inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-07 17:49:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged V3.0 to HEAD (fixes ALFCOM-2311 & ALFCOM-2332)

Browse Source 
12718: Merged V2.2 to V3.0
      12706: Merged V2.1 to V2.2
         12693: Fixed regression where summary pages of WCM related wizards do not render correctly after XSS fixes, related to ETWOTWO-987

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@12722 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Gavin Cornwell
2009-01-13 22:57:30 +00:00
parent 0e2cbde7b3
commit e1da4cb9d4
13 changed files with 258 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
source/java/org/alfresco/web/bean/wcm/CreateFormWizard.java
View File

@@ -188,6 +188,14 @@ public class CreateFormWizard extends BaseWizardBean
return this.renderingEngineDescriptionAttribute;
}
public String getRenderingEngineLabelAttribute()
{
StringBuilder builder = new StringBuilder("<b>");
builder.append(Utils.encode(this.title));
builder.append("</b>");
return builder.toString();
}
public String toString()
{
return (this.getClass().getName() + "{" +
@@ -539,6 +547,18 @@ public class CreateFormWizard extends BaseWizardBean
return this.formDescriptionAttribute;
}
/**
*
* @return HTML code for the form label
*/
public String getFormLabelAttribute()
{
StringBuilder builder = new StringBuilder("<b>");
builder.append(Utils.encode(this.getFormTitle()));
builder.append("</b>");
return builder.toString();
}
/**
*
* @return Returns HTML code of the formDescriptionAttribute
@@ -554,6 +574,24 @@ public class CreateFormWizard extends BaseWizardBean
return this.workflowDescriptionAttribute;
}
/**
*
* @return Returns HTML code of the workflow label
*/
public String getWorkflowLabelAttribute()
{
StringBuilder builder = new StringBuilder("<b>");
WorkflowDefinition wkDef = this.getDefaultWorkflowDefinition();
if (wkDef != null)
{
builder.append(Utils.encode(wkDef.getTitle()));
}
builder.append("</b>");
return builder.toString();
}
/**
* @return Returns the output path for the rendition.
*/

8
source/java/org/alfresco/web/bean/wcm/CreateWebContentWizard.java
View File

@@ -895,6 +895,14 @@ public class CreateWebContentWizard extends CreateContentWizard
return this.formDescriptionAttribute;
}
public String getFormLabelAttribute()
{
StringBuilder builder = new StringBuilder("<b>");
builder.append(Utils.encode(this.getFormInstanceData().getName()));
builder.append("</b>");
return builder.toString();
}
// ------------------------------------------------------------------------------
// Action event handlers

40
source/java/org/alfresco/web/bean/wcm/CreateWebsiteWizard.java
View File

@@ -1355,6 +1355,18 @@ public class CreateWebsiteWizard extends BaseWizardBean
return this.websiteDescriptionAttribute;
}
/**
*
* @return Returns HTML for website label
*/
public String getWebsiteLabelAttribute()
{
StringBuilder builder = new StringBuilder("<b>");
builder.append(Utils.encode(this.name));
builder.append("</b>");
return builder.toString();
}
/**
*
* @return Returns a HTML code for "description" attribute
@@ -1456,6 +1468,14 @@ public class CreateWebsiteWizard extends BaseWizardBean
return this.formDescriptionAttribute;
}
public String getFormLabelAttribute()
{
StringBuilder builder = new StringBuilder("<b>");
builder.append(Utils.encode(this.getName()));
builder.append("</b>");
return builder.toString();
}
/**
* @return Returns the workflow.
*/
@@ -1744,6 +1764,18 @@ public class CreateWebsiteWizard extends BaseWizardBean
return this.workflowDescriptionAttribute;
}
/**
*
* @return Returns HTML for the workflow label
*/
public String getWorkflowLabelAttribute()
{
StringBuilder builder = new StringBuilder("<b>");
builder.append(Utils.encode(this.title));
builder.append("</b>");
return builder.toString();
}
/**
*
* @return Returns HTML representation of the "description" attribute
@@ -1799,6 +1831,14 @@ public class CreateWebsiteWizard extends BaseWizardBean
return this.userDescriptionAttribute;
}
public String getUserLabelAttribute()
{
StringBuilder builder = new StringBuilder("<b>");
builder.append(Utils.encode(this.name));
builder.append("</b>");
return builder.toString();
}
private String buildUserDescriptionAttribute()
{
FacesContext fc = FacesContext.getCurrentInstance();

4
source/java/org/alfresco/web/bean/wcm/DescriptionAttributeHelper.java
View File

@@ -3,6 +3,7 @@ package org.alfresco.web.bean.wcm;
import javax.faces.context.FacesContext;
import org.alfresco.web.app.Application;
import org.alfresco.web.ui.common.Utils;
import org.apache.commons.lang.StringUtils;
/**
@@ -43,7 +44,8 @@ public class DescriptionAttributeHelper
public static String getTableLine(FacesContext fc, String fieldName, String fieldValue)
{
StringBuilder line = new StringBuilder(128);
line.append(TRTD_BEGIN).append(Application.getMessage(fc, fieldName)).append(TD_TD).append(fieldValue).append(TDTR_END);
line.append(TRTD_BEGIN).append(Application.getMessage(fc, fieldName)).
append(TD_TD).append(Utils.encode(fieldValue)).append(TDTR_END);
return line.toString();
}

3
source/java/org/alfresco/web/forms/Rendition.java
View File

@@ -67,6 +67,9 @@ public interface Rendition
/** the output stream for the rendition */
public OutputStream getOutputStream();
/** the HTML label attribute for UI */
public String getLabelAttribute();
/** the HTML description attribute for UI */
public String getDescriptionAttribute();

9
source/java/org/alfresco/web/forms/RenditionImpl.java
View File

@@ -42,6 +42,7 @@ import org.alfresco.util.Pair;
import org.alfresco.web.app.servlet.FacesHelper;
import org.alfresco.web.bean.repository.Repository;
import org.alfresco.web.bean.wcm.AVMUtil;
import org.alfresco.web.ui.common.Utils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -279,6 +280,14 @@ import org.xml.sax.SAXException;
return this.descriptionAttribute;
}
public String getLabelAttribute()
{
StringBuilder builder = new StringBuilder("<b>");
builder.append(Utils.encode(this.getName()));
builder.append("</b>");
return builder.toString();
}
private String buildDescriptionAttribute()
{
int hashCode = hashCode();

80
source/java/org/alfresco/web/ui/common/component/UISelectList.java
View File

@@ -67,6 +67,8 @@ public class UISelectList extends UIInput implements NamingContainer
private int rowIndex = -1;
private int itemCount;
private String onchange = null;
private Boolean escapeItemLabel;
private Boolean escapeItemDescription;
// ------------------------------------------------------------------------------
// Component Impl
@@ -99,6 +101,8 @@ public class UISelectList extends UIInput implements NamingContainer
this.activeSelect = (Boolean)values[2];
this.itemCount = (Integer)values[3];
this.onchange = (String)values[4];
this.escapeItemLabel = (Boolean)values[5];
this.escapeItemDescription = (Boolean)values[6];
}
/**
@@ -112,7 +116,9 @@ public class UISelectList extends UIInput implements NamingContainer
this.multiSelect,
this.activeSelect,
this.itemCount,
this.onchange
this.onchange,
this.escapeItemLabel,
this.escapeItemDescription
};
}
@@ -326,6 +332,8 @@ public class UISelectList extends UIInput implements NamingContainer
throws IOException
{
boolean activeSelect = isActiveSelect();
boolean escapeLabel = getEscapeItemLabel();
boolean escapeDescription = getEscapeItemDescription();
// begin the row, add tooltip if present
String tooltip = item.getTooltip();
@@ -394,17 +402,32 @@ public class UISelectList extends UIInput implements NamingContainer
}
// label and description text
String label = item.getLabel();
String description = item.getDescription();
out.write("<td width=100%");
Utils.outputAttribute(out, getAttributes().get("itemStyle"), "style");
Utils.outputAttribute(out, getAttributes().get("itemStyleClass"), "class");
out.write("><div style='padding:2px'>");
out.write(Utils.encode(item.getLabel()));
if (escapeLabel)
{
out.write(Utils.encode(label));
}
else
{
out.write(label);
}
out.write("</div>");
if (description != null)
{
out.write("<div style='padding:2px'>");
out.write(Utils.encode(description));
if (escapeDescription)
{
out.write(Utils.encode(description));
}
else
{
out.write(description);
}
out.write("</div>");
}
out.write("</td>");
@@ -520,6 +543,57 @@ public class UISelectList extends UIInput implements NamingContainer
this.activeSelect = activeSelect;
}
/**
* Get the escape item label flag
*
* @return true if the items label should be escaped, false otherwise
*/
public boolean getEscapeItemLabel()
{
ValueBinding vb = getValueBinding("escapeItemLabel");
if (vb != null)
{
this.escapeItemLabel = (Boolean)vb.getValue(getFacesContext());
}
return this.escapeItemLabel != null ? this.escapeItemLabel.booleanValue() : true;
}
/**
* Set true to escape the items label, false otherwise
*
* @param escapeItemLabel true to escape the items label
*/
public void setEscapeItemLabel(boolean escapeItemLabel)
{
this.escapeItemLabel = escapeItemLabel;
}
/**
* Get the escape item description flag
*
* @return true if the items description should be escaped, false otherwise
*/
public boolean getEscapeItemDescription()
{
ValueBinding vb = getValueBinding("escapeItemDescription");
if (vb != null)
{
this.escapeItemDescription = (Boolean)vb.getValue(getFacesContext());
}
return this.escapeItemDescription != null ? this.escapeItemDescription.booleanValue() : true;
}
/**
* Set true to escape the items description, false otherwise
*
* @param escapeItemDescription true to escape the items description
*/
public void setEscapeItemDescription(boolean escapeItemDescription)
{
this.escapeItemDescription = escapeItemDescription;
}
/**
* We use a hidden field name based on the parent form component Id and

30
source/java/org/alfresco/web/ui/common/tag/SelectListTag.java
View File

@@ -60,6 +60,8 @@ public class SelectListTag extends HtmlComponentTag
setStringProperty(component, "itemStyleClass", this.itemStyleClass);
setStringProperty(component, "value", this.value);
setStringProperty(component, "onchange", this.onchange);
setBooleanProperty(component, "escapeItemLabel", this.escapeItemLabel);
setBooleanProperty(component, "escapeItemDescription", this.escapeItemDescription);
}
/**
@@ -75,6 +77,8 @@ public class SelectListTag extends HtmlComponentTag
this.itemStyleClass = null;
this.value = null;
this.onchange = null;
this.escapeItemLabel = null;
this.escapeItemDescription = null;
}
/**
@@ -147,6 +151,26 @@ public class SelectListTag extends HtmlComponentTag
this.onchange = onchange;
}
/**
* Set the escapeItemLabel flag
*
* @param escapeItemLabel true to escape the items labels
*/
public void setEscapeItemLabel(String escapeItemLabel)
{
this.escapeItemLabel = escapeItemLabel;
}
/**
* Set the escapeItemDescription flag
*
* @param escapeItemDescription true to escape the items descriptions
*/
public void setEscapeItemDescription(String escapeItemDescription)
{
this.escapeItemDescription = escapeItemDescription;
}
/** the selected value */
private String value;
@@ -167,4 +191,10 @@ public class SelectListTag extends HtmlComponentTag
/** the event handler for a change in selection */
private String onchange;
/** the escape mode for item's labels */
private String escapeItemLabel;
/** the escape mode for item's descriptions */
private String escapeItemDescription;
}

12
source/web/WEB-INF/alfresco.tld
View File

@@ -2012,6 +2012,18 @@
<required>false</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
<attribute>
<name>escapeItemLabel</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
<attribute>
<name>escapeItemDescription</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
</tag>
<!-- graphic_image -->

5
source/web/jsp/wcm/create-form-wizard/form-summary.jsp
View File

@@ -41,8 +41,9 @@
multiSelect="false"
activeSelect="true"
style="width:100%"
itemStyle="vertical-align: top; margin-right: 5px; padding-right: 5px;">
<a:listItem label="<b>${WizardManager.bean.formTitle}</b>" value="${WizardManager.bean.formName}"
itemStyle="vertical-align: top; margin-right: 5px; padding-right: 5px;"
escapeItemLabel="false" escapeItemDescription="false">
<a:listItem label="${WizardManager.bean.formLabelAttribute}" value="${WizardManager.bean.formName}"
image="/images/icons/webform_large.gif"
description="${WizardManager.bean.formDescriptionAttribute}" />
</a:selectList>

15
source/web/jsp/wcm/create-form-wizard/web-form-summary.jsp
View File

@@ -42,8 +42,9 @@
multiSelect="false"
activeSelect="true"
style="width:100%"
itemStyle="vertical-align: top; margin-right: 5px; padding-right: 5px;">
<a:listItem label="<b>${WizardManager.bean.formTitle}</b>" value="${WizardManager.bean.formName}"
itemStyle="vertical-align: top; margin-right: 5px; padding-right: 5px;"
escapeItemLabel="false" escapeItemDescription="false">
<a:listItem label="${WizardManager.bean.formLabelAttribute}" value="${WizardManager.bean.formName}"
image="/images/icons/webform_large.gif"
description="${WizardManager.bean.formDescriptionAttribute}" />
</a:selectList>
@@ -62,9 +63,10 @@
multiSelect="false"
itemStyle="vertical-align: top; margin-right: 5px; padding-right: 5px;"
activeSelect="true"
style="width:100%">
style="width:100%"
escapeItemLabel="false" escapeItemDescription="false">
<c:forEach items="${WizardManager.bean.renderingEngineTemplates}" var="ret">
<a:listItem label="<b>${ret.title}</b>"
<a:listItem label="${ret.renderingEngineLabelAttribute}"
value="${ret.name}"
image="/images/icons/template_large.gif"
description="${ret.renderingEngineDescriptionAttribute}" />
@@ -85,8 +87,9 @@
multiSelect="false"
activeSelect="true"
itemStyle="vertical-align: top; margin-right: 5px; padding-right: 5px;"
style="width:100%">
<a:listItem label="<b>${WizardManager.bean.defaultWorkflowDefinition.title}</b>"
style="width:100%"
escapeItemLabel="false" escapeItemDescription="false">
<a:listItem label="${WizardManager.bean.workflowLabelAttribute}"
value="${WizardManager.bean.defaultWorkflowDefinition.name}"
image="/images/icons/workflow_large.gif"
description="${WizardManager.bean.workflowDescriptionAttribute}" />

18
source/web/jsp/wcm/create-web-content-wizard/summary.jsp
View File

@@ -41,30 +41,32 @@
multiSelect="false"
activeSelect="true"
style="width:100%"
itemStyle="vertical-align: top; margin-right: 5px; padding-right: 5px;">
itemStyle="vertical-align: top; margin-right: 5px; padding-right: 5px;"
escapeItemLabel="false" escapeItemDescription="false">
<a:listItem value="${WizardManager.bean.formInstanceData.name}"
image="/images/filetypes32/xml.gif"
label="<b>${WizardManager.bean.formInstanceData.name}</b>"
label="${WizardManager.bean.formLabelAttribute}"
description="${WizardManager.bean.formDescriptionAttribute}" />
</a:selectList>
</h:panelGrid>
<h:panelGrid columns="1" cellpadding="2" style="padding-top: 4px; padding-bottom: 4px;"
width="100%" rowClasses="wizardSectionHeading"
rendered="#{!empty WizardManager.bean.renditions}">
rendered="#{!empty WizardManager.bean.renditions}">
<h:outputText value="&#160;#{msg.create_web_content_summary_rendition_details}" escape="false" />
</h:panelGrid>
<h:panelGrid columns="1" cellpadding="3" cellspacing="3" border="0" width="100%"
rendered="#{!empty WizardManager.bean.renditions}">
<a:selectList id="rendition-list"
multiSelect="false"
activeSelect="true"
style="width:100%"
itemStyle="vertical-align: top; margin-right: 5px; padding-right: 5px;">
multiSelect="false"
activeSelect="true"
style="width:100%"
itemStyle="vertical-align: top; margin-right: 5px; padding-right: 5px;"
escapeItemLabel="false" escapeItemDescription="false">
<c:forEach items="${WizardManager.bean.renditions}" var="rendition" varStatus="status">
<a:listItem id="listItem${status.index}" value="${rendition.name}" image="${rendition.fileTypeImage}"
label="<b>${rendition.name}</b>"
label="${rendition.labelAttribute}"
description="${rendition.descriptionAttribute}" />
</c:forEach>
</a:selectList>

28
source/web/jsp/wcm/create-website-wizard/summary.jsp
View File

@@ -41,10 +41,11 @@
<h:panelGrid columns="1" cellpadding="3" cellspacing="3" border="0" width="100%">
<a:selectList id="webproject-list" multiSelect="false" activeSelect="true" style="width:100%;"
itemStyle="vertical-align: top; margin-right: 5px; padding-right: 5px;">
itemStyle="vertical-align: top; margin-right: 5px; padding-right: 5px;"
escapeItemLabel="false" escapeItemDescription="false">
<a:listItem value="${WizardManager.bean.name}"
image="/images/icons/website_large.gif"
label="<b>${WizardManager.bean.name}</b>"
label="${WizardManager.bean.websiteLabelAttribute}"
description="${WizardManager.bean.websiteDescriptionAttribute}" />
</a:selectList>
</h:panelGrid>
@@ -57,11 +58,12 @@
<h:panelGrid columns="2" cellpadding="3" cellspacing="3" border="0" width="100%">
<h:outputText rendered="#{empty WizardManager.bean.forms}" value="#{msg.no_selected_items}"/>
<a:selectList id="form-list" multiSelect="false" activeSelect="true" style="width:100%;"
itemStyle="vertical-align: top; margin-right: 5px; padding-right: 5px;">
itemStyle="vertical-align: top; margin-right: 5px; padding-right: 5px;"
escapeItemLabel="false" escapeItemDescription="false">
<c:forEach items="${WizardManager.bean.forms}" var="form">
<a:listItem value="${form.name}"
image="/images/icons/webform_large.gif"
label="<b>${form.name}</b>"
label="${form.formLabelAttribute}"
description="${form.formDescriptionAttribute}" />
</c:forEach>
</a:selectList>
@@ -75,11 +77,12 @@
<h:panelGrid columns="1" cellpadding="3" cellspacing="3" border="0" width="100%">
<h:outputText rendered="#{empty WizardManager.bean.workflows}" value="#{msg.no_selected_items}"/>
<a:selectList id="workflow-list" multiSelect="false" activeSelect="true" style="width:100%;"
itemStyle="vertical-align: top; margin-right: 5px; padding-right: 5px;">
itemStyle="vertical-align: top; margin-right: 5px; padding-right: 5px;"
escapeItemLabel="false" escapeItemDescription="false">
<c:forEach items="${WizardManager.bean.workflows}" var="workflow">
<a:listItem value="${workflow.name}"
image="/images/icons/workflow_large.gif"
label="<b>${workflow.title}</b>"
label="${workflow.workflowLabelAttribute}"
description="${workflow.workflowDescriptionAttribute}" />
</c:forEach>
</a:selectList>
@@ -95,12 +98,13 @@
multiSelect="false"
activeSelect="true"
style="width:100%;"
itemStyle="vertical-align: top; margin-right: 5px;">
<c:forEach items="${WizardManager.bean.invitedUsers}" var="user">
<a:listItem value="${user.name}"
image="/images/icons/user_large.gif"
label="<b>${user.name}</b>"
description="${user.userDescriptionAttribute}" />
itemStyle="vertical-align: top; margin-right: 5px;"
escapeItemLabel="false" escapeItemDescription="false">
<c:forEach items="${WizardManager.bean.invitedUsers}" var="user">
<a:listItem value="${user.name}"
image="/images/icons/user_large.gif"
label="${user.userLabelAttribute}"
description="${user.userDescriptionAttribute}" />
</c:forEach>
</a:selectList>
</h:panelGrid>