mirror of
				https://github.com/Alfresco/alfresco-community-repo.git
				synced 2025-10-22 15:12:38 +00:00 
			
		
		
		
	Compare commits
	
		
			34 Commits
		
	
	
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
|  | dfa94fbe21 | ||
|  | 4a93aec66b | ||
|  | 3f0bbc9844 | ||
|  | cb9ad42101 | ||
|  | ca385b3bbc | ||
|  | 19c1582f1e | ||
|  | 06a918b082 | ||
|  | f543de9959 | ||
|  | 8124279e6a | ||
|  | 4281fd5b2d | ||
|  | d10d88306b | ||
|  | 1d7a37cd8c | ||
|  | 4bcb795452 | ||
|  | 393b064918 | ||
|  | f741f2ca45 | ||
|  | ef676f11e4 | ||
|  | 478c81fee3 | ||
|  | cf9cc8042d | ||
|  | 8d790ed1cb | ||
|  | 87c7bd2877 | ||
|  | 9125f889b0 | ||
|  | 2fb74d2691 | ||
|  | d671162dae | ||
|  | bfaa629da7 | ||
|  | 719d73a558 | ||
|  | a2aa867f3f | ||
|  | 8d745c536a | ||
|  | b0f4c21ae3 | ||
|  | 72494e34fa | ||
|  | 792b7024ea | ||
|  | 40a1371f0d | ||
|  | c22c47e63f | ||
|  | 232299d42d | ||
|  | aca7969849 | 
| @@ -7,7 +7,7 @@ | |||||||
|    <parent> |    <parent> | ||||||
|       <groupId>org.alfresco</groupId> |       <groupId>org.alfresco</groupId> | ||||||
|       <artifactId>alfresco-community-repo-amps</artifactId> |       <artifactId>alfresco-community-repo-amps</artifactId> | ||||||
|       <version>23.6.0.24</version> |       <version>23.7.0.1</version> | ||||||
|    </parent> |    </parent> | ||||||
|  |  | ||||||
|    <modules> |    <modules> | ||||||
|   | |||||||
| @@ -7,7 +7,7 @@ | |||||||
|    <parent> |    <parent> | ||||||
|       <groupId>org.alfresco</groupId> |       <groupId>org.alfresco</groupId> | ||||||
|       <artifactId>alfresco-governance-services-community-parent</artifactId> |       <artifactId>alfresco-governance-services-community-parent</artifactId> | ||||||
|       <version>23.6.0.24</version> |       <version>23.7.0.1</version> | ||||||
|    </parent> |    </parent> | ||||||
|  |  | ||||||
|    <modules> |    <modules> | ||||||
|   | |||||||
| @@ -7,7 +7,7 @@ | |||||||
|    <parent> |    <parent> | ||||||
|       <groupId>org.alfresco</groupId> |       <groupId>org.alfresco</groupId> | ||||||
|       <artifactId>alfresco-governance-services-automation-community-repo</artifactId> |       <artifactId>alfresco-governance-services-automation-community-repo</artifactId> | ||||||
|       <version>23.6.0.24</version> |       <version>23.7.0.1</version> | ||||||
|    </parent> |    </parent> | ||||||
|  |  | ||||||
|    <build> |    <build> | ||||||
|   | |||||||
| @@ -7,7 +7,7 @@ | |||||||
|    <parent> |    <parent> | ||||||
|       <groupId>org.alfresco</groupId> |       <groupId>org.alfresco</groupId> | ||||||
|       <artifactId>alfresco-governance-services-community-parent</artifactId> |       <artifactId>alfresco-governance-services-community-parent</artifactId> | ||||||
|       <version>23.6.0.24</version> |       <version>23.7.0.1</version> | ||||||
|    </parent> |    </parent> | ||||||
|  |  | ||||||
|    <modules> |    <modules> | ||||||
|   | |||||||
| @@ -1,3 +1,3 @@ | |||||||
| SOLR6_TAG=2.0.13 | SOLR6_TAG=2.0.17 | ||||||
| POSTGRES_TAG=15.4 | POSTGRES_TAG=15.4 | ||||||
| ACTIVEMQ_TAG=5.18.3-jre17-rockylinux8 | ACTIVEMQ_TAG=5.18.3-jre17-rockylinux8 | ||||||
|   | |||||||
| @@ -8,7 +8,7 @@ | |||||||
|    <parent> |    <parent> | ||||||
|       <groupId>org.alfresco</groupId> |       <groupId>org.alfresco</groupId> | ||||||
|       <artifactId>alfresco-governance-services-community-repo-parent</artifactId> |       <artifactId>alfresco-governance-services-community-repo-parent</artifactId> | ||||||
|       <version>23.6.0.24</version> |       <version>23.7.0.1</version> | ||||||
|    </parent> |    </parent> | ||||||
|  |  | ||||||
|    <properties> |    <properties> | ||||||
|   | |||||||
| @@ -4,7 +4,7 @@ | |||||||
|  |  | ||||||
| # Version label | # Version label | ||||||
| version.major=23 | version.major=23 | ||||||
| version.minor=6 | version.minor=7 | ||||||
| version.revision=0 | version.revision=0 | ||||||
| version.label= | version.label= | ||||||
|  |  | ||||||
|   | |||||||
| @@ -7,7 +7,7 @@ | |||||||
|     <parent> |     <parent> | ||||||
|         <groupId>org.alfresco</groupId> |         <groupId>org.alfresco</groupId> | ||||||
|         <artifactId>alfresco-governance-services-community-repo-parent</artifactId> |         <artifactId>alfresco-governance-services-community-repo-parent</artifactId> | ||||||
|         <version>23.6.0.24</version> |         <version>23.7.0.1</version> | ||||||
|     </parent> |     </parent> | ||||||
|  |  | ||||||
|     <build> |     <build> | ||||||
|   | |||||||
| @@ -7,7 +7,7 @@ | |||||||
|     <parent> |     <parent> | ||||||
|         <groupId>org.alfresco</groupId> |         <groupId>org.alfresco</groupId> | ||||||
|         <artifactId>alfresco-community-repo</artifactId> |         <artifactId>alfresco-community-repo</artifactId> | ||||||
|         <version>23.6.0.24</version> |         <version>23.7.0.1</version> | ||||||
|     </parent> |     </parent> | ||||||
|  |  | ||||||
|     <modules> |     <modules> | ||||||
|   | |||||||
| @@ -8,7 +8,7 @@ | |||||||
|     <parent> |     <parent> | ||||||
|         <groupId>org.alfresco</groupId> |         <groupId>org.alfresco</groupId> | ||||||
|         <artifactId>alfresco-community-repo-amps</artifactId> |         <artifactId>alfresco-community-repo-amps</artifactId> | ||||||
|         <version>23.6.0.24</version> |         <version>23.7.0.1</version> | ||||||
|     </parent> |     </parent> | ||||||
|  |  | ||||||
|     <properties> |     <properties> | ||||||
|   | |||||||
| @@ -7,7 +7,7 @@ | |||||||
|    <parent> |    <parent> | ||||||
|       <groupId>org.alfresco</groupId> |       <groupId>org.alfresco</groupId> | ||||||
|       <artifactId>alfresco-community-repo</artifactId> |       <artifactId>alfresco-community-repo</artifactId> | ||||||
|       <version>23.6.0.24</version> |       <version>23.7.0.1</version> | ||||||
|    </parent> |    </parent> | ||||||
|  |  | ||||||
|    <dependencies> |    <dependencies> | ||||||
|   | |||||||
| @@ -7,7 +7,7 @@ | |||||||
|     <parent> |     <parent> | ||||||
|         <groupId>org.alfresco</groupId> |         <groupId>org.alfresco</groupId> | ||||||
|         <artifactId>alfresco-community-repo</artifactId> |         <artifactId>alfresco-community-repo</artifactId> | ||||||
|         <version>23.6.0.24</version> |         <version>23.7.0.1</version> | ||||||
|     </parent> |     </parent> | ||||||
|  |  | ||||||
|     <properties> |     <properties> | ||||||
|   | |||||||
| @@ -7,7 +7,7 @@ | |||||||
|     <parent> |     <parent> | ||||||
|         <groupId>org.alfresco</groupId> |         <groupId>org.alfresco</groupId> | ||||||
|         <artifactId>alfresco-community-repo</artifactId> |         <artifactId>alfresco-community-repo</artifactId> | ||||||
|         <version>23.6.0.24</version> |         <version>23.7.0.1</version> | ||||||
|     </parent> |     </parent> | ||||||
|  |  | ||||||
|     <dependencies> |     <dependencies> | ||||||
|   | |||||||
| @@ -9,6 +9,6 @@ | |||||||
|     <parent> |     <parent> | ||||||
|         <groupId>org.alfresco</groupId> |         <groupId>org.alfresco</groupId> | ||||||
|         <artifactId>alfresco-community-repo-packaging</artifactId> |         <artifactId>alfresco-community-repo-packaging</artifactId> | ||||||
|         <version>23.6.0.24</version> |         <version>23.7.0.1</version> | ||||||
|     </parent> |     </parent> | ||||||
| </project> | </project> | ||||||
|   | |||||||
| @@ -7,7 +7,7 @@ | |||||||
|     <parent> |     <parent> | ||||||
|         <groupId>org.alfresco</groupId> |         <groupId>org.alfresco</groupId> | ||||||
|         <artifactId>alfresco-community-repo-packaging</artifactId> |         <artifactId>alfresco-community-repo-packaging</artifactId> | ||||||
|         <version>23.6.0.24</version> |         <version>23.7.0.1</version> | ||||||
|     </parent> |     </parent> | ||||||
|  |  | ||||||
|     <properties> |     <properties> | ||||||
|   | |||||||
| @@ -7,7 +7,7 @@ | |||||||
|     <parent> |     <parent> | ||||||
|         <groupId>org.alfresco</groupId> |         <groupId>org.alfresco</groupId> | ||||||
|         <artifactId>alfresco-community-repo</artifactId> |         <artifactId>alfresco-community-repo</artifactId> | ||||||
|         <version>23.6.0.24</version> |         <version>23.7.0.1</version> | ||||||
|     </parent> |     </parent> | ||||||
|  |  | ||||||
|     <modules> |     <modules> | ||||||
|   | |||||||
| @@ -1,3 +1,3 @@ | |||||||
| SOLR6_TAG=2.0.13 | SOLR6_TAG=2.0.17 | ||||||
| POSTGRES_TAG=15.4 | POSTGRES_TAG=15.4 | ||||||
| ACTIVEMQ_TAG=5.18.3-jre17-rockylinux8 | ACTIVEMQ_TAG=5.18.3-jre17-rockylinux8 | ||||||
|   | |||||||
| @@ -6,7 +6,7 @@ | |||||||
|     <parent> |     <parent> | ||||||
|         <groupId>org.alfresco</groupId> |         <groupId>org.alfresco</groupId> | ||||||
|         <artifactId>alfresco-community-repo-packaging</artifactId> |         <artifactId>alfresco-community-repo-packaging</artifactId> | ||||||
|         <version>23.6.0.24</version> |         <version>23.7.0.1</version> | ||||||
|     </parent> |     </parent> | ||||||
|  |  | ||||||
|     <modules> |     <modules> | ||||||
|   | |||||||
| @@ -7,7 +7,7 @@ | |||||||
|     <parent> |     <parent> | ||||||
|         <groupId>org.alfresco</groupId> |         <groupId>org.alfresco</groupId> | ||||||
|         <artifactId>alfresco-community-repo-tests</artifactId> |         <artifactId>alfresco-community-repo-tests</artifactId> | ||||||
|         <version>23.6.0.24</version> |         <version>23.7.0.1</version> | ||||||
|     </parent> |     </parent> | ||||||
|  |  | ||||||
|     <organization> |     <organization> | ||||||
|   | |||||||
| @@ -9,7 +9,7 @@ | |||||||
|     <parent> |     <parent> | ||||||
|         <groupId>org.alfresco</groupId> |         <groupId>org.alfresco</groupId> | ||||||
|         <artifactId>alfresco-community-repo-tests</artifactId> |         <artifactId>alfresco-community-repo-tests</artifactId> | ||||||
|         <version>23.6.0.24</version> |         <version>23.7.0.1</version> | ||||||
|     </parent> |     </parent> | ||||||
|  |  | ||||||
|     <developers> |     <developers> | ||||||
|   | |||||||
| @@ -9,7 +9,7 @@ | |||||||
|     <parent> |     <parent> | ||||||
|         <groupId>org.alfresco</groupId> |         <groupId>org.alfresco</groupId> | ||||||
|         <artifactId>alfresco-community-repo-tests</artifactId> |         <artifactId>alfresco-community-repo-tests</artifactId> | ||||||
|         <version>23.6.0.24</version> |         <version>23.7.0.1</version> | ||||||
|     </parent> |     </parent> | ||||||
|  |  | ||||||
|     <developers> |     <developers> | ||||||
|   | |||||||
| @@ -8,7 +8,7 @@ | |||||||
|     <parent> |     <parent> | ||||||
|         <groupId>org.alfresco</groupId> |         <groupId>org.alfresco</groupId> | ||||||
|         <artifactId>alfresco-community-repo-tests</artifactId> |         <artifactId>alfresco-community-repo-tests</artifactId> | ||||||
|         <version>23.6.0.24</version> |         <version>23.7.0.1</version> | ||||||
|     </parent> |     </parent> | ||||||
|  |  | ||||||
|     <properties> |     <properties> | ||||||
|   | |||||||
| @@ -9,7 +9,7 @@ | |||||||
|     <parent> |     <parent> | ||||||
|         <groupId>org.alfresco</groupId> |         <groupId>org.alfresco</groupId> | ||||||
|         <artifactId>alfresco-community-repo-tests</artifactId> |         <artifactId>alfresco-community-repo-tests</artifactId> | ||||||
|         <version>23.6.0.24</version> |         <version>23.7.0.1</version> | ||||||
|     </parent> |     </parent> | ||||||
|  |  | ||||||
|     <developers> |     <developers> | ||||||
|   | |||||||
| @@ -7,7 +7,7 @@ | |||||||
|     <parent> |     <parent> | ||||||
|         <groupId>org.alfresco</groupId> |         <groupId>org.alfresco</groupId> | ||||||
|         <artifactId>alfresco-community-repo-packaging</artifactId> |         <artifactId>alfresco-community-repo-packaging</artifactId> | ||||||
|         <version>23.6.0.24</version> |         <version>23.7.0.1</version> | ||||||
|     </parent> |     </parent> | ||||||
|  |  | ||||||
|     <properties> |     <properties> | ||||||
|   | |||||||
							
								
								
									
										16
									
								
								pom.xml
									
									
									
									
									
								
							
							
						
						
									
										16
									
								
								pom.xml
									
									
									
									
									
								
							| @@ -2,7 +2,7 @@ | |||||||
| <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> | <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> | ||||||
|     <modelVersion>4.0.0</modelVersion> |     <modelVersion>4.0.0</modelVersion> | ||||||
|     <artifactId>alfresco-community-repo</artifactId> |     <artifactId>alfresco-community-repo</artifactId> | ||||||
|     <version>23.6.0.24</version> |     <version>23.7.0.1</version> | ||||||
|     <packaging>pom</packaging> |     <packaging>pom</packaging> | ||||||
|     <name>Alfresco Community Repo Parent</name> |     <name>Alfresco Community Repo Parent</name> | ||||||
|  |  | ||||||
| @@ -24,7 +24,7 @@ | |||||||
|  |  | ||||||
|     <properties> |     <properties> | ||||||
|         <acs.version.major>23</acs.version.major> |         <acs.version.major>23</acs.version.major> | ||||||
|         <acs.version.minor>6</acs.version.minor> |         <acs.version.minor>7</acs.version.minor> | ||||||
|         <acs.version.revision>0</acs.version.revision> |         <acs.version.revision>0</acs.version.revision> | ||||||
|         <acs.version.label /> |         <acs.version.label /> | ||||||
|         <amp.min.version>${acs.version.major}.0.0</amp.min.version> |         <amp.min.version>${acs.version.major}.0.0</amp.min.version> | ||||||
| @@ -51,14 +51,14 @@ | |||||||
|         <dependency.alfresco-server-root.version>7.0.1</dependency.alfresco-server-root.version> |         <dependency.alfresco-server-root.version>7.0.1</dependency.alfresco-server-root.version> | ||||||
|         <dependency.activiti-engine.version>5.23.0</dependency.activiti-engine.version> |         <dependency.activiti-engine.version>5.23.0</dependency.activiti-engine.version> | ||||||
|         <dependency.activiti.version>5.23.0</dependency.activiti.version> |         <dependency.activiti.version>5.23.0</dependency.activiti.version> | ||||||
|         <dependency.alfresco-transform-core.version>5.2.2-A.4</dependency.alfresco-transform-core.version> |         <dependency.alfresco-transform-core.version>5.2.2</dependency.alfresco-transform-core.version> | ||||||
|         <dependency.alfresco-transform-service.version>4.2.2-A.2</dependency.alfresco-transform-service.version> |         <dependency.alfresco-transform-service.version>4.2.2</dependency.alfresco-transform-service.version> | ||||||
|         <dependency.alfresco-greenmail.version>7.0</dependency.alfresco-greenmail.version> |         <dependency.alfresco-greenmail.version>7.0</dependency.alfresco-greenmail.version> | ||||||
|         <dependency.acs-event-model.version>0.0.33</dependency.acs-event-model.version> |         <dependency.acs-event-model.version>0.0.33</dependency.acs-event-model.version> | ||||||
|  |  | ||||||
|         <dependency.aspectj.version>1.9.22.1</dependency.aspectj.version> |         <dependency.aspectj.version>1.9.22.1</dependency.aspectj.version> | ||||||
|         <dependency.spring.version>6.2.8</dependency.spring.version> |         <dependency.spring.version>6.2.11</dependency.spring.version> | ||||||
|         <dependency.spring-security.version>6.3.9</dependency.spring-security.version> |         <dependency.spring-security.version>6.4.11</dependency.spring-security.version> | ||||||
|         <dependency.antlr.version>3.5.3</dependency.antlr.version> |         <dependency.antlr.version>3.5.3</dependency.antlr.version> | ||||||
|         <dependency.jackson.version>2.17.2</dependency.jackson.version> |         <dependency.jackson.version>2.17.2</dependency.jackson.version> | ||||||
|         <dependency.cxf.version>4.1.2</dependency.cxf.version> |         <dependency.cxf.version>4.1.2</dependency.cxf.version> | ||||||
| @@ -113,7 +113,7 @@ | |||||||
|         <dependency.jakarta-json-path.version>2.9.0</dependency.jakarta-json-path.version> |         <dependency.jakarta-json-path.version>2.9.0</dependency.jakarta-json-path.version> | ||||||
|         <dependency.json-smart.version>2.5.2</dependency.json-smart.version> |         <dependency.json-smart.version>2.5.2</dependency.json-smart.version> | ||||||
|         <alfresco.googledrive.version>4.1.0</alfresco.googledrive.version> |         <alfresco.googledrive.version>4.1.0</alfresco.googledrive.version> | ||||||
|         <alfresco.aos-module.version>3.3.0</alfresco.aos-module.version> |         <alfresco.aos-module.version>3.4.0</alfresco.aos-module.version> | ||||||
|         <alfresco.api-explorer.version>23.4.0</alfresco.api-explorer.version> <!-- Also in alfresco-enterprise-share --> |         <alfresco.api-explorer.version>23.4.0</alfresco.api-explorer.version> <!-- Also in alfresco-enterprise-share --> | ||||||
|  |  | ||||||
|         <alfresco.maven-plugin.version>2.2.0</alfresco.maven-plugin.version> |         <alfresco.maven-plugin.version>2.2.0</alfresco.maven-plugin.version> | ||||||
| @@ -154,7 +154,7 @@ | |||||||
|         <connection>scm:git:https://github.com/Alfresco/alfresco-community-repo.git</connection> |         <connection>scm:git:https://github.com/Alfresco/alfresco-community-repo.git</connection> | ||||||
|         <developerConnection>scm:git:https://github.com/Alfresco/alfresco-community-repo.git</developerConnection> |         <developerConnection>scm:git:https://github.com/Alfresco/alfresco-community-repo.git</developerConnection> | ||||||
|         <url>https://github.com/Alfresco/alfresco-community-repo</url> |         <url>https://github.com/Alfresco/alfresco-community-repo</url> | ||||||
|         <tag>23.6.0.24</tag> |         <tag>23.7.0.1</tag> | ||||||
|     </scm> |     </scm> | ||||||
|  |  | ||||||
|     <distributionManagement> |     <distributionManagement> | ||||||
|   | |||||||
| @@ -7,7 +7,7 @@ | |||||||
|     <parent> |     <parent> | ||||||
|         <groupId>org.alfresco</groupId> |         <groupId>org.alfresco</groupId> | ||||||
|         <artifactId>alfresco-community-repo</artifactId> |         <artifactId>alfresco-community-repo</artifactId> | ||||||
|         <version>23.6.0.24</version> |         <version>23.7.0.1</version> | ||||||
|     </parent> |     </parent> | ||||||
|  |  | ||||||
|     <dependencies> |     <dependencies> | ||||||
|   | |||||||
| @@ -2,7 +2,7 @@ | |||||||
|  * #%L |  * #%L | ||||||
|  * Alfresco Remote API |  * Alfresco Remote API | ||||||
|  * %% |  * %% | ||||||
|  * Copyright (C) 2005 - 2016 Alfresco Software Limited |  * Copyright (C) 2005 - 2025 Alfresco Software Limited | ||||||
|  * %% |  * %% | ||||||
|  * This file is part of the Alfresco software.  |  * This file is part of the Alfresco software.  | ||||||
|  * If the software was purchased under a paid Alfresco license, the terms of  |  * If the software was purchased under a paid Alfresco license, the terms of  | ||||||
| @@ -31,6 +31,14 @@ import java.util.HashMap; | |||||||
| import java.util.List; | import java.util.List; | ||||||
| import java.util.Map; | import java.util.Map; | ||||||
|  |  | ||||||
|  | import org.apache.commons.lang3.StringUtils; | ||||||
|  | import org.json.simple.JSONObject; | ||||||
|  | import org.owasp.html.PolicyFactory; | ||||||
|  | import org.owasp.html.Sanitizers; | ||||||
|  | import org.springframework.extensions.webscripts.Cache; | ||||||
|  | import org.springframework.extensions.webscripts.Status; | ||||||
|  | import org.springframework.extensions.webscripts.WebScriptRequest; | ||||||
|  |  | ||||||
| import org.alfresco.model.ContentModel; | import org.alfresco.model.ContentModel; | ||||||
| import org.alfresco.model.ForumModel; | import org.alfresco.model.ForumModel; | ||||||
| import org.alfresco.repo.content.MimetypeMap; | import org.alfresco.repo.content.MimetypeMap; | ||||||
| @@ -44,10 +52,6 @@ import org.alfresco.service.cmr.security.PermissionService; | |||||||
| import org.alfresco.service.namespace.NamespaceService; | import org.alfresco.service.namespace.NamespaceService; | ||||||
| import org.alfresco.service.namespace.QName; | import org.alfresco.service.namespace.QName; | ||||||
| import org.alfresco.service.namespace.RegexQNamePattern; | import org.alfresco.service.namespace.RegexQNamePattern; | ||||||
| import org.json.simple.JSONObject; |  | ||||||
| import org.springframework.extensions.webscripts.Cache; |  | ||||||
| import org.springframework.extensions.webscripts.Status; |  | ||||||
| import org.springframework.extensions.webscripts.WebScriptRequest; |  | ||||||
|  |  | ||||||
| /** | /** | ||||||
|  * This class is the controller for the comments.post web script. |  * This class is the controller for the comments.post web script. | ||||||
| @@ -58,7 +62,7 @@ import org.springframework.extensions.webscripts.WebScriptRequest; | |||||||
| public class CommentsPost extends AbstractCommentsWebScript | public class CommentsPost extends AbstractCommentsWebScript | ||||||
| { | { | ||||||
|     /** |     /** | ||||||
|      *  Overrides AbstractCommentsWebScript to add comment |      * Overrides AbstractCommentsWebScript to add comment | ||||||
|      */ |      */ | ||||||
|     @Override |     @Override | ||||||
|     protected Map<String, Object> executeImpl(NodeRef nodeRef, WebScriptRequest req, Status status, Cache cache) |     protected Map<String, Object> executeImpl(NodeRef nodeRef, WebScriptRequest req, Status status, Cache cache) | ||||||
| @@ -66,6 +70,19 @@ public class CommentsPost extends AbstractCommentsWebScript | |||||||
|         // get json object from request |         // get json object from request | ||||||
|         JSONObject json = parseJSON(req); |         JSONObject json = parseJSON(req); | ||||||
|  |  | ||||||
|  |         // Validating and Sanitizing comment content to prevent XSS | ||||||
|  |         String commentContent = getOrNull(json, "content"); | ||||||
|  |         if (StringUtils.isBlank(commentContent)) | ||||||
|  |         { | ||||||
|  |             throw new IllegalArgumentException("Comment content must not be empty"); | ||||||
|  |         } | ||||||
|  |         else | ||||||
|  |         { | ||||||
|  |             PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS); | ||||||
|  |             String safeContent = policy.sanitize(commentContent); | ||||||
|  |             json.replace("content", safeContent); | ||||||
|  |         } | ||||||
|  |  | ||||||
|         /* MNT-10231, MNT-9771 fix */ |         /* MNT-10231, MNT-9771 fix */ | ||||||
|         this.behaviourFilter.disableBehaviour(nodeRef, ContentModel.ASPECT_AUDITABLE); |         this.behaviourFilter.disableBehaviour(nodeRef, ContentModel.ASPECT_AUDITABLE); | ||||||
|  |  | ||||||
| @@ -99,32 +116,32 @@ public class CommentsPost extends AbstractCommentsWebScript | |||||||
|     { |     { | ||||||
|         // fetch the parent to add the node to |         // fetch the parent to add the node to | ||||||
|         NodeRef commentsFolder = getOrCreateCommentsFolder(nodeRef); |         NodeRef commentsFolder = getOrCreateCommentsFolder(nodeRef); | ||||||
|          |  | ||||||
|         // get a unique name |         // get a unique name | ||||||
|         String name = getUniqueChildName("comment"); |         String name = getUniqueChildName("comment"); | ||||||
|          |  | ||||||
|         // create the comment |         // create the comment | ||||||
|         NodeRef commentNodeRef = nodeService.createNode(commentsFolder,  |         NodeRef commentNodeRef = nodeService.createNode(commentsFolder, | ||||||
|                 ContentModel.ASSOC_CONTAINS,  |                 ContentModel.ASSOC_CONTAINS, | ||||||
|                 QName.createQName(NamespaceService.CONTENT_MODEL_1_0_URI, QName.createValidLocalName(name)),  |                 QName.createQName(NamespaceService.CONTENT_MODEL_1_0_URI, QName.createValidLocalName(name)), | ||||||
|                 ForumModel.TYPE_POST).getChildRef(); |                 ForumModel.TYPE_POST).getChildRef(); | ||||||
|              |  | ||||||
|         // fetch the title required to create a comment |         // fetch the title required to create a comment | ||||||
|         String title = getOrNull(json, JSON_KEY_TITLE); |         String title = getOrNull(json, JSON_KEY_TITLE); | ||||||
|         HashMap<QName, Serializable> props = new HashMap<QName, Serializable>(1, 1.0f); |         HashMap<QName, Serializable> props = new HashMap<QName, Serializable>(1, 1.0f); | ||||||
|         props.put(ContentModel.PROP_TITLE, title != null ? title : ""); |         props.put(ContentModel.PROP_TITLE, title != null ? title : ""); | ||||||
|         nodeService.addProperties(commentNodeRef, props); |         nodeService.addProperties(commentNodeRef, props); | ||||||
|          |  | ||||||
|         ContentWriter writer = contentService.getWriter(commentNodeRef, ContentModel.PROP_CONTENT, true); |         ContentWriter writer = contentService.getWriter(commentNodeRef, ContentModel.PROP_CONTENT, true); | ||||||
|         // fetch the content of a comment |         // fetch the content of a comment | ||||||
|         String contentString = getOrNull(json, JSON_KEY_CONTENT); |         String contentString = getOrNull(json, JSON_KEY_CONTENT); | ||||||
|          |  | ||||||
|         writer.setMimetype(MimetypeMap.MIMETYPE_HTML); |         writer.setMimetype(MimetypeMap.MIMETYPE_HTML); | ||||||
|         writer.putContent(contentString); |         writer.putContent(contentString); | ||||||
|          |  | ||||||
|         return commentNodeRef; |         return commentNodeRef; | ||||||
|     } |     } | ||||||
|      |  | ||||||
|     /** |     /** | ||||||
|      * generates an comment item value |      * generates an comment item value | ||||||
|      *  |      *  | ||||||
| @@ -134,34 +151,34 @@ public class CommentsPost extends AbstractCommentsWebScript | |||||||
|     private Map<String, Object> generateItemValue(NodeRef commentNodeRef) |     private Map<String, Object> generateItemValue(NodeRef commentNodeRef) | ||||||
|     { |     { | ||||||
|         Map<String, Object> result = new HashMap<String, Object>(4, 1.0f); |         Map<String, Object> result = new HashMap<String, Object>(4, 1.0f); | ||||||
|          |  | ||||||
|         String creator = (String)this.nodeService.getProperty(commentNodeRef, ContentModel.PROP_CREATOR); |         String creator = (String) this.nodeService.getProperty(commentNodeRef, ContentModel.PROP_CREATOR); | ||||||
|          |  | ||||||
|         Serializable created = this.nodeService.getProperty(commentNodeRef, ContentModel.PROP_CREATED); |         Serializable created = this.nodeService.getProperty(commentNodeRef, ContentModel.PROP_CREATED); | ||||||
|         Serializable modified = this.nodeService.getProperty(commentNodeRef, ContentModel.PROP_MODIFIED); |         Serializable modified = this.nodeService.getProperty(commentNodeRef, ContentModel.PROP_MODIFIED); | ||||||
|          |  | ||||||
|         boolean isUpdated = false; |         boolean isUpdated = false; | ||||||
|         if (created instanceof Date && modified instanceof Date) |         if (created instanceof Date && modified instanceof Date) | ||||||
|         { |         { | ||||||
|            isUpdated = ((Date)modified).getTime() - ((Date)created).getTime() > 5000; |             isUpdated = ((Date) modified).getTime() - ((Date) created).getTime() > 5000; | ||||||
|         } |         } | ||||||
|  |  | ||||||
|         // TODO refactor v0 Comments API to use CommentService (see ACE-5437) |         // TODO refactor v0 Comments API to use CommentService (see ACE-5437) | ||||||
|         Serializable owner = this.nodeService.getProperty(commentNodeRef, ContentModel.PROP_OWNER); |         Serializable owner = this.nodeService.getProperty(commentNodeRef, ContentModel.PROP_OWNER); | ||||||
|         String currentUser = this.serviceRegistry.getAuthenticationService().getCurrentUserName(); |         String currentUser = this.serviceRegistry.getAuthenticationService().getCurrentUserName(); | ||||||
|          |  | ||||||
|         boolean isSiteManager = this.permissionService.hasPermission(commentNodeRef, SiteModel.SITE_MANAGER) == (AccessStatus.ALLOWED); |         boolean isSiteManager = this.permissionService.hasPermission(commentNodeRef, SiteModel.SITE_MANAGER) == (AccessStatus.ALLOWED); | ||||||
|         boolean isCoordinator = this.permissionService.hasPermission(commentNodeRef, PermissionService.COORDINATOR) == (AccessStatus.ALLOWED); |         boolean isCoordinator = this.permissionService.hasPermission(commentNodeRef, PermissionService.COORDINATOR) == (AccessStatus.ALLOWED); | ||||||
|         boolean canEditComment = isSiteManager || isCoordinator || currentUser.equals(creator) || currentUser.equals(owner); |         boolean canEditComment = isSiteManager || isCoordinator || currentUser.equals(creator) || currentUser.equals(owner); | ||||||
|          |  | ||||||
|         result.put("node", commentNodeRef); |         result.put("node", commentNodeRef); | ||||||
|         result.put("author", this.personService.getPerson(creator)); |         result.put("author", this.personService.getPerson(creator)); | ||||||
|         result.put("isUpdated", isUpdated); |         result.put("isUpdated", isUpdated); | ||||||
|         result.put("canEditComment", canEditComment); |         result.put("canEditComment", canEditComment); | ||||||
|          |  | ||||||
|         return result; |         return result; | ||||||
|     } |     } | ||||||
|      |  | ||||||
|     /** |     /** | ||||||
|      * generates the response model for adding a comment |      * generates the response model for adding a comment | ||||||
|      *  |      *  | ||||||
| @@ -194,7 +211,7 @@ public class CommentsPost extends AbstractCommentsWebScript | |||||||
|         } |         } | ||||||
|         return commentsFolder; |         return commentsFolder; | ||||||
|     } |     } | ||||||
|      |  | ||||||
|     /** |     /** | ||||||
|      * returns the nodeRef of the existing one |      * returns the nodeRef of the existing one | ||||||
|      *  |      *  | ||||||
| @@ -207,7 +224,7 @@ public class CommentsPost extends AbstractCommentsWebScript | |||||||
|         { |         { | ||||||
|             List<ChildAssociationRef> assocs = nodeService.getChildAssocs(nodeRef, ForumModel.ASSOC_DISCUSSION, RegexQNamePattern.MATCH_ALL); |             List<ChildAssociationRef> assocs = nodeService.getChildAssocs(nodeRef, ForumModel.ASSOC_DISCUSSION, RegexQNamePattern.MATCH_ALL); | ||||||
|             ChildAssociationRef firstAssoc = assocs.get(0); |             ChildAssociationRef firstAssoc = assocs.get(0); | ||||||
|              |  | ||||||
|             return nodeService.getChildByName(firstAssoc.getChildRef(), ContentModel.ASSOC_CONTAINS, COMMENTS_TOPIC_NAME); |             return nodeService.getChildByName(firstAssoc.getChildRef(), ContentModel.ASSOC_CONTAINS, COMMENTS_TOPIC_NAME); | ||||||
|         } |         } | ||||||
|         else |         else | ||||||
| @@ -220,7 +237,7 @@ public class CommentsPost extends AbstractCommentsWebScript | |||||||
|     { |     { | ||||||
|         return prefix + "-" + System.currentTimeMillis(); |         return prefix + "-" + System.currentTimeMillis(); | ||||||
|     } |     } | ||||||
|      |  | ||||||
|     /** |     /** | ||||||
|      * creates the comments folder if it does not exists |      * creates the comments folder if it does not exists | ||||||
|      *  |      *  | ||||||
| @@ -229,35 +246,34 @@ public class CommentsPost extends AbstractCommentsWebScript | |||||||
|      */ |      */ | ||||||
|     private NodeRef createCommentsFolder(final NodeRef nodeRef) |     private NodeRef createCommentsFolder(final NodeRef nodeRef) | ||||||
|     { |     { | ||||||
|         NodeRef commentsFolder = AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<NodeRef>() |         NodeRef commentsFolder = AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<NodeRef>() { | ||||||
|         { |  | ||||||
|             public NodeRef doWork() throws Exception |             public NodeRef doWork() throws Exception | ||||||
|             { |             { | ||||||
|                 NodeRef commentsFolder = null; |                 NodeRef commentsFolder = null; | ||||||
|                 AuthenticationUtil.pushAuthentication(); |                 AuthenticationUtil.pushAuthentication(); | ||||||
|                  |  | ||||||
|                 // ALF-5240: turn off auditing round the discussion node creation to prevent |                 // ALF-5240: turn off auditing round the discussion node creation to prevent | ||||||
|                 // the source document from being modified by the first user leaving a comment |                 // the source document from being modified by the first user leaving a comment | ||||||
|                 behaviourFilter.disableBehaviour(nodeRef, ContentModel.ASPECT_AUDITABLE); |                 behaviourFilter.disableBehaviour(nodeRef, ContentModel.ASPECT_AUDITABLE); | ||||||
|                  |  | ||||||
|                 try |                 try | ||||||
|                 {   |                 { | ||||||
|                     // MNT-12082: set System user for creating forumFolder and commentsFolder nodes |                     // MNT-12082: set System user for creating forumFolder and commentsFolder nodes | ||||||
|                     AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName()); |                     AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getSystemUserName()); | ||||||
|                      |  | ||||||
|                     nodeService.addAspect(nodeRef, QName.createQName(NamespaceService.FORUMS_MODEL_1_0_URI, "discussable"), null); |                     nodeService.addAspect(nodeRef, QName.createQName(NamespaceService.FORUMS_MODEL_1_0_URI, "discussable"), null); | ||||||
|                     nodeService.addAspect(nodeRef, QName.createQName(NamespaceService.FORUMS_MODEL_1_0_URI, "commentsRollup"), null); |                     nodeService.addAspect(nodeRef, QName.createQName(NamespaceService.FORUMS_MODEL_1_0_URI, "commentsRollup"), null); | ||||||
|                     List<ChildAssociationRef> assocs = nodeService.getChildAssocs(nodeRef, QName.createQName(NamespaceService.FORUMS_MODEL_1_0_URI, "discussion"), RegexQNamePattern.MATCH_ALL); |                     List<ChildAssociationRef> assocs = nodeService.getChildAssocs(nodeRef, QName.createQName(NamespaceService.FORUMS_MODEL_1_0_URI, "discussion"), RegexQNamePattern.MATCH_ALL); | ||||||
|                     if (assocs.size() != 0) |                     if (assocs.size() != 0) | ||||||
|                     { |                     { | ||||||
|                         NodeRef forumFolder = assocs.get(0).getChildRef(); |                         NodeRef forumFolder = assocs.get(0).getChildRef(); | ||||||
|                          |  | ||||||
|                         Map<QName, Serializable> props = new HashMap<QName, Serializable>(1, 1.0f); |                         Map<QName, Serializable> props = new HashMap<QName, Serializable>(1, 1.0f); | ||||||
|                         props.put(ContentModel.PROP_NAME, COMMENTS_TOPIC_NAME); |                         props.put(ContentModel.PROP_NAME, COMMENTS_TOPIC_NAME); | ||||||
|                         commentsFolder = nodeService.createNode( |                         commentsFolder = nodeService.createNode( | ||||||
|                                 forumFolder, |                                 forumFolder, | ||||||
|                                 ContentModel.ASSOC_CONTAINS,  |                                 ContentModel.ASSOC_CONTAINS, | ||||||
|                                 QName.createQName(NamespaceService.CONTENT_MODEL_1_0_URI, COMMENTS_TOPIC_NAME),  |                                 QName.createQName(NamespaceService.CONTENT_MODEL_1_0_URI, COMMENTS_TOPIC_NAME), | ||||||
|                                 QName.createQName(NamespaceService.FORUMS_MODEL_1_0_URI, "topic"), |                                 QName.createQName(NamespaceService.FORUMS_MODEL_1_0_URI, "topic"), | ||||||
|                                 props).getChildRef(); |                                 props).getChildRef(); | ||||||
|                     } |                     } | ||||||
| @@ -267,12 +283,12 @@ public class CommentsPost extends AbstractCommentsWebScript | |||||||
|                     AuthenticationUtil.popAuthentication(); |                     AuthenticationUtil.popAuthentication(); | ||||||
|                     behaviourFilter.enableBehaviour(nodeRef, ContentModel.ASPECT_AUDITABLE); |                     behaviourFilter.enableBehaviour(nodeRef, ContentModel.ASPECT_AUDITABLE); | ||||||
|                 } |                 } | ||||||
|                  |  | ||||||
|                 return commentsFolder; |                 return commentsFolder; | ||||||
|             } |             } | ||||||
|      |  | ||||||
|         }, AuthenticationUtil.getSystemUserName());  |         }, AuthenticationUtil.getSystemUserName()); | ||||||
|          |  | ||||||
|         return commentsFolder; |         return commentsFolder; | ||||||
|     } |     } | ||||||
|  |  | ||||||
|   | |||||||
| @@ -7,7 +7,7 @@ | |||||||
|     <parent> |     <parent> | ||||||
|         <groupId>org.alfresco</groupId> |         <groupId>org.alfresco</groupId> | ||||||
|         <artifactId>alfresco-community-repo</artifactId> |         <artifactId>alfresco-community-repo</artifactId> | ||||||
|         <version>23.6.0.24</version> |         <version>23.7.0.1</version> | ||||||
|     </parent> |     </parent> | ||||||
|  |  | ||||||
|     <dependencies> |     <dependencies> | ||||||
|   | |||||||
| @@ -2,7 +2,7 @@ | |||||||
|  * #%L |  * #%L | ||||||
|  * Alfresco Repository |  * Alfresco Repository | ||||||
|  * %% |  * %% | ||||||
|  * Copyright (C) 2005 - 2023 Alfresco Software Limited |  * Copyright (C) 2005 - 2025 Alfresco Software Limited | ||||||
|  * %% |  * %% | ||||||
|  * This file is part of the Alfresco software. |  * This file is part of the Alfresco software. | ||||||
|  * If the software was purchased under a paid Alfresco license, the terms of |  * If the software was purchased under a paid Alfresco license, the terms of | ||||||
| @@ -39,8 +39,10 @@ import org.alfresco.service.namespace.QName; | |||||||
| /** | /** | ||||||
|  * Encapsulates events occurred in a single transaction. |  * Encapsulates events occurred in a single transaction. | ||||||
|  * |  * | ||||||
|  * @param <REF> entity (e.g. node, child association, peer association) reference type |  * @param <REF> | ||||||
|  * @param <RES> entity resource type |  *            entity (e.g. node, child association, peer association) reference type | ||||||
|  |  * @param <RES> | ||||||
|  |  *            entity resource type | ||||||
|  */ |  */ | ||||||
| public abstract class EventConsolidator<REF extends EntityRef, RES extends Resource> | public abstract class EventConsolidator<REF extends EntityRef, RES extends Resource> | ||||||
| { | { | ||||||
| @@ -90,23 +92,31 @@ public abstract class EventConsolidator<REF extends EntityRef, RES extends Resou | |||||||
|     /** |     /** | ||||||
|      * Builds and returns the {@link RepoEvent} instance. |      * Builds and returns the {@link RepoEvent} instance. | ||||||
|      * |      * | ||||||
|      * @param eventInfo the object holding the event information |      * @param eventInfo | ||||||
|  |      *            the object holding the event information | ||||||
|      * @return the {@link RepoEvent} instance |      * @return the {@link RepoEvent} instance | ||||||
|      */ |      */ | ||||||
|     public RepoEvent<DataAttributes<RES>> getRepoEvent(EventInfo eventInfo) |     public RepoEvent<DataAttributes<RES>> getRepoEvent(EventInfo eventInfo) | ||||||
|  |     { | ||||||
|  |         final RepoEvent.Builder<DataAttributes<RES>> builder = RepoEvent.builder(); | ||||||
|  |  | ||||||
|  |         configureRepoEventBuilder(builder, eventInfo); | ||||||
|  |  | ||||||
|  |         return builder.build(); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     protected void configureRepoEventBuilder(RepoEvent.Builder<DataAttributes<RES>> builder, EventInfo eventInfo) | ||||||
|     { |     { | ||||||
|         EventType eventType = getDerivedEvent(); |         EventType eventType = getDerivedEvent(); | ||||||
|  |  | ||||||
|         DataAttributes<RES> eventData = buildEventData(eventInfo, resource, eventType); |         DataAttributes<RES> eventData = buildEventData(eventInfo, resource, eventType); | ||||||
|  |  | ||||||
|         return RepoEvent.<DataAttributes<RES>>builder() |         builder.setId(eventInfo.getId()) | ||||||
|             .setId(eventInfo.getId()) |                 .setSource(eventInfo.getSource()) | ||||||
|             .setSource(eventInfo.getSource()) |                 .setTime(eventInfo.getTimestamp()) | ||||||
|             .setTime(eventInfo.getTimestamp()) |                 .setType(eventType.getType()) | ||||||
|             .setType(eventType.getType()) |                 .setData(eventData) | ||||||
|             .setData(eventData) |                 .setDataschema(EventJSONSchema.getSchemaV1(eventType)); | ||||||
|             .setDataschema(EventJSONSchema.getSchemaV1(eventType)) |  | ||||||
|             .build(); |  | ||||||
|     } |     } | ||||||
|  |  | ||||||
|     /** |     /** | ||||||
| @@ -114,9 +124,9 @@ public abstract class EventConsolidator<REF extends EntityRef, RES extends Resou | |||||||
|      */ |      */ | ||||||
|     protected DataAttributes<RES> buildEventData(EventInfo eventInfo, RES resource, EventType eventType) |     protected DataAttributes<RES> buildEventData(EventInfo eventInfo, RES resource, EventType eventType) | ||||||
|     { |     { | ||||||
|         return EventData.<RES>builder() |         return EventData.<RES> builder() | ||||||
|             .setEventGroupId(eventInfo.getTxnId()) |                 .setEventGroupId(eventInfo.getTxnId()) | ||||||
|             .setResource(resource) |                 .setResource(resource) | ||||||
|             .build(); |                 .build(); | ||||||
|     } |     } | ||||||
| } | } | ||||||
|   | |||||||
| @@ -3,7 +3,7 @@ | |||||||
| repository.name=Main Repository | repository.name=Main Repository | ||||||
|  |  | ||||||
| # Schema number | # Schema number | ||||||
| version.schema=19500 | version.schema=19600 | ||||||
|  |  | ||||||
| # Directory configuration | # Directory configuration | ||||||
|  |  | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user