From d6fdc2fb035100101983f8d35c0abd41aa260e41 Mon Sep 17 00:00:00 2001 From: Dave Ward Date: Wed, 14 Jul 2010 14:49:50 +0000 Subject: [PATCH] Merged V3.3-BUG-FIX to HEAD 21132: ALF-3855: Refactored repository authentication filters so that same code is re-used for Web Client, Web Script, Web DAV and Sharepoint authentication - 'Uber Filter' part 3 - Means we now support Kerberos Authentication for Sharepoint - Threw away a lot of duplicated code - New common AuthenticationDriver interface created and now implemented by core authentication code - Sharepoint and BaseSSOAuthenticationFilter now both use AuthenticationDrivers - Needs regression testing 21137: ALF-3841: Alfresco Explorer SSO Authentication Filters now accept ticket parameters too - Can be turned back off with ntlm.authentication.browser.ticketLogons=false or kerberos.authentication.browser.ticketLogons=false - Wiki updated 21141: ALF-3855: Fixed wiring 21146: ALF-2879: 'xamconnector' module behaviour for xam:archived - Application of xam:archived recurses and locks both files and folders - cm:content nodes also have the store selector applied for the XAMContentStore - TODO: Archive properties 21165: Fixed ALF-3867: SQL format error when re-instating orphaned content URL - Parameter was not bounded with # - Added unit test to ensure SQL generated is correct 21169: Merged V3.3 to V3.3-BUG-FIX 21168: (RECORD ONLY Merged PATCHES/V3.2.1 to V3.3 21166: Merged V3.3-BUG-FIX to PATCHES/V3.2.1 21165: Fixed ALF-3867: SQL format error when re-instating orphaned content URL - Parameter was not bounded with # - Added unit test to ensure SQL generated is correct 21118: Latest SpringSurf libs: - Fix for missing read of "keystore" in Remote config - Session Fixation attack mitigation improvements: - A Surf application no longer generates a Session (and therefore no JSESSIONID) until a user is authenticated - simply visiting a login page or similar will no longer generate a Session - Existing Sessions are always invalidated and destroyed if found when a user is authenticated via the LoginController (i.e. due to a JSESSIONID captured via an XSS attack) Merged HEAD to V3.3 21111: Fix to encode form parameter on Share login template - prevents its potential use as an reflected XSS attack vector 21117: Session Fixation mitigation: - Removed Session creation from Share index.jsp Merged V3.3-BUG-FIX-2010_06_24 to V3.3 21096: Fix for ALF-3718 - JSF client login page input validator is too aggressive ("Login" button is disabled if username contains forward slash) 21088: Latest SpringSurf libs git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@21170 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261 --- .../content-common-SqlMap.xml | 2 +- .../repo/domain/contentdata/ContentDataDAOTest.java | 13 +++++++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/config/alfresco/ibatis/org.hibernate.dialect.Dialect/content-common-SqlMap.xml b/config/alfresco/ibatis/org.hibernate.dialect.Dialect/content-common-SqlMap.xml index 0393da16d4..9333e4dac6 100644 --- a/config/alfresco/ibatis/org.hibernate.dialect.Dialect/content-common-SqlMap.xml +++ b/config/alfresco/ibatis/org.hibernate.dialect.Dialect/content-common-SqlMap.xml @@ -221,7 +221,7 @@ where id = #id# and orphan_time is null - orphan_time = oldOrphanTime + orphan_time = #oldOrphanTime# diff --git a/source/java/org/alfresco/repo/domain/contentdata/ContentDataDAOTest.java b/source/java/org/alfresco/repo/domain/contentdata/ContentDataDAOTest.java index bfe72c7391..7a8d19b8bb 100644 --- a/source/java/org/alfresco/repo/domain/contentdata/ContentDataDAOTest.java +++ b/source/java/org/alfresco/repo/domain/contentdata/ContentDataDAOTest.java @@ -224,6 +224,19 @@ public class ContentDataDAOTest extends TestCase } } + /** + * Check that orphaned content can be re-instated. + */ + public void testReinstate_ALF3867() + { + ContentData contentData = getContentData(); + Pair resultPair = create(contentData); + getAndCheck(resultPair.getFirst(), contentData); + delete(resultPair.getFirst()); + // Now create a ContentData with the same URL + create(contentData); + } + public void testContentUrl_FetchingOrphansNoLimit() throws Exception { ContentData contentData = getContentData();