inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-07 17:49:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged V3.2 to HEAD

Browse Source 
16673: Merged V3.1 to V3.2
      16307: ETHREEOH-2814-2815
      16393: ETHREEOH-2840: Failed to send email to group EVERYONE
      16395: Just forget to add this file  during previous (16393) CHECK-IN.
      16430: Added license header to new Java file - applied coding standards and code comments.
      16669: Merged V2.2 to V3.1
         16650: ETWOTWO-1288 - Create Web project Wizard-Step3 :XSS attack can be made when configuring ASR or FSR
         16668: Fix for ETWOTWO-1289 - My Web Files (Forms) dashlets XSS attack can be made when web project's details has been edited
   16676: Merged V3.1 to V3.2
      16675: Fix for ETHREEOH-2773 - Manage System users: system error happens when search is performed by a query that contains a space
   16699: Fixes to SURF samples Login page - as per ALFCOM-3447 and ALFCOM-3448 contributions

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@16897 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Kevin Roast
2009-10-14 09:30:27 +00:00
parent 8ff98a72f5
commit fb35a5cf49
11 changed files with 176 additions and 74 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
config/alfresco/messages/webclient.properties
View File

@@ -397,7 +397,9 @@ save=Save
user_details=User Details
language=Language
export=Export
export_title=Export {0}
import=Import
import_title=Import {0}
take_ownership=Take Ownership
return_ownership=Return to Pool
create_forums=Create Forum Space

9
source/java/org/alfresco/web/bean/admin/ExportDialog.java
View File

@@ -25,6 +25,7 @@
package org.alfresco.web.bean.admin;
import java.io.Serializable;
import java.text.MessageFormat;
import java.util.HashMap;
import java.util.Map;
@@ -56,7 +57,7 @@ public class ExportDialog extends BaseDialogBean
private static final String ALL_SPACES = "all";
private static final String CURRENT_SPACE = "current";
private static final String DEFAULT_OUTCOME = "dialog:close";
private static final String MSG_EXPORT = "export";
private static final String MSG_EXPORT_TITLE = "export_title";
private final static String MSG_LEFT_QUOTE = "left_qoute";
private final static String MSG_RIGHT_QUOTE = "right_quote";
@@ -120,8 +121,10 @@ public class ExportDialog extends BaseDialogBean
public String getContainerTitle()
{
FacesContext fc = FacesContext.getCurrentInstance();
return Application.getMessage(fc, MSG_EXPORT) +
" " + Application.getMessage(fc, MSG_LEFT_QUOTE) + browseBean.getActionSpace().getName() + Application.getMessage(fc, MSG_RIGHT_QUOTE);
String name = Application.getMessage(fc, MSG_LEFT_QUOTE)
+ browseBean.getActionSpace().getName()
+ Application.getMessage(fc, MSG_RIGHT_QUOTE);
return MessageFormat.format(Application.getMessage(fc, MSG_EXPORT_TITLE), name);
}
/**

8
source/java/org/alfresco/web/bean/admin/ImportDialog.java
View File

@@ -72,7 +72,7 @@ public class ImportDialog extends BaseDialogBean
private static final String MSG_ERROR_NO_FILE = "error_import_no_file";
private static final String MSG_ERROR_EMPTY_FILE = "error_import_empty_file";
private static final String MSG_OK = "ok";
private static final String MSG_IMPORT = "import";
private static final String MSG_IMPORT_TITLE = "import_title";
private final static String MSG_LEFT_QUOTE = "left_qoute";
private final static String MSG_RIGHT_QUOTE = "right_quote";
@@ -387,7 +387,9 @@ public class ImportDialog extends BaseDialogBean
public String getContainerTitle()
{
FacesContext fc = FacesContext.getCurrentInstance();
return Application.getMessage(fc, MSG_IMPORT) + " " + Application.getMessage(fc, MSG_LEFT_QUOTE)
+ browseBean.getActionSpace().getName() + Application.getMessage(fc, MSG_RIGHT_QUOTE);
String name = Application.getMessage(fc, MSG_LEFT_QUOTE)
+ browseBean.getActionSpace().getName()
+ Application.getMessage(fc, MSG_RIGHT_QUOTE);
return MessageFormat.format(Application.getMessage(fc, MSG_IMPORT_TITLE), name);
}
}

48
source/java/org/alfresco/web/bean/users/MailInviteSpaceUsersWizard.java Executable file
View File

@@ -0,0 +1,48 @@
/*
* Copyright (C) 2005-2009 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing
*/
package org.alfresco.web.bean.users;
import java.util.Set;
import org.alfresco.service.cmr.security.AuthorityType;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.web.bean.spaces.InviteSpaceUsersWizard;
/**
* MailInviteSpaceUsersWizard JSF managed bean.
* Overrides the InviteSpaceUsersWizard bean to return a list of Groups without EVERYONE.
*/
public class MailInviteSpaceUsersWizard extends InviteSpaceUsersWizard
{
@Override
protected Set<String> getGroups(String search)
{
// groups - text search match on supplied name
String term = PermissionService.GROUP_PREFIX + "*" + search + "*";
Set<String> groups;
groups = getAuthorityService().findAuthorities(AuthorityType.GROUP, term);
return groups;
}
}

17
source/java/org/alfresco/web/bean/users/UsersDialog.java
View File

@@ -30,20 +30,17 @@ import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.StringTokenizer;
import javax.faces.context.FacesContext;
import javax.faces.event.ActionEvent;
import javax.transaction.UserTransaction;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.search.impl.lucene.LuceneQueryParser;
import org.alfresco.service.cmr.repository.InvalidNodeRefException;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.search.ResultSet;
import org.alfresco.service.cmr.search.SearchParameters;
import org.alfresco.service.cmr.search.SearchService;
import org.alfresco.service.namespace.NamespaceService;
import org.alfresco.service.namespace.QName;
import org.alfresco.web.app.Application;
import org.alfresco.web.app.context.IContextListener;
@@ -304,19 +301,9 @@ public class UsersDialog extends BaseDialogBean implements IContextListener, Cha
tx.begin();
// define the query to find people by their first or last name
String search = properties.getSearchCriteria().trim();
String search = properties.getSearchCriteria();
StringBuilder query = new StringBuilder(128);
for (StringTokenizer t = new StringTokenizer(search, " "); t.hasMoreTokens(); /**/)
{
String term = LuceneQueryParser.escape(t.nextToken());
query.append("@").append(NamespaceService.CONTENT_MODEL_PREFIX).append("\\:firstName:\"*");
query.append(term);
query.append("*\" @").append(NamespaceService.CONTENT_MODEL_PREFIX).append("\\:lastName:\"*");
query.append(term);
query.append("*\" @").append(NamespaceService.CONTENT_MODEL_PREFIX).append("\\:userName:");
query.append(term);
query.append("*");
}
Utils.generatePersonSearch(query, search);
if (logger.isDebugEnabled())
logger.debug("Query: " + query.toString());

58
source/java/org/alfresco/web/bean/wizard/BaseInviteUsersWizard.java
View File

@@ -505,29 +505,7 @@ public abstract class BaseInviteUsersWizard extends BaseWizardBean
}
else
{
// groups - text search match on supplied name
String term = PermissionService.GROUP_PREFIX + "*" + search + "*";
Set<String> groups;
groups = getAuthorityService().findAuthorities(AuthorityType.GROUP, term);
groups.addAll(getAuthorityService().getAllAuthorities(AuthorityType.EVERYONE));
results = new ArrayList<SelectItem>(groups.size());
int count = 0;
String groupDisplayName;
for (String group : groups)
{
// get display name, if not present strip prefix from group id
groupDisplayName = getAuthorityService().getAuthorityDisplayName(group);
if (groupDisplayName == null || groupDisplayName.length() == 0)
{
groupDisplayName = group.substring(PermissionService.GROUP_PREFIX.length());
}
results.add(new SortableSelectItem(group, groupDisplayName, groupDisplayName));
if (++count == maxResults) break;
}
results = addGroupItems(search, maxResults);
}
items = new SelectItem[results.size()];
@@ -564,6 +542,40 @@ public abstract class BaseInviteUsersWizard extends BaseWizardBean
return items;
}
private List<SelectItem> addGroupItems(String search, int maxResults)
{
Set<String> groups = getGroups(search);
List<SelectItem> results = new ArrayList<SelectItem>(groups.size());
int count = 0;
String groupDisplayName;
for (String group : groups)
{
// get display name, if not present strip prefix from group id
groupDisplayName = getAuthorityService().getAuthorityDisplayName(group);
if (groupDisplayName == null || groupDisplayName.length() == 0)
{
groupDisplayName = group.substring(PermissionService.GROUP_PREFIX.length());
}
results.add(new SortableSelectItem(group, groupDisplayName, groupDisplayName));
if (++count == maxResults) break;
}
return results;
}
protected Set<String> getGroups(String search)
{
// groups - text search match on supplied name
String term = PermissionService.GROUP_PREFIX + "*" + search + "*";
Set<String> groups;
groups = getAuthorityService().findAuthorities(AuthorityType.GROUP, term);
groups.addAll(getAuthorityService().getAllAuthorities(AuthorityType.EVERYONE));
return groups;
}
/**
* Action handler called when the Add button is pressed to process the current selection
*/

21
source/java/org/alfresco/web/ui/common/Utils.java
View File

@@ -33,6 +33,7 @@ import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.StringTokenizer;
import javax.faces.application.FacesMessage;
import javax.faces.component.NamingContainer;
@@ -55,6 +56,7 @@ import org.alfresco.jlan.server.filesys.DiskSharedDevice;
import org.alfresco.jlan.server.filesys.FilesystemsConfigSection;
import org.alfresco.model.ApplicationModel;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.search.impl.lucene.LuceneQueryParser;
import org.alfresco.repo.security.permissions.AccessDeniedException;
import org.alfresco.repo.webdav.WebDAVServlet;
import org.alfresco.service.cmr.dictionary.DictionaryService;
@@ -1054,12 +1056,17 @@ public final class Utils extends StringUtils
*/
public static void generatePersonSearch(StringBuilder query, String term)
{
query.append("@").append(NamespaceService.CONTENT_MODEL_PREFIX).append("\\:firstName:\"*");
query.append(term);
query.append("*\" @").append(NamespaceService.CONTENT_MODEL_PREFIX).append("\\:lastName:\"*");
query.append(term);
query.append("*\" @").append(NamespaceService.CONTENT_MODEL_PREFIX).append("\\:userName:");
query.append(term);
query.append("*");
// define the query to find people by their first or last name
for (StringTokenizer t = new StringTokenizer(term.trim(), " "); t.hasMoreTokens(); /**/)
{
String token = LuceneQueryParser.escape(t.nextToken());
query.append("@").append(NamespaceService.CONTENT_MODEL_PREFIX).append("\\:firstName:\"*");
query.append(token);
query.append("*\" @").append(NamespaceService.CONTENT_MODEL_PREFIX).append("\\:lastName:\"*");
query.append(token);
query.append("*\" @").append(NamespaceService.CONTENT_MODEL_PREFIX).append("\\:userName:");
query.append(token);
query.append("* ");
}
}
}

12
source/java/org/alfresco/web/ui/repo/component/property/BaseAssociationEditor.java
View File

@@ -1025,7 +1025,7 @@ public abstract class BaseAssociationEditor extends UIInput
query.append(type);
query.append("\"");
if (contains != null && contains.length() > 0)
if (contains != null && contains.trim().length() != 0)
{
String safeContains = null;
if (contains != null && contains.length() > 0)
@@ -1038,13 +1038,9 @@ public abstract class BaseAssociationEditor extends UIInput
// firstName and lastName properties instead of the name property
if (type.equals(ContentModel.TYPE_PERSON.toString()))
{
query.append(" AND (@").append(NamespaceService.CONTENT_MODEL_PREFIX).append("\\:firstName:\"*");
query.append(safeContains);
query.append("*\" @").append(NamespaceService.CONTENT_MODEL_PREFIX).append("\\:lastName:\"*");
query.append(safeContains);
query.append("*\" @").append(NamespaceService.CONTENT_MODEL_PREFIX).append("\\:userName:\"");
query.append(safeContains);
query.append("*\")");
query.append(" AND (");
Utils.generatePersonSearch(query, safeContains);
query.append(")");
}
else
{

18
source/java/org/alfresco/web/ui/wcm/component/UIDeploymentServers.java
View File

@@ -205,7 +205,7 @@ public class UIDeploymentServers extends UIInput
{
// yes title has changed - write out the new displayGroup
out.write("<p class='mainSubTitle'>");
out.write(displayGroup);
out.write(Utils.encode(displayGroup));
out.write("</p>");
currentDisplayGroup = displayGroup;
}
@@ -366,7 +366,7 @@ public class UIDeploymentServers extends UIInput
out.write("<table width='100%'><tr><td><img class='deployConfigServerIcon' src='");
out.write(contextPath);
out.write("/images/icons/deploy_server_");
out.write(server.getDeployType());
out.write(Utils.encode(server.getDeployType()));
out.write(".gif");
out.write("' /></td><td width='100%'><span class='deployPanelServerName'>");
out.write(Utils.encode(serverName));
@@ -411,7 +411,7 @@ public class UIDeploymentServers extends UIInput
out.write(":</td><td>");
if (server.getProperties().get(DeploymentServerConfig.PROP_PORT) != null)
{
out.write((String)server.getProperties().get(DeploymentServerConfig.PROP_PORT));
out.write(Utils.encode((String)server.getProperties().get(DeploymentServerConfig.PROP_PORT)));
}
else
{
@@ -440,11 +440,11 @@ public class UIDeploymentServers extends UIInput
String type = (String)server.getProperties().get(DeploymentServerConfig.PROP_TYPE);
if (WCMAppModel.CONSTRAINT_LIVESERVER.equals(type))
{
out.write(Application.getMessage(context, MSG_LIVE_SERVER));
out.write(Utils.encode(Application.getMessage(context, MSG_LIVE_SERVER)));
}
else if (WCMAppModel.CONSTRAINT_TESTSERVER.equals(type))
{
out.write(Application.getMessage(context, MSG_TEST_SERVER));
out.write(Utils.encode(Application.getMessage(context, MSG_TEST_SERVER)));
}
}
out.write("</td></tr>");
@@ -530,14 +530,14 @@ public class UIDeploymentServers extends UIInput
server.getProperties().get(DeploymentServerConfig.PROP_TYPE)))
{
out.write("<tr><td align='right'><nobr>");
out.write(bundle.getString(MSG_ALLOCATED));
out.write(Utils.encode(bundle.getString(MSG_ALLOCATED)));
out.write(":</nobr></td><td>");
if (server.getProperties().get(DeploymentServerConfig.PROP_ALLOCATED_TO) != null)
{
String allocatedToTip = (String)server.getProperties().get(
DeploymentServerConfig.PROP_ALLOCATED_TO);
out.write("<span title='");
out.write(allocatedToTip);
out.write(Utils.encode(allocatedToTip));
out.write("'><nobr>");
out.write(bundle.getString("yes"));
out.write("&nbsp;(");
@@ -548,7 +548,7 @@ public class UIDeploymentServers extends UIInput
else
{
String username = AVMUtil.getUserName(allocatedToTip);
out.write(username);
out.write(Utils.encode(username));
}
out.write(")</nobr></span>");
}
@@ -585,7 +585,7 @@ public class UIDeploymentServers extends UIInput
out.write("/images/icons/deploy_server_");
if (edit)
{
out.write(server.getDeployType());
out.write(Utils.encode(server.getDeployType()));
}
else
{

45
source/web/WEB-INF/faces-config-beans.xml
View File

@@ -1314,6 +1314,51 @@
</managed-property>
</managed-bean>
<managed-bean>
<description>
The bean that backs up the Invite Mail Users Wizard
</description>
<managed-bean-name>MailInviteSpaceUsersWizard</managed-bean-name>
<managed-bean-class>org.alfresco.web.bean.users.MailInviteSpaceUsersWizard</managed-bean-class>
<managed-bean-scope>session</managed-bean-scope>
<managed-property>
<property-name>nodeService</property-name>
<value>#{NodeService}</value>
</managed-property>
<managed-property>
<property-name>searchService</property-name>
<value>#{SearchService}</value>
</managed-property>
<managed-property>
<property-name>namespaceService</property-name>
<value>#{NamespaceService}</value>
</managed-property>
<managed-property>
<property-name>permissionService</property-name>
<value>#{PermissionService}</value>
</managed-property>
<managed-property>
<property-name>personService</property-name>
<value>#{PersonService}</value>
</managed-property>
<managed-property>
<property-name>navigator</property-name>
<value>#{NavigationBean}</value>
</managed-property>
<managed-property>
<property-name>browseBean</property-name>
<value>#{BrowseBean}</value>
</managed-property>
<managed-property>
<property-name>mailSender</property-name>
<value>#{mailService}</value>
</managed-property>
<managed-property>
<property-name>authorityService</property-name>
<value>#{AuthorityService}</value>
</managed-property>
</managed-bean>
<managed-bean>
<description>
The bean that backs up the Invite Content Users Wizard

12
source/web/jsp/actions/mail.jsp
View File

@@ -33,7 +33,7 @@
<%@ page import="javax.faces.context.FacesContext" %>
<%@ page import="java.util.HashMap" %>
<%@ page import="org.alfresco.web.ui.common.PanelGenerator" %>
<%@ page import="org.alfresco.web.bean.spaces.InviteSpaceUsersWizard" %>
<%@ page import="org.alfresco.web.bean.users.MailInviteSpaceUsersWizard" %>
<%@ page import="org.alfresco.web.app.servlet.FacesHelper" %>
<%@ page import="org.alfresco.web.ui.common.PanelGenerator" %>
@@ -147,13 +147,13 @@
<td colspan="2" class="mainSubTitle"><h:outputText value="#{msg.set_action_values}" /></td>
</tr>
<h:panelGroup rendered="#{InviteSpaceUsersWizard.haveMaximumUsersBeenReturned}">
<h:panelGroup rendered="#{MailInviteSpaceUsersWizard.haveMaximumUsersBeenReturned}">
<f:verbatim><tr><td colspan="2">
<% out.write("<div style='padding:2px;'></div>");
PanelGenerator.generatePanelStart(out, request.getContextPath(), "yellowInner", "#ffffcc"); %>
<img src='<%=request.getContextPath()%>/images/icons/info_icon.gif' align='absmiddle' />&nbsp;&nbsp;
</f:verbatim>
<h:outputText id="infoMsg" value="#{InviteSpaceUsersWizard.maximumUsersMsg}" />
<h:outputText id="infoMsg" value="#{MailInviteSpaceUsersWizard.maximumUsersMsg}" />
<f:verbatim>
<% PanelGenerator.generatePanelEnd(out, request.getContextPath(), "yellowInner"); %>
</td></tr></f:verbatim>
@@ -166,8 +166,8 @@
<tr>
<%-- Generic Picker to select Users/Groups --%>
<td colspan=2 style="padding-left:16px">
<a:genericPicker id="picker" filters="#{InviteSpaceUsersWizard.filters}"
queryCallback="#{InviteSpaceUsersWizard.pickerCallback}"
<a:genericPicker id="picker" filters="#{MailInviteSpaceUsersWizard.filters}"
queryCallback="#{MailInviteSpaceUsersWizard.pickerCallback}"
actionListener="#{WizardManager.bean.addRecipient}" />
</td>
</tr>
@@ -290,7 +290,7 @@
</r:page>
<%
InviteSpaceUsersWizard wizard = (InviteSpaceUsersWizard)FacesHelper.getManagedBean(FacesContext.getCurrentInstance(), "InviteSpaceUsersWizard");
MailInviteSpaceUsersWizard wizard = (MailInviteSpaceUsersWizard)FacesHelper.getManagedBean(FacesContext.getCurrentInstance(), "MailInviteSpaceUsersWizard");
if (wizard != null)
{
wizard.init(new HashMap());