When using the Web messager, prefer to use its capability to apply

parameters on the message instead of using the
LocalizationBundle#getStringWithParams for that.

When building a user notification about the modification or the creation
of a contribution in the different Silverpeas apps, encode for HTML the
title/name and the description of the contribution.

Author: mmoqui

blog/blog-library/src/main/java/org/silverpeas/components/blog/notification/AbstractBlogUserNotification.java

@@ -24,6 +24,7 @@
 
 package org.silverpeas.components.blog.notification;
 
+import org.owasp.encoder.Encode;
 import org.silverpeas.components.blog.model.Category;
 import org.silverpeas.components.blog.model.PostDetail;
 import org.silverpeas.core.admin.user.model.User;
@@ -54,7 +55,7 @@ protected void performTemplateData(final String language, final PostDetail resou
         defaultStringIfNotDefined(getTitle(language), getTitle()),
         "");
     template.setAttribute("blog", resource);
-    template.setAttribute("blogName", resource.getPublication().getName(language));
+    template.setAttribute("blogName", Encode.forHtml(resource.getPublication().getName(language)));
     template.setAttribute("blogDate", DateUtil.getOutputDate(resource.getDateEvent(), language));
     final Category categorie = resource.getCategory();
     String categorieName = null;

blog/blog-library/src/main/java/org/silverpeas/components/blog/notification/BlogUserSubscriptionNotification.java

@@ -23,6 +23,7 @@
  */
 package org.silverpeas.components.blog.notification;
 
+import org.owasp.encoder.Encode;
 import org.silverpeas.components.blog.model.PostDetail;
 import org.silverpeas.core.admin.user.model.UserDetail;
 import org.silverpeas.core.comment.model.Comment;
@@ -89,16 +90,11 @@ protected void performTemplateData(final String language, final PostDetail resou
     template.setAttribute("comment", comment);
     String commentMessage = null;
     if (comment != null) {
-      commentMessage = comment.getMessage();
+      commentMessage = Encode.forHtml(comment.getMessage());
     }
     template.setAttribute("commentMessage", commentMessage);
   }
 
-  @Override
-  protected boolean stopWhenNoUserToNotify() {
-    return true;
-  }
-
   @Override
   protected NotifAction getAction() {
     return action;

classifieds/classifieds-library/src/main/java/org/silverpeas/components/classifieds/notification/AbstractClassifiedUserNotification.java

@@ -23,6 +23,7 @@
  */
 package org.silverpeas.components.classifieds.notification;
 
+import org.owasp.encoder.Encode;
 import org.silverpeas.components.classifieds.ClassifiedUtil;
 import org.silverpeas.components.classifieds.model.ClassifiedDetail;
 import org.silverpeas.core.admin.user.model.User;
@@ -55,7 +56,7 @@ protected void performTemplateData(final String language, final ClassifiedDetail
       final SilverpeasTemplate template) {
     getNotificationMetaData().addLanguage(language, getTitle(), "");
     template.setAttribute("classified", resource);
-    template.setAttribute("classifiedName", resource.getTitle());
+    template.setAttribute("classifiedName", Encode.forHtml(resource.getTitle()));
     template.setAttribute("senderName", User.getById(getSender()).getDisplayedName());
   }
 

classifieds/classifieds-library/src/main/java/org/silverpeas/components/classifieds/notification/ClassifiedValidationUserNotification.java

@@ -26,6 +26,7 @@
 import java.util.Collection;
 import java.util.Collections;
 
+import org.owasp.encoder.Encode;
 import org.silverpeas.components.classifieds.model.ClassifiedDetail;
 import org.silverpeas.core.template.SilverpeasTemplate;
 import org.silverpeas.core.notification.user.client.constant.NotifAction;
@@ -78,7 +79,7 @@ protected void perform(final ClassifiedDetail resource) {
   protected void performTemplateData(final String language, final ClassifiedDetail resource,
       final SilverpeasTemplate template) {
     super.performTemplateData(language, resource, template);
-    template.setAttribute("refusalMotive", refusalMotive);
+    template.setAttribute("refusalMotive", Encode.forHtml(refusalMotive));
   }
 
   @Override

community/community-war/src/main/java/org/silverpeas/components/community/CommunityWebManager.java

@@ -311,7 +311,7 @@ private String getSpaceName(final CommunityOfUsers community) {
    */
   private void successMessage(String messageKey, Object... params) {
     final String userLanguage = getUserLanguage();
-    getMessager().addSuccess(getMessagesIn(userLanguage).getStringWithParams(messageKey, params));
+    getMessager().addSuccess(getMessagesIn(userLanguage).getString(messageKey), params);
   }
 
   private String getUserLanguage() {

delegatednews/delegatednews-library/src/main/java/org/silverpeas/components/delegatednews/notification/AbstractDelegatedNewsUserNotification.java

@@ -24,6 +24,7 @@
 
 package org.silverpeas.components.delegatednews.notification;
 
+import org.owasp.encoder.Encode;
 import org.silverpeas.components.delegatednews.model.DelegatedNews;
 import org.silverpeas.core.admin.user.model.User;
 import org.silverpeas.core.contribution.publication.model.PublicationDetail;
@@ -55,7 +56,7 @@ protected void performTemplateData(final String language, final DelegatedNews re
     final String title = defaultStringIfNotDefined(getTitle(language), getTitle());
     getNotificationMetaData().addLanguage(language, title, "");
     template.setAttribute("publicationId", publication.getId());
-    template.setAttribute("publicationName", publication.getName(language));
+    template.setAttribute("publicationName", Encode.forHtml(publication.getName(language)));
     template.setAttribute("senderName", (user != null ? user.getDisplayedName() : ""));
   }
 

delegatednews/delegatednews-library/src/main/java/org/silverpeas/components/delegatednews/notification/DelegatedNewsDeniedNotification.java

@@ -23,14 +23,15 @@
  */
 package org.silverpeas.components.delegatednews.notification;
 
+import org.owasp.encoder.Encode;
 import org.silverpeas.components.delegatednews.model.DelegatedNews;
 import org.silverpeas.core.admin.user.model.User;
 import org.silverpeas.core.notification.user.client.constant.NotifAction;
 import org.silverpeas.core.template.SilverpeasTemplate;
 
 public class DelegatedNewsDeniedNotification extends AbstractDelegatedNewsUserNotification {
 
-  private String reasonForRefusal;
+  private final String reasonForRefusal;
 
   public DelegatedNewsDeniedNotification(final DelegatedNews delegatedNews, final User user,
       String reasonForRefusal) {
@@ -63,6 +64,6 @@ protected void perform(final DelegatedNews resource) {
   protected void performTemplateData(final String language, final DelegatedNews resource,
       final SilverpeasTemplate template) {
     super.performTemplateData(language, resource, template);
-    template.setAttribute("refusalMotive", reasonForRefusal);
+    template.setAttribute("refusalMotive", Encode.forHtml(reasonForRefusal));
   }
 }

formsOnline/formsOnline-library/src/main/java/org/silverpeas/components/formsonline/notification/FormsOnlineValidationRequestUserNotification.java

@@ -23,6 +23,7 @@
  */
 package org.silverpeas.components.formsonline.notification;
 
+import org.owasp.encoder.Encode;
 import org.silverpeas.components.formsonline.model.FormInstance;
 import org.silverpeas.core.notification.user.client.constant.NotifAction;
 import org.silverpeas.core.template.SilverpeasTemplate;
@@ -79,7 +80,7 @@ protected void performTemplateData(final String language, final FormInstance res
       final SilverpeasTemplate template) {
     super.performTemplateData(language, resource, template);
     getResource().getValidations().getLatestValidation()
-        .ifPresent(v -> template.setAttribute("comment", v.getComment()));
+        .ifPresent(v -> template.setAttribute("comment", Encode.forHtml(v.getComment())));
   }
 
   @Override

forums/forums-library/src/main/java/org/silverpeas/components/forums/notification/AbstractForumsForumUserNotification.java

@@ -23,6 +23,7 @@
  */
 package org.silverpeas.components.forums.notification;
 
+import org.owasp.encoder.Encode;
 import org.silverpeas.components.forums.model.ForumDetail;
 import org.silverpeas.core.notification.user.client.constant.NotifAction;
 import org.silverpeas.core.notification.user.model.NotificationResourceData;
@@ -32,18 +33,14 @@
 import java.util.MissingResourceException;
 
 /**
- * User: Yohann Chastagnier
+ * @author Yohann Chastagnier
  * Date: 10/06/13
  */
 public abstract class AbstractForumsForumUserNotification
     extends AbstractForumsUserNotification<ForumDetail> {
 
-  private NotifAction action = null;
+  private final NotifAction action;
 
-  /**
-   * Default constructor.
-   * @param resource
-   */
   public AbstractForumsForumUserNotification(final ForumDetail resource, final NotifAction action) {
     super(resource);
     this.action = action;
@@ -66,7 +63,7 @@ protected void performTemplateData(final String language, final ForumDetail reso
       title = getTitle();
     }
     getNotificationMetaData().addLanguage(language, title, "");
-    template.setAttribute("title", resource.getName());
+    template.setAttribute("title", Encode.forHtml(resource.getName()));
   }
 
   @Override

forums/forums-library/src/main/java/org/silverpeas/components/forums/notification/AbstractForumsMessageUserNotification.java

@@ -23,6 +23,7 @@
  */
 package org.silverpeas.components.forums.notification;
 
+import org.owasp.encoder.Encode;
 import org.silverpeas.components.forums.model.Message;
 import org.silverpeas.core.notification.user.client.constant.NotifAction;
 import org.silverpeas.core.notification.user.model.NotificationResourceData;
@@ -35,25 +36,18 @@
 import java.util.MissingResourceException;
 
 /**
- * User: Yohann Chastagnier
+ * @author Yohann Chastagnier
  * Date: 10/06/13
  */
 public abstract class AbstractForumsMessageUserNotification
     extends AbstractForumsUserNotification<Message> {
 
   private NotifAction action = null;
 
-  /**
-   * @param resource
-   */
   public AbstractForumsMessageUserNotification(final Message resource) {
     super(resource);
   }
 
-  /**
-   * @param resource
-   * @param action
-   */
   public AbstractForumsMessageUserNotification(final Message resource, final NotifAction action) {
     super(resource);
     this.action = action;
@@ -71,8 +65,8 @@ protected void performTemplateData(final String language, final Message resource
     }
     getNotificationMetaData().addLanguage(language, title, "");
     template.setAttribute("isSubject", resource.isSubject());
-    template.setAttribute("title", resource.getTitle());
-    template.setAttribute("text", resource.getText());
+    template.setAttribute("title", Encode.forHtml(resource.getTitle()));
+    template.setAttribute("text", Encode.forHtml(resource.getText()));
     template.setAttribute("originTitle", getForumsService()
         .getMessageTitle(getForumsService().getMessageParentId(getResource().getId())));
   }
@@ -82,7 +76,7 @@ protected void performNotificationResource(final String language, final Message
       final NotificationResourceData notificationResourceData) {
     notificationResourceData.setFeminineGender(false);
     notificationResourceData.setResourceId(resource.getId());
-    notificationResourceData.setResourceType(resource.getResourceType());
+    notificationResourceData.setResourceType(Message.getResourceType());
     notificationResourceData.setResourceName(resource.getTitle());
   }
 
@@ -107,7 +101,7 @@ protected String getResourceURL(final Message resource) {
 
   /**
    * Gets the bundle key prefix according to the resource if it is a subject or a message.
-   * @return
+   * @return the bundle key prefix
    */
   protected String getNotificationBundleKeyPrefix() {
     StringBuilder bundleKeyPrefix = new StringBuilder("forums.");