Bug #13891: fixing security management into website component.

Author: SilverYoCha

webSites/webSites-war/src/main/webapp/webSites/jsp/addPage.jsp

@@ -200,7 +200,15 @@ else if (action.equals("verif")) { //vient de addPage
       <HEAD>
       <script type="text/javascript">
           function verifServer(path, name, nameSite, id) {
-              window.opener.location.replace("verifAjoutPage.jsp?Path="+URLENCODE(path)+"&nomPage="+URLENCODE(name)+"&nameSite="+URLENCODE(nameSite)+"&id="+id);
+              window.opener.sp.formRequest("verifAjoutPage.jsp")
+                  .withParams({
+                    'Path' : path,
+                    'nomPage' : name,
+                    'nameSite' : nameSite,
+                    'id' : id
+                  })
+                  .byPostMethod()
+                  .submit();
               window.close();
           }
       </script>
@@ -216,6 +224,7 @@ else if (action.equals("addPage")) { //vient de verifAjoutPage
 
     //SERVER OK, AJOUT PAGE
     String name = (String) request.getParameter("nomPage"); //vient de verifAjoutPage
+    String code = "<HTML><HEAD></HEAD><BODY></BODY></HTML>";
     /* Creer une nouvelle page sur le serveur */
     scc.createFile(path, name, code);
 %>
@@ -237,10 +246,4 @@ else if (action.equals("addPage")) { //vient de verifAjoutPage
 
 }
 
-%>
-
-	<script type="text/javascript">
-       function URLENCODE(URL){
-         return encodeURIComponent(URL);
-        }
-	</script>
+%>

webSites/webSites-war/src/main/webapp/webSites/jsp/addRep.jsp

@@ -170,7 +170,15 @@ else if (action.equals("Add")) {
 <head>
 <script type="text/javascript">
 function verifServer(id, path, name) {
-  window.opener.location.replace("verif.jsp?Action=addFolder&Id="+id+"&Path="+path+"&name="+name);
+  window.opener.sp.formRequest("verif.jsp")
+      .withParams({
+        'Action' : 'addFolder',
+        'Id' : id,
+        'Path' : path,
+        'name' : name
+      })
+      .byPostMethod()
+      .submit();
   window.close();
 }
 </script>

webSites/webSites-war/src/main/webapp/webSites/jsp/design.jsp

@@ -108,6 +108,10 @@ function URLENCODE(URL){
   return encodeURIComponent(URL);
 }
 
+function openWindow(url, name) {
+  return SP_openWindow(url, name, 700, 200, "directories=0,menubar=0,toolbar=0,alwaysRaised");
+}
+
 /**********************************************/
 
 function B_RETOUR_ONCLICK() {
@@ -143,10 +147,14 @@ function folderAdd(id, path) {
         window.pageAddWindow.close();
     }
 
-    url = "addRep.jsp?Id="+id+"&Path="+path+"&Action=View";
-    windowName = "repAddWindow";
-    windowParams = "directories=0,menubar=0,toolbar=0,height=200,width=700,alwaysRaised";
-    repAddWindow = open(url, windowName, windowParams, false);
+    repAddWindow = openWindow({
+      url : 'addRep.jsp',
+      params : {
+        'Id' : id,
+        'Path' : path,
+        'Action' : 'View'
+      }
+    }, "repAddWindow");
 }
 
 /**********************************************/
@@ -166,10 +174,15 @@ function pageAdd(path, nomsite) {
     if (window.pageAddWindow != null) {
         window.pageAddWindow.close();
     }
-    url = "addPage.jsp?Action=View&Path="+URLENCODE(path)+"&nameSite="+URLENCODE(nomsite)+"&id=<%=id%>";
-    windowName = "pageAddWindow";
-    windowParams = "directories=0,menubar=0,toolbar=0,height=200,width=700,alwaysRaised";
-    pageAddWindow = open(url, windowName, windowParams, false);
+    pageAddWindow = openWindow({
+      url : 'addPage.jsp',
+      params : {
+        'id' : '<%=id%>',
+        'Path' : path,
+        'Action' : 'View',
+        'nameSite' : nomsite
+      }
+    }, "pageAddWindow");
 }
 
 /**********************************************/
@@ -185,10 +198,12 @@ function uploadFile(path) {
     if (window.pageAddWindow != null)
         window.pageAddWindow.close();
 
-    url = "uploadFile.jsp?Path="+URLENCODE(path);
-    windowName = "uploadFileWindow";
-    windowParams = "directories=0,menubar=0,toolbar=0,height=200,width=700,alwaysRaised";
-    uploadFileWindow = open(url, windowName, windowParams, false);
+    uploadFileWindow = openWindow({
+      url : 'uploadFile.jsp',
+      params : {
+        'Path' : path
+      }
+    }, "uploadFileWindow");
 }
 
 
@@ -206,10 +221,15 @@ function renameFolder(id, path, name) {
     if (window.pageAddWindow != null)
         window.pageAddWindow.close();
 
-    url = "updateRep.jsp?Id="+id+"&Path="+path+"&Action=View&Name="+name;
-    windowName = "repUpdateWindow";
-    windowParams = "directories=0,menubar=0,toolbar=0,height=200,width=700,alwaysRaised";
-    repUpdateWindow = open(url, windowName, windowParams, false);
+    repUpdateWindow = openWindow({
+      url : 'updateRep.jsp',
+      params : {
+        'Id' : id,
+        'Path' : path,
+        'Action' : 'View',
+        'Name' : name
+      }
+    }, "repUpdateWindow");
 }
 
 /**********************************************/
@@ -266,10 +286,15 @@ function renamePage(id, path, name) {
     if (window.pageAddWindow != null)
         window.pageAddWindow.close();
 
-    url = "updatePage.jsp?Id="+id+"&Path="+path+"&Action=View&Name="+name;
-    windowName = "pageUpdateWindow";
-    windowParams = "directories=0,menubar=0,toolbar=0,height=200,width=700,alwaysRaised";
-    pageUpdateWindow = open(url, windowName, windowParams, false);
+    pageUpdateWindow = openWindow({
+      url : 'updatePage.jsp',
+      params : {
+        'Id' : id,
+        'Path' : path,
+        'Action' : 'View',
+        'Name' : name
+      }
+    }, "pageUpdateWindow");
 
 }
 

webSites/webSites-war/src/main/webapp/webSites/jsp/organize.jsp

@@ -151,12 +151,18 @@ function topicAdd(fatherId) {
         topicAddWindow.close();
 
     path = document.liste.Path.value;
-    url = "addTopic.jsp?Id="+fatherId+"&Path="+breakSpace(path)+"&Action=View";
     windowName = "topicAddWindow";
     larg = "670";
     haut = "270";
     windowParams = "directories=0,menubar=0,toolbar=0,alwaysRaised";
-    topicAddWindow = SP_openWindow(url, windowName, larg , haut, windowParams);
+    topicAddWindow = SP_openWindow({
+      url : 'addTopic.jsp',
+      params : {
+        'Id' : fatherId,
+        'Path' : path,
+        'Action' : 'View'
+      }
+    }, windowName, larg , haut, windowParams);
 }
 
 /***************************************************************************/
@@ -167,12 +173,17 @@ function topicUpdate(id) {
 
     document.liste.ChildId.value = id;
     path = document.liste.Path.value;
-    url = "updateTopic.jsp?ChildId="+id+"&Path="+breakSpace(path);
     windowName = "topicUpdateWindow";
     larg = "670";
     haut = "270";
     windowParams = "directories=0,menubar=0,toolbar=0, alwaysRaised";
-    topicUpdateWindow = SP_openWindow(url, windowName, larg , haut, windowParams);
+    topicUpdateWindow = SP_openWindow({
+      url : 'updateTopic.jsp',
+      params : {
+        'ChildId' : id,
+        'Path' : path
+      }
+    }, windowName, larg , haut, windowParams);
 }
 
 /***************************************************************************/

webSites/webSites-war/src/main/webapp/webSites/jsp/updatePage.jsp

@@ -182,7 +182,16 @@ function sendData() {
       <HEAD>
       <script language="Javascript">
           function verifServer(id, path, name, newname) {
-                window.opener.location.replace("verif.jsp?Action=renamePage&Id="+id+"&Path="+path+"&name="+name+"&newName="+newname);
+                window.opener.sp.formRequest("verif.jsp")
+                    .withParams({
+                      'Action' : 'renamePage',
+                      'Id' : id,
+                      'Path' : path,
+                      'name' : name,
+                      'newName' : newname
+                    })
+                    .byPostMethod()
+                    .submit();
               window.close();
           }
       </script>

webSites/webSites-war/src/main/webapp/webSites/jsp/updateRep.jsp

@@ -199,7 +199,16 @@ else if (action.equals("Update")) {
       <HEAD>
       <script language="Javascript">
           function verifServer(id, path, name, newname) {
-                window.opener.location.replace("verif.jsp?Action=renameFolder&Id="+id+"&Path="+path+"&name="+name+"&newName="+newname);
+                window.opener.sp.formRequest("verif.jsp")
+                    .withParams({
+                      'Action' : 'renameFolder',
+                      'Id' : id,
+                      'Path' : path,
+                      'name' : name,
+                      'newName' : newname,
+                    })
+                    .byPostMethod()
+                    .submit();
               window.close();
           }
       </script>

webSites/webSites-war/src/main/webapp/webSites/jsp/verif.jsp

@@ -31,6 +31,7 @@
 <%@ page import="org.silverpeas.core.web.util.viewgenerator.html.frame.Frame" %>
 <%@ page import="org.silverpeas.core.web.util.viewgenerator.html.window.Window" %>
 <%@ page import="org.silverpeas.core.web.http.HttpRequest" %>
+<%@ page import="org.silverpeas.core.web.token.SynchronizerTokenService" %>
 <%@page contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
 <%@ taglib uri="http://www.silverpeas.com/tld/viewGenerator" prefix="view"%>
 <%
@@ -74,6 +75,8 @@ response.setDateHeader ("Expires",-1); //prevents caching at the proxy server
 
                     "<BODY bgcolor=\"white\" topmargin=\"15\" leftmargin=\"20\" onLoad=\"submit_form('"+rep+"')\">"+
                     "<form name=\"verification\" action=\"design.jsp\" method=\"POST\">"+
+                    "<input type=\"hidden\" name=\"" + SynchronizerTokenService.SESSION_TOKEN_KEY + "\" value=\""+request.getParameter(SynchronizerTokenService.SESSION_TOKEN_KEY)+"\">"+
+                    "<input type=\"hidden\" name=\"" + SynchronizerTokenService.NAVIGATION_TOKEN_KEY + "\" value=\""+request.getParameter(SynchronizerTokenService.NAVIGATION_TOKEN_KEY)+"\">"+
                     "<input type=\"hidden\" name=\"Action\" value=\""+action+"\">"+
                     "<input type=\"hidden\" name=\"Id\" value=\""+id+"\">"+
                     "<input type=\"hidden\" name=\"Path\" value=\""+currentPath+"\">"+

webSites/webSites-war/src/main/webapp/webSites/jsp/verifAjoutPage.jsp

@@ -2,7 +2,8 @@
 <%@ page import="org.silverpeas.core.web.util.viewgenerator.html.GraphicElementFactory" %>
 <%@ page import="org.silverpeas.core.web.util.viewgenerator.html.tabs.TabbedPane" %>
 <%@ page import="org.silverpeas.core.web.util.viewgenerator.html.window.Window" %>
-<%@ page import="org.silverpeas.core.web.http.HttpRequest" %><%--
+<%@ page import="org.silverpeas.core.web.http.HttpRequest" %>
+<%@ page import="org.silverpeas.core.web.token.SynchronizerTokenService" %><%--
 
     Copyright (C) 2000 - 2022 Silverpeas
 
@@ -67,6 +68,8 @@ response.setDateHeader ("Expires",-1); //prevents caching at the proxy server
 
                     "<BODY bgcolor=\"white\" topmargin=\"15\" leftmargin=\"20\" onLoad=\"submit_form('"+rep+"')\">"+
                     "<form name=\"verification\" action=\"addPage.jsp\" method=\"POST\">"+
+                    "<input type=\"hidden\" name=\"" + SynchronizerTokenService.SESSION_TOKEN_KEY + "\" value=\""+request.getParameter(SynchronizerTokenService.SESSION_TOKEN_KEY)+"\">"+
+                    "<input type=\"hidden\" name=\"" + SynchronizerTokenService.NAVIGATION_TOKEN_KEY + "\" value=\""+request.getParameter(SynchronizerTokenService.NAVIGATION_TOKEN_KEY)+"\">"+
                     "<input type=\"hidden\" name=\"Action\" value=\""+action+"\">"+
                     "<input type=\"hidden\" name=\"Path\" value=\""+currentPath+"\">"+
                     "<input type=\"hidden\" name=\"nomPage\" value=\""+nomPage+"\">"+