Merged V3.2 to HEAD

16673: Merged V3.1 to V3.2
      16307: ETHREEOH-2814-2815
      16393: ETHREEOH-2840: Failed to send email to group EVERYONE
      16395: Just forget to add this file  during previous (16393) CHECK-IN.
      16430: Added license header to new Java file - applied coding standards and code comments.
      16669: Merged V2.2 to V3.1
         16650: ETWOTWO-1288 - Create Web project Wizard-Step3 :XSS attack can be made when configuring ASR or FSR
         16668: Fix for ETWOTWO-1289 - My Web Files (Forms) dashlets XSS attack can be made when web project's details has been edited
   16676: Merged V3.1 to V3.2
      16675: Fix for ETHREEOH-2773 - Manage System users: system error happens when search is performed by a query that contains a space
   16699: Fixes to SURF samples Login page - as per ALFCOM-3447 and ALFCOM-3448 contributions

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@16897 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261

source/java/org/alfresco/web/ui/common/Utils.java

@@ -33,6 +33,7 @@ import java.util.Enumeration;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
+import java.util.StringTokenizer;
 
 import javax.faces.application.FacesMessage;
 import javax.faces.component.NamingContainer;
@@ -55,6 +56,7 @@ import org.alfresco.jlan.server.filesys.DiskSharedDevice;
 import org.alfresco.jlan.server.filesys.FilesystemsConfigSection;
 import org.alfresco.model.ApplicationModel;
 import org.alfresco.model.ContentModel;
+import org.alfresco.repo.search.impl.lucene.LuceneQueryParser;
 import org.alfresco.repo.security.permissions.AccessDeniedException;
 import org.alfresco.repo.webdav.WebDAVServlet;
 import org.alfresco.service.cmr.dictionary.DictionaryService;
@@ -1054,12 +1056,17 @@ public final class Utils extends StringUtils
     */
    public static void generatePersonSearch(StringBuilder query, String term)
    {
-      query.append("@").append(NamespaceService.CONTENT_MODEL_PREFIX).append("\\:firstName:\"*");
-      query.append(term);
-      query.append("*\" @").append(NamespaceService.CONTENT_MODEL_PREFIX).append("\\:lastName:\"*");
-      query.append(term);
-      query.append("*\" @").append(NamespaceService.CONTENT_MODEL_PREFIX).append("\\:userName:");
-      query.append(term);
-      query.append("*");
+      // define the query to find people by their first or last name
+      for (StringTokenizer t = new StringTokenizer(term.trim(), " "); t.hasMoreTokens(); /**/)
+      {
+         String token = LuceneQueryParser.escape(t.nextToken());
+         query.append("@").append(NamespaceService.CONTENT_MODEL_PREFIX).append("\\:firstName:\"*");
+         query.append(token);
+         query.append("*\" @").append(NamespaceService.CONTENT_MODEL_PREFIX).append("\\:lastName:\"*");
+         query.append(token);
+         query.append("*\" @").append(NamespaceService.CONTENT_MODEL_PREFIX).append("\\:userName:");
+         query.append(token);
+         query.append("* ");
+      }
    }
 }

source/java/org/alfresco/web/ui/repo/component/property/BaseAssociationEditor.java

@@ -1025,7 +1025,7 @@ public abstract class BaseAssociationEditor extends UIInput
             query.append(type);
             query.append("\"");
             
-            if (contains != null && contains.length() > 0)
+            if (contains != null && contains.trim().length() != 0)
             {
                String safeContains = null;
                if (contains != null && contains.length() > 0)
@@ -1038,13 +1038,9 @@ public abstract class BaseAssociationEditor extends UIInput
                // firstName and lastName properties instead of the name property
                if (type.equals(ContentModel.TYPE_PERSON.toString()))
                {                
-                   query.append(" AND (@").append(NamespaceService.CONTENT_MODEL_PREFIX).append("\\:firstName:\"*");
-                   query.append(safeContains);
-                   query.append("*\" @").append(NamespaceService.CONTENT_MODEL_PREFIX).append("\\:lastName:\"*");
-                   query.append(safeContains);
-                   query.append("*\" @").append(NamespaceService.CONTENT_MODEL_PREFIX).append("\\:userName:\"");
-                   query.append(safeContains);
-                   query.append("*\")");
+                   query.append(" AND (");
+                   Utils.generatePersonSearch(query, safeContains);
+                   query.append(")");
                }
                else
                {

source/java/org/alfresco/web/ui/wcm/component/UIDeploymentServers.java

@@ -205,7 +205,7 @@ public class UIDeploymentServers extends UIInput
             {
               // yes title has changed - write out the new displayGroup	
               out.write("<p class='mainSubTitle'>");
-              out.write(displayGroup);
+              out.write(Utils.encode(displayGroup));
               out.write("</p>");
               currentDisplayGroup = displayGroup;
         	}
@@ -366,7 +366,7 @@ public class UIDeploymentServers extends UIInput
       out.write("<table width='100%'><tr><td><img class='deployConfigServerIcon' src='");
       out.write(contextPath);
       out.write("/images/icons/deploy_server_");
-      out.write(server.getDeployType());
+      out.write(Utils.encode(server.getDeployType()));
       out.write(".gif");
       out.write("' /></td><td width='100%'><span class='deployPanelServerName'>");
       out.write(Utils.encode(serverName));
@@ -411,7 +411,7 @@ public class UIDeploymentServers extends UIInput
       out.write(":</td><td>");
       if (server.getProperties().get(DeploymentServerConfig.PROP_PORT) != null)
       {
-         out.write((String)server.getProperties().get(DeploymentServerConfig.PROP_PORT));
+         out.write(Utils.encode((String)server.getProperties().get(DeploymentServerConfig.PROP_PORT)));
       }
       else
       {
@@ -440,11 +440,11 @@ public class UIDeploymentServers extends UIInput
          String type = (String)server.getProperties().get(DeploymentServerConfig.PROP_TYPE);
          if (WCMAppModel.CONSTRAINT_LIVESERVER.equals(type))
          {
-            out.write(Application.getMessage(context, MSG_LIVE_SERVER));
+            out.write(Utils.encode(Application.getMessage(context, MSG_LIVE_SERVER)));
          }
          else if (WCMAppModel.CONSTRAINT_TESTSERVER.equals(type))
          {
-            out.write(Application.getMessage(context, MSG_TEST_SERVER));
+            out.write(Utils.encode(Application.getMessage(context, MSG_TEST_SERVER)));
          }
       }
       out.write("</td></tr>");
@@ -530,14 +530,14 @@ public class UIDeploymentServers extends UIInput
           server.getProperties().get(DeploymentServerConfig.PROP_TYPE)))
       {
          out.write("<tr><td align='right'><nobr>");
-         out.write(bundle.getString(MSG_ALLOCATED));
+         out.write(Utils.encode(bundle.getString(MSG_ALLOCATED)));
          out.write(":</nobr></td><td>");
          if (server.getProperties().get(DeploymentServerConfig.PROP_ALLOCATED_TO) != null)
          {
             String allocatedToTip = (String)server.getProperties().get(
                      DeploymentServerConfig.PROP_ALLOCATED_TO);
             out.write("<span title='");
-            out.write(allocatedToTip);
+            out.write(Utils.encode(allocatedToTip));
             out.write("'><nobr>");
             out.write(bundle.getString("yes"));
             out.write("&nbsp;(");
@@ -548,7 +548,7 @@ public class UIDeploymentServers extends UIInput
             else
             {
                String username = AVMUtil.getUserName(allocatedToTip);
-               out.write(username);
+               out.write(Utils.encode(username));
             }
             out.write(")</nobr></span>");
          }
@@ -585,7 +585,7 @@ public class UIDeploymentServers extends UIInput
       out.write("/images/icons/deploy_server_");
       if (edit)
       {
-         out.write(server.getDeployType());
+         out.write(Utils.encode(server.getDeployType()));
       }
       else
       {