Merged V2.1 to HEAD

6933: Various fixes for cross-site javascript and associated trickery to web-client UI screens Plus fixes to several dialogs broken in use-the-link dialog conversion changes. git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@7362 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-08-07 17:49:17 +00:00 · 2007-11-12 16:07:55 +00:00
parent f9a456f870
commit f261c168b7
26 changed files with 135 additions and 133 deletions
--- a/source/java/org/alfresco/web/bean/actions/RunActionWizard.java
+++ b/source/java/org/alfresco/web/bean/actions/RunActionWizard.java
@@ -43,6 +43,7 @@ import org.alfresco.web.bean.repository.Node;
 import org.alfresco.web.bean.repository.Repository;
 import org.alfresco.web.data.IDataContainer;
 import org.alfresco.web.data.QuickSort;
+import org.alfresco.web.ui.common.Utils;

 /**
 * Bean implementation for the "Run Action" wizard.
@@ -176,8 +177,8 @@ public class RunActionWizard extends BaseActionWizard
      StringBuilder actionsSummary = new StringBuilder();
      for (Map<String, Serializable> props : this.allActionsProperties)
      {
-         actionsSummary.append(props.get(PROP_ACTION_SUMMARY));
-         actionsSummary.append("<br/>");
+         actionsSummary.append(Utils.encode(props.get(PROP_ACTION_SUMMARY).toString()));
+         actionsSummary.append("<br>");
      }
      
      ResourceBundle bundle = Application.getBundle(FacesContext.getCurrentInstance());
--- a/source/java/org/alfresco/web/bean/forums/ForumsBean.java
+++ b/source/java/org/alfresco/web/bean/forums/ForumsBean.java
@@ -932,7 +932,7 @@ public class ForumsBean implements IContextListener
            ContentModel.PROP_CONTENT);  
      if (reader != null)
      {
-         replyContent = reader.getContentString();
+         replyContent = Utils.stripUnsafeHTMLTags(reader.getContentString());
      }
      
      // get the date of the article being replied to
--- a/source/java/org/alfresco/web/bean/rules/CreateRuleWizard.java
+++ b/source/java/org/alfresco/web/bean/rules/CreateRuleWizard.java
@@ -203,7 +203,7 @@ public class CreateRuleWizard extends BaseActionWizard
      for (Map<String, Serializable> props : this.allConditionsProperties)
      {
         conditionsSummary.append(props.get(PROP_CONDITION_SUMMARY));
-         conditionsSummary.append("<br/>");
+         conditionsSummary.append("<br>");
      }
      
      // create the summary using all the actions
@@ -211,7 +211,7 @@ public class CreateRuleWizard extends BaseActionWizard
      for (Map<String, Serializable> props : this.allActionsProperties)
      {
         actionsSummary.append(props.get(PROP_ACTION_SUMMARY));
-         actionsSummary.append("<br/>");
+         actionsSummary.append("<br>");
      }
      
      ResourceBundle bundle = Application.getBundle(FacesContext.getCurrentInstance());
@@ -224,7 +224,8 @@ public class CreateRuleWizard extends BaseActionWizard
            new String[] {bundle.getString("rule_type"), bundle.getString("name"), bundle.getString("description"),
                          bundle.getString("apply_to_sub_spaces"), bundle.getString("run_in_background"), bundle.getString("rule_disabled"),
                          bundle.getString("conditions"), bundle.getString("actions")},
-            new String[] {this.type, this.title, this.description, subSpacesYesNo, backgroundYesNo, ruleDisabledYesNo,
+            new String[] {this.type, Utils.encode(this.title), Utils.encode(this.description),
+                          subSpacesYesNo, backgroundYesNo, ruleDisabledYesNo,
                          conditionsSummary.toString(), actionsSummary.toString()});
   }
   
--- a/source/java/org/alfresco/web/bean/spaces/CreateSpaceWizard.java
+++ b/source/java/org/alfresco/web/bean/spaces/CreateSpaceWizard.java
@@ -472,7 +472,7 @@ public class CreateSpaceWizard extends BaseWizardBean
      return buildSummary(
            new String[] {bundle.getString("space_type"), bundle.getString("name"),
                          bundle.getString("description"), bundle.getString("creating_from")},
-            new String[] {spaceTypeLabel, this.name, this.description, summaryCreateType});
+            new String[] {spaceTypeLabel, this.name, Utils.encode(this.description), summaryCreateType});
   }

   /**
--- a/source/java/org/alfresco/web/bean/users/UsersBeanProperties.java
+++ b/source/java/org/alfresco/web/bean/users/UsersBeanProperties.java
@@ -51,15 +51,13 @@ public class UsersBeanProperties
    /** action context */
    private Node person = null;
    
-   
-    
    private String password = null;
    private String oldPassword = null;
    private String confirm = null;
    private String searchCriteria = null;
    
    
- // ------------------------------------------------------------------------------
+    // ------------------------------------------------------------------------------
    // Bean property getters and setters

    /**
@@ -142,8 +140,6 @@ public class UsersBeanProperties
       this.usersRichList = usersRichList;
    }

- 
-    
    /**
     * @return Returns the search criteria
     */
@@ -223,6 +219,4 @@ public class UsersBeanProperties
    {
       this.person = person;
    }
-
-    
 }
--- a/source/java/org/alfresco/web/bean/users/UsersDialog.java
+++ b/source/java/org/alfresco/web/bean/users/UsersDialog.java
@@ -201,8 +201,12 @@ public class UsersDialog extends BaseDialogBean implements IContextListener
      String outcome = DIALOG_CLOSE;
      
      FacesContext context = FacesContext.getCurrentInstance();
+      UserTransaction tx = null;
      try
      {
+         tx = Repository.getUserTransaction(context, true);
+         tx.begin();
+
         Map<QName, Serializable> props = properties.getNodeService().getProperties(properties.getPerson().getNodeRef());
         props.put(ContentModel.PROP_FIRSTNAME,
               (String) properties.getPerson().getProperties().get(ContentModel.PROP_FIRSTNAME));
@@ -214,6 +218,8 @@ public class UsersDialog extends BaseDialogBean implements IContextListener
         // persist changes
         properties.getNodeService().setProperties(properties.getPerson().getNodeRef(), props);
         
+         tx.commit();
+         
         // if the above call was successful, then reset Person Node in the session
         Application.getCurrentUser(context).reset();
      }
@@ -221,6 +227,7 @@ public class UsersDialog extends BaseDialogBean implements IContextListener
      {
         Utils.addErrorMessage(MessageFormat.format(Application.getMessage(
               context, Repository.ERROR_GENERIC), err.getMessage()), err );
+         try { if (tx != null) {tx.rollback();} } catch (Exception tex) {}
      }
      
      return outcome;
--- a/source/java/org/alfresco/web/bean/wcm/CreateWebsiteWizard.java
+++ b/source/java/org/alfresco/web/bean/wcm/CreateWebsiteWizard.java
@@ -71,6 +71,7 @@ import org.alfresco.web.forms.Form;
 import org.alfresco.web.forms.FormNotFoundException;
 import org.alfresco.web.forms.FormsService;
 import org.alfresco.web.forms.RenderingEngineTemplate;
+import org.alfresco.web.ui.common.Utils;
 import org.alfresco.web.ui.common.component.UIListItem;
 import org.alfresco.web.ui.common.component.UISelectList;
 import org.alfresco.web.ui.wcm.WebResources;
@@ -935,7 +936,7 @@ public class CreateWebsiteWizard extends BaseWizardBean
         {
            foundCurrentUser = true;
         }
-         buf.append(userRole.getLabel());
+         buf.append(Utils.encode(userRole.getLabel()));
         buf.append("<br>");
      }
      if (foundCurrentUser == false)
--- a/source/java/org/alfresco/web/bean/wcm/InviteWebsiteUsersWizard.java
+++ b/source/java/org/alfresco/web/bean/wcm/InviteWebsiteUsersWizard.java
@@ -45,6 +45,7 @@ import org.alfresco.service.namespace.RegexQNamePattern;
 import org.alfresco.web.app.Application;
 import org.alfresco.web.bean.repository.Node;
 import org.alfresco.web.bean.wizard.InviteUsersWizard;
+import org.alfresco.web.ui.common.Utils;

 /**
 * Bean providing the ability to invite users to a web project space.
@@ -313,7 +314,7 @@ public class InviteWebsiteUsersWizard extends InviteUsersWizard
         {
            foundCurrentUser = true;
         }
-         buf.append(userRole.getLabel());
+         buf.append(Utils.encode(userRole.getLabel()));
         buf.append("<br>");
      }
      if (isStandalone() == false && foundCurrentUser == false)
--- a/source/java/org/alfresco/web/bean/wizard/AbstractWizardBean.java
+++ b/source/java/org/alfresco/web/bean/wizard/AbstractWizardBean.java
@@ -34,6 +34,7 @@ import org.alfresco.web.app.Application;
 import org.alfresco.web.app.context.UIContextService;
 import org.alfresco.web.bean.BrowseBean;
 import org.alfresco.web.bean.NavigationBean;
+import org.alfresco.web.ui.common.Utils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;

@@ -322,7 +323,7 @@ public abstract class AbstractWizardBean
         buf.append("<tr><td valign='top'><b>");
         buf.append(labels[i]);
         buf.append(":</b></td><td>");
-         buf.append(value != null ? value : notSetMsg);
+         buf.append(value != null ? Utils.encode(value) : notSetMsg);
         buf.append("</td></tr>");
      }
      buf.append("</table>");
--- a/source/java/org/alfresco/web/bean/wizard/InviteUsersWizard.java
+++ b/source/java/org/alfresco/web/bean/wizard/InviteUsersWizard.java
@@ -592,7 +592,7 @@ public abstract class InviteUsersWizard extends BaseWizardBean
      StringBuilder buf = new StringBuilder(128);
      for (UserGroupRole userRole : this.userGroupRoles)
      {
-         buf.append(userRole.getLabel());
+         buf.append(Utils.encode(userRole.getLabel()));
         buf.append("<br>");
      }