Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Lps 96904 #74613

Closed
wants to merge 12 commits into from
Closed

Lps 96904 #74613

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
54a6689
LPS-96904 Move the logic a level down to sub-class and deprecate meth…
tinatian Jun 17, 2019
c8111fc
LPS-96904 SF, inline
tinatian Jun 17, 2019
d74f5b4
LPS-96904 SF, inline
tinatian Jun 17, 2019
c15fbba
LPS-96904 SF, no need to use parameter
tinatian Jun 17, 2019
df4ab34
LPS-96904 Add cache for valid paths calculating
tinatian Jun 17, 2019
c170a8c
LPS-96904 SF, provide more info in exception
tinatian Jun 17, 2019
a6cfb8d
LPS-96904 isValidPath() always return false now.
shuyangzhou Jun 17, 2019
680bf3c
LPS-96904 Move getPaths() to subclass too.
shuyangzhou Jun 17, 2019
71fc1ae
LPS-96904 Remove parameter
shuyangzhou Jun 17, 2019
3e0e72a
LPS-96904 Use Collections.emptySet()
shuyangzhou Jun 17, 2019
5a8c0f9
LPS-96904 SF
shuyangzhou Jun 17, 2019
705f8ae
LPS-96904 Proper computeIfAbsent() usage.
shuyangzhou Jun 17, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
63 changes: 17 additions & 46 deletions portal-kernel/src/com/liferay/portal/kernel/portlet/LiferayPortlet.java
View file
Open in desktop
Expand Up @@ -15,15 +15,12 @@
package com.liferay.portal.kernel.portlet;

import com.liferay.petra.string.CharPool;
import com.liferay.petra.string.StringBundler;
import com.liferay.petra.string.StringPool;
import com.liferay.portal.kernel.exception.PortalException;
import com.liferay.portal.kernel.language.LanguageUtil;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.model.Portlet;
import com.liferay.portal.kernel.model.PortletApp;
import com.liferay.portal.kernel.service.PortletLocalServiceUtil;
import com.liferay.portal.kernel.servlet.BrowserSnifferUtil;
import com.liferay.portal.kernel.servlet.ServletResponseUtil;
import com.liferay.portal.kernel.servlet.SessionErrors;
Expand All @@ -43,7 +40,6 @@
import java.lang.reflect.Method;

import java.util.ArrayDeque;
import java.util.Collections;
import java.util.HashSet;
import java.util.Map;
import java.util.Queue;
Expand Down Expand Up @@ -251,8 +247,12 @@ protected boolean callResourceMethod(
}
}

/**
* @deprecated As of Mueller (7.2.x), with no direct replacement
*/
@Deprecated
protected void checkPath(String path) throws PortletException {
if (Validator.isNotNull(path) && !isValidPath(path)) {
if (Validator.isNotNull(path)) {
throw new PortletException(
"Path " + path + " is not accessible by this portlet");
}
Expand Down Expand Up @@ -375,6 +375,10 @@ protected String getJSONContentType(PortletRequest portletRequest) {
return ContentTypes.APPLICATION_JSON;
}

/**
* @deprecated As of Mueller (7.2.x), with no direct replacement
*/
@Deprecated
protected Set<String> getPaths(String path, String extension) {
Set<String> paths = new HashSet<>();

Expand Down Expand Up @@ -460,38 +464,11 @@ protected String getTitle(RenderRequest renderRequest) {
}
}

/**
* @deprecated As of Mueller (7.2.x), with no direct replacement
*/
@Deprecated
protected void initValidPaths(String rootPath, String extension) {
if (rootPath.equals(StringPool.SLASH)) {
PortletContext portletContext = getPortletContext();

PortletApp portletApp = PortletLocalServiceUtil.getPortletApp(
portletContext.getPortletContextName());

if (!portletApp.isWARFile()) {
_log.error(
StringBundler.concat(
"Disabling paths for portlet ", getPortletName(),
" because root path is configured to have access to ",
"all portal paths"));

validPaths = new HashSet<>();

return;
}
}

validPaths = getPaths(rootPath, extension);

if (!rootPath.equals(StringPool.SLASH) &&
!rootPath.equals("/META-INF/") &&
!rootPath.equals("/META-INF/resources/")) {

validPaths.addAll(
getPaths(_PATH_META_INF_RESOURCES.concat(rootPath), extension));
}

Collections.addAll(
validPaths, StringUtil.split(getInitParameter("valid-paths")));
}

protected boolean isAddSuccessMessage(ActionRequest actionRequest) {
Expand Down Expand Up @@ -604,13 +581,11 @@ protected boolean isSessionErrorException(Throwable cause) {
return false;
}

/**
* @deprecated As of Mueller (7.2.x), with no direct replacement
*/
@Deprecated
protected boolean isValidPath(String path) {
if (validPaths.contains(path) ||
validPaths.contains(_PATH_META_INF_RESOURCES.concat(path))) {

return true;
}

return false;
}

Expand Down Expand Up @@ -678,7 +653,6 @@ protected void writeJSON(

protected boolean addProcessActionSuccessMessage;
protected boolean alwaysSendRedirect;
protected Set<String> validPaths;

private String _toXSSSafeJSON(String json) {
return StringUtil.replace(json, CharPool.LESS_THAN, "\\u003c");
Expand All @@ -692,9 +666,6 @@ private String _toXSSSafeJSON(String json) {
SessionMessages.KEY_SUFFIX_REFRESH_PORTLET
};

private static final String _PATH_META_INF_RESOURCES =
"/META-INF/resources";

private static final boolean _PROCESS_PORTLET_REQUEST = true;

private static final Log _log = LogFactoryUtil.getLog(LiferayPortlet.class);
Expand Down
120 changes: 118 additions & 2 deletions portal-kernel/src/com/liferay/portal/kernel/portlet/bridges/mvc/MVCPortlet.java
View file
Open in desktop
Expand Up @@ -14,12 +14,15 @@

package com.liferay.portal.kernel.portlet.bridges.mvc;

import com.liferay.petra.string.CharPool;
import com.liferay.petra.string.StringBundler;
import com.liferay.petra.string.StringPool;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.model.PortletApp;
import com.liferay.portal.kernel.portlet.LiferayPortlet;
import com.liferay.portal.kernel.portlet.LiferayPortletConfig;
import com.liferay.portal.kernel.service.PortletLocalServiceUtil;
import com.liferay.portal.kernel.servlet.SessionMessages;
import com.liferay.portal.kernel.util.GetterUtil;
import com.liferay.portal.kernel.util.HtmlUtil;
Expand All @@ -31,7 +34,14 @@

import java.io.IOException;

import java.util.ArrayDeque;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Queue;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;

import javax.portlet.ActionRequest;
import javax.portlet.ActionResponse;
Expand Down Expand Up @@ -60,6 +70,10 @@ public class MVCPortlet extends LiferayPortlet {

@Override
public void destroy() {
PortletContext portletContext = getPortletContext();

_validPathsMaps.remove(portletContext.getPortletContextName());

super.destroy();

_actionMVCCommandCache.close();
Expand Down Expand Up @@ -221,7 +235,7 @@ else if (!templatePath.startsWith(StringPool.SLASH) ||
getPortletName(), portletId, MVCResourceCommand.class,
"ResourceCommand");

initValidPaths(templatePath, ".jsp");
_initValidPaths(templatePath);
}

/**
Expand Down Expand Up @@ -566,7 +580,14 @@ protected void include(
_log.error(path + " is not a valid include");
}
else {
checkPath(path);
if (Validator.isNotNull(path) && !_validPaths.contains(path) &&
!_validPaths.contains(_PATH_META_INF_RESOURCES.concat(path))) {

throw new PortletException(
StringBundler.concat(
"Path ", path, " is not accessible by portlet ",
getPortletName()));
}

portletRequestDispatcher.include(portletRequest, portletResponse);
}
Expand Down Expand Up @@ -643,10 +664,105 @@ else if (name.endsWith("-template")) {
return null;
}

private Set<String> _getJspPaths(String path) {
Set<String> paths = new HashSet<>();

PortletContext portletContext = getPortletContext();

Queue<String> queue = new ArrayDeque<>();

queue.add(path);

while ((path = queue.poll()) != null) {
Set<String> childPaths = portletContext.getResourcePaths(path);

if (childPaths != null) {
for (String childPath : childPaths) {
if (childPath.charAt(childPath.length() - 1) ==
CharPool.SLASH) {

queue.add(childPath);
}
else if (childPath.endsWith(".jsp")) {
paths.add(childPath);
}
}
}
}

return paths;
}

private void _initValidPaths(String rootPath) {
PortletContext portletContext = getPortletContext();

String portletContextName = portletContext.getPortletContextName();

Map<String, Set<String>> validPathsMap = _validPathsMaps.get(
portletContextName);

if (validPathsMap != null) {
_validPaths = validPathsMap.get(rootPath);

if (_validPaths != null) {
return;
}
}
else {
validPathsMap = _validPathsMaps.computeIfAbsent(
portletContextName, key -> new ConcurrentHashMap<>());
}

if (rootPath.equals(StringPool.SLASH)) {
PortletApp portletApp = PortletLocalServiceUtil.getPortletApp(
portletContextName);

if (!portletApp.isWARFile()) {
_log.error(
StringBundler.concat(
"Disabling paths for portlet ", getPortletName(),
" because root path is configured to have access to ",
"all portal paths"));

_validPaths = validPathsMap.computeIfAbsent(
rootPath, key -> Collections.emptySet());

return;
}
}

_validPaths = validPathsMap.computeIfAbsent(
rootPath,
key -> {
Set<String> validPaths = _getJspPaths(key);

if (!key.equals(StringPool.SLASH) &&
!key.equals("/META-INF/") &&
!key.equals("/META-INF/resources/")) {

validPaths.addAll(
_getJspPaths(_PATH_META_INF_RESOURCES.concat(key)));
}

Collections.addAll(
validPaths,
StringUtil.split(getInitParameter("valid-paths")));

return validPaths;
});
}

private static final String _PATH_META_INF_RESOURCES =
"/META-INF/resources";

private static final Log _log = LogFactoryUtil.getLog(MVCPortlet.class);

private static final Map<String, Map<String, Set<String>>> _validPathsMaps =
new ConcurrentHashMap<>();

private MVCCommandCache<MVCActionCommand> _actionMVCCommandCache;
private MVCCommandCache<MVCRenderCommand> _renderMVCCommandCache;
private MVCCommandCache<MVCResourceCommand> _resourceMVCCommandCache;
private Set<String> _validPaths;

}