inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-14 17:58:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

ALF-9127 - WebDAV - fix unsafe use of SimpleDateFormat

Browse Source 
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@28420 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Jan Vonka
2011-06-16 09:46:50 +00:00
parent 4cc14b3106
commit faf34d29fb
1 changed files with 32 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

68
source/java/org/alfresco/repo/webdav/WebDAV.java
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (C) 2005-2010 Alfresco Software Limited. * Copyright (C) 2005-2011 Alfresco Software Limited.
* *
* This file is part of Alfresco * This file is part of Alfresco
* *
@@ -20,7 +20,6 @@ package org.alfresco.repo.webdav;
import java.io.Serializable; import java.io.Serializable;
import java.net.URLDecoder; import java.net.URLDecoder;
import java.text.SimpleDateFormat;
import java.util.Date; import java.util.Date;
import java.util.Hashtable; import java.util.Hashtable;
import java.util.Locale; import java.util.Locale;
@@ -249,12 +248,6 @@ public class WebDAV
private static String CREATION_DATE_FORMAT = "yyyy-MM-dd'T'HH:mm:ss'Z'"; private static String CREATION_DATE_FORMAT = "yyyy-MM-dd'T'HH:mm:ss'Z'";
// HTTP header date/time formatter
// NOTE: According to RFC2616 dates should always be in English and in
// the GMT timezone see http://rfc.net/rfc2616.html#p20 for details
private static SimpleDateFormat _httpDateFormatter = new SimpleDateFormat(HEADER_IF_DATE_FORMAT, Locale.ENGLISH);
/** /**
* Formats the given date so that it conforms with the Last-Modified HTTP header * Formats the given date so that it conforms with the Last-Modified HTTP header
* *
@@ -263,7 +256,7 @@ public class WebDAV
*/ */
public static String formatModifiedDate(Date date) public static String formatModifiedDate(Date date)
{ {
return _httpDateFormatter.format(date); return formatHeaderDate(date);
} }
/** /**
@@ -274,7 +267,7 @@ public class WebDAV
*/ */
public static String formatModifiedDate(long ldate) public static String formatModifiedDate(long ldate)
{ {
return _httpDateFormatter.format(new Date(ldate)); return formatHeaderDate(ldate);
} }
/** /**
@@ -307,7 +300,10 @@ public class WebDAV
*/ */
public static String formatHeaderDate(Date date) public static String formatHeaderDate(Date date)
{ {
return _httpDateFormatter.format( date); // HTTP header date/time format
// NOTE: According to RFC2616 dates should always be in English and in
// the GMT timezone see http://rfc.net/rfc2616.html#p20 for details
return DateFormatUtils.format(date, HEADER_IF_DATE_FORMAT, TimeZone.getTimeZone("GMT"), Locale.ENGLISH);
} }
/** /**
@@ -316,9 +312,12 @@ public class WebDAV
* @param date long * @param date long
* @return String * @return String
*/ */
public static String formatHeaderDate(long date) public static String formatHeaderDate(long ldate)
{ {
return _httpDateFormatter.format( new Date(date)); // HTTP header date/time format
// NOTE: According to RFC2616 dates should always be in English and in
// the GMT timezone see http://rfc.net/rfc2616.html#p20 for details
return DateFormatUtils.format(ldate, HEADER_IF_DATE_FORMAT, TimeZone.getTimeZone("GMT"), Locale.ENGLISH);
} }
/** /**
@@ -366,11 +365,11 @@ public class WebDAV
String strPath = null; String strPath = null;
try try
{ {
strPath = URLDecoder.decode( request.getRequestURI(), "UTF-8"); strPath = URLDecoder.decode( request.getRequestURI(), "UTF-8");
} }
catch (Exception ex) {} catch (Exception ex) {}
// Find the servlet path and trim from the request path // Find the servlet path and trim from the request path
@@ -378,9 +377,9 @@ public class WebDAV
int rootPos = strPath.indexOf(servletPath); int rootPos = strPath.indexOf(servletPath);
if ( rootPos != -1) if ( rootPos != -1)
{ {
strPath = strPath.substring( rootPos); strPath = strPath.substring( rootPos);
} }
// If we failed to get the path from the request try and get the path from the servlet path // If we failed to get the path from the request try and get the path from the servlet path
@@ -391,31 +390,31 @@ public class WebDAV
if (strPath == null || strPath.length() == 0) if (strPath == null || strPath.length() == 0)
{ {
// If we still have not got a path then default to the root directory // If we still have not got a path then default to the root directory
strPath = RootPath; strPath = RootPath;
} }
else if (strPath.startsWith(request.getServletPath())) else if (strPath.startsWith(request.getServletPath()))
{ {
// Check if the path starts with the base servlet path // Check if the path starts with the base servlet path
int len = request.getServletPath().length(); int len = request.getServletPath().length();
if (strPath.length() > len) if (strPath.length() > len)
{ {
strPath = strPath.substring(len); strPath = strPath.substring(len);
} }
else else
{ {
strPath = RootPath; strPath = RootPath;
} }
}
// Make sure there are no trailing slashes
if (strPath.length() > 1 && strPath.endsWith(DIR_SEPARATOR))
{
strPath = strPath.substring(0, strPath.length() - 1);
} }
// Make sure there are no trailing slashes
if (strPath.length() > 1 && strPath.endsWith(DIR_SEPARATOR))
{
strPath = strPath.substring(0, strPath.length() - 1);
}
// Return the path // Return the path
return strPath; return strPath;
@@ -640,9 +639,6 @@ public class WebDAV
*/ */
static static
{ {
// ensure http dates are in GMT time zone (see note above)
_httpDateFormatter.setTimeZone(TimeZone.getTimeZone("GMT"));
// Create the WebDAV to Alfresco property mapping table // Create the WebDAV to Alfresco property mapping table
_propertyNameMap = new Hashtable<String, QName>(); _propertyNameMap = new Hashtable<String, QName>();