS vulnerability
            93691: MNT-13190: /alfresco/wcservice/sample/blog/search {q} unsanitized: XSS vulnerability
               Patch imported blogsearch template


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@94995 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261

source/java/org/alfresco/repo/admin/patch/impl/FixTemplatePatch.java

@@ -0,0 +1,108 @@
+/*
+ * Copyright (C) 2005-2015 Alfresco Software Limited.
+ *
+ * This file is part of Alfresco
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
+ */
+package org.alfresco.repo.admin.patch.impl;
+
+import java.io.InputStream;
+import java.util.List;
+
+import org.alfresco.model.ContentModel;
+import org.alfresco.repo.admin.patch.AbstractPatch;
+import org.alfresco.repo.content.MimetypeMap;
+import org.alfresco.repo.model.Repository;
+import org.alfresco.service.cmr.repository.ContentService;
+import org.alfresco.service.cmr.repository.ContentWriter;
+import org.alfresco.service.cmr.repository.NodeRef;
+import org.springframework.extensions.surf.util.I18NUtil;
+
+/**
+ * MNT-13190: Fix template
+ * 
+ * @author Viachaslau Tsikhanovich
+ *
+ */
+public class FixTemplatePatch extends AbstractPatch
+{
+    private static final String MSG_SUCCESS = "patch.fixWebscriptTemplate.result";
+    private static final String MSG_SKIP = "patch.fixWebscriptTemplate.skip";
+    
+    private Repository repository;
+    protected ContentService contentService;
+    private String target;
+    private String source;
+
+    public void setRepository(Repository repository)
+    {
+        this.repository = repository;
+    }
+    
+    public void setContentService(ContentService contentService)
+    {
+        this.contentService = contentService;
+    }
+    
+    public void setTarget(String target)
+    {
+        this.target = target;
+    }
+
+    public void setSource(String source)
+    {
+        this.source = source;
+    }
+
+
+    @Override
+    protected String applyInternal() throws Exception
+    {
+        List<NodeRef> refs = searchService.selectNodes(
+                repository.getRootHome(), 
+                target, 
+                null, 
+                namespaceService, 
+                false);
+        if (refs.size() < 1)
+        {
+            // skip as it can be deleted
+            return I18NUtil.getMessage(MSG_SKIP);
+        }
+        else
+        {
+            updateContent(refs.get(0));
+        }
+
+        return I18NUtil.getMessage(MSG_SUCCESS);
+    }
+
+    private void updateContent(NodeRef nodeRef)
+    {
+        // Make versionable
+        nodeService.addAspect(nodeRef, ContentModel.ASPECT_VERSIONABLE, null);
+        
+        // Update content
+        InputStream is = this.getClass().getClassLoader().getResourceAsStream(source);
+        if (is != null)
+        {
+            ContentWriter contentWriter = contentService.getWriter(nodeRef, ContentModel.PROP_CONTENT, true);
+            contentWriter.setMimetype(MimetypeMap.MIMETYPE_TEXT_PLAIN);
+            contentWriter.setEncoding("UTF-8");
+            contentWriter.putContent(is);
+        }
+    }
+
+}