Skip to content

Commit a5afcb9

Browse files
committed
security #token : Use HttpRequest instead of HttServletRequest and FileUploadUtil in order to use a more advanced methods provided by the HttpRequest class, in particular the methods about the fetching of FileItem objects coming from a mutlipart stream
1 parent 10a6259 commit a5afcb9

File tree

79 files changed

+413
-371
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

79 files changed

+413
-371
lines changed

almanach/almanach-war/src/main/java/com/stratelia/webactiv/almanach/servlets/AlmanachRequestRouter.java

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -39,6 +39,7 @@
3939
import com.stratelia.webactiv.util.GeneralPropertiesManager;
4040
import com.stratelia.webactiv.util.ResourceLocator;
4141
import org.silverpeas.calendar.CalendarViewType;
42+
import org.silverpeas.servlet.HttpRequest;
4243
import org.silverpeas.upload.FileUploadManager;
4344
import org.silverpeas.upload.UploadedFile;
4445

@@ -87,6 +88,7 @@ private void setGlobalInfo(AlmanachSessionController almanach,
8788
* This method has to be implemented by the component request Router it has to compute a
8889
* destination page
8990
*
91+
*
9092
* @param function The entering request function (ex : "Main.jsp")
9193
* @param almanach The component Session Control, build and initialised.
9294
* @param request The entering request. The request Router need it to get parameters
@@ -95,7 +97,7 @@ private void setGlobalInfo(AlmanachSessionController almanach,
9597
*/
9698
@Override
9799
public String getDestination(String function, AlmanachSessionController almanach,
98-
HttpServletRequest request) {
100+
HttpRequest request) {
99101

100102
SilverTrace.info("almanach", "AlmanachRequestRouter.getDestination()",
101103
"root.MSG_GEN_ENTER_METHOD");

blog/blog-war/src/main/java/com/silverpeas/blog/servlets/BlogRequestRouter.java

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,6 @@
2525
import com.silverpeas.blog.model.PostDetail;
2626
import com.silverpeas.pdc.web.PdcClassificationEntity;
2727
import com.silverpeas.util.StringUtil;
28-
import com.silverpeas.util.web.servlet.FileUploadUtil;
2928
import com.stratelia.silverpeas.peasCore.ComponentContext;
3029
import com.stratelia.silverpeas.peasCore.MainSessionController;
3130
import com.stratelia.silverpeas.peasCore.servlets.ComponentRequestRouter;
@@ -39,9 +38,9 @@
3938
import java.util.ArrayList;
4039
import java.util.Collection;
4140
import java.util.Date;
42-
import java.util.List;
4341
import javax.servlet.http.HttpServletRequest;
4442
import org.apache.commons.fileupload.FileItem;
43+
import org.silverpeas.servlet.HttpRequest;
4544

4645
public class BlogRequestRouter extends ComponentRequestRouter<BlogSessionController> {
4746

@@ -88,14 +87,16 @@ public String getFlag(String[] profiles) {
8887
* This method has to be implemented by the component request rooter it has to compute a
8988
* destination page
9089
*
90+
*
9191
* @param function The entering request function (ex : "Main.jsp")
9292
* @param blogSC The component Session Control, build and initialised.
93+
* @param request
9394
* @return The complete destination URL for a forward (ex :
9495
* "/almanach/jsp/almanach.jsp?flag=user")
9596
*/
9697
@Override
9798
public String getDestination(String function, BlogSessionController blogSC,
98-
HttpServletRequest request) {
99+
HttpRequest request) {
99100
String destination = "";
100101
SilverTrace.info("blog", "BlogRequestRouter.getDestination()", "root.MSG_GEN_PARAM_VALUE",
101102
"User=" + blogSC.getUserId() + " Function=" + function);
@@ -394,11 +395,10 @@ public String getDestination(String function, BlogSessionController blogSC,
394395
request.setAttribute("PostId", postId);
395396
destination = getDestination("ViewPost", blogSC, request);
396397
} else if (function.equals("Customize")) {
397-
List<FileItem> items = FileUploadUtil.parseRequest(request);
398-
String removeWallPaperFile = FileUploadUtil.getParameter(items, "removeWallPaperFile");
399-
String removeStyleSheetFile = FileUploadUtil.getParameter(items, "removeStyleSheetFile");
400-
FileItem fileWallPaper = FileUploadUtil.getFile(items, "wallPaper");
401-
FileItem fileStyleSheet = FileUploadUtil.getFile(items, "styleSheet");
398+
String removeWallPaperFile = request.getParameter("removeWallPaperFile");
399+
String removeStyleSheetFile = request.getParameter("removeStyleSheetFile");
400+
FileItem fileWallPaper = request.getFile("wallPaper");
401+
FileItem fileStyleSheet = request.getFile("styleSheet");
402402

403403
if (fileWallPaper != null && StringUtil.isDefined(fileWallPaper.getName())) {//Update
404404
blogSC.saveWallPaperFile(fileWallPaper);

chat/chat-war/src/main/java/com/stratelia/silverpeas/chat/servlets/ChatRequestRouter.java

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -30,8 +30,8 @@
3030
import com.stratelia.silverpeas.peasCore.servlets.ComponentRequestRouter;
3131
import com.stratelia.silverpeas.silvertrace.SilverTrace;
3232
import jChatBox.Chat.ChatroomManager;
33+
import org.silverpeas.servlet.HttpRequest;
3334

34-
import javax.servlet.http.HttpServletRequest;
3535
import java.util.Vector;
3636

3737
public class ChatRequestRouter extends ComponentRequestRouter<ChatSessionController> {
@@ -66,7 +66,7 @@ public ChatSessionController createComponentSessionController(
6666
}
6767

6868
public String getDestination(String function,
69-
ChatSessionController chatSC, HttpServletRequest request) {
69+
ChatSessionController chatSC, HttpRequest request) {
7070
SilverTrace.debug("chat", "ChatRequestRouter.getDestination()",
7171
"root.MSG_GEN_ENTER_METHOD", "function = " + function);
7272

classifieds/classifieds-war/src/main/java/com/silverpeas/classifieds/servlets/ClassifiedsRequestRouter.java

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,8 @@
3131
import com.stratelia.silverpeas.peasCore.MainSessionController;
3232
import com.stratelia.silverpeas.peasCore.servlets.ComponentRequestRouter;
3333
import com.stratelia.silverpeas.silvertrace.SilverTrace;
34+
import org.silverpeas.servlet.HttpRequest;
35+
3436
import javax.servlet.http.HttpServletRequest;
3537

3638
public class ClassifiedsRequestRouter extends ComponentRequestRouter<ClassifiedsSessionController> {
@@ -64,13 +66,15 @@ public ClassifiedsSessionController createComponentSessionController(
6466
* This method has to be implemented by the component request rooter it has to compute a
6567
* destination page
6668
*
69+
*
6770
* @param function The entering request function (ex : "Main.jsp")
6871
* @param classifiedsSC The component Session Control, build and initialised.
72+
* @param request
6973
* @return The complete destination URL for a forward (ex : "/almanach/jsp/almanach.jsp?flag=user")
7074
*/
7175
@Override
7276
public String getDestination(String function, ClassifiedsSessionController classifiedsSC,
73-
HttpServletRequest request) {
77+
HttpRequest request) {
7478
String destination = "";
7579
String rootDest = "/classifieds/jsp/";
7680
SilverTrace.info("classifieds", "classifiedsRequestRouter.getDestination()",

classifieds/classifieds-war/src/main/java/com/silverpeas/classifieds/servlets/FunctionHandler.java

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,7 @@
3333
import com.silverpeas.publicationTemplate.PublicationTemplateImpl;
3434
import com.silverpeas.publicationTemplate.PublicationTemplateManager;
3535
import com.silverpeas.util.StringUtil;
36+
import org.silverpeas.servlet.HttpRequest;
3637

3738
/**
3839
* A functio handler is associated to a peas function and is called by the request router when this
@@ -42,7 +43,7 @@ public abstract class FunctionHandler {
4243

4344
protected static final String ROOT_DESTINATION = "/classifieds/jsp/";
4445

45-
public String computeDestination(ClassifiedsSessionController session, HttpServletRequest request) {
46+
public String computeDestination(ClassifiedsSessionController session, HttpRequest request) {
4647
try {
4748
String destination = getDestination(session, request);
4849
if (destination.startsWith("/")) {
@@ -60,11 +61,10 @@ public String computeDestination(ClassifiedsSessionController session, HttpServl
6061

6162
/**
6263
* Process the request and returns the response url.
63-
* @param function the user request name
6464
* @param request the user request params
6565
* @param session the user request context
6666
*/
67-
public abstract String getDestination(ClassifiedsSessionController session, HttpServletRequest request) throws Exception;
67+
public abstract String getDestination(ClassifiedsSessionController session, HttpRequest request) throws Exception;
6868

6969
/**
7070
* Gets the template of the publication based on the classified XML form.
@@ -95,7 +95,7 @@ private PublicationTemplateManager getPublicationTemplateManager() {
9595
return PublicationTemplateManager.getInstance();
9696
}
9797

98-
protected boolean isAnonymousAccess(HttpServletRequest request) {
98+
protected boolean isAnonymousAccess(HttpRequest request) {
9999
LookHelper lookHelper = (LookHelper) request.getSession().getAttribute(LookHelper.SESSION_ATT);
100100
if (lookHelper != null) {
101101
return lookHelper.isAnonymousAccess();

classifieds/classifieds-war/src/main/java/com/silverpeas/classifieds/servlets/handler/ClassifiedCreationFormHandler.java

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@
88
import com.silverpeas.form.Form;
99
import com.silverpeas.form.RecordSet;
1010
import com.silverpeas.publicationTemplate.PublicationTemplate;
11+
import org.silverpeas.servlet.HttpRequest;
1112

1213
/**
1314
* Use Case : for all users, show all adds of given category
@@ -17,7 +18,7 @@ public class ClassifiedCreationFormHandler extends FunctionHandler {
1718

1819
@Override
1920
public String getDestination(ClassifiedsSessionController classifiedsSC,
20-
HttpServletRequest request) throws Exception {
21+
HttpRequest request) throws Exception {
2122

2223
// Retrieves parameters
2324
String fieldKey = request.getParameter("FieldKey");

classifieds/classifieds-war/src/main/java/com/silverpeas/classifieds/servlets/handler/ClassifiedCreationHandler.java

Lines changed: 14 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -4,8 +4,6 @@
44
import java.util.Collection;
55
import java.util.List;
66

7-
import javax.servlet.http.HttpServletRequest;
8-
97
import org.apache.commons.fileupload.FileItem;
108

119
import com.silverpeas.classifieds.control.ClassifiedsRole;
@@ -18,7 +16,7 @@
1816
import com.silverpeas.form.RecordSet;
1917
import com.silverpeas.publicationTemplate.PublicationTemplate;
2018
import com.silverpeas.util.StringUtil;
21-
import com.silverpeas.util.web.servlet.FileUploadUtil;
19+
import org.silverpeas.servlet.HttpRequest;
2220

2321
/**
2422
* Use Case : for all users, show all adds of given category
@@ -28,21 +26,22 @@ public class ClassifiedCreationHandler extends FunctionHandler {
2826

2927
@Override
3028
public String getDestination(ClassifiedsSessionController classifiedsSC,
31-
HttpServletRequest request) throws Exception {
29+
HttpRequest request) throws Exception {
3230

3331
ClassifiedsRole highestRole = (isAnonymousAccess(request)) ? ClassifiedsRole.ANONYMOUS : ClassifiedsRole.getRole(classifiedsSC.getUserRoles());
3432

35-
if (FileUploadUtil.isRequestMultipart(request)) {
36-
// Retrieves parameters
37-
List<FileItem> items = FileUploadUtil.parseRequest(request);
38-
String title = FileUploadUtil.getParameter(items, "Title");
39-
String description = FileUploadUtil.getParameter(items, "Description");
40-
String price = FileUploadUtil.getParameter(items, "Price");
41-
FileItem fileImage1 = FileUploadUtil.getFile(items, "Image1");
42-
FileItem fileImage2 = FileUploadUtil.getFile(items, "Image2");
43-
FileItem fileImage3 = FileUploadUtil.getFile(items, "Image3");
44-
FileItem fileImage4 = FileUploadUtil.getFile(items, "Image4");
45-
33+
34+
if (request.isContentInMultipart()) {
35+
// Retrieves parameters from the multipart stream
36+
List<FileItem> items = request.getFileItems();
37+
String title = request.getParameter("Title");
38+
String description = request.getParameter("Description");
39+
String price = request.getParameter("Price");
40+
FileItem fileImage1 = request.getFile("Image1");
41+
FileItem fileImage2 = request.getFile("Image2");
42+
FileItem fileImage3 = request.getFile("Image3");
43+
FileItem fileImage4 = request.getFile("Image4");
44+
4645
//Classified
4746
ClassifiedDetail classified = new ClassifiedDetail(title, description);
4847
if (price != null && ! price.isEmpty()) {

classifieds/classifieds-war/src/main/java/com/silverpeas/classifieds/servlets/handler/ClassifiedDeleteHandler.java

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@
44

55
import com.silverpeas.classifieds.control.ClassifiedsSessionController;
66
import com.silverpeas.classifieds.servlets.FunctionHandler;
7+
import org.silverpeas.servlet.HttpRequest;
78

89
/**
910
* Use Case : for all users, show all adds of given category
@@ -13,7 +14,7 @@ public class ClassifiedDeleteHandler extends FunctionHandler {
1314

1415
@Override
1516
public String getDestination(ClassifiedsSessionController classifiedsSC,
16-
HttpServletRequest request) throws Exception {
17+
HttpRequest request) throws Exception {
1718

1819
// Retrieves parameters
1920
String classifiedId = request.getParameter("ClassifiedId");

classifieds/classifieds-war/src/main/java/com/silverpeas/classifieds/servlets/handler/ClassifiedRefuseHandler.java

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@
44

55
import com.silverpeas.classifieds.control.ClassifiedsSessionController;
66
import com.silverpeas.classifieds.servlets.FunctionHandler;
7+
import org.silverpeas.servlet.HttpRequest;
78

89
/**
910
* Use Case : for all users, show all adds of given category
@@ -13,7 +14,7 @@ public class ClassifiedRefuseHandler extends FunctionHandler {
1314

1415
@Override
1516
public String getDestination(ClassifiedsSessionController classifiedsSC,
16-
HttpServletRequest request) throws Exception {
17+
HttpRequest request) throws Exception {
1718

1819
// retrieves parameters
1920
String motive = request.getParameter("Motive");

classifieds/classifieds-war/src/main/java/com/silverpeas/classifieds/servlets/handler/ClassifiedUpdateFormHandler.java

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@
99
import com.silverpeas.form.Form;
1010
import com.silverpeas.form.RecordSet;
1111
import com.silverpeas.publicationTemplate.PublicationTemplate;
12+
import org.silverpeas.servlet.HttpRequest;
1213

1314
/**
1415
* Use Case : for all users, show all adds of given category
@@ -18,7 +19,7 @@ public class ClassifiedUpdateFormHandler extends FunctionHandler {
1819

1920
@Override
2021
public String getDestination(ClassifiedsSessionController classifiedsSC,
21-
HttpServletRequest request) throws Exception {
22+
HttpRequest request) throws Exception {
2223

2324
// Retrieves parameters
2425
String classifiedId = request.getParameter("ClassifiedId");

0 commit comments

Comments
 (0)