inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-09-10 14:11:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

PRODSEC-10332 backport to 23.N (#3445)

Browse Source
This commit is contained in:
jakubkochman
2025-07-02 11:04:13 +02:00
committed by GitHub
parent 9c64b45908
commit ff4634be19
4 changed files with 63 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

69
remote-api/src/main/java/org/alfresco/repo/web/scripts/transfer/PostContentCommandProcessor.java
View File

@@ -28,11 +28,9 @@ package org.alfresco.repo.web.scripts.transfer;
import jakarta.servlet.http.HttpServletRequest;
import org.alfresco.service.cmr.transfer.TransferException;
import org.alfresco.service.cmr.transfer.TransferReceiver;
import org.apache.commons.fileupload2.core.FileItemInput;
import org.apache.commons.fileupload2.core.FileItemInputIterator;
import org.apache.commons.fileupload2.jakarta.JakartaServletFileUpload;
import org.apache.commons.fileupload2.jakarta.servlet6.JakartaServletFileUpload;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.extensions.webscripts.Status;
@@ -41,6 +39,9 @@ import org.springframework.extensions.webscripts.WebScriptResponse;
import org.springframework.extensions.webscripts.WrappingWebScriptRequest;
import org.springframework.extensions.webscripts.servlet.WebScriptServletRequest;
import org.alfresco.service.cmr.transfer.TransferException;
import org.alfresco.service.cmr.transfer.TransferReceiver;
/**
* This command processor is used to receive one or more content files for a given transfer.
*
@@ -50,9 +51,9 @@ import org.springframework.extensions.webscripts.servlet.WebScriptServletRequest
public class PostContentCommandProcessor implements CommandProcessor
{
private TransferReceiver receiver;
private static final String MSG_CAUGHT_UNEXPECTED_EXCEPTION = "transfer_service.receiver.caught_unexpected_exception";
private static Log logger = LogFactory.getLog(PostContentCommandProcessor.class);
/**
@@ -64,12 +65,9 @@ public class PostContentCommandProcessor implements CommandProcessor
this.receiver = receiver;
}
/*
* (non-Javadoc)
/* (non-Javadoc)
*
* @see org.alfresco.repo.web.scripts.transfer.CommandProcessor#process(org.alfresco.web.scripts.WebScriptRequest,
* org.alfresco.web.scripts.WebScriptResponse)
*/
* @see org.alfresco.repo.web.scripts.transfer.CommandProcessor#process(org.alfresco.web.scripts.WebScriptRequest, org.alfresco.web.scripts.WebScriptResponse) */
public int process(WebScriptRequest req, WebScriptResponse resp)
{
logger.debug("post content start");
@@ -91,8 +89,7 @@ public class PostContentCommandProcessor implements CommandProcessor
{
current = null;
}
}
while (current != null);
} while (current != null);
if (webScriptServletRequest == null)
{
resp.setStatus(Status.STATUS_BAD_REQUEST);
@@ -101,7 +98,7 @@ public class PostContentCommandProcessor implements CommandProcessor
HttpServletRequest servletRequest = webScriptServletRequest.getHttpServletRequest();
//Read the transfer id from the request
// Read the transfer id from the request
String transferId = servletRequest.getParameter("transferId");
if ((transferId == null) || !JakartaServletFileUpload.isMultipartContent(servletRequest))
@@ -124,34 +121,34 @@ public class PostContentCommandProcessor implements CommandProcessor
logger.debug("got content Mime Part : " + name);
receiver.saveContent(transferId, item.getName(), item.getInputStream());
}
}
// WebScriptServletRequest alfRequest = (WebScriptServletRequest)req;
// String[] names = alfRequest.getParameterNames();
// for(String name : names)
// {
// FormField item = alfRequest.getFileField(name);
//
// if(item != null)
// {
// logger.debug("got content Mime Part : " + name);
// receiver.saveContent(transferId, item.getName(), item.getInputStream());
// }
// else
// {
// //TODO - should this be an exception?
// logger.debug("Unable to get content for Mime Part : " + name);
// }
// }
}
// WebScriptServletRequest alfRequest = (WebScriptServletRequest)req;
// String[] names = alfRequest.getParameterNames();
// for(String name : names)
// {
// FormField item = alfRequest.getFileField(name);
//
// if(item != null)
// {
// logger.debug("got content Mime Part : " + name);
// receiver.saveContent(transferId, item.getName(), item.getInputStream());
// }
// else
// {
// //TODO - should this be an exception?
// logger.debug("Unable to get content for Mime Part : " + name);
// }
// }
logger.debug("success");
resp.setStatus(Status.STATUS_OK);
}
}
catch (Exception ex)
{
logger.debug("exception caught", ex);
if(transferId != null)
if (transferId != null)
{
logger.debug("ending transfer", ex);
receiver.end(transferId);

52
remote-api/src/main/java/org/alfresco/repo/web/scripts/transfer/PostSnapshotCommandProcessor.java
View File

@@ -27,15 +27,11 @@
package org.alfresco.repo.web.scripts.transfer;
import java.io.OutputStream;
import jakarta.servlet.http.HttpServletRequest;
import org.alfresco.repo.transfer.TransferCommons;
import org.alfresco.service.cmr.transfer.TransferException;
import org.alfresco.service.cmr.transfer.TransferReceiver;
import org.apache.commons.fileupload2.core.FileItemInput;
import org.apache.commons.fileupload2.core.FileItemInputIterator;
import org.apache.commons.fileupload2.jakarta.JakartaServletFileUpload;
import org.apache.commons.fileupload2.jakarta.servlet6.JakartaServletFileUpload;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.extensions.webscripts.Status;
@@ -44,6 +40,10 @@ import org.springframework.extensions.webscripts.WebScriptResponse;
import org.springframework.extensions.webscripts.WrappingWebScriptRequest;
import org.springframework.extensions.webscripts.servlet.WebScriptServletRequest;
import org.alfresco.repo.transfer.TransferCommons;
import org.alfresco.service.cmr.transfer.TransferException;
import org.alfresco.service.cmr.transfer.TransferReceiver;
/**
* This command processor is used to receive the snapshot for a given transfer.
*
@@ -53,17 +53,17 @@ import org.springframework.extensions.webscripts.servlet.WebScriptServletRequest
public class PostSnapshotCommandProcessor implements CommandProcessor
{
private TransferReceiver receiver;
private static Log logger = LogFactory.getLog(PostSnapshotCommandProcessor.class);
private static final String MSG_CAUGHT_UNEXPECTED_EXCEPTION = "transfer_service.receiver.caught_unexpected_exception";
/* (non-Javadoc)
* @see org.alfresco.repo.web.scripts.transfer.CommandProcessor#process(org.alfresco.web.scripts.WebScriptRequest, org.alfresco.web.scripts.WebScriptResponse)
*/
*
* @see org.alfresco.repo.web.scripts.transfer.CommandProcessor#process(org.alfresco.web.scripts.WebScriptRequest, org.alfresco.web.scripts.WebScriptResponse) */
public int process(WebScriptRequest req, WebScriptResponse resp)
{
int result = Status.STATUS_OK;
// Unwrap to a WebScriptServletRequest if we have one
WebScriptServletRequest webScriptServletRequest = null;
@@ -83,45 +83,44 @@ public class PostSnapshotCommandProcessor implements CommandProcessor
{
current = null;
}
}
while (current != null);
if (webScriptServletRequest == null)
} while (current != null);
if (webScriptServletRequest == null)
{
logger.debug("bad request, not assignable from");
resp.setStatus(Status.STATUS_BAD_REQUEST);
return Status.STATUS_BAD_REQUEST;
}
//We can't use the WebScriptRequest version of getParameter, since that may cause the content stream
//to be parsed. Get hold of the raw HttpServletRequest and work with that.
// We can't use the WebScriptRequest version of getParameter, since that may cause the content stream
// to be parsed. Get hold of the raw HttpServletRequest and work with that.
HttpServletRequest servletRequest = webScriptServletRequest.getHttpServletRequest();
//Read the transfer id from the request
// Read the transfer id from the request
String transferId = servletRequest.getParameter("transferId");
if ((transferId == null) || !JakartaServletFileUpload.isMultipartContent(servletRequest))
{
logger.debug("bad request, not multipart");
resp.setStatus(Status.STATUS_BAD_REQUEST);
return Status.STATUS_BAD_REQUEST;
}
try
try
{
logger.debug("about to upload manifest file");
JakartaServletFileUpload upload = new JakartaServletFileUpload();
FileItemInputIterator iter = upload.getItemIterator(servletRequest);
while (iter.hasNext())
while (iter.hasNext())
{
FileItemInput item = iter.next();
if (!item.isFormField() && TransferCommons.PART_NAME_MANIFEST.equals(item.getFieldName()))
if (!item.isFormField() && TransferCommons.PART_NAME_MANIFEST.equals(item.getFieldName()))
{
logger.debug("got manifest file");
receiver.saveSnapshot(transferId, item.getInputStream());
}
}
logger.debug("success");
resp.setStatus(Status.STATUS_OK);
@@ -133,10 +132,10 @@ public class PostSnapshotCommandProcessor implements CommandProcessor
receiver.generateRequsite(transferId, out);
}
}
catch (Exception ex)
catch (Exception ex)
{
logger.debug("exception caught", ex);
if(transferId != null)
if (transferId != null)
{
logger.debug("ending transfer", ex);
receiver.end(transferId);
@@ -151,7 +150,8 @@ public class PostSnapshotCommandProcessor implements CommandProcessor
}
/**
* @param receiver the receiver to set
* @param receiver
* the receiver to set
*/
public void setReceiver(TransferReceiver receiver)
{