mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-08-07 17:49:17 +00:00
407e5029cc
35224: ALF-12038: Remove trailing JSON comma causing IE7 script error
35226: ALF-13401 - Saving PowerPoint (mac 2011) via CIFS fails in Mac OS X Lion
35239: ALF-13409: Further fix to deal with concurrent deletion of a user's site invitations in background
35245: ALF-13281: Enabled use of autocomplete in IE for forms runtime. This change also allows multiple events to be attached per validation handler
35253: ALF-13640: Fixed issues with updating task associations + added new test + fixed existing activiti-component-tests
35271: Translation updates (fixes: ALF-13434) - based on EN r35212. (Dutch still to follow)
35281: ALF-13227: Fix CSS for Wiki layout of nested lists
35284: SPANISH: Update from Gloria
35290: More debug + unit test for mac powerpoint shuffle.
35291: Added isTemporary method
35295: ALF-13453 : Remote Code Execution (can create reverse shell).
- Added ability for XMLUtil parse callers to provide an optional array of XMLFilterImpl to be used while parsing.
-Added secureParseXSL methods that automatically install an XMLFilterImpl that causes a parse failure if any insecure namespaces are encountered.
35303: Fix for ALF-12444 Node Browser improvement: Index single node and remove single node from indexes
Part of ALF-13723 SOLR does not include the same query unit tests as lucene
35305: ALF-13723 SOLR does not include the same query unit tests as lucene
- test template
35306: ALF-13723 SOLR does not include the same query unit tests as lucene
- template for creating test cores
35323: ALF-13420: Natural sort on form option labels and improvement for CSS - specifically to address transform action in document details.
35328: ALF-13409: Avoid concurrency issues in unit test tear downs by deleting users before sites. User deletion deletes invitations synchronously. Site deletion deletes invitations concurrently to avoid UI timeouts. The potential to access invitations that are being concurrently deleted still exists, but always did!
35331: ALF-12126: Ensure that DND upload is disabled for users with only consumer access
35335: ALF-13708: Merged V3.4-BUG-FIX (3.4.10) to V4.0-BUG-FIX (4.0.2)
35235: ALF-13673: Amp-loaded duplicated mimetypes should be handled
- Modified code to allow duplicates to replace parts of the existing mimetype definitions.
- A warning is logged each time.
35336: Spanish and Dutch updates from Gloria, based on EN r35212
35355: Merged V3.4-BUG-FIX to V4.0-BUG-FIX
35213: ALF-13686: Merged PATCHES/V3.4.8 to V3.4-BUG-FIX
34943: ALF-13121: Option to create users either as user1 or user1@domain.com after kerberos authentication
- New Kerberos subsystem parameter kerberos.authentication.stripUsernameSuffix introduced
- When true (the default) the @domain sufix will be stripped from Kerberos authenticated usernames in CIFS, SPP, WebDAV and the Web Client
- When false, should enable a multi-domain customer to use Alfresco (says Mr Gninot)
35096: ALF-13121: Added missing stripKerberosUsernameSuffix property to sharepointAuthenticationHandler
35215: ALF-13065: Ensure Wiki new page save button is available on HTML edit action
35219: ALF-11898: Fixed TinyMCE create HTML content problem for Explorer client
35261: Translation updates based on EN r35144
35339: AD 2008 R2, user import via LDAP fails with over 1000 users
- Problem discovered by Community user with simple workaround
https://forums.alfresco.com/en/viewtopic.php?f=57&t=43960&sid=5569e5cfbccb3776e11ef4a8e9d50378&p=129664#p129664
35353: Merged V3.4 to V3.4-BUG-FIX
35279: ALF-13713: Merged PATCHES/V3.4.8 to V3.4
35146: Merged DEV to PATCHES/V3.4.8
35130: ALF-13472: Webdav Does not allow a user to access spaces without read permission on parent spaces
Receiving of indirect lock is wrapped into AuthenticationUtil.runAs() invocation to provide a possibility of getting indirect lock for users with appropriate access rights for requested resource
35280: ALF-10353: Internet Explorer hangs when using the object picker with a larger number of documents
- reviewed by DD
35318: ALF-13715: Merged HEAD to V3.4
31743: Fixed ALF-10157: Web Form Details page for the "Selected Web Content Forms": script error appears on help button click: container.jsp (line 382)
35341: ALF-13552: Merged V4.0 to V3.4
35296: ALF-13453: Remote Code Execution (can create reverse shell) - Fix by Shane
35304: ALF-13453: Extra fix to ensure xalan namespace isn't declared with global scope and can't be hijacked by an input stylesheet
35307: ALF-13453: Duplicated extra fix to duplicate code in XSLTRenderingEngine!
35354: Merged V3.4 to V3.4-BUG-FIX (RECORD ONLY)
35266: Merged V3.4-BUG-FIX to V3.4
35261: Translation updates based on EN r35144
35334: Merged V3.4-BUG-FIX to V3.4
35235: ALF-13673: Amp-loaded duplicated mimetypes should be handled
- Modified code to allow duplicates to replace parts of the existing mimetype definitions.
- A warning is logged each time.
35356: Merged V4.0 to V4.0-BUG-FIX
35292: ALF-13721: Merged PATCHES/V4.0.0 to V4.0
35240: Fix for ALF-13685 The SOLr textContent webscript is not protected by authentication and permission checks.
35242: Fix for ALF-13685 The SOLr textContent webscript is not protected by authentication and permission checks.
- /wcs/api/solr and /wcservice/api/solr
35304: ALF-13453: Extra fix to ensure xalan namespace isn't declared with global scope and can't be hijacked by an input stylesheet
35307: ALF-13453: Duplicated extra fix to duplicate code in XSLTRenderingEngine!
35357: Merged V4.0 to V4.0-BUG-FIX (RECORD ONLY)
35048: Merged V4.0-BUG-FIX to V4.0
35031: Fix for ALF-12309: Script errors on site pages
35293: Merged V4.0-BUG-FIX to V4.0
35172: ALF-13626: category.put.json.ftl has wrong bracket
35296: Merged V4.0-BUG-FIX to V4.0
35295: ALF-13453: Remote Code Execution (can create reverse shell)
- Fix by Shane
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@35359 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
248 lines
9.5 KiB
Java
248 lines
9.5 KiB
Java
/*
|
|
* Copyright (C) 2005-2010 Alfresco Software Limited.
|
|
*
|
|
* This file is part of Alfresco
|
|
*
|
|
* Alfresco is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU Lesser General Public License as published by
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* Alfresco is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public License
|
|
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
package org.alfresco.web.bean.ajax;
|
|
|
|
import java.io.BufferedInputStream;
|
|
import java.io.File;
|
|
import java.io.FileInputStream;
|
|
import java.io.InputStream;
|
|
import java.io.Serializable;
|
|
import java.util.HashMap;
|
|
import java.util.List;
|
|
import java.util.Map;
|
|
import java.util.StringTokenizer;
|
|
|
|
import javax.faces.context.ExternalContext;
|
|
import javax.faces.context.FacesContext;
|
|
import javax.faces.context.ResponseWriter;
|
|
import javax.servlet.http.HttpServletRequest;
|
|
|
|
import org.alfresco.model.ContentModel;
|
|
import org.alfresco.repo.content.MimetypeMap;
|
|
import org.alfresco.repo.content.filestore.FileContentReader;
|
|
import org.alfresco.service.ServiceRegistry;
|
|
import org.alfresco.service.cmr.model.FileInfo;
|
|
import org.alfresco.service.cmr.repository.ContentReader;
|
|
import org.alfresco.service.cmr.repository.ContentWriter;
|
|
import org.alfresco.service.cmr.repository.NodeRef;
|
|
import org.alfresco.service.cmr.repository.datatype.DefaultTypeConverter;
|
|
import org.alfresco.service.namespace.QName;
|
|
import org.alfresco.util.TempFileProvider;
|
|
import org.springframework.extensions.surf.util.URLDecoder;
|
|
import org.alfresco.web.app.servlet.BaseServlet;
|
|
import org.alfresco.web.app.servlet.ajax.InvokeCommand;
|
|
import org.alfresco.web.bean.repository.Repository;
|
|
import org.alfresco.util.XMLUtil;
|
|
import org.apache.commons.fileupload.FileItem;
|
|
import org.apache.commons.fileupload.disk.DiskFileItemFactory;
|
|
import org.apache.commons.fileupload.servlet.ServletFileUpload;
|
|
import org.apache.commons.io.FilenameUtils;
|
|
import org.apache.commons.logging.Log;
|
|
import org.apache.commons.logging.LogFactory;
|
|
import org.w3c.dom.Document;
|
|
import org.w3c.dom.Element;
|
|
import org.w3c.dom.Node;
|
|
|
|
/**
|
|
* Bean managing the ajax servlet upload of a multi-part form containing file content
|
|
* to be added at a specific path in the server.
|
|
*
|
|
* @author Kevin Roast
|
|
*/
|
|
public class FileUploadBean implements Serializable
|
|
{
|
|
private static final long serialVersionUID = 4555828718375916674L;
|
|
|
|
private static Log logger = LogFactory.getLog(FileUploadBean.class);
|
|
|
|
/**
|
|
* Ajax method to upload file content. A multi-part form is required as the input.
|
|
*
|
|
* "return-page" = javascript to execute on return from the upload request
|
|
* "currentPath" = the cm:name based server path to upload the content into
|
|
* and the file item content.
|
|
*
|
|
* @throws Exception
|
|
*/
|
|
@InvokeCommand.ResponseMimetype(value=MimetypeMap.MIMETYPE_HTML)
|
|
public void uploadFile() throws Exception
|
|
{
|
|
FacesContext fc = FacesContext.getCurrentInstance();
|
|
ExternalContext externalContext = fc.getExternalContext();
|
|
HttpServletRequest request = (HttpServletRequest)externalContext.getRequest();
|
|
|
|
ServletFileUpload upload = new ServletFileUpload(new DiskFileItemFactory());
|
|
upload.setHeaderEncoding("UTF-8");
|
|
|
|
List<FileItem> fileItems = upload.parseRequest(request);
|
|
FileUploadBean bean = new FileUploadBean();
|
|
String currentPath = null;
|
|
String filename = null;
|
|
String returnPage = null;
|
|
File file = null;
|
|
|
|
for (FileItem item : fileItems)
|
|
{
|
|
if (item.isFormField() && item.getFieldName().equals("return-page"))
|
|
{
|
|
returnPage = item.getString();
|
|
}
|
|
else if (item.isFormField() && item.getFieldName().equals("currentPath"))
|
|
{
|
|
currentPath = URLDecoder.decode(item.getString());
|
|
}
|
|
else
|
|
{
|
|
filename = FilenameUtils.getName(item.getName());
|
|
file = TempFileProvider.createTempFile("alfresco", ".upload");
|
|
item.write(file);
|
|
}
|
|
}
|
|
|
|
if (logger.isDebugEnabled())
|
|
logger.debug("Ajax file upload request: " + filename + " to path: " + currentPath + " return page: " + returnPage);
|
|
|
|
try
|
|
{
|
|
if (file != null && currentPath != null && currentPath.length() != 0)
|
|
{
|
|
NodeRef containerRef = pathToNodeRef(fc, currentPath);
|
|
if (containerRef != null)
|
|
{
|
|
// Guess the mimetype
|
|
String mimetype = Repository.getMimeTypeForFileName(fc, filename);
|
|
|
|
// Now guess the encoding
|
|
String encoding = "UTF-8";
|
|
InputStream is = null;
|
|
try
|
|
{
|
|
is = new BufferedInputStream(new FileInputStream(file));
|
|
encoding = Repository.guessEncoding(fc, is, mimetype);
|
|
}
|
|
catch (Throwable e)
|
|
{
|
|
// Bad as it is, it's not terminal
|
|
logger.error("Failed to guess character encoding of file: " + file, e);
|
|
}
|
|
finally
|
|
{
|
|
if (is != null)
|
|
{
|
|
try { is.close(); } catch (Throwable e) {}
|
|
}
|
|
}
|
|
|
|
// Try and extract metadata from the file
|
|
ContentReader cr = new FileContentReader(file);
|
|
cr.setMimetype(mimetype);
|
|
|
|
// create properties for content type
|
|
String author = null;
|
|
String title = null;
|
|
String description = null;
|
|
Map<QName, Serializable> contentProps = new HashMap<QName, Serializable>(5, 1.0f);
|
|
if (Repository.extractMetadata(fc, cr, contentProps))
|
|
{
|
|
author = (String)(contentProps.get(ContentModel.PROP_AUTHOR));
|
|
title = DefaultTypeConverter.INSTANCE.convert(String.class, contentProps.get(ContentModel.PROP_TITLE));
|
|
description = DefaultTypeConverter.INSTANCE.convert(String.class, contentProps.get(ContentModel.PROP_DESCRIPTION));
|
|
}
|
|
|
|
// default the title to the file name if not set
|
|
if (title == null)
|
|
{
|
|
title = filename;
|
|
}
|
|
|
|
ServiceRegistry services = Repository.getServiceRegistry(fc);
|
|
FileInfo fileInfo = services.getFileFolderService().create(
|
|
containerRef, filename, ContentModel.TYPE_CONTENT);
|
|
NodeRef fileNodeRef = fileInfo.getNodeRef();
|
|
|
|
// set the author aspect
|
|
if (author != null)
|
|
{
|
|
Map<QName, Serializable> authorProps = new HashMap<QName, Serializable>(1, 1.0f);
|
|
authorProps.put(ContentModel.PROP_AUTHOR, author);
|
|
services.getNodeService().addAspect(fileNodeRef, ContentModel.ASPECT_AUTHOR, authorProps);
|
|
}
|
|
|
|
// apply the titled aspect - title and description
|
|
Map<QName, Serializable> titledProps = new HashMap<QName, Serializable>(2, 1.0f);
|
|
titledProps.put(ContentModel.PROP_TITLE, title);
|
|
titledProps.put(ContentModel.PROP_DESCRIPTION, description);
|
|
services.getNodeService().addAspect(fileNodeRef, ContentModel.ASPECT_TITLED, titledProps);
|
|
|
|
// get a writer for the content and put the file
|
|
ContentWriter writer = services.getContentService().getWriter(fileNodeRef, ContentModel.PROP_CONTENT, true);
|
|
writer.setMimetype(mimetype);
|
|
writer.setEncoding(encoding);
|
|
writer.putContent(file);
|
|
}
|
|
}
|
|
}
|
|
catch (Exception e)
|
|
{
|
|
returnPage = returnPage.replace("${UPLOAD_ERROR}", e.getMessage());
|
|
}
|
|
finally
|
|
{
|
|
if(file != null)
|
|
{
|
|
logger.debug("delete temporary file:" + file.getPath());
|
|
// Delete the temporary file
|
|
file.delete();
|
|
}
|
|
}
|
|
|
|
Document result = XMLUtil.newDocument();
|
|
Element htmlEl = result.createElement("html");
|
|
result.appendChild(htmlEl);
|
|
Element bodyEl = result.createElement("body");
|
|
htmlEl.appendChild(bodyEl);
|
|
|
|
Element scriptEl = result.createElement("script");
|
|
bodyEl.appendChild(scriptEl);
|
|
scriptEl.setAttribute("type", "text/javascript");
|
|
Node scriptText = result.createTextNode(returnPage);
|
|
scriptEl.appendChild(scriptText);
|
|
|
|
if (logger.isDebugEnabled())
|
|
{
|
|
logger.debug("File upload request complete.");
|
|
}
|
|
ResponseWriter out = fc.getResponseWriter();
|
|
XMLUtil.print(result, out);
|
|
}
|
|
|
|
static NodeRef pathToNodeRef(FacesContext fc, String path)
|
|
{
|
|
// convert cm:name based path to a NodeRef
|
|
StringTokenizer t = new StringTokenizer(path, "/");
|
|
int tokenCount = t.countTokens();
|
|
String[] elements = new String[tokenCount];
|
|
for (int i=0; i<tokenCount; i++)
|
|
{
|
|
elements[i] = t.nextToken();
|
|
}
|
|
return BaseServlet.resolveWebDAVPath(fc, elements, false);
|
|
}
|
|
}
|