security #token : Use HttpRequest instead of HttServletRequest and FileUploadUtil in order to use a more advanced methods provided by the HttpRequest class, in particular the methods about the fetching of FileItem objects coming from a mutlipart stream

Author: mmoqui

almanach/almanach-war/src/main/java/com/stratelia/webactiv/almanach/servlets/AlmanachRequestRouter.java

@@ -39,6 +39,7 @@
 import com.stratelia.webactiv.util.GeneralPropertiesManager;
 import com.stratelia.webactiv.util.ResourceLocator;
 import org.silverpeas.calendar.CalendarViewType;
+import org.silverpeas.servlet.HttpRequest;
 import org.silverpeas.upload.FileUploadManager;
 import org.silverpeas.upload.UploadedFile;
 
@@ -87,6 +88,7 @@ private void setGlobalInfo(AlmanachSessionController almanach,
    * This method has to be implemented by the component request Router it has to compute a
    * destination page
    *
+   *
    * @param function The entering request function (ex : "Main.jsp")
    * @param almanach The component Session Control, build and initialised.
    * @param request The entering request. The request Router need it to get parameters
@@ -95,7 +97,7 @@ private void setGlobalInfo(AlmanachSessionController almanach,
    */
   @Override
   public String getDestination(String function, AlmanachSessionController almanach,
-          HttpServletRequest request) {
+          HttpRequest request) {
 
     SilverTrace.info("almanach", "AlmanachRequestRouter.getDestination()",
             "root.MSG_GEN_ENTER_METHOD");

blog/blog-war/src/main/java/com/silverpeas/blog/servlets/BlogRequestRouter.java

@@ -25,7 +25,6 @@
 import com.silverpeas.blog.model.PostDetail;
 import com.silverpeas.pdc.web.PdcClassificationEntity;
 import com.silverpeas.util.StringUtil;
-import com.silverpeas.util.web.servlet.FileUploadUtil;
 import com.stratelia.silverpeas.peasCore.ComponentContext;
 import com.stratelia.silverpeas.peasCore.MainSessionController;
 import com.stratelia.silverpeas.peasCore.servlets.ComponentRequestRouter;
@@ -39,9 +38,9 @@
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Date;
-import java.util.List;
 import javax.servlet.http.HttpServletRequest;
 import org.apache.commons.fileupload.FileItem;
+import org.silverpeas.servlet.HttpRequest;
 
 public class BlogRequestRouter extends ComponentRequestRouter<BlogSessionController> {
 
@@ -88,14 +87,16 @@ public String getFlag(String[] profiles) {
    * This method has to be implemented by the component request rooter it has to compute a
    * destination page
    *
+   *
    * @param function The entering request function (ex : "Main.jsp")
    * @param blogSC The component Session Control, build and initialised.
+   * @param request
    * @return The complete destination URL for a forward (ex :
    * "/almanach/jsp/almanach.jsp?flag=user")
    */
   @Override
   public String getDestination(String function, BlogSessionController blogSC,
-      HttpServletRequest request) {
+      HttpRequest request) {
     String destination = "";
     SilverTrace.info("blog", "BlogRequestRouter.getDestination()", "root.MSG_GEN_PARAM_VALUE",
         "User=" + blogSC.getUserId() + " Function=" + function);
@@ -394,11 +395,10 @@ public String getDestination(String function, BlogSessionController blogSC,
         request.setAttribute("PostId", postId);
         destination = getDestination("ViewPost", blogSC, request);
       } else if (function.equals("Customize")) {
-        List<FileItem> items = FileUploadUtil.parseRequest(request);
-        String removeWallPaperFile = FileUploadUtil.getParameter(items, "removeWallPaperFile");
-        String removeStyleSheetFile = FileUploadUtil.getParameter(items, "removeStyleSheetFile");
-        FileItem fileWallPaper = FileUploadUtil.getFile(items, "wallPaper");
-        FileItem fileStyleSheet = FileUploadUtil.getFile(items, "styleSheet");
+        String removeWallPaperFile = request.getParameter("removeWallPaperFile");
+        String removeStyleSheetFile = request.getParameter("removeStyleSheetFile");
+        FileItem fileWallPaper = request.getFile("wallPaper");
+        FileItem fileStyleSheet = request.getFile("styleSheet");
 
         if (fileWallPaper != null && StringUtil.isDefined(fileWallPaper.getName())) {//Update
           blogSC.saveWallPaperFile(fileWallPaper);

chat/chat-war/src/main/java/com/stratelia/silverpeas/chat/servlets/ChatRequestRouter.java

@@ -30,8 +30,8 @@
 import com.stratelia.silverpeas.peasCore.servlets.ComponentRequestRouter;
 import com.stratelia.silverpeas.silvertrace.SilverTrace;
 import jChatBox.Chat.ChatroomManager;
+import org.silverpeas.servlet.HttpRequest;
 
-import javax.servlet.http.HttpServletRequest;
 import java.util.Vector;
 
 public class ChatRequestRouter extends ComponentRequestRouter<ChatSessionController> {
@@ -66,7 +66,7 @@ public ChatSessionController createComponentSessionController(
   }
 
   public String getDestination(String function,
-      ChatSessionController chatSC, HttpServletRequest request) {
+      ChatSessionController chatSC, HttpRequest request) {
     SilverTrace.debug("chat", "ChatRequestRouter.getDestination()",
         "root.MSG_GEN_ENTER_METHOD", "function = " + function);
 

classifieds/classifieds-war/src/main/java/com/silverpeas/classifieds/servlets/ClassifiedsRequestRouter.java

@@ -31,6 +31,8 @@
 import com.stratelia.silverpeas.peasCore.MainSessionController;
 import com.stratelia.silverpeas.peasCore.servlets.ComponentRequestRouter;
 import com.stratelia.silverpeas.silvertrace.SilverTrace;
+import org.silverpeas.servlet.HttpRequest;
+
 import javax.servlet.http.HttpServletRequest;
 
 public class ClassifiedsRequestRouter extends ComponentRequestRouter<ClassifiedsSessionController> {
@@ -64,13 +66,15 @@ public ClassifiedsSessionController createComponentSessionController(
    * This method has to be implemented by the component request rooter it has to compute a
    * destination page
    *
+   *
    * @param function      The entering request function (ex : "Main.jsp")
    * @param classifiedsSC The component Session Control, build and initialised.
+   * @param request
    * @return The complete destination URL for a forward (ex : "/almanach/jsp/almanach.jsp?flag=user")
    */
   @Override
   public String getDestination(String function, ClassifiedsSessionController classifiedsSC,
-      HttpServletRequest request) {
+      HttpRequest request) {
     String destination = "";
     String rootDest = "/classifieds/jsp/";
     SilverTrace.info("classifieds", "classifiedsRequestRouter.getDestination()",

classifieds/classifieds-war/src/main/java/com/silverpeas/classifieds/servlets/FunctionHandler.java

@@ -33,6 +33,7 @@
 import com.silverpeas.publicationTemplate.PublicationTemplateImpl;
 import com.silverpeas.publicationTemplate.PublicationTemplateManager;
 import com.silverpeas.util.StringUtil;
+import org.silverpeas.servlet.HttpRequest;
 
 /**
  * A functio handler is associated to a peas function and is called by the request router when this
@@ -42,7 +43,7 @@ public abstract class FunctionHandler {
 
   protected static final String ROOT_DESTINATION = "/classifieds/jsp/";
 
-  public String computeDestination(ClassifiedsSessionController session, HttpServletRequest request) {
+  public String computeDestination(ClassifiedsSessionController session, HttpRequest request) {
     try {
       String destination = getDestination(session, request);
       if (destination.startsWith("/")) {
@@ -60,11 +61,10 @@ public String computeDestination(ClassifiedsSessionController session, HttpServl
 
   /**
    * Process the request and returns the response url.
-   * @param function the user request name
    * @param request the user request params
    * @param session the user request context
    */
-  public abstract String getDestination(ClassifiedsSessionController session, HttpServletRequest request) throws Exception;
+  public abstract String getDestination(ClassifiedsSessionController session, HttpRequest request) throws Exception;
 
   /**
    * Gets the template of the publication based on the classified XML form.
@@ -95,7 +95,7 @@ private PublicationTemplateManager getPublicationTemplateManager() {
     return PublicationTemplateManager.getInstance();
   }
 
-  protected boolean isAnonymousAccess(HttpServletRequest request) {
+  protected boolean isAnonymousAccess(HttpRequest request) {
     LookHelper lookHelper = (LookHelper) request.getSession().getAttribute(LookHelper.SESSION_ATT);
     if (lookHelper != null) {
       return lookHelper.isAnonymousAccess();

classifieds/classifieds-war/src/main/java/com/silverpeas/classifieds/servlets/handler/ClassifiedCreationFormHandler.java

@@ -8,6 +8,7 @@
 import com.silverpeas.form.Form;
 import com.silverpeas.form.RecordSet;
 import com.silverpeas.publicationTemplate.PublicationTemplate;
+import org.silverpeas.servlet.HttpRequest;
 
 /**
  * Use Case : for all users, show all adds of given category
@@ -17,7 +18,7 @@ public class ClassifiedCreationFormHandler extends FunctionHandler {
 
   @Override
   public String getDestination(ClassifiedsSessionController classifiedsSC,
-      HttpServletRequest request) throws Exception {
+      HttpRequest request) throws Exception {
 
     // Retrieves parameters
     String fieldKey = request.getParameter("FieldKey");

classifieds/classifieds-war/src/main/java/com/silverpeas/classifieds/servlets/handler/ClassifiedCreationHandler.java

@@ -4,8 +4,6 @@
 import java.util.Collection;
 import java.util.List;
 
-import javax.servlet.http.HttpServletRequest;
-
 import org.apache.commons.fileupload.FileItem;
 
 import com.silverpeas.classifieds.control.ClassifiedsRole;
@@ -18,7 +16,7 @@
 import com.silverpeas.form.RecordSet;
 import com.silverpeas.publicationTemplate.PublicationTemplate;
 import com.silverpeas.util.StringUtil;
-import com.silverpeas.util.web.servlet.FileUploadUtil;
+import org.silverpeas.servlet.HttpRequest;
 
 /**
  * Use Case : for all users, show all adds of given category
@@ -28,21 +26,22 @@ public class ClassifiedCreationHandler extends FunctionHandler {
 
   @Override
   public String getDestination(ClassifiedsSessionController classifiedsSC,
-      HttpServletRequest request) throws Exception {
+      HttpRequest request) throws Exception {
 
     ClassifiedsRole highestRole = (isAnonymousAccess(request)) ? ClassifiedsRole.ANONYMOUS : ClassifiedsRole.getRole(classifiedsSC.getUserRoles());
 
-    if (FileUploadUtil.isRequestMultipart(request)) {
-      // Retrieves parameters
-      List<FileItem> items = FileUploadUtil.parseRequest(request);
-      String title = FileUploadUtil.getParameter(items, "Title");
-      String description = FileUploadUtil.getParameter(items, "Description");
-      String price = FileUploadUtil.getParameter(items, "Price");
-      FileItem fileImage1 = FileUploadUtil.getFile(items, "Image1");
-      FileItem fileImage2 = FileUploadUtil.getFile(items, "Image2");
-      FileItem fileImage3 = FileUploadUtil.getFile(items, "Image3");
-      FileItem fileImage4 = FileUploadUtil.getFile(items, "Image4");
-      
+
+    if (request.isContentInMultipart()) {
+      // Retrieves parameters from the multipart stream
+      List<FileItem> items = request.getFileItems();
+      String title = request.getParameter("Title");
+      String description = request.getParameter("Description");
+      String price = request.getParameter("Price");
+      FileItem fileImage1 = request.getFile("Image1");
+      FileItem fileImage2 = request.getFile("Image2");
+      FileItem fileImage3 = request.getFile("Image3");
+      FileItem fileImage4 = request.getFile("Image4");
+
       //Classified
       ClassifiedDetail classified = new ClassifiedDetail(title, description);
       if (price != null && ! price.isEmpty()) {

classifieds/classifieds-war/src/main/java/com/silverpeas/classifieds/servlets/handler/ClassifiedDeleteHandler.java

@@ -4,6 +4,7 @@
 
 import com.silverpeas.classifieds.control.ClassifiedsSessionController;
 import com.silverpeas.classifieds.servlets.FunctionHandler;
+import org.silverpeas.servlet.HttpRequest;
 
 /**
  * Use Case : for all users, show all adds of given category
@@ -13,7 +14,7 @@ public class ClassifiedDeleteHandler extends FunctionHandler {
 
   @Override
   public String getDestination(ClassifiedsSessionController classifiedsSC,
-      HttpServletRequest request) throws Exception {
+      HttpRequest request) throws Exception {
 
     // Retrieves parameters
     String classifiedId = request.getParameter("ClassifiedId");

classifieds/classifieds-war/src/main/java/com/silverpeas/classifieds/servlets/handler/ClassifiedRefuseHandler.java

@@ -4,6 +4,7 @@
 
 import com.silverpeas.classifieds.control.ClassifiedsSessionController;
 import com.silverpeas.classifieds.servlets.FunctionHandler;
+import org.silverpeas.servlet.HttpRequest;
 
 /**
  * Use Case : for all users, show all adds of given category
@@ -13,7 +14,7 @@ public class ClassifiedRefuseHandler extends FunctionHandler {
 
   @Override
   public String getDestination(ClassifiedsSessionController classifiedsSC,
-      HttpServletRequest request) throws Exception {
+      HttpRequest request) throws Exception {
 
     // retrieves parameters
     String motive = request.getParameter("Motive");

classifieds/classifieds-war/src/main/java/com/silverpeas/classifieds/servlets/handler/ClassifiedUpdateFormHandler.java

@@ -9,6 +9,7 @@
 import com.silverpeas.form.Form;
 import com.silverpeas.form.RecordSet;
 import com.silverpeas.publicationTemplate.PublicationTemplate;
+import org.silverpeas.servlet.HttpRequest;
 
 /**
  * Use Case : for all users, show all adds of given category
@@ -18,7 +19,7 @@ public class ClassifiedUpdateFormHandler extends FunctionHandler {
 
   @Override
   public String getDestination(ClassifiedsSessionController classifiedsSC,
-      HttpServletRequest request) throws Exception {
+      HttpRequest request) throws Exception {
 
     // Retrieves parameters
     String classifiedId = request.getParameter("ClassifiedId");