From bda30ad9175af6c41842561e389834172a86aab8 Mon Sep 17 00:00:00 2001 From: Samuel Kong Date: Fri, 5 Jun 2020 14:41:05 +0800 Subject: [PATCH 01/15] Prepare README --- README.markdown | 205 +++++------------------------------------------- 1 file changed, 18 insertions(+), 187 deletions(-) diff --git a/README.markdown b/README.markdown index b9668308c04967..60a3803734fbaa 100644 --- a/README.markdown +++ b/README.markdown @@ -1,195 +1,26 @@ -# Liferay Portal +# Information -[Liferay Portal](https://portal.liferay.dev) is an -open source enterprise web platform for building business solutions that deliver -immediate results and long-term value. Liferay Portal started out as a personal -development project in 2000 and was open sourced in 2001. +This fork provides security patches for Liferay Portal 7.2.1. For more +information about security in Liferay Portal, please see +[https://portal.liferay.dev/learn/security](https://portal.liferay.dev/learn/security). -To get started, check out the project's homepage at -[portal.liferay.dev](https://portal.liferay.dev)! +**Cumulative diff patch:** +[https://github.com/community-security-team/liferay-portal/compare/7.2.1-ga2...7.2.1-cumulative.patch](https://github.com/community-security-team/liferay-portal/compare/7.2.1-ga2...7.2.1-cumulative.patch) -## Product Details - -Liferay Portal is built from the source code found in -[liferay-portal](https://github.com/liferay/liferay-portal) repository -and several other related open source projects. It includes -features for end users, business professionals, system administrators, and -enterprise developers. - -- Modular architecture for maximum flexibility and reliability -- Portal features for managing users, groups, and permissions -- Single page applications for blazingly fast performance -- Rich web services for integrating with other systems -- Web content management including Personalization and Content Targeting -- Documents and rich media management -- Mobile development platform -- Business forms and workflow -- Collaboration features such as blogs, wikis, and social networking -- Consistent and powerful Lexicon user experience -- Integrated development environment using - [Liferay Dev Studio](https://liferay.dev/projects/ide) - -For more details on these and other features, please refer to the -[user guide](https://portal.liferay.dev/docs/latest/user) or -[developer guide](https://portal.liferay.dev/docs/latest/dev) - -## Quick Start - -To get up and running quickly, follow the steps below: - -1. Download a [pre-built Liferay Portal release](https://portal.liferay.dev/download) - bundled with Tomcat. - -2. Download and install - [Java (JDK) 8](http://www.oracle.com/technetwork/java/javase/downloads/index.html) - (if necessary) in your local environment. - -3. Extract the downloaded pre-built Liferay Portal bundle into a folder. - -4. Navigate to the bundle's `liferay-ce-portal-[version]/tomcat-[version]/bin` - folder and execute `startup.bat` (Windows) or `startup.sh` (Unix/Linux/Mac OS - X), depending on your operating system. - -5. A server console opens, which starts your Liferay Portal instance. Once your - instance is ready to use, the portal URL address (http://localhost:8080) is - automatically opened in your default browser. - -6. You're presented a Basic Configuration page. Complete the configuration - options. - - Liferay Portal uses an embedded database (HSQL) to make installation fast - and easy. This database is not ready for production, so consider configuring - a production-ready database (e.g., MySQL) if you plan on doing more than - just exploring/testing. - -7. Agree to the terms and conditions, create a password, and configure a - security question/answer. - -You can now use Liferay Portal! - -For more detailed installation instructions, refer to the -[deployment guide](https://portal.liferay.dev/docs/latest/deploy). - -If you wish to *build* core Liferay Portal or its plugins, read -[Building Liferay Portal from source code](https://portal.liferay.dev/participate/fix-a-bug/building-liferay-source). -It includes details on using the repositories and building the software. - -## Liferay Portal website - -The [Liferay Portal website](https://portal.liferay.dev) is the best place -to learn about Liferay Portal. - -It has over 200 tutorials, guided learning, and much more. Developer documentation -explains - -- [How to build various applications](https://portal.liferay.dev/docs/latest/appdev), -- [How to use provided frameworks](https://portal.liferay.dev/docs/latest/frameworks) -- [How to customize existing features](https://portal.liferay.dev/docs/latest/customization) -- [How to solve common challenges](https://portal.liferay.dev/docs/latest/tutorials), - -It is also your place to learn hot to [participate](https://portal.liferay.dev/participate) -in making Liferay Portal better: - -- [How to report an issue](https://portal.liferay.dev/participate/feedback/report-issues). -- [How to request new features](https://portal.liferay.dev/participate/feedback/suggestions) -- [How to provide feedback](https://portal.liferay.dev/participate/continuous-feedback/overview) -- [How to help a fellow developer](https://portal.liferay.dev/participate/help-a-fellow-developer) -- [How to help with translations](https://portal.liferay.dev/participate/translate/overview) - -## Liferay Marketplace Developer Portal - -If you create apps that you want to share or sell, you can visit -[Liferay Marketplace Developer Portal](https://marketplace.liferay.dev/) -to learn how to publish apps to the [Liferay Marketplace](https://web.liferay.com/marketplace). - -## Source Code - -Liferay Portal's main source code resides in the -[liferay-portal](https://github.com/liferay/liferay-portal) repository. Liferay -maintains [many other repositories](https://github.com/liferay) related to -features and supporting documentation. - -Liferay Portal *releases* are built from the -[liferay-portal](https://github.com/liferay/liferay-portal) repository. You can -build Liferay Portal, its modules, and/or any of the other supporting -technologies from their respective folders/repositories. - -## Stay Connected - -There are many ways for you to learn what's new in Liferay Portal, get answers to -questions, and connect with other Liferay community members. - -### Twitter - -Follow us on Twitter: - -- [@Liferay](http://twitter.com/liferay) tweets Liferay's latest announcements -- [@LiferayDocs](http://twitter.com/liferaydocs) tweets about new articles and - tutorials -- [@LiferayEng](http://twitter.com/liferayeng) tweets from the core - engineering and Developer Relations team -- [@liferaydesign](https://twitter.com/liferaydesign) tweets from Liferay - UI/UX designers -- [@liferayfaces](https://twitter.com/liferayfaces) tweets from Liferay Faces team - -### Blog - -Read our announcements, engage in discussions, and learn more by following -[Liferay's Blog Stream](https://liferay.dev/blogs). - -### Forum - -Do you have questions? Ask them on our very active -[forums](https://liferay.dev/forums)! - -### Chat - -Join the conversation on Liferay's Community Chat. - -- Get your invite: [https://liferay.dev/chat](https://liferay.dev/chat) -- Enter the chat: [liferay-community.slack.com](https://liferay-community.slack.com) -- Channel: `#portal` - -## Contributing - -Liferay welcomes any and all contributions! Please read the -[CONTRIBUTING guide](CONTRIBUTING.markdown) for details on developing and -submitting your contributions. - -## Versioning - -For transparency and insight into Liferay's release cycle, and for striving to -maintain backward compatibility, we make a strong effort to uphold the -versioning for our software. See the -[Semantic Versioning](https://portal.liferay.dev/docs/latest/customization/-/knowledge_base/c/semantic-versioning) -article for more information about how Liferay versions software. - -## Professional Services - -If you need professional consultation or help with Liferay and your business, -check out the -[offerings from Liferay, Inc.](http://www.liferay.com/subscription-services) and -its [partner network](http://www.liferay.com/services/partners). - -## The Liferay Development Team - -Liferay Portal is produced by the worldwide Liferay engineering team, and -involves many hours of development, testing, writing documentation, and working -with the wider Liferay community of customers, partners, and open source -developers. We are glad you have chosen Liferay Portal, and hope that it meets -or exceeds your expectations! - -In addition to Liferay's engineering staff, a special thanks goes to the many -open source developers who volunteer their time and energy to help with the -release, whether it was bug fixing, idea generation, documentation, -translations, or other contributions that helped to improve this release. - -## Liferay Portal Community Edition License +# Liferay Portal Community Edition License SPDX-License-Identifier: LGPL-2.1-or-later -*Liferay Portal Community Edition* is free software: you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation, either version 2.1 of the License, or (at your option) any later version. +*Liferay Portal Community Edition* is free software: you can redistribute it +and/or modify it under the terms of the GNU Lesser General Public License as +published by the Free Software Foundation, either version 2.1 of the License, +or (at your option) any later version. -*Liferay Portal Community Edition* is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. +*Liferay Portal Community Edition* is distributed in the hope that it will be +useful, but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser +General Public License for more details. -You should have received a copy of the GNU Lesser General Public License along with *Liferay Portal Community Edition*. If not, see [](https://www.gnu.org/licenses/) \ No newline at end of file +You should have received a copy of the GNU Lesser General Public License along +with *Liferay Portal Community Edition*. If not, see +[](https://www.gnu.org/licenses/) \ No newline at end of file From 064e6b01afa1e087e4c6bbaf7f71c97ee33f3ee9 Mon Sep 17 00:00:00 2001 From: yxingwu Date: Fri, 5 Jun 2020 15:44:35 +0800 Subject: [PATCH 02/15] June 2020 --- README.markdown | 13 + build.properties | 4 +- lib/portal/dependencies.properties | 14 +- .../resources/js/scheduler_event_recorder.js | 2 +- ...eDriveDLViewFileVersionDisplayContext.java | 9 +- .../internal/util/DLValidatorImpl.java | 17 +- .../internal/util/DLValidatorImplTest.java | 91 ++++ .../display/context/logic/UIItemsBuilder.java | 19 +- .../document_library/search_resources.jsp | 2 +- .../dynamic-data-lists-web/build.gradle | 2 +- .../DDLDisplayTemplateTransformer.java | 16 +- .../dynamic-data-mapping-service/build.gradle | 2 +- .../DDMFormFieldFreeMarkerRenderer.java | 8 +- .../DDMDataProviderInstanceServiceImpl.java | 104 +++- .../flags/service/FlagsEntryService.java | 2 + .../FlagsRequestMessageListener.java | 7 +- .../service/impl/FlagsEntryServiceImpl.java | 3 + .../build.gradle | 2 +- .../FreeMarkerFragmentEntryProcessor.java | 20 +- .../build.gradle | 2 +- .../FragmentEntryProcessorHelperImpl.java | 11 +- .../FragmentCollectionLocalServiceImpl.java | 7 + .../impl/FragmentEntryLocalServiceImpl.java | 7 + .../ImageEditorDLDisplayContextHelper.java | 11 +- .../apps/journal/journal-service/build.gradle | 2 +- .../transformer/JournalTransformer.java | 14 +- .../journal/internal/util/JournalUtil.java | 8 +- modules/apps/polls/polls-web/build.gradle | 4 +- .../portal/cache/BasePortalCacheManager.java | 16 - .../cache/PortalCacheBootstrapLoader.java | 2 + .../PortalCacheBootstrapLoaderFactory.java | 2 + .../PortalCacheConfiguration.java | 20 +- .../EhcachePortalCacheConfiguration.java | 8 +- .../MultiVMEhcachePortalCacheManager.java | 9 - ...EhcachePortalCacheManagerConfigurator.java | 2 - ...EhcachePortalCacheManagerConfigurator.java | 46 -- .../ClusterLinkBootstrapLoaderHelperUtil.java | 470 ------------------ ...ClusterLinkPortalCacheBootstrapLoader.java | 133 ----- ...LinkPortalCacheBootstrapLoaderFactory.java | 39 -- .../portal/profile/ModulePortalProfile.java | 11 - .../resources/search/results/view.jsp | 2 +- .../META-INF/resources/user/facet/view.jsp | 2 +- .../build.gradle | 4 +- ...ngsTestLDAPConnectionMVCRenderCommand.java | 42 ++ ...ettingsTestLDAPGroupsMVCRenderCommand.java | 42 ++ ...SettingsTestLDAPUsersMVCRenderCommand.java | 42 ++ .../edit_ldap_server.jsp | 4 +- .../com.liferay.portal.settings.web/init.jsp | 1 + .../portal-template-freemarker/build.gradle | 2 +- .../FreeMarkerEngineConfiguration.java | 2 +- .../internal/FreeMarkerManager.java | 136 +++-- .../internal/FreeMarkerTemplate.java | 50 +- .../FreeMarkerTemplateContextHelper.java | 23 +- ...java => LiferayFreeMarkerStringModel.java} | 13 +- .../internal/LiferayObjectConstructor.java | 12 +- .../RestrictedLiferayObjectWrapper.java | 120 ++--- .../internal/FreeMarkerTemplateTest.java | 23 +- .../RestrictedLiferayObjectWrapperTest.java | 18 +- .../portal-template-velocity/build.gradle | 2 +- .../VelocityEngineConfiguration.java | 4 +- .../velocity/internal/VelocityManager.java | 10 +- .../velocity/internal/VelocityTemplate.java | 21 + .../VelocityTemplateContextHelper.java | 2 +- .../build.gradle | 2 +- .../internal/PortletDisplayTemplateImpl.java | 20 +- .../apps/server/server-admin-web/build.gradle | 4 +- .../util/SharingJavaScriptFactoryImpl.java | 7 +- .../resources/dynamic_include/bottom.jsp | 2 +- .../META-INF/resources/configuration.jsp | 2 +- .../resources/process_summary_link/page.jsp | 2 +- .../required-dependencies/build.gradle | 4 +- ...nmentsManagementToolbarDisplayContext.java | 4 + .../resources/edit_user_group_assignments.jsp | 16 +- .../DefaultWikiListPagesDisplayContext.java | 2 +- modules/source-formatter.properties | 3 + .../util/RuntimePageImpl.java | 4 +- .../liferay/portal/template/BaseTemplate.java | 15 + .../portal/template/BaseTemplateManager.java | 28 ++ .../portal/template/RestrictedTemplate.java | 9 + .../template/TemplateContextHelper.java | 11 +- .../com/liferay/portal/template/packageinfo | 2 +- .../portal/templateparser/Transformer.java | 9 +- .../src/com/liferay/portal/util/HttpImpl.java | 122 ++--- .../com/liferay/portal/util/PortalImpl.java | 22 +- .../portal/verify/VerifyProperties.java | 3 + .../portal/webserver/WebServerEntry.java | 20 + .../portal/webserver/WebServerServlet.java | 6 - .../webserver/dependencies/template.ftl | 4 +- portal-impl/src/portal.properties | 25 +- .../test-multi-ehcache-config.xml | 2 - .../portal/kernel/template/Template.java | 8 + .../kernel/template/TemplateManager.java | 28 ++ .../liferay/portal/kernel/util/PropsKeys.java | 12 + .../docroot/html/common/themes/top_js.jspf | 2 +- .../docroot/html/taglib/ui/menu_item/page.jsp | 2 +- .../taglib/ui/page_iterator/lexicon/start.jsp | 8 +- .../html/taglib/ui/page_iterator/start.jsp | 6 +- .../ClusteringMissingPlugins.testcase | 59 +-- ...rmatter-api-signature-check-exceptions.txt | 2 +- .../bridges/freemarker/FreeMarkerPortlet.java | 9 +- .../src/com/liferay/taglib/aui/ATag.java | 2 +- .../src/com/liferay/taglib/ui/IconTag.java | 10 +- .../com/liferay/taglib/util/ThemeUtil.java | 17 +- 103 files changed, 1004 insertions(+), 1249 deletions(-) create mode 100644 modules/apps/document-library/document-library-service/src/test/java/com/liferay/document/library/internal/util/DLValidatorImplTest.java delete mode 100644 modules/apps/portal-cache/portal-cache-multiple/src/main/java/com/liferay/portal/cache/multiple/internal/bootstrap/ClusterLinkBootstrapLoaderHelperUtil.java delete mode 100644 modules/apps/portal-cache/portal-cache-multiple/src/main/java/com/liferay/portal/cache/multiple/internal/bootstrap/ClusterLinkPortalCacheBootstrapLoader.java delete mode 100644 modules/apps/portal-cache/portal-cache-multiple/src/main/java/com/liferay/portal/cache/multiple/internal/bootstrap/ClusterLinkPortalCacheBootstrapLoaderFactory.java rename modules/apps/portal-template/portal-template-freemarker/src/main/java/com/liferay/portal/template/freemarker/internal/{LiferayFreeMarkerBeanModel.java => LiferayFreeMarkerStringModel.java} (81%) diff --git a/README.markdown b/README.markdown index 60a3803734fbaa..62d47e21084c88 100644 --- a/README.markdown +++ b/README.markdown @@ -7,6 +7,19 @@ information about security in Liferay Portal, please see **Cumulative diff patch:** [https://github.com/community-security-team/liferay-portal/compare/7.2.1-ga2...7.2.1-cumulative.patch](https://github.com/community-security-team/liferay-portal/compare/7.2.1-ga2...7.2.1-cumulative.patch) +The [June 2020]() release contains fixes for the following issues: +[CST-7213](), +[CST-7214](), +[CST-7216](), +[CST-7217](), +[CST-7218](), +[CST-7219](), +[CST-7220](), +[CST-7221](), +[CST-7301](), +[CST-7302](), +[CST-7303]() + # Liferay Portal Community Edition License SPDX-License-Identifier: LGPL-2.1-or-later diff --git a/build.properties b/build.properties index 00803f407fc3d8..d4be64c9d603d5 100644 --- a/build.properties +++ b/build.properties @@ -12,8 +12,8 @@ baseline.jar.bnddir.name=.bnd #baseline.jar.report.level=diff - #baseline.jar.report.level=off - baseline.jar.report.level=persist + baseline.jar.report.level=off + #baseline.jar.report.level=persist #baseline.jar.report.level=standard baseline.jar.report.only.dirty.packages=true diff --git a/lib/portal/dependencies.properties b/lib/portal/dependencies.properties index 10cf9870442860..02687255aa6aac 100644 --- a/lib/portal/dependencies.properties +++ b/lib/portal/dependencies.properties @@ -12,11 +12,11 @@ aspectj-rt=org.aspectj:aspectjrt:1.8.13 aspectj-weaver=org.aspectj:aspectjweaver:1.8.13 axis-ant=org.apache.axis:axis-ant:1.4 axis=com.liferay:org.apache.axis:1.4.LIFERAY-PATCHED-4 -bcmail=org.bouncycastle:bcmail-jdk16:1.45 -bcprov=org.bouncycastle:bcprov-jdk16:1.45 +bcmail=org.bouncycastle:bcmail-jdk15on:1.61 +bcprov=org.bouncycastle:bcprov-jdk15on:1.61 boilerpipe=com.liferay:de.l3s.boilerpipe:1.1.0.LIFERAY-PATCHED-1 bsf=bsf:bsf:2.4.0 -c3p0=com.mchange:c3p0:0.9.5.3 +c3p0=com.mchange:c3p0:0.9.5.4 ccpp-ri=com.liferay:javax.ccpp.ccpp-ri:1.0 ccpp=javax.ccpp:ccpp:1.0 cglib-nodep=cglib:cglib-nodep:2.2.2 @@ -27,7 +27,7 @@ commons-chain=commons-chain:commons-chain:1.2 commons-codec=commons-codec:commons-codec:1.9 commons-collections4=org.apache.commons:commons-collections4:4.2 commons-collections=commons-collections:commons-collections:3.2.2 -commons-compress=org.apache.commons:commons-compress:1.18 +commons-compress=org.apache.commons:commons-compress:1.19 commons-configuration=com.liferay:org.apache.commons.configuration:1.10.LIFERAY-PATCHED-2 commons-dbcp=commons-dbcp:commons-dbcp:1.2.2 commons-digester=commons-digester:commons-digester:1.8.1 @@ -83,13 +83,13 @@ jazzy=net.sf.jazzy:jazzy:0.5.2-rtext-1.4.1-2 jbig2-imageio=org.apache.pdfbox:jbig2-imageio:3.0.2 jcifs=org.samba.jcifs:jcifs:1.3.14-kohsuke-1 jcl-over-slf4j=org.slf4j:jcl-over-slf4j:1.7.2 -jcommon=jfree:jcommon:1.0.16 +jcommon=org.jfree:jcommon:1.0.24 jdom=org.jdom:jdom:1.1.3 jempbox=org.apache.pdfbox:jempbox:1.8.16 jena=com.liferay:com.hp.hpl.jena:1.4 jericho-html=net.htmlparser.jericho:jericho-html:3.1 jersey-common=org.glassfish.jersey.core:jersey-common:2.26 -jfreechart=jfree:jfreechart:1.0.13 +jfreechart=org.jfree:jfreechart:1.0.19 jhighlight=com.uwyn:jhighlight:1.0 jhlabs-filters=com.jhlabs:imaging:01012005 jmatio=org.tallison:jmatio:1.2 @@ -123,7 +123,7 @@ mimepull=org.jvnet:mimepull:1.3 monte-cc=com.liferay:org.monte:0.7.7 nekohtml=net.sourceforge.nekohtml:nekohtml:1.9.22 netcdf=edu.ucar:netcdf:4.3.23 -netty-all=io.netty:netty-all:4.1.32.Final +netty-all=io.netty:netty-all:4.1.42.Final odmg=odmg:odmg:3.0 oro=oro:oro:2.0.8 pdfbox=org.apache.pdfbox:pdfbox:2.0.13 diff --git a/modules/apps/calendar/calendar-web/src/main/resources/META-INF/resources/js/scheduler_event_recorder.js b/modules/apps/calendar/calendar-web/src/main/resources/META-INF/resources/js/scheduler_event_recorder.js index 4fa53d2953e5c5..e936a021885949 100644 --- a/modules/apps/calendar/calendar-web/src/main/resources/META-INF/resources/js/scheduler_event_recorder.js +++ b/modules/apps/calendar/calendar-web/src/main/resources/META-INF/resources/js/scheduler_event_recorder.js @@ -582,7 +582,7 @@ AUI.add( _syncInviteesContent(contentNode, calendarResources) { var values = calendarResources.map(item => { - return item.name; + return Lang.String.escapeHTML(item.name); }); contentNode = A.one(contentNode); diff --git a/modules/apps/document-library-opener/document-library-opener-google-drive-web/src/main/java/com/liferay/document/library/opener/google/drive/web/internal/display/context/DLOpenerGoogleDriveDLViewFileVersionDisplayContext.java b/modules/apps/document-library-opener/document-library-opener-google-drive-web/src/main/java/com/liferay/document/library/opener/google/drive/web/internal/display/context/DLOpenerGoogleDriveDLViewFileVersionDisplayContext.java index ddc3f70357de0d..828c3c96cdce96 100644 --- a/modules/apps/document-library-opener/document-library-opener-google-drive-web/src/main/java/com/liferay/document/library/opener/google/drive/web/internal/display/context/DLOpenerGoogleDriveDLViewFileVersionDisplayContext.java +++ b/modules/apps/document-library-opener/document-library-opener-google-drive-web/src/main/java/com/liferay/document/library/opener/google/drive/web/internal/display/context/DLOpenerGoogleDriveDLViewFileVersionDisplayContext.java @@ -42,6 +42,7 @@ import com.liferay.portal.kernel.servlet.taglib.ui.URLMenuItem; import com.liferay.portal.kernel.theme.ThemeDisplay; import com.liferay.portal.kernel.util.Constants; +import com.liferay.portal.kernel.util.HtmlUtil; import com.liferay.portal.kernel.util.JavaConstants; import com.liferay.portal.kernel.util.Portal; import com.liferay.portal.kernel.util.PortalUtil; @@ -269,13 +270,17 @@ private void _updateCancelCheckoutAndCheckinMenuItems( javaScriptUIItem.setOnClick( StringBundler.concat( "window.location.href = '", - _getActionURL(Constants.CHECKIN), "'")); + HtmlUtil.escapeJS( + _getActionURL(Constants.CHECKIN)), + "'")); } else { javaScriptUIItem.setOnClick( StringBundler.concat( _getNamespace(), "showVersionDetailsDialog('", - _getActionURL(Constants.CHECKIN), "');")); + HtmlUtil.escapeJS( + _getActionURL(Constants.CHECKIN)), + "');")); } } } diff --git a/modules/apps/document-library/document-library-service/src/main/java/com/liferay/document/library/internal/util/DLValidatorImpl.java b/modules/apps/document-library/document-library-service/src/main/java/com/liferay/document/library/internal/util/DLValidatorImpl.java index 5c17dcf2b2dc90..d43a849c80f736 100644 --- a/modules/apps/document-library/document-library-service/src/main/java/com/liferay/document/library/internal/util/DLValidatorImpl.java +++ b/modules/apps/document-library/document-library-service/src/main/java/com/liferay/document/library/internal/util/DLValidatorImpl.java @@ -23,6 +23,7 @@ import com.liferay.document.library.kernel.exception.SourceFileNameException; import com.liferay.document.library.kernel.util.DLUtil; import com.liferay.document.library.kernel.util.DLValidator; +import com.liferay.petra.string.CharPool; import com.liferay.petra.string.StringBundler; import com.liferay.petra.string.StringPool; import com.liferay.portal.configuration.metatype.bnd.util.ConfigurableUtil; @@ -141,11 +142,17 @@ public void validateFileExtension(String fileName) boolean validFileExtension = false; - String[] fileExtensions = _dlConfiguration.fileExtensions(); + for (String fileExtension : _dlConfiguration.fileExtensions()) { + String fileNameExtension = StringUtil.toLowerCase( + FileUtil.getExtension(fileName)); - for (String fileExtension : fileExtensions) { if (StringPool.STAR.equals(fileExtension) || - StringUtil.endsWith(fileName, fileExtension)) { + StringUtil.equals( + fileNameExtension, + StringUtil.toLowerCase( + StringUtil.replace( + fileExtension, CharPool.PERIOD, + StringPool.BLANK)))) { validFileExtension = true; @@ -263,6 +270,10 @@ protected void activate(Map properties) { DLConfiguration.class, properties); } + protected void setDLConfiguration(DLConfiguration dlConfiguration) { + _dlConfiguration = dlConfiguration; + } + private String _replaceDLCharLastBlacklist(String title) { String previousTitle = null; diff --git a/modules/apps/document-library/document-library-service/src/test/java/com/liferay/document/library/internal/util/DLValidatorImplTest.java b/modules/apps/document-library/document-library-service/src/test/java/com/liferay/document/library/internal/util/DLValidatorImplTest.java new file mode 100644 index 00000000000000..ce8e9e0ca863ad --- /dev/null +++ b/modules/apps/document-library/document-library-service/src/test/java/com/liferay/document/library/internal/util/DLValidatorImplTest.java @@ -0,0 +1,91 @@ +/** + * Copyright (c) 2000-present Liferay, Inc. All rights reserved. + * + * This library is free software; you can redistribute it and/or modify it under + * the terms of the GNU Lesser General Public License as published by the Free + * Software Foundation; either version 2.1 of the License, or (at your option) + * any later version. + * + * This library is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more + * details. + */ + +package com.liferay.document.library.internal.util; + +import com.liferay.document.library.configuration.DLConfiguration; +import com.liferay.document.library.kernel.exception.FileExtensionException; +import com.liferay.document.library.kernel.util.DLValidator; +import com.liferay.portal.kernel.util.FileUtil; +import com.liferay.portal.util.FileImpl; + +import org.junit.Before; +import org.junit.Test; + +import org.mockito.Mockito; + +/** + * @author Adolfo Pérez + */ +public class DLValidatorImplTest { + + @Before + public void setUp() { + DLValidatorImpl dlValidatorImpl = new DLValidatorImpl(); + + _dlConfiguration = Mockito.mock(DLConfiguration.class); + + dlValidatorImpl.setDLConfiguration(_dlConfiguration); + + _dlValidator = dlValidatorImpl; + + FileUtil fileUtil = new FileUtil(); + + fileUtil.setFile(FileImpl.getInstance()); + } + + @Test(expected = FileExtensionException.class) + public void testInvalidExtension() throws Exception { + _validateFileExtension("test.gıf"); + } + + @Test + public void testValidLowerCaseExtension() throws Exception { + _validateFileExtension("test.gif"); + } + + @Test + public void testValidMixedCaseExtension() throws Exception { + _validateFileExtension("test.GiF"); + } + + @Test + public void testValidUpperCaseExtension() throws Exception { + _validateFileExtension("test.GIF"); + } + + private void _validateFileExtension(String fileName) + throws FileExtensionException { + + Mockito.when( + _dlConfiguration.fileExtensions() + ).thenReturn( + new String[] {".gif"} + ); + + _dlValidator.validateFileExtension(fileName); + + Mockito.when( + _dlConfiguration.fileExtensions() + ).thenReturn( + new String[] {"gif"} + ); + + _dlValidator.validateFileExtension(fileName); + } + + private DLConfiguration _dlConfiguration; + private DLValidator _dlValidator; + +} \ No newline at end of file diff --git a/modules/apps/document-library/document-library-web/src/main/java/com/liferay/document/library/web/internal/display/context/logic/UIItemsBuilder.java b/modules/apps/document-library/document-library-web/src/main/java/com/liferay/document/library/web/internal/display/context/logic/UIItemsBuilder.java index 287d57115fa186..b379df6b9be058 100644 --- a/modules/apps/document-library/document-library-web/src/main/java/com/liferay/document/library/web/internal/display/context/logic/UIItemsBuilder.java +++ b/modules/apps/document-library/document-library-web/src/main/java/com/liferay/document/library/web/internal/display/context/logic/UIItemsBuilder.java @@ -190,8 +190,8 @@ public void addCheckinToolbarItem(List toolbarItems) new JavaScriptToolbarItem(), toolbarItems, DLUIItemKeys.CHECKIN, LanguageUtil.get(_resourceBundle, "checkin"), StringBundler.concat( - getNamespace(), "showVersionDetailsDialog('", portletURL, - "');")); + getNamespace(), "showVersionDetailsDialog('", + HtmlUtil.escapeJS(portletURL.toString()), "');")); String javaScript = "/com/liferay/document/library/web/display/context/dependencies" + @@ -290,7 +290,7 @@ public void addCompareToMenuItem(List menuItems) sb.append(jsNamespace); sb.append("compareVersionDialog('"); - sb.append(selectFileVersionURL.toString()); + sb.append(HtmlUtil.escapeJS(selectFileVersionURL.toString())); sb.append("');"); JavaScriptMenuItem javaScriptMenuItem = _addJavaScriptUIItem( @@ -634,7 +634,8 @@ public void addOpenInMsOfficeMenuItem(List menuItems) true); String onClick = StringBundler.concat( - getNamespace(), "openDocument('", webDavURL, "');"); + getNamespace(), "openDocument('", HtmlUtil.escapeJS(webDavURL), + "');"); JavaScriptMenuItem javaScriptMenuItem = _addJavaScriptUIItem( new JavaScriptMenuItem(), menuItems, DLUIItemKeys.OPEN_IN_MS_OFFICE, @@ -683,7 +684,7 @@ public void addOpenInMsOfficeToolbarItem(List toolbarItems) sb.append(getNamespace()); sb.append("openDocument('"); - sb.append(webDavURL); + sb.append(HtmlUtil.escapeJS(webDavURL)); sb.append("');"); _addJavaScriptUIItem( @@ -763,7 +764,7 @@ public void addPermissionsToolbarItem(List toolbarItems) sb.append("'dialog-with-footer'}, title: '"); sb.append(UnicodeLanguageUtil.get(_resourceBundle, "permissions")); sb.append("', uri: '"); - sb.append(permissionsURL); + sb.append(HtmlUtil.escapeJS(permissionsURL)); sb.append("'});"); _addJavaScriptUIItem( @@ -932,8 +933,8 @@ public MenuItem getCheckinMenuItem() throws PortalException { javaScriptMenuItem.setLabel("checkin"); javaScriptMenuItem.setOnClick( StringBundler.concat( - getNamespace(), "showVersionDetailsDialog('", portletURL, - "');")); + getNamespace(), "showVersionDetailsDialog('", + HtmlUtil.escapeJS(portletURL.toString()), "');")); String javaScript = "/com/liferay/document/library/web/display/context/dependencies" + @@ -994,7 +995,7 @@ protected String getSubmitFormJavaScript(String cmd, String redirect) { sb.append("fm."); sb.append(getNamespace()); sb.append("redirect.value = '"); - sb.append(redirect); + sb.append(HtmlUtil.escapeJS(redirect)); sb.append("';"); } diff --git a/modules/apps/document-library/document-library-web/src/main/resources/META-INF/resources/document_library/search_resources.jsp b/modules/apps/document-library/document-library-web/src/main/resources/META-INF/resources/document_library/search_resources.jsp index e88a51062f7172..0d9d3bc5e2c3e6 100644 --- a/modules/apps/document-library/document-library-web/src/main/resources/META-INF/resources/document_library/search_resources.jsp +++ b/modules/apps/document-library/document-library-web/src/main/resources/META-INF/resources/document_library/search_resources.jsp @@ -64,7 +64,7 @@ entriesChecker.setRememberCheckBoxStateURLRegex("^(?!.*" + liferayPortletRespons
search( long companyId, long[] groupIds, String keywords, int start, int end, OrderByComparator orderByComparator) { - return ddmDataProviderInstanceFinder.filterByKeywords( - companyId, groupIds, keywords, start, end, orderByComparator); + List ddmDataProviderInstances = + ddmDataProviderInstanceFinder.filterByKeywords( + companyId, groupIds, keywords, start, end, orderByComparator); + + Stream ddmDataProviderInstanceStream = + ddmDataProviderInstances.stream(); + + return ddmDataProviderInstanceStream.filter( + ddmDataProviderInstance -> { + try { + return _ddmDataProviderInstanceModelResourcePermission. + contains( + getPermissionChecker(), + ddmDataProviderInstance.getDataProviderInstanceId(), + ActionKeys.VIEW); + } + catch (PortalException portalException) { + _log.error(portalException, portalException); + + return false; + } + } + ).map( + ddmDataProviderInstance -> _removeAuthenticationData( + ddmDataProviderInstance) + ).collect( + Collectors.toList() + ); } @Override @@ -205,12 +240,77 @@ public DDMDataProviderInstance updateDataProviderInstance( ddmFormValues, serviceContext); } + @Reference(unbind = "-") + protected void setJSONFactory(JSONFactory jsonFactory) { + _jsonFactory = jsonFactory; + } + + private JSONArray _filterFieldValues(JSONArray fieldValuesJSONArray) { + JSONArray filteredFieldValuesJSONArray = _jsonFactory.createJSONArray(); + + Iterator iterator = fieldValuesJSONArray.iterator(); + + while (iterator.hasNext()) { + JSONObject fieldValueJSONObject = (JSONObject)iterator.next(); + + String fieldValueName = fieldValueJSONObject.getString("name"); + + if (StringUtil.equals(fieldValueName, "password") || + StringUtil.equals(fieldValueName, "username")) { + + continue; + } + + filteredFieldValuesJSONArray.put(fieldValueJSONObject); + } + + return filteredFieldValuesJSONArray; + } + + private DDMDataProviderInstance _removeAuthenticationData( + DDMDataProviderInstance ddmDataProviderInstance) { + + try { + JSONObject definitionJSONObject = _jsonFactory.createJSONObject( + ddmDataProviderInstance.getDefinition()); + + if (!definitionJSONObject.has("fieldValues")) { + return ddmDataProviderInstance; + } + + JSONArray fieldValuesJSONArray = definitionJSONObject.getJSONArray( + "fieldValues"); + + definitionJSONObject.put( + "fieldValues", _filterFieldValues(fieldValuesJSONArray)); + + ddmDataProviderInstance.setDefinition( + definitionJSONObject.toJSONString()); + } + catch (Exception exception) { + if (_log.isWarnEnabled()) { + _log.warn( + "Unable to remove authentication data from data " + + "providers search", + exception); + } + } + + return ddmDataProviderInstance; + } + + private static final Log _log = LogFactoryUtil.getLog( + DDMDataProviderInstanceServiceImpl.class); + @Reference( target = "(model.class.name=com.liferay.dynamic.data.mapping.model.DDMDataProviderInstance)" ) private ModelResourcePermission _ddmDataProviderInstanceModelResourcePermission; + @Reference + private JSONFactory _jsonFactory; + @Reference(target = "(resource.name=" + DDMConstants.RESOURCE_NAME + ")") private PortletResourcePermission _portletResourcePermission; diff --git a/modules/apps/flags/flags-api/src/main/java/com/liferay/flags/service/FlagsEntryService.java b/modules/apps/flags/flags-api/src/main/java/com/liferay/flags/service/FlagsEntryService.java index 9f362fdcf6ddcf..4e91932a8dcb56 100644 --- a/modules/apps/flags/flags-api/src/main/java/com/liferay/flags/service/FlagsEntryService.java +++ b/modules/apps/flags/flags-api/src/main/java/com/liferay/flags/service/FlagsEntryService.java @@ -17,6 +17,7 @@ import com.liferay.portal.kernel.exception.PortalException; import com.liferay.portal.kernel.exception.SystemException; import com.liferay.portal.kernel.jsonwebservice.JSONWebService; +import com.liferay.portal.kernel.jsonwebservice.JSONWebServiceMode; import com.liferay.portal.kernel.security.access.control.AccessControlled; import com.liferay.portal.kernel.service.BaseService; import com.liferay.portal.kernel.service.ServiceContext; @@ -48,6 +49,7 @@ public interface FlagsEntryService extends BaseService { * * Never modify or reference this interface directly. Always use {@link FlagsEntryServiceUtil} to access the flags entry remote service. Add custom service methods to com.liferay.flags.service.impl.FlagsEntryServiceImpl and rerun ServiceBuilder to automatically copy the method declarations to this interface. */ + @JSONWebService(mode = JSONWebServiceMode.IGNORE) public void addEntry( String className, long classPK, String reporterEmailAddress, long reportedUserId, String contentTitle, String contentURL, diff --git a/modules/apps/flags/flags-service/src/main/java/com/liferay/flags/internal/messaging/FlagsRequestMessageListener.java b/modules/apps/flags/flags-service/src/main/java/com/liferay/flags/internal/messaging/FlagsRequestMessageListener.java index 2d7838c106c5c2..75e0de39c05baa 100644 --- a/modules/apps/flags/flags-service/src/main/java/com/liferay/flags/internal/messaging/FlagsRequestMessageListener.java +++ b/modules/apps/flags/flags-service/src/main/java/com/liferay/flags/internal/messaging/FlagsRequestMessageListener.java @@ -261,16 +261,13 @@ protected void notify( subscriptionSender.setBody(body); subscriptionSender.setCompanyId(company.getCompanyId()); subscriptionSender.setContextAttributes( - "[$CONTENT_ID$]", contentId, "[$CONTENT_TYPE$]", contentType, + "[$CONTENT_ID$]", contentId, "[$CONTENT_TITLE$]", contentTitle, + "[$CONTENT_TYPE$]", contentType, "[$CONTENT_URL$]", contentURL, "[$DATE$]", now.toString(), "[$REASON$]", reason, "[$REPORTED_USER_ADDRESS$]", reportedEmailAddress, "[$REPORTED_USER_NAME$]", reportedUserName, "[$REPORTED_USER_URL$]", reportedUserURL, "[$REPORTER_USER_ADDRESS$]", reporterEmailAddress, "[$REPORTER_USER_NAME$]", reporterUserName); - subscriptionSender.setContextAttribute( - "[$CONTENT_TITLE$]", contentTitle, false); - subscriptionSender.setContextAttribute( - "[$CONTENT_URL$]", contentURL, false); subscriptionSender.setCreatorUserId(reporterUserId); subscriptionSender.setFrom(fromAddress, fromName); subscriptionSender.setHtmlFormat(true); diff --git a/modules/apps/flags/flags-service/src/main/java/com/liferay/flags/service/impl/FlagsEntryServiceImpl.java b/modules/apps/flags/flags-service/src/main/java/com/liferay/flags/service/impl/FlagsEntryServiceImpl.java index 1ea8b441a596f3..def5872766a277 100644 --- a/modules/apps/flags/flags-service/src/main/java/com/liferay/flags/service/impl/FlagsEntryServiceImpl.java +++ b/modules/apps/flags/flags-service/src/main/java/com/liferay/flags/service/impl/FlagsEntryServiceImpl.java @@ -19,6 +19,8 @@ import com.liferay.portal.aop.AopService; import com.liferay.portal.kernel.exception.EmailAddressException; import com.liferay.portal.kernel.exception.PortalException; +import com.liferay.portal.kernel.jsonwebservice.JSONWebService; +import com.liferay.portal.kernel.jsonwebservice.JSONWebServiceMode; import com.liferay.portal.kernel.messaging.DestinationNames; import com.liferay.portal.kernel.messaging.Message; import com.liferay.portal.kernel.messaging.MessageBus; @@ -40,6 +42,7 @@ ) public class FlagsEntryServiceImpl extends FlagsEntryServiceBaseImpl { + @JSONWebService(mode = JSONWebServiceMode.IGNORE) @Override public void addEntry( String className, long classPK, String reporterEmailAddress, diff --git a/modules/apps/fragment/fragment-entry-processor/fragment-entry-processor-freemarker/build.gradle b/modules/apps/fragment/fragment-entry-processor/fragment-entry-processor-freemarker/build.gradle index 6c25f3a91e87f4..43753e315ff386 100644 --- a/modules/apps/fragment/fragment-entry-processor/fragment-entry-processor-freemarker/build.gradle +++ b/modules/apps/fragment/fragment-entry-processor/fragment-entry-processor-freemarker/build.gradle @@ -4,7 +4,7 @@ dependencies { compileOnly group: "com.liferay", name: "com.liferay.petra.string", version: "3.0.0" compileOnly group: "com.liferay", name: "com.liferay.portal.configuration.metatype.api", version: "2.0.0" compileOnly group: "com.liferay", name: "com.liferay.segments.api", version: "1.9.0" - compileOnly group: "com.liferay.portal", name: "com.liferay.portal.kernel", version: "4.34.0" + compileOnly group: "com.liferay.portal", name: "com.liferay.portal.kernel", version: "default" compileOnly group: "org.apache.felix", name: "org.apache.felix.http.servlet-api", version: "1.1.2" compileOnly group: "org.osgi", name: "org.osgi.service.component.annotations", version: "1.3.0" } \ No newline at end of file diff --git a/modules/apps/fragment/fragment-entry-processor/fragment-entry-processor-freemarker/src/main/java/com/liferay/fragment/entry/processor/freemarker/FreeMarkerFragmentEntryProcessor.java b/modules/apps/fragment/fragment-entry-processor/fragment-entry-processor-freemarker/src/main/java/com/liferay/fragment/entry/processor/freemarker/FreeMarkerFragmentEntryProcessor.java index 548fbe76e0b81a..0ecaedb81aca13 100644 --- a/modules/apps/fragment/fragment-entry-processor/fragment-entry-processor-freemarker/src/main/java/com/liferay/fragment/entry/processor/freemarker/FreeMarkerFragmentEntryProcessor.java +++ b/modules/apps/fragment/fragment-entry-processor/fragment-entry-processor-freemarker/src/main/java/com/liferay/fragment/entry/processor/freemarker/FreeMarkerFragmentEntryProcessor.java @@ -36,7 +36,6 @@ import com.liferay.portal.kernel.template.Template; import com.liferay.portal.kernel.template.TemplateConstants; import com.liferay.portal.kernel.template.TemplateException; -import com.liferay.portal.kernel.template.TemplateManager; import com.liferay.portal.kernel.template.TemplateManagerUtil; import com.liferay.portal.kernel.util.ResourceBundleUtil; import com.liferay.portal.kernel.util.Validator; @@ -113,10 +112,6 @@ public String processFragmentEntryLinkHTML( template.put(TemplateConstants.WRITER, unsyncStringWriter); - TemplateManager templateManager = - TemplateManagerUtil.getTemplateManager( - TemplateConstants.LANG_TYPE_FTL); - Map contextObjects = new HashMap<>(); JSONObject configurationValuesJSONObject = @@ -135,10 +130,10 @@ public String processFragmentEntryLinkHTML( configurationValuesJSONObject, fragmentEntryLink.getConfiguration())); - templateManager.addContextObjects(template, contextObjects); + template.putAll(contextObjects); - templateManager.addTaglibSupport( - template, fragmentEntryProcessorContext.getHttpServletRequest(), + template.prepareTaglib( + fragmentEntryProcessorContext.getHttpServletRequest(), fragmentEntryProcessorContext.getHttpServletResponse()); template.prepare(fragmentEntryProcessorContext.getHttpServletRequest()); @@ -187,10 +182,6 @@ public void validateFragmentEntryHTML(String html, String configuration) (httpServletRequest.getAttribute(WebKeys.THEME_DISPLAY) != null)) { - TemplateManager templateManager = - TemplateManagerUtil.getTemplateManager( - TemplateConstants.LANG_TYPE_FTL); - Map contextObjects = new HashMap<>(); JSONObject configurationDefaultValuesJSONObject = @@ -207,10 +198,9 @@ public void validateFragmentEntryHTML(String html, String configuration) FragmentEntryConfigUtil.getContextObjects( configurationDefaultValuesJSONObject, configuration)); - templateManager.addContextObjects(template, contextObjects); + template.putAll(contextObjects); - templateManager.addTaglibSupport( - template, httpServletRequest, httpServletResponse); + template.prepareTaglib(httpServletRequest, httpServletResponse); template.prepare(httpServletRequest); diff --git a/modules/apps/fragment/fragment-entry-processor/fragment-entry-processor-impl/build.gradle b/modules/apps/fragment/fragment-entry-processor/fragment-entry-processor-impl/build.gradle index 6f15ae86edc10f..7efc079762d6ee 100644 --- a/modules/apps/fragment/fragment-entry-processor/fragment-entry-processor-impl/build.gradle +++ b/modules/apps/fragment/fragment-entry-processor/fragment-entry-processor-impl/build.gradle @@ -6,7 +6,7 @@ dependencies { compileOnly group: "com.liferay", name: "com.liferay.info.api", version: "4.1.0" compileOnly group: "com.liferay", name: "com.liferay.petra.string", version: "3.0.0" compileOnly group: "com.liferay", name: "com.liferay.segments.api", version: "1.9.0" - compileOnly group: "com.liferay.portal", name: "com.liferay.portal.kernel", version: "4.34.0" + compileOnly group: "com.liferay.portal", name: "com.liferay.portal.kernel", version: "default" compileOnly group: "javax.portlet", name: "portlet-api", version: "3.0.1" compileOnly group: "org.apache.felix", name: "org.apache.felix.http.servlet-api", version: "1.1.2" compileOnly group: "org.jsoup", name: "jsoup", version: "1.10.2" diff --git a/modules/apps/fragment/fragment-entry-processor/fragment-entry-processor-impl/src/main/java/com/liferay/fragment/entry/processor/internal/util/FragmentEntryProcessorHelperImpl.java b/modules/apps/fragment/fragment-entry-processor/fragment-entry-processor-impl/src/main/java/com/liferay/fragment/entry/processor/internal/util/FragmentEntryProcessorHelperImpl.java index 8d29e9286773ba..84cde9219a1fb6 100644 --- a/modules/apps/fragment/fragment-entry-processor/fragment-entry-processor-impl/src/main/java/com/liferay/fragment/entry/processor/internal/util/FragmentEntryProcessorHelperImpl.java +++ b/modules/apps/fragment/fragment-entry-processor/fragment-entry-processor-impl/src/main/java/com/liferay/fragment/entry/processor/internal/util/FragmentEntryProcessorHelperImpl.java @@ -34,7 +34,6 @@ import com.liferay.portal.kernel.template.StringTemplateResource; import com.liferay.portal.kernel.template.Template; import com.liferay.portal.kernel.template.TemplateConstants; -import com.liferay.portal.kernel.template.TemplateManager; import com.liferay.portal.kernel.template.TemplateManagerUtil; import com.liferay.portal.kernel.trash.TrashHandler; import com.liferay.portal.kernel.trash.TrashHandlerRegistryUtil; @@ -211,15 +210,7 @@ public String processTemplate( TemplateConstants.LANG_TYPE_FTL, new StringTemplateResource("template_id", "[#ftl] " + html), true); - TemplateManager templateManager = - TemplateManagerUtil.getTemplateManager( - TemplateConstants.LANG_TYPE_FTL); - - templateManager.addTaglibSupport( - template, fragmentEntryProcessorContext.getHttpServletRequest(), - fragmentEntryProcessorContext.getHttpServletResponse()); - templateManager.addTaglibTheme( - template, "taglibLiferay", + template.prepareTaglib( fragmentEntryProcessorContext.getHttpServletRequest(), fragmentEntryProcessorContext.getHttpServletResponse()); diff --git a/modules/apps/fragment/fragment-service/src/main/java/com/liferay/fragment/service/impl/FragmentCollectionLocalServiceImpl.java b/modules/apps/fragment/fragment-service/src/main/java/com/liferay/fragment/service/impl/FragmentCollectionLocalServiceImpl.java index 802d947dc5e4fa..4defcfae7456fc 100644 --- a/modules/apps/fragment/fragment-service/src/main/java/com/liferay/fragment/service/impl/FragmentCollectionLocalServiceImpl.java +++ b/modules/apps/fragment/fragment-service/src/main/java/com/liferay/fragment/service/impl/FragmentCollectionLocalServiceImpl.java @@ -255,6 +255,13 @@ protected void validate(String name) throws PortalException { if (Validator.isNull(name)) { throw new FragmentCollectionNameException("Name must not be null"); } + + if (name.contains(StringPool.PERIOD) || + name.contains(StringPool.SLASH)) { + + throw new FragmentCollectionNameException( + "Name contains invalid characters"); + } } protected void validateFragmentCollectionKey( diff --git a/modules/apps/fragment/fragment-service/src/main/java/com/liferay/fragment/service/impl/FragmentEntryLocalServiceImpl.java b/modules/apps/fragment/fragment-service/src/main/java/com/liferay/fragment/service/impl/FragmentEntryLocalServiceImpl.java index ced4565f09aecc..fe8a1c7f2786a0 100644 --- a/modules/apps/fragment/fragment-service/src/main/java/com/liferay/fragment/service/impl/FragmentEntryLocalServiceImpl.java +++ b/modules/apps/fragment/fragment-service/src/main/java/com/liferay/fragment/service/impl/FragmentEntryLocalServiceImpl.java @@ -758,6 +758,13 @@ protected void validate(String name) throws PortalException { throw new FragmentEntryNameException("Name must not be null"); } + if (name.contains(StringPool.PERIOD) || + name.contains(StringPool.SLASH)) { + + throw new FragmentEntryNameException( + "Name contains invalid characters"); + } + int nameMaxLength = ModelHintsUtil.getMaxLength( FragmentEntry.class.getName(), "name"); diff --git a/modules/apps/frontend-image-editor/frontend-image-editor-integration-document-library/src/main/java/com/liferay/frontend/image/editor/integration/document/library/internal/display/context/logic/ImageEditorDLDisplayContextHelper.java b/modules/apps/frontend-image-editor/frontend-image-editor-integration-document-library/src/main/java/com/liferay/frontend/image/editor/integration/document/library/internal/display/context/logic/ImageEditorDLDisplayContextHelper.java index 00e26f01385c3f..234af99711737c 100644 --- a/modules/apps/frontend-image-editor/frontend-image-editor-integration-document-library/src/main/java/com/liferay/frontend/image/editor/integration/document/library/internal/display/context/logic/ImageEditorDLDisplayContextHelper.java +++ b/modules/apps/frontend-image-editor/frontend-image-editor-integration-document-library/src/main/java/com/liferay/frontend/image/editor/integration/document/library/internal/display/context/logic/ImageEditorDLDisplayContextHelper.java @@ -44,6 +44,7 @@ import com.liferay.portal.kernel.theme.PortletDisplay; import com.liferay.portal.kernel.theme.ThemeDisplay; import com.liferay.portal.kernel.util.ArrayUtil; +import com.liferay.portal.kernel.util.HtmlUtil; import com.liferay.portal.kernel.util.JavaConstants; import com.liferay.portal.kernel.util.PortalUtil; import com.liferay.portal.kernel.util.WebKeys; @@ -241,15 +242,15 @@ private String _getOnclickMethod() { sb.append(liferayPortletResponse.getNamespace()); sb.append("editWithImageEditor('"); - sb.append(imageEditorURL.toString()); + sb.append(HtmlUtil.escapeJS(imageEditorURL.toString())); sb.append("', '"); - sb.append(editURL.toString()); + sb.append(HtmlUtil.escapeJS(editURL.toString())); sb.append("', '"); - sb.append(_fileEntry.getFileName()); + sb.append(HtmlUtil.escapeJS(_fileEntry.getFileName())); sb.append("', '"); - sb.append(fileEntryPreviewURL); + sb.append(HtmlUtil.escapeJS(fileEntryPreviewURL)); sb.append("', '"); - sb.append(_fileEntry.getMimeType()); + sb.append(HtmlUtil.escapeJS(_fileEntry.getMimeType())); sb.append("');"); return sb.toString(); diff --git a/modules/apps/journal/journal-service/build.gradle b/modules/apps/journal/journal-service/build.gradle index 67b399ef989bbf..6a360bd54ec510 100644 --- a/modules/apps/journal/journal-service/build.gradle +++ b/modules/apps/journal/journal-service/build.gradle @@ -41,7 +41,7 @@ dependencies { compileOnly group: "com.liferay", name: "com.liferay.upload.api", version: "3.0.0" compileOnly group: "com.liferay", name: "com.liferay.xstream.configurator.api", version: "4.0.0" compileOnly group: "com.liferay.portal", name: "com.liferay.portal.impl", version: "4.0.0" - compileOnly group: "com.liferay.portal", name: "com.liferay.portal.kernel", version: "4.35.0" + compileOnly group: "com.liferay.portal", name: "com.liferay.portal.kernel", version: "default" compileOnly group: "com.liferay.portal", name: "com.liferay.util.java", version: "4.0.0" compileOnly group: "com.liferay.portal", name: "com.liferay.util.taglib", version: "4.0.0" compileOnly group: "commons-lang", name: "commons-lang", version: "2.6" diff --git a/modules/apps/journal/journal-service/src/main/java/com/liferay/journal/internal/transformer/JournalTransformer.java b/modules/apps/journal/journal-service/src/main/java/com/liferay/journal/internal/transformer/JournalTransformer.java index 5cf6c625d55afa..2d307a11af1816 100644 --- a/modules/apps/journal/journal-service/src/main/java/com/liferay/journal/internal/transformer/JournalTransformer.java +++ b/modules/apps/journal/journal-service/src/main/java/com/liferay/journal/internal/transformer/JournalTransformer.java @@ -39,7 +39,6 @@ import com.liferay.portal.kernel.template.StringTemplateResource; import com.liferay.portal.kernel.template.Template; import com.liferay.portal.kernel.template.TemplateConstants; -import com.liferay.portal.kernel.template.TemplateManager; import com.liferay.portal.kernel.template.TemplateManagerUtil; import com.liferay.portal.kernel.template.TemplateResource; import com.liferay.portal.kernel.templateparser.TemplateNode; @@ -324,17 +323,8 @@ protected String doTransform( template.put("viewMode", viewMode); if (themeDisplay != null) { - TemplateManager templateManager = - TemplateManagerUtil.getTemplateManager(langType); - - HttpServletRequest httpServletRequest = - themeDisplay.getRequest(); - - templateManager.addTaglibSupport( - template, httpServletRequest, - themeDisplay.getResponse()); - templateManager.addTaglibTheme( - template, "taglibLiferay", httpServletRequest, + template.prepareTaglib( + themeDisplay.getRequest(), new PipingServletResponse( themeDisplay.getResponse(), unsyncStringWriter)); } diff --git a/modules/apps/journal/journal-service/src/main/java/com/liferay/journal/internal/util/JournalUtil.java b/modules/apps/journal/journal-service/src/main/java/com/liferay/journal/internal/util/JournalUtil.java index f39f3e5ee470b5..f894b34214419f 100644 --- a/modules/apps/journal/journal-service/src/main/java/com/liferay/journal/internal/util/JournalUtil.java +++ b/modules/apps/journal/journal-service/src/main/java/com/liferay/journal/internal/util/JournalUtil.java @@ -47,8 +47,6 @@ import com.liferay.portal.kernel.service.UserLocalServiceUtil; import com.liferay.portal.kernel.template.TemplateHandler; import com.liferay.portal.kernel.template.TemplateHandlerRegistryUtil; -import com.liferay.portal.kernel.template.TemplateManager; -import com.liferay.portal.kernel.template.TemplateManagerUtil; import com.liferay.portal.kernel.templateparser.TransformerListener; import com.liferay.portal.kernel.theme.ThemeDisplay; import com.liferay.portal.kernel.util.FriendlyURLNormalizerUtil; @@ -376,17 +374,13 @@ public static String transform( String langType, boolean propagateException) throws Exception { - TemplateManager templateManager = - TemplateManagerUtil.getTemplateManager(langType); - TemplateHandler templateHandler = TemplateHandlerRegistryUtil.getTemplateHandler( JournalArticle.class.getName()); Map contextObjects = new HashMap<>(); - templateManager.addContextObjects( - contextObjects, templateHandler.getCustomContextObjects()); + contextObjects.putAll(templateHandler.getCustomContextObjects()); return _journalTransformer.transform( themeDisplay, contextObjects, tokens, viewMode, languageId, diff --git a/modules/apps/polls/polls-web/build.gradle b/modules/apps/polls/polls-web/build.gradle index e826c4d71f2494..741f5aa0961f22 100644 --- a/modules/apps/polls/polls-web/build.gradle +++ b/modules/apps/polls/polls-web/build.gradle @@ -1,6 +1,6 @@ dependencies { - compileInclude group: "jfree", name: "jcommon", version: "1.0.16" - compileInclude group: "jfree", name: "jfreechart", version: "1.0.13" + compileInclude group: "org.jfree", name: "jcommon", version: "1.0.24" + compileInclude group: "org.jfree", name: "jfreechart", version: "1.0.19" compileOnly group: "com.liferay", name: "com.liferay.application.list.api", version: "4.0.0" compileOnly group: "com.liferay", name: "com.liferay.frontend.taglib", version: "4.0.0" diff --git a/modules/apps/portal-cache/portal-cache-api/src/main/java/com/liferay/portal/cache/BasePortalCacheManager.java b/modules/apps/portal-cache/portal-cache-api/src/main/java/com/liferay/portal/cache/BasePortalCacheManager.java index 5f14377c2f712d..70db6a0bdd1782 100644 --- a/modules/apps/portal-cache/portal-cache-api/src/main/java/com/liferay/portal/cache/BasePortalCacheManager.java +++ b/modules/apps/portal-cache/portal-cache-api/src/main/java/com/liferay/portal/cache/BasePortalCacheManager.java @@ -127,22 +127,6 @@ public PortalCache getPortalCache( portalCache = previousPortalCache; } - else if (portalCacheConfiguration != null) { - Properties portalCacheBootstrapLoaderProperties = - portalCacheConfiguration. - getPortalCacheBootstrapLoaderProperties(); - - if (portalCacheBootstrapLoaderProperties != null) { - PortalCacheBootstrapLoader portalCacheBootstrapLoader = - portalCacheBootstrapLoaderFactory.create( - portalCacheBootstrapLoaderProperties); - - if (portalCacheBootstrapLoader != null) { - portalCacheBootstrapLoader.loadPortalCache( - getPortalCacheManagerName(), portalCacheName); - } - } - } return portalCache; } diff --git a/modules/apps/portal-cache/portal-cache-api/src/main/java/com/liferay/portal/cache/PortalCacheBootstrapLoader.java b/modules/apps/portal-cache/portal-cache-api/src/main/java/com/liferay/portal/cache/PortalCacheBootstrapLoader.java index f0d170d666bdfb..126af132892f0b 100644 --- a/modules/apps/portal-cache/portal-cache-api/src/main/java/com/liferay/portal/cache/PortalCacheBootstrapLoader.java +++ b/modules/apps/portal-cache/portal-cache-api/src/main/java/com/liferay/portal/cache/PortalCacheBootstrapLoader.java @@ -16,7 +16,9 @@ /** * @author Tina Tian + * @deprecated As of Mueller (7.2.x), with no direct replacement */ +@Deprecated public interface PortalCacheBootstrapLoader { public static final String BOOTSTRAP_ASYNCHRONOUSLY = diff --git a/modules/apps/portal-cache/portal-cache-api/src/main/java/com/liferay/portal/cache/PortalCacheBootstrapLoaderFactory.java b/modules/apps/portal-cache/portal-cache-api/src/main/java/com/liferay/portal/cache/PortalCacheBootstrapLoaderFactory.java index 0f71d639539592..5d279a86f85c1c 100644 --- a/modules/apps/portal-cache/portal-cache-api/src/main/java/com/liferay/portal/cache/PortalCacheBootstrapLoaderFactory.java +++ b/modules/apps/portal-cache/portal-cache-api/src/main/java/com/liferay/portal/cache/PortalCacheBootstrapLoaderFactory.java @@ -18,7 +18,9 @@ /** * @author Tina Tian + * @deprecated As of Mueller (7.2.x), with no direct replacement */ +@Deprecated public interface PortalCacheBootstrapLoaderFactory { public PortalCacheBootstrapLoader create(Properties properties); diff --git a/modules/apps/portal-cache/portal-cache-api/src/main/java/com/liferay/portal/cache/configuration/PortalCacheConfiguration.java b/modules/apps/portal-cache/portal-cache-api/src/main/java/com/liferay/portal/cache/configuration/PortalCacheConfiguration.java index 960e0af412d574..cd67aa8c5402ae 100644 --- a/modules/apps/portal-cache/portal-cache-api/src/main/java/com/liferay/portal/cache/configuration/PortalCacheConfiguration.java +++ b/modules/apps/portal-cache/portal-cache-api/src/main/java/com/liferay/portal/cache/configuration/PortalCacheConfiguration.java @@ -62,13 +62,14 @@ public PortalCacheConfiguration( _portalCacheListenerPropertiesSet = new HashSet<>( portalCacheListenerPropertiesSet); } - - _portalCacheBootstrapLoaderProperties = - portalCacheBootstrapLoaderProperties; } + /** + * @deprecated As of Mueller (7.2.x), with no direct replacement + */ + @Deprecated public Properties getPortalCacheBootstrapLoaderProperties() { - return _portalCacheBootstrapLoaderProperties; + return null; } public Set getPortalCacheListenerPropertiesSet() { @@ -83,18 +84,17 @@ public PortalCacheConfiguration newPortalCacheConfiguration( String portalCacheName) { return new PortalCacheConfiguration( - portalCacheName, _portalCacheListenerPropertiesSet, - _portalCacheBootstrapLoaderProperties); + portalCacheName, _portalCacheListenerPropertiesSet, null); } + /** + * @deprecated As of Mueller (7.2.x), with no direct replacement + */ + @Deprecated public void setPortalCacheBootstrapLoaderProperties( Properties portalCacheBootstrapLoaderProperties) { - - _portalCacheBootstrapLoaderProperties = - portalCacheBootstrapLoaderProperties; } - private Properties _portalCacheBootstrapLoaderProperties; private final Set _portalCacheListenerPropertiesSet; private final String _portalCacheName; diff --git a/modules/apps/portal-cache/portal-cache-ehcache-impl/src/main/java/com/liferay/portal/cache/ehcache/internal/EhcachePortalCacheConfiguration.java b/modules/apps/portal-cache/portal-cache-ehcache-impl/src/main/java/com/liferay/portal/cache/ehcache/internal/EhcachePortalCacheConfiguration.java index 43059a3bec3a98..f9db5c31fbe62d 100644 --- a/modules/apps/portal-cache/portal-cache-ehcache-impl/src/main/java/com/liferay/portal/cache/ehcache/internal/EhcachePortalCacheConfiguration.java +++ b/modules/apps/portal-cache/portal-cache-ehcache-impl/src/main/java/com/liferay/portal/cache/ehcache/internal/EhcachePortalCacheConfiguration.java @@ -30,9 +30,7 @@ public EhcachePortalCacheConfiguration( Properties portalCacheBootstrapLoaderProperties, boolean requireSerialization) { - super( - portalCacheName, portalCacheListenerPropertiesSet, - portalCacheBootstrapLoaderProperties); + super(portalCacheName, portalCacheListenerPropertiesSet, null); _requireSerialization = requireSerialization; } @@ -46,8 +44,8 @@ public PortalCacheConfiguration newPortalCacheConfiguration( String portalCacheName) { return new EhcachePortalCacheConfiguration( - portalCacheName, getPortalCacheListenerPropertiesSet(), - getPortalCacheBootstrapLoaderProperties(), _requireSerialization); + portalCacheName, getPortalCacheListenerPropertiesSet(), null, + _requireSerialization); } private final boolean _requireSerialization; diff --git a/modules/apps/portal-cache/portal-cache-ehcache-impl/src/main/java/com/liferay/portal/cache/ehcache/internal/MultiVMEhcachePortalCacheManager.java b/modules/apps/portal-cache/portal-cache-ehcache-impl/src/main/java/com/liferay/portal/cache/ehcache/internal/MultiVMEhcachePortalCacheManager.java index f69f1bce6535f0..71be4242867787 100644 --- a/modules/apps/portal-cache/portal-cache-ehcache-impl/src/main/java/com/liferay/portal/cache/ehcache/internal/MultiVMEhcachePortalCacheManager.java +++ b/modules/apps/portal-cache/portal-cache-ehcache-impl/src/main/java/com/liferay/portal/cache/ehcache/internal/MultiVMEhcachePortalCacheManager.java @@ -14,7 +14,6 @@ package com.liferay.portal.cache.ehcache.internal; -import com.liferay.portal.cache.PortalCacheBootstrapLoaderFactory; import com.liferay.portal.cache.PortalCacheListenerFactory; import com.liferay.portal.cache.PortalCacheManagerListenerFactory; import com.liferay.portal.cache.ehcache.internal.configurator.MultiVMEhcachePortalCacheManagerConfigurator; @@ -76,14 +75,6 @@ protected void setMultiVMEhcachePortalCacheManagerConfigurator( multiVMEhcachePortalCacheManagerConfigurator; } - @Reference(unbind = "-") - protected void setPortalCacheBootstrapLoaderFactory( - PortalCacheBootstrapLoaderFactory portalCacheBootstrapLoaderFactory) { - - this.portalCacheBootstrapLoaderFactory = - portalCacheBootstrapLoaderFactory; - } - @Reference(unbind = "-") protected void setPortalCacheListenerFactory( PortalCacheListenerFactory portalCacheListenerFactory) { diff --git a/modules/apps/portal-cache/portal-cache-ehcache-impl/src/main/java/com/liferay/portal/cache/ehcache/internal/configurator/BaseEhcachePortalCacheManagerConfigurator.java b/modules/apps/portal-cache/portal-cache-ehcache-impl/src/main/java/com/liferay/portal/cache/ehcache/internal/configurator/BaseEhcachePortalCacheManagerConfigurator.java index ed67a0f83ccfe4..0691db4e72084c 100644 --- a/modules/apps/portal-cache/portal-cache-ehcache-impl/src/main/java/com/liferay/portal/cache/ehcache/internal/configurator/BaseEhcachePortalCacheManagerConfigurator.java +++ b/modules/apps/portal-cache/portal-cache-ehcache-impl/src/main/java/com/liferay/portal/cache/ehcache/internal/configurator/BaseEhcachePortalCacheManagerConfigurator.java @@ -83,8 +83,6 @@ protected void clearListenerConfigrations( return; } - cacheConfiguration.bootstrapCacheLoaderFactory(null); - List factoryConfigurations = cacheConfiguration.getCacheEventListenerConfigurations(); diff --git a/modules/apps/portal-cache/portal-cache-ehcache-impl/src/main/java/com/liferay/portal/cache/ehcache/internal/configurator/MultiVMEhcachePortalCacheManagerConfigurator.java b/modules/apps/portal-cache/portal-cache-ehcache-impl/src/main/java/com/liferay/portal/cache/ehcache/internal/configurator/MultiVMEhcachePortalCacheManagerConfigurator.java index 67d3ecbcf3c171..17095a1c363e0c 100644 --- a/modules/apps/portal-cache/portal-cache-ehcache-impl/src/main/java/com/liferay/portal/cache/ehcache/internal/configurator/MultiVMEhcachePortalCacheManagerConfigurator.java +++ b/modules/apps/portal-cache/portal-cache-ehcache-impl/src/main/java/com/liferay/portal/cache/ehcache/internal/configurator/MultiVMEhcachePortalCacheManagerConfigurator.java @@ -50,16 +50,8 @@ @Activate protected void activate() { - _bootstrapLoaderEnabled = GetterUtil.getBoolean( - props.get(PropsKeys.EHCACHE_BOOTSTRAP_CACHE_LOADER_ENABLED)); - _bootstrapLoaderProperties = props.getProperties( - PropsKeys.EHCACHE_BOOTSTRAP_CACHE_LOADER_PROPERTIES + - StringPool.PERIOD, - true); clusterEnabled = GetterUtil.getBoolean( props.get(PropsKeys.CLUSTER_LINK_ENABLED)); - _defaultBootstrapLoaderPropertiesString = getPortalPropertiesString( - PropsKeys.EHCACHE_BOOTSTRAP_CACHE_LOADER_PROPERTIES_DEFAULT); _defaultReplicatorPropertiesString = getPortalPropertiesString( PropsKeys.EHCACHE_REPLICATOR_PROPERTIES_DEFAULT); _replicatorProperties = props.getProperties( @@ -137,12 +129,6 @@ protected void manageConfiguration( ObjectValuePair propertiesPair = entry.getValue(); - if (_bootstrapLoaderEnabled && (propertiesPair.getKey() != null)) { - portalCacheConfiguration. - setPortalCacheBootstrapLoaderProperties( - propertiesPair.getKey()); - } - if (propertiesPair.getValue() != null) { Set portalCacheListenerPropertiesSet = portalCacheConfiguration. @@ -181,20 +167,6 @@ protected PortalCacheConfiguration parseCacheListenerConfigurations( String cacheName = cacheConfiguration.getName(); - if (_bootstrapLoaderEnabled) { - String bootstrapLoaderPropertiesString = - (String)_bootstrapLoaderProperties.remove(cacheName); - - if (Validator.isNull(bootstrapLoaderPropertiesString)) { - bootstrapLoaderPropertiesString = - _defaultBootstrapLoaderPropertiesString; - } - - portalCacheConfiguration.setPortalCacheBootstrapLoaderProperties( - parseProperties( - bootstrapLoaderPropertiesString, StringPool.COMMA)); - } - String replicatorPropertiesString = (String)_replicatorProperties.remove(cacheName); @@ -228,21 +200,6 @@ protected void setProps(Props props) { Map> mergedPropertiesMap = new HashMap<>(); - if (_bootstrapLoaderEnabled) { - for (String portalCacheName : - _bootstrapLoaderProperties.stringPropertyNames()) { - - mergedPropertiesMap.put( - portalCacheName, - new ObjectValuePair( - parseProperties( - _bootstrapLoaderProperties.getProperty( - portalCacheName), - StringPool.COMMA), - null)); - } - } - for (String portalCacheName : _replicatorProperties.stringPropertyNames()) { @@ -268,9 +225,6 @@ protected void setProps(Props props) { return mergedPropertiesMap; } - private boolean _bootstrapLoaderEnabled; - private Properties _bootstrapLoaderProperties; - private String _defaultBootstrapLoaderPropertiesString; private String _defaultReplicatorPropertiesString; private Properties _replicatorProperties; diff --git a/modules/apps/portal-cache/portal-cache-multiple/src/main/java/com/liferay/portal/cache/multiple/internal/bootstrap/ClusterLinkBootstrapLoaderHelperUtil.java b/modules/apps/portal-cache/portal-cache-multiple/src/main/java/com/liferay/portal/cache/multiple/internal/bootstrap/ClusterLinkBootstrapLoaderHelperUtil.java deleted file mode 100644 index adc71af3148ea0..00000000000000 --- a/modules/apps/portal-cache/portal-cache-multiple/src/main/java/com/liferay/portal/cache/multiple/internal/bootstrap/ClusterLinkBootstrapLoaderHelperUtil.java +++ /dev/null @@ -1,470 +0,0 @@ -/** - * Copyright (c) 2000-present Liferay, Inc. All rights reserved. - * - * This library is free software; you can redistribute it and/or modify it under - * the terms of the GNU Lesser General Public License as published by the Free - * Software Foundation; either version 2.1 of the License, or (at your option) - * any later version. - * - * This library is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS - * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more - * details. - */ - -package com.liferay.portal.cache.multiple.internal.bootstrap; - -import com.liferay.petra.lang.CentralizedThreadLocal; -import com.liferay.portal.cache.multiple.internal.PortalCacheManagerUtil; -import com.liferay.portal.kernel.cache.PortalCache; -import com.liferay.portal.kernel.cache.PortalCacheHelperUtil; -import com.liferay.portal.kernel.cache.PortalCacheManager; -import com.liferay.portal.kernel.cluster.ClusterExecutorUtil; -import com.liferay.portal.kernel.cluster.ClusterNode; -import com.liferay.portal.kernel.cluster.ClusterNodeResponse; -import com.liferay.portal.kernel.cluster.ClusterRequest; -import com.liferay.portal.kernel.cluster.FutureClusterResponses; -import com.liferay.portal.kernel.exception.SystemException; -import com.liferay.portal.kernel.io.AnnotatedObjectInputStream; -import com.liferay.portal.kernel.io.AnnotatedObjectOutputStream; -import com.liferay.portal.kernel.log.Log; -import com.liferay.portal.kernel.log.LogFactoryUtil; -import com.liferay.portal.kernel.util.GetterUtil; -import com.liferay.portal.kernel.util.MethodHandler; -import com.liferay.portal.kernel.util.MethodKey; -import com.liferay.portal.kernel.util.PropsKeys; -import com.liferay.portal.kernel.util.PropsUtil; -import com.liferay.portal.kernel.util.SocketUtil; - -import java.io.IOException; -import java.io.ObjectInputStream; -import java.io.ObjectOutputStream; -import java.io.OutputStream; -import java.io.Serializable; - -import java.net.ServerSocket; -import java.net.Socket; -import java.net.SocketAddress; -import java.net.SocketException; -import java.net.SocketTimeoutException; - -import java.nio.channels.ServerSocketChannel; - -import java.util.ArrayList; -import java.util.Arrays; -import java.util.Collections; -import java.util.HashMap; -import java.util.List; -import java.util.Map; -import java.util.concurrent.BlockingQueue; -import java.util.concurrent.TimeUnit; - -import org.osgi.service.component.annotations.Activate; -import org.osgi.service.component.annotations.Component; - -/** - * @author Shuyang Zhou - * @author Sherry Yang - */ -@Component(enabled = false, immediate = true, service = {}) -public class ClusterLinkBootstrapLoaderHelperUtil { - - public static SocketAddress createServerSocketFromCluster( - String portalCacheManagerName, List portalCacheNames) - throws Exception { - - ClusterNode localClusterNode = - ClusterExecutorUtil.getLocalClusterNode(); - - ServerSocketChannel serverSocketChannel = - SocketUtil.createServerSocketChannel( - localClusterNode.getBindInetAddress(), - GetterUtil.getInteger( - PropsUtil.get(PropsKeys.EHCACHE_SOCKET_START_PORT), 32454), - _serverSocketConfigurator); - - ServerSocket serverSocket = serverSocketChannel.socket(); - - ClusterLinkBootstrapLoaderServerThread - clusterLinkBootstrapLoaderServerThread = - new ClusterLinkBootstrapLoaderServerThread( - serverSocket, portalCacheManagerName, portalCacheNames); - - clusterLinkBootstrapLoaderServerThread.start(); - - return serverSocket.getLocalSocketAddress(); - } - - public static boolean isSkipped() { - return _skipBootstrapLoaderThreadLocal.get(); - } - - public static void loadCachesFromCluster( - String portalCacheManagerName, String... portalCacheNames) - throws Exception { - - synchronized (ClusterLinkBootstrapLoaderHelperUtil.class) { - if (!_started) { - List portalCaches = _deferredPortalCaches.get( - portalCacheManagerName); - - if (portalCaches == null) { - portalCaches = new ArrayList<>(); - - _deferredPortalCaches.put( - portalCacheManagerName, portalCaches); - } - - Collections.addAll(portalCaches, portalCacheNames); - - return; - } - } - - List clusterNodes = ClusterExecutorUtil.getClusterNodes(); - - if (_log.isInfoEnabled()) { - _log.info("Cluster nodes " + clusterNodes); - } - - if (clusterNodes.size() <= 1) { - if (_log.isDebugEnabled()) { - _log.debug( - "Not loading cache from cluster because a cluster peer " + - "was not found"); - } - - return; - } - - PortalCacheManager portalCacheManager = - PortalCacheManagerUtil.getPortalCacheManager( - portalCacheManagerName); - - if (!portalCacheManager.isClusterAware()) { - return; - } - - ClusterRequest clusterRequest = ClusterRequest.createMulticastRequest( - new MethodHandler( - _createServerSocketFromClusterMethodKey, portalCacheManagerName, - Arrays.asList(portalCacheNames)), - true); - - FutureClusterResponses futureClusterResponses = - ClusterExecutorUtil.execute(clusterRequest); - - BlockingQueue clusterNodeResponses = - futureClusterResponses.getPartialResults(); - - ClusterNodeResponse clusterNodeResponse = null; - - try { - clusterNodeResponse = clusterNodeResponses.poll( - GetterUtil.getLong( - PropsUtil.get( - PropsKeys.CLUSTER_LINK_NODE_BOOTUP_RESPONSE_TIMEOUT), - 10000), - TimeUnit.MILLISECONDS); - } - catch (InterruptedException ie) { - return; - } - - if (clusterNodeResponse == null) { - if (_log.isWarnEnabled()) { - _log.warn( - "Unable to load cache from the cluster because there was " + - "no peer response"); - } - - return; - } - - if (_log.isInfoEnabled()) { - _log.info( - "Load cache data from cluster node " + - clusterNodeResponse.getClusterNode()); - } - - Socket socket = null; - - try { - SocketAddress remoteSocketAddress = - (SocketAddress)clusterNodeResponse.getResult(); - - if (remoteSocketAddress == null) { - _log.error( - "Cluster peer " + clusterNodeResponse.getClusterNode() + - " responded with a null socket address"); - - return; - } - - socket = new Socket(); - - socket.connect(remoteSocketAddress); - - socket.shutdownOutput(); - - ObjectInputStream objectInputStream = - new AnnotatedObjectInputStream(socket.getInputStream()); - - PortalCache portalCache = null; - - try { - while (true) { - Object object = objectInputStream.readObject(); - - if (object instanceof CacheElement) { - CacheElement cacheElement = (CacheElement)object; - - PortalCacheHelperUtil.putWithoutReplicator( - portalCache, cacheElement.getKey(), - cacheElement.getValue()); - } - else if (object instanceof String) { - if (_COMMAND_SOCKET_CLOSE.equals(object)) { - break; - } - - _skipBootstrapLoaderThreadLocal.set(Boolean.TRUE); - - try { - portalCache = - (PortalCache) - portalCacheManager.getPortalCache( - (String)object); - } - finally { - _skipBootstrapLoaderThreadLocal.remove(); - } - } - else { - throw new SystemException( - "Socket input stream returned invalid object " + - object); - } - } - } - finally { - if (objectInputStream != null) { - objectInputStream.close(); - } - } - } - catch (Exception e) { - throw new Exception( - "Unable to load cache data from cluster node " + - clusterNodeResponse.getClusterNode(), - e); - } - finally { - if (socket != null) { - socket.close(); - } - } - } - - @Activate - protected void activate() { - if (!_started) { - _started = true; - } - - if (_deferredPortalCaches.isEmpty()) { - return; - } - - if (_log.isDebugEnabled()) { - _log.debug("Loading deferred caches"); - } - - try { - for (Map.Entry> entry : - _deferredPortalCaches.entrySet()) { - - List portalCacheNames = entry.getValue(); - - if (portalCacheNames.isEmpty()) { - continue; - } - - loadCachesFromCluster( - entry.getKey(), portalCacheNames.toArray(new String[0])); - } - } - catch (Exception e) { - if (_log.isWarnEnabled()) { - _log.warn("Unable to load cache data from the cluster", e); - } - } - finally { - _deferredPortalCaches.clear(); - } - } - - private static final String _COMMAND_SOCKET_CLOSE = "${SOCKET_CLOSE}"; - - private static final Log _log = LogFactoryUtil.getLog( - ClusterLinkBootstrapLoaderHelperUtil.class); - - private static final MethodKey _createServerSocketFromClusterMethodKey = - new MethodKey( - ClusterLinkBootstrapLoaderHelperUtil.class, - "createServerSocketFromCluster", String.class, List.class); - private static final Map> _deferredPortalCaches = - new HashMap<>(); - private static final SocketUtil.ServerSocketConfigurator - _serverSocketConfigurator = new SocketCacheServerSocketConfiguration(); - private static final ThreadLocal _skipBootstrapLoaderThreadLocal = - new CentralizedThreadLocal<>( - ClusterLinkBootstrapLoaderHelperUtil.class + - "._skipBootstrapLoaderThreadLocal", - () -> Boolean.FALSE, false); - private static boolean _started; - - private static class CacheElement implements Serializable { - - public CacheElement(Serializable key, Serializable value) { - _key = key; - _value = value; - } - - public Serializable getKey() { - return _key; - } - - public Serializable getValue() { - return _value; - } - - private final Serializable _key; - private final Serializable _value; - - } - - private static class ClusterLinkBootstrapLoaderServerThread extends Thread { - - public ClusterLinkBootstrapLoaderServerThread( - ServerSocket serverSocket, String portalCacheManagerName, - List portalCacheNames) { - - _serverSocket = serverSocket; - _portalCacheManagerName = portalCacheManagerName; - _portalCacheNames = portalCacheNames; - - setDaemon(true); - setName( - ClusterLinkBootstrapLoaderServerThread.class.getName() + " - " + - portalCacheNames); - setPriority(Thread.NORM_PRIORITY); - } - - @Override - public void run() { - Socket socket = null; - - try { - try { - socket = _serverSocket.accept(); - } - catch (SocketTimeoutException ste) { - if (_log.isDebugEnabled()) { - _log.debug( - "Terminating the socket thread " + getName() + - " that the client requested but never used"); - } - - return; - } - finally { - _serverSocket.close(); - } - - socket.shutdownInput(); - - try (OutputStream outputStream = socket.getOutputStream(); - ObjectOutputStream objectOutputStream = - new AnnotatedObjectOutputStream(outputStream)) { - - PortalCacheManager - portalCacheManager = - PortalCacheManagerUtil.getPortalCacheManager( - _portalCacheManagerName); - - for (String portalCacheName : _portalCacheNames) { - PortalCache portalCache = - (PortalCache) - portalCacheManager.getPortalCache( - portalCacheName); - - if (portalCache == null) { - _skipBootstrapLoaderThreadLocal.set(Boolean.TRUE); - - try { - portalCacheManager.getPortalCache( - portalCacheName); - } - finally { - _skipBootstrapLoaderThreadLocal.remove(); - } - - continue; - } - - objectOutputStream.writeObject(portalCacheName); - - List keys = portalCache.getKeys(); - - for (Serializable key : keys) { - Serializable value = portalCache.get(key); - - if (value != null) { - CacheElement cacheElement = new CacheElement( - key, value); - - objectOutputStream.writeObject(cacheElement); - } - } - } - - objectOutputStream.writeObject(_COMMAND_SOCKET_CLOSE); - } - } - catch (Exception e) { - throw new RuntimeException(e); - } - finally { - if (socket != null) { - try { - socket.close(); - } - catch (IOException ioe) { - throw new RuntimeException(ioe); - } - } - } - } - - private final String _portalCacheManagerName; - private final List _portalCacheNames; - private final ServerSocket _serverSocket; - - } - - private static class SocketCacheServerSocketConfiguration - implements SocketUtil.ServerSocketConfigurator { - - @Override - public void configure(ServerSocket serverSocket) - throws SocketException { - - serverSocket.setSoTimeout( - GetterUtil.getInteger( - PropsUtil.get(PropsKeys.EHCACHE_SOCKET_SO_TIMEOUT), 10000)); - } - - } - -} \ No newline at end of file diff --git a/modules/apps/portal-cache/portal-cache-multiple/src/main/java/com/liferay/portal/cache/multiple/internal/bootstrap/ClusterLinkPortalCacheBootstrapLoader.java b/modules/apps/portal-cache/portal-cache-multiple/src/main/java/com/liferay/portal/cache/multiple/internal/bootstrap/ClusterLinkPortalCacheBootstrapLoader.java deleted file mode 100644 index 2351fd17c08524..00000000000000 --- a/modules/apps/portal-cache/portal-cache-multiple/src/main/java/com/liferay/portal/cache/multiple/internal/bootstrap/ClusterLinkPortalCacheBootstrapLoader.java +++ /dev/null @@ -1,133 +0,0 @@ -/** - * Copyright (c) 2000-present Liferay, Inc. All rights reserved. - * - * This library is free software; you can redistribute it and/or modify it under - * the terms of the GNU Lesser General Public License as published by the Free - * Software Foundation; either version 2.1 of the License, or (at your option) - * any later version. - * - * This library is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS - * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more - * details. - */ - -package com.liferay.portal.cache.multiple.internal.bootstrap; - -import com.liferay.petra.string.StringBundler; -import com.liferay.portal.cache.PortalCacheBootstrapLoader; -import com.liferay.portal.kernel.log.Log; -import com.liferay.portal.kernel.log.LogFactoryUtil; -import com.liferay.portal.kernel.util.GetterUtil; - -import java.util.Properties; - -/** - * @author Tina Tian - */ -public class ClusterLinkPortalCacheBootstrapLoader - implements PortalCacheBootstrapLoader { - - public ClusterLinkPortalCacheBootstrapLoader(Properties properties) { - if (properties != null) { - _bootstrapAsynchronously = GetterUtil.getBoolean( - properties.getProperty( - PortalCacheBootstrapLoader.BOOTSTRAP_ASYNCHRONOUSLY), - PortalCacheBootstrapLoader.DEFAULT_BOOTSTRAP_ASYNCHRONOUSLY); - } - else { - _bootstrapAsynchronously = - PortalCacheBootstrapLoader.DEFAULT_BOOTSTRAP_ASYNCHRONOUSLY; - } - } - - @Override - public boolean isAsynchronous() { - return _bootstrapAsynchronously; - } - - @Override - public void loadPortalCache( - String portalCacheManagerName, String portalCacheName) { - - if (ClusterLinkBootstrapLoaderHelperUtil.isSkipped()) { - return; - } - - if (_bootstrapAsynchronously) { - BootstrapLoaderClientThread bootstrapLoaderClientThread = - new BootstrapLoaderClientThread( - portalCacheManagerName, portalCacheName); - - bootstrapLoaderClientThread.start(); - } - else { - doLoad(portalCacheManagerName, portalCacheName); - } - } - - protected void doLoad( - String portalCacheManagerName, String portalCacheName) { - - if (_log.isDebugEnabled()) { - _log.debug("Bootstraping " + portalCacheName); - } - - try { - ClusterLinkBootstrapLoaderHelperUtil.loadCachesFromCluster( - portalCacheManagerName, portalCacheName); - } - catch (Exception e) { - if (_log.isWarnEnabled()) { - _log.warn("Unable to load cache data from the cluster", e); - } - } - } - - private static final Log _log = LogFactoryUtil.getLog( - ClusterLinkPortalCacheBootstrapLoader.class); - - private final boolean _bootstrapAsynchronously; - - private class BootstrapLoaderClientThread extends Thread { - - public BootstrapLoaderClientThread( - String portalCacheManagerName, String portalCacheName) { - - if (_log.isDebugEnabled()) { - _log.debug( - StringBundler.concat( - "Bootstrap loader client thread for cache ", - portalCacheName, " from cache manager ", - portalCacheManagerName)); - } - - _portalCacheManagerName = portalCacheManagerName; - _portalCacheName = portalCacheName; - - setDaemon(true); - setName( - StringBundler.concat( - BootstrapLoaderClientThread.class.getName(), " - ", - portalCacheManagerName, " - ", portalCacheName)); - setPriority(Thread.NORM_PRIORITY); - } - - @Override - public void run() { - try { - doLoad(_portalCacheManagerName, _portalCacheName); - } - catch (Exception e) { - if (_log.isWarnEnabled()) { - _log.warn("Unable to asynchronously stream bootstrap", e); - } - } - } - - private final String _portalCacheManagerName; - private final String _portalCacheName; - - } - -} \ No newline at end of file diff --git a/modules/apps/portal-cache/portal-cache-multiple/src/main/java/com/liferay/portal/cache/multiple/internal/bootstrap/ClusterLinkPortalCacheBootstrapLoaderFactory.java b/modules/apps/portal-cache/portal-cache-multiple/src/main/java/com/liferay/portal/cache/multiple/internal/bootstrap/ClusterLinkPortalCacheBootstrapLoaderFactory.java deleted file mode 100644 index 415763c16146fd..00000000000000 --- a/modules/apps/portal-cache/portal-cache-multiple/src/main/java/com/liferay/portal/cache/multiple/internal/bootstrap/ClusterLinkPortalCacheBootstrapLoaderFactory.java +++ /dev/null @@ -1,39 +0,0 @@ -/** - * Copyright (c) 2000-present Liferay, Inc. All rights reserved. - * - * This library is free software; you can redistribute it and/or modify it under - * the terms of the GNU Lesser General Public License as published by the Free - * Software Foundation; either version 2.1 of the License, or (at your option) - * any later version. - * - * This library is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS - * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more - * details. - */ - -package com.liferay.portal.cache.multiple.internal.bootstrap; - -import com.liferay.portal.cache.PortalCacheBootstrapLoader; -import com.liferay.portal.cache.PortalCacheBootstrapLoaderFactory; - -import java.util.Properties; - -import org.osgi.service.component.annotations.Component; - -/** - * @author Tina Tian - */ -@Component( - enabled = false, immediate = true, - service = PortalCacheBootstrapLoaderFactory.class -) -public class ClusterLinkPortalCacheBootstrapLoaderFactory - implements PortalCacheBootstrapLoaderFactory { - - @Override - public PortalCacheBootstrapLoader create(Properties properties) { - return new ClusterLinkPortalCacheBootstrapLoader(properties); - } - -} \ No newline at end of file diff --git a/modules/apps/portal-cache/portal-cache-multiple/src/main/java/com/liferay/portal/cache/multiple/internal/portal/profile/ModulePortalProfile.java b/modules/apps/portal-cache/portal-cache-multiple/src/main/java/com/liferay/portal/cache/multiple/internal/portal/profile/ModulePortalProfile.java index 6bb25ecf40ea1a..e26e337c9f6154 100644 --- a/modules/apps/portal-cache/portal-cache-multiple/src/main/java/com/liferay/portal/cache/multiple/internal/portal/profile/ModulePortalProfile.java +++ b/modules/apps/portal-cache/portal-cache-multiple/src/main/java/com/liferay/portal/cache/multiple/internal/portal/profile/ModulePortalProfile.java @@ -14,12 +14,9 @@ package com.liferay.portal.cache.multiple.internal.portal.profile; -import com.liferay.portal.cache.PortalCacheBootstrapLoaderFactory; import com.liferay.portal.cache.PortalCacheReplicatorFactory; import com.liferay.portal.cache.multiple.internal.ClusterLinkPortalCacheReplicatorFactory; import com.liferay.portal.cache.multiple.internal.PortalCacheManagerUtil; -import com.liferay.portal.cache.multiple.internal.bootstrap.ClusterLinkBootstrapLoaderHelperUtil; -import com.liferay.portal.cache.multiple.internal.bootstrap.ClusterLinkPortalCacheBootstrapLoaderFactory; import com.liferay.portal.cache.multiple.internal.cluster.link.ClusterLinkPortalCacheClusterChannelFactory; import com.liferay.portal.cache.multiple.internal.cluster.link.PortalCacheClusterLink; import com.liferay.portal.cache.multiple.internal.cluster.link.messaging.ClusterLinkMessagingConfigurator; @@ -63,12 +60,6 @@ public void activate(ComponentContext componentContext) { BundleContext bundleContext = componentContext.getBundleContext(); - bundleContext.registerService( - PortalCacheBootstrapLoaderFactory.class, - ProxyFactory.newDummyInstance( - PortalCacheBootstrapLoaderFactory.class), - new HashMapDictionary<>()); - bundleContext.registerService( PortalCacheReplicatorFactory.class, ProxyFactory.newDummyInstance( @@ -78,9 +69,7 @@ public void activate(ComponentContext componentContext) { init( componentContext, supportedPortalProfileNames, - ClusterLinkBootstrapLoaderHelperUtil.class.getName(), ClusterLinkMessagingConfigurator.class.getName(), - ClusterLinkPortalCacheBootstrapLoaderFactory.class.getName(), ClusterLinkPortalCacheClusterChannelFactory.class.getName(), ClusterLinkPortalCacheClusterListener.class.getName(), ClusterLinkPortalCacheReplicatorFactory.class.getName(), diff --git a/modules/apps/portal-search/portal-search-web/src/main/resources/META-INF/resources/search/results/view.jsp b/modules/apps/portal-search/portal-search-web/src/main/resources/META-INF/resources/search/results/view.jsp index dd3230e93a737e..fe89b2c863587e 100644 --- a/modules/apps/portal-search/portal-search-web/src/main/resources/META-INF/resources/search/results/view.jsp +++ b/modules/apps/portal-search/portal-search-web/src/main/resources/META-INF/resources/search/results/view.jsp @@ -136,7 +136,7 @@ com.liferay.portal.kernel.dao.search.SearchContainer · - <%= searchResultSummaryDisplayContext.getCreatorUserName() %> + <%= HtmlUtil.escape(searchResultSummaryDisplayContext.getCreatorUserName()) %> diff --git a/modules/apps/portal-search/portal-search-web/src/main/resources/META-INF/resources/user/facet/view.jsp b/modules/apps/portal-search/portal-search-web/src/main/resources/META-INF/resources/user/facet/view.jsp index 3346e7e7ab77bc..80947e3a04b320 100644 --- a/modules/apps/portal-search/portal-search-web/src/main/resources/META-INF/resources/user/facet/view.jsp +++ b/modules/apps/portal-search/portal-search-web/src/main/resources/META-INF/resources/user/facet/view.jsp @@ -82,7 +82,7 @@ UserSearchFacetDisplayContext userSearchFacetDisplayContext = (UserSearchFacetDi
  • diff --git a/modules/apps/staging/staging-taglib/src/main/resources/META-INF/resources/process_summary_link/page.jsp b/modules/apps/staging/staging-taglib/src/main/resources/META-INF/resources/process_summary_link/page.jsp index 3fc7102aef91e4..ff8044c0d04a2f 100644 --- a/modules/apps/staging/staging-taglib/src/main/resources/META-INF/resources/process_summary_link/page.jsp +++ b/modules/apps/staging/staging-taglib/src/main/resources/META-INF/resources/process_summary_link/page.jsp @@ -24,7 +24,7 @@ <% BackgroundTaskDisplay backgroundTaskDisplay = BackgroundTaskDisplayFactoryUtil.getBackgroundTaskDisplay(backgroundTask); -String taglibOnClick = liferayPortletResponse.getNamespace() + "showProcessSummary(" + String.valueOf(backgroundTask.getBackgroundTaskId()) + ", '" + HtmlUtil.escapeJS(backgroundTaskDisplay.getDisplayName(request)) + "', '" + HtmlUtil.escape(processSummaryURL) + "');"; +String taglibOnClick = liferayPortletResponse.getNamespace() + "showProcessSummary(" + String.valueOf(backgroundTask.getBackgroundTaskId()) + ", '" + HtmlUtil.escapeJS(backgroundTaskDisplay.getDisplayName(request)) + "', '" + HtmlUtil.escapeJS(processSummaryURL) + "');"; %> <% -String redirect = ParamUtil.getString(request, "redirect"); +String backURL = ParamUtil.getString(request, "backURL"); + +PortletURL homeURL = renderResponse.createRenderURL(); + +homeURL.setParameter("mvcPath", "/view.jsp"); + +if (Validator.isNull(backURL)) { + backURL = homeURL.toString(); +} long userGroupId = ParamUtil.getLong(request, "userGroupId"); @@ -35,14 +43,10 @@ else { } portletDisplay.setShowBackIcon(true); -portletDisplay.setURLBack(redirect); +portletDisplay.setURLBack(backURL); renderResponse.setTitle(userGroup.getName()); -PortletURL homeURL = renderResponse.createRenderURL(); - -homeURL.setParameter("mvcPath", "/view.jsp"); - PortalUtil.addPortletBreadcrumbEntry(request, LanguageUtil.get(request, "user-groups"), homeURL.toString()); PortalUtil.addPortletBreadcrumbEntry(request, userGroup.getName(), null); diff --git a/modules/apps/wiki/wiki-web/src/main/java/com/liferay/wiki/web/internal/display/context/DefaultWikiListPagesDisplayContext.java b/modules/apps/wiki/wiki-web/src/main/java/com/liferay/wiki/web/internal/display/context/DefaultWikiListPagesDisplayContext.java index 39c80de692045e..f10f422701674d 100644 --- a/modules/apps/wiki/wiki-web/src/main/java/com/liferay/wiki/web/internal/display/context/DefaultWikiListPagesDisplayContext.java +++ b/modules/apps/wiki/wiki-web/src/main/java/com/liferay/wiki/web/internal/display/context/DefaultWikiListPagesDisplayContext.java @@ -698,7 +698,7 @@ protected void addPrintPageMenuItem( portletURL.setParameter("viewMode", Constants.PRINT); portletURL.setWindowState(LiferayWindowState.POP_UP); - sb.append(portletURL.toString()); + sb.append(HtmlUtil.escapeJS(portletURL.toString())); sb.append("', '', 'directories=0,height=480,left=80,location=1,"); sb.append("menubar=1,resizable=1,scrollbars=yes,status=0,"); diff --git a/modules/source-formatter.properties b/modules/source-formatter.properties index 1bf8a4c8c609ef..ea9991e4888de2 100644 --- a/modules/source-formatter.properties +++ b/modules/source-formatter.properties @@ -24,9 +24,12 @@ javax.portlet:portlet-api:3.0.1,\ javax.servlet:javax.servlet-api:3.1.0,\ org.apache.ant:ant:1.9.14,\ + org.apache.commons:commons-compress:1.19,\ org.apache.felix:org.apache.felix.http.servlet-api:1.1.2,\ org.jboss.arquillian.junit:arquillian-junit-container:1.1.10.Final,\ org.jdom:jdom:1.1.3,\ + org.jfree:jcommon:1.0.24,\ + org.jfree:jfreechart:1.0.19,\ org.jsoup:jsoup:1.10.2,\ org.osgi:org.osgi.annotation.versioning:1.1.0,\ org.osgi:org.osgi.dto:1.1.0,\ diff --git a/portal-impl/src/com/liferay/portal/layoutconfiguration/util/RuntimePageImpl.java b/portal-impl/src/com/liferay/portal/layoutconfiguration/util/RuntimePageImpl.java index 07944108e8e525..bc3871c7f85472 100644 --- a/portal-impl/src/com/liferay/portal/layoutconfiguration/util/RuntimePageImpl.java +++ b/portal-impl/src/com/liferay/portal/layoutconfiguration/util/RuntimePageImpl.java @@ -437,8 +437,8 @@ protected StringBundler doProcessTemplate( UnsyncStringWriter unsyncStringWriter = new UnsyncStringWriter(); - templateManager.addTaglibTheme( - template, "taglibLiferay", httpServletRequest, + template.prepareTaglib( + httpServletRequest, new PipingServletResponse(httpServletResponse, unsyncStringWriter)); try { diff --git a/portal-impl/src/com/liferay/portal/template/BaseTemplate.java b/portal-impl/src/com/liferay/portal/template/BaseTemplate.java index dd1a8fa4443256..f6ef3f949a7b1c 100644 --- a/portal-impl/src/com/liferay/portal/template/BaseTemplate.java +++ b/portal-impl/src/com/liferay/portal/template/BaseTemplate.java @@ -32,6 +32,7 @@ import java.util.function.Supplier; import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; /** * @author Tina Tian @@ -121,6 +122,12 @@ public void prepare(HttpServletRequest httpServletRequest) { _templateContextHelper.prepare(this, httpServletRequest); } + @Override + public void prepareTaglib( + HttpServletRequest httpServletRequest, + HttpServletResponse httpServletResponse) { + } + @Override public void processTemplate(Writer writer) throws TemplateException { try { @@ -194,6 +201,10 @@ public Object put(String key, Object value) { } } + if (value instanceof Class) { + return putClass(key, (Class)value); + } + return context.put(key, value); } @@ -253,6 +264,10 @@ protected abstract void processTemplate( TemplateResource templateResource, Writer writer) throws Exception; + protected Object putClass(String key, Class clazz) { + return context.put(key, clazz); + } + protected Map context; private final boolean _restricted; diff --git a/portal-impl/src/com/liferay/portal/template/BaseTemplateManager.java b/portal-impl/src/com/liferay/portal/template/BaseTemplateManager.java index 06d4d330244db5..56855e72d2f3af 100644 --- a/portal-impl/src/com/liferay/portal/template/BaseTemplateManager.java +++ b/portal-impl/src/com/liferay/portal/template/BaseTemplateManager.java @@ -30,6 +30,10 @@ */ public abstract class BaseTemplateManager implements TemplateManager { + /** + * @deprecated As of Athanasius (7.3.x), with no direct replacement + */ + @Deprecated @Override public void addContextObjects( Map contextObjects, @@ -54,24 +58,40 @@ public void addContextObjects( } } + /** + * @deprecated As of Athanasius (7.3.x), with no direct replacement + */ + @Deprecated @Override public void addStaticClassSupport( Map contextObjects, String variableName, Class variableClass) { } + /** + * @deprecated As of Athanasius (7.3.x), with no direct replacement + */ + @Deprecated @Override public void addTaglibApplication( Map contextObjects, String applicationName, ServletContext servletContext) { } + /** + * @deprecated As of Athanasius (7.3.x), with no direct replacement + */ + @Deprecated @Override public void addTaglibFactory( Map contextObjects, String taglibLiferayHash, ServletContext servletContext) { } + /** + * @deprecated As of Athanasius (7.3.x), with no direct replacement + */ + @Deprecated @Override public void addTaglibRequest( Map contextObjects, String applicationName, @@ -79,6 +99,10 @@ public void addTaglibRequest( HttpServletResponse httpServletResponse) { } + /** + * @deprecated As of Athanasius (7.3.x), with no direct replacement + */ + @Deprecated @Override public void addTaglibSupport( Map contextObjects, @@ -86,6 +110,10 @@ public void addTaglibSupport( HttpServletResponse httpServletResponse) { } + /** + * @deprecated As of Athanasius (7.3.x), with no direct replacement + */ + @Deprecated @Override public void addTaglibTheme( Map contextObjects, String themeName, diff --git a/portal-impl/src/com/liferay/portal/template/RestrictedTemplate.java b/portal-impl/src/com/liferay/portal/template/RestrictedTemplate.java index 614faf55069f82..568b7d19a13b9b 100644 --- a/portal-impl/src/com/liferay/portal/template/RestrictedTemplate.java +++ b/portal-impl/src/com/liferay/portal/template/RestrictedTemplate.java @@ -26,6 +26,7 @@ import java.util.function.Supplier; import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; /** * @author Tina Tian @@ -81,6 +82,14 @@ public void prepare(HttpServletRequest httpServletRequest) { _template.prepare(httpServletRequest); } + @Override + public void prepareTaglib( + HttpServletRequest httpServletRequest, + HttpServletResponse httpServletResponse) { + + _template.prepareTaglib(httpServletRequest, httpServletResponse); + } + @Override public void processTemplate(Writer writer) throws TemplateException { _template.processTemplate(writer); diff --git a/portal-impl/src/com/liferay/portal/template/TemplateContextHelper.java b/portal-impl/src/com/liferay/portal/template/TemplateContextHelper.java index ccc5c5f8c5b1fc..1b329c4b628487 100644 --- a/portal-impl/src/com/liferay/portal/template/TemplateContextHelper.java +++ b/portal-impl/src/com/liferay/portal/template/TemplateContextHelper.java @@ -186,7 +186,7 @@ public Map getHelperUtilities( Map helperUtilities = new HashMap<>(); populateCommonHelperUtilities(helperUtilities); - populateExtraHelperUtilities(helperUtilities); + populateExtraHelperUtilities(helperUtilities, restricted); if (restricted) { Set restrictedVariables = getRestrictedVariables(); @@ -860,9 +860,18 @@ protected void populateDeprecatedCommonHelperUtilities( } } + /** + * @deprecated As of Athanasius (7.3.x), replaced by {@link + * #populateExtraHelperUtilities(Map, boolean)} + */ + @Deprecated protected void populateExtraHelperUtilities(Map variables) { } + protected void populateExtraHelperUtilities( + Map variables, boolean restricted) { + } + protected void prepareTiles( Map contextObjects, HttpServletRequest httpServletRequest) { diff --git a/portal-impl/src/com/liferay/portal/template/packageinfo b/portal-impl/src/com/liferay/portal/template/packageinfo index e68b954f617fab..bbcbfe4fb3b987 100644 --- a/portal-impl/src/com/liferay/portal/template/packageinfo +++ b/portal-impl/src/com/liferay/portal/template/packageinfo @@ -1 +1 @@ -version 2.1.1 \ No newline at end of file +version 2.2.0 \ No newline at end of file diff --git a/portal-impl/src/com/liferay/portal/templateparser/Transformer.java b/portal-impl/src/com/liferay/portal/templateparser/Transformer.java index 2aa68469ea135d..538d691f4c51b2 100644 --- a/portal-impl/src/com/liferay/portal/templateparser/Transformer.java +++ b/portal-impl/src/com/liferay/portal/templateparser/Transformer.java @@ -41,6 +41,9 @@ import java.util.HashMap; import java.util.Map; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + /** * @author Brian Wing Shun Chan * @author Raymond Augé @@ -85,7 +88,9 @@ public Transformer( public String transform( ThemeDisplay themeDisplay, Map contextObjects, String script, String langType, - UnsyncStringWriter unsyncStringWriter) + UnsyncStringWriter unsyncStringWriter, + HttpServletRequest httpServletRequest, + HttpServletResponse httpServletResponse) throws Exception { if (Validator.isNull(langType)) { @@ -136,6 +141,8 @@ public String transform( template.put("siteGroupId", siteGroupId); template.put("templatesPath", templatesPath); + template.prepareTaglib(httpServletRequest, httpServletResponse); + // Deprecated variables template.put("groupId", scopeGroupId); diff --git a/portal-impl/src/com/liferay/portal/util/HttpImpl.java b/portal-impl/src/com/liferay/portal/util/HttpImpl.java index 16bc8177b71534..02f023dab6f5bf 100644 --- a/portal-impl/src/com/liferay/portal/util/HttpImpl.java +++ b/portal-impl/src/com/liferay/portal/util/HttpImpl.java @@ -14,6 +14,7 @@ package com.liferay.portal.util; +import com.liferay.petra.lang.CentralizedThreadLocal; import com.liferay.petra.memory.FinalizeAction; import com.liferay.petra.memory.FinalizeManager; import com.liferay.petra.string.CharPool; @@ -53,6 +54,7 @@ import java.util.ArrayList; import java.util.Date; +import java.util.HashMap; import java.util.LinkedHashMap; import java.util.List; import java.util.Map; @@ -502,14 +504,8 @@ public String getDomain(String url) { return url; } - url = url.trim(); - - if (_getProtocolDelimiterIndex(url) < 0) { - url = Http.HTTPS_WITH_SLASH + url; - } - try { - URI uri = new URI(url); + URI uri = _getURI(url); String host = uri.getHost(); @@ -599,20 +595,20 @@ public String getPath(String url) { return url; } - if (url.startsWith(Http.HTTP)) { - int pos = url.indexOf( - CharPool.SLASH, Http.HTTPS_WITH_SLASH.length()); + try { + URI uri = _getURI(url); - url = url.substring(pos); - } + String path = uri.getPath(); - int pos = url.indexOf(CharPool.QUESTION); + if (path == null) { + return StringPool.BLANK; + } - if (pos == -1) { - return url; + return path; + } + catch (URISyntaxException uriSyntaxException) { + return StringPool.BLANK; } - - return url.substring(0, pos); } @Override @@ -641,15 +637,24 @@ public String getProtocol(RenderRequest renderRequest) { @Override public String getProtocol(String url) { - url = url.trim(); + if (Validator.isNull(url)) { + return url; + } - int index = _getProtocolDelimiterIndex(url); + try { + URI uri = _getURI(url); - if (index > 0) { - return url.substring(0, index); - } + String scheme = uri.getScheme(); - return StringPool.BLANK; + if (scheme == null) { + return StringPool.BLANK; + } + + return scheme; + } + catch (URISyntaxException uriSyntaxException) { + return StringPool.BLANK; + } } @Override @@ -658,13 +663,20 @@ public String getQueryString(String url) { return url; } - int pos = url.indexOf(CharPool.QUESTION); + try { + URI uri = _getURI(url); - if (pos == -1) { + String queryString = uri.getQuery(); + + if (queryString == null) { + return StringPool.BLANK; + } + + return queryString; + } + catch (URISyntaxException uriSyntaxException) { return StringPool.BLANK; } - - return url.substring(pos + 1); } @Override @@ -683,11 +695,11 @@ public boolean hasDomain(String url) { @Override public boolean hasProtocol(String url) { - if (_getProtocolDelimiterIndex(url) > 0) { - return true; + if (Validator.isNull(url)) { + return false; } - return false; + return Validator.isNotNull(getProtocol(url)); } @Override @@ -1091,12 +1103,20 @@ public String removePathParameters(String uri) { @Override public String removeProtocol(String url) { - url = url.trim(); + String protocol = getProtocol(url); + + if (Validator.isNotNull(protocol)) { + url = url.trim(); - int index = _getProtocolDelimiterIndex(url); + if (url.regionMatches( + protocol.length(), PROTOCOL_DELIMITER, 0, + PROTOCOL_DELIMITER.length())) { - if (index > 0) { - return url.substring(index + PROTOCOL_DELIMITER.length()); + return url.substring( + protocol.length() + PROTOCOL_DELIMITER.length()); + } + + return url.substring(protocol.length() + StringPool.COLON.length()); } return url; @@ -1719,7 +1739,7 @@ protected InputStream URLtoInputStream( URI uri = null; try { - uri = new URI(location); + uri = _getURI(location); } catch (URISyntaxException urise) { throw new IOException("Invalid URI: " + location, urise); @@ -1740,7 +1760,7 @@ else if (!location.startsWith(Http.HTTP_WITH_SLASH) && location = Http.HTTP_WITH_SLASH + location; - uri = new URI(location); + uri = _getURI(location); } HttpHost targetHttpHost = new HttpHost( @@ -1997,32 +2017,20 @@ public void close() throws IOException { } } - private int _getProtocolDelimiterIndex(String url) { - if (Validator.isNull(url)) { - return -1; - } - - // Define protocol as "[a-zA-Z][a-zA-Z0-9]*://" - - int pos = url.indexOf(Http.PROTOCOL_DELIMITER); + private URI _getURI(String uriString) throws URISyntaxException { + Map uris = _uris.get(); - if (pos <= 0) { - return -1; - } + uriString = uriString.trim(); - if (!Validator.isChar(url.charAt(0))) { - return -1; - } + URI uri = uris.get(uriString); - for (int i = 1; i < pos; ++i) { - if (!Validator.isChar(url.charAt(i)) && - !Validator.isDigit(url.charAt(i))) { + if (uri == null) { + uri = new URI(uriString); - return -1; - } + uris.put(uriString, uri); } - return pos; + return uri; } private String _shortenURL( @@ -2153,6 +2161,8 @@ private String _shortenURL( private static final Log _log = LogFactoryUtil.getLog(HttpImpl.class); private static final ThreadLocal _cookies = new ThreadLocal<>(); + private static final ThreadLocal> _uris = + new CentralizedThreadLocal<>(HttpImpl.class + "._uris", HashMap::new); private final CloseableHttpClient _closeableHttpClient; private final Pattern _nonProxyHostsPattern; diff --git a/portal-impl/src/com/liferay/portal/util/PortalImpl.java b/portal-impl/src/com/liferay/portal/util/PortalImpl.java index 484bf4caf459b3..22a626768ddb0b 100644 --- a/portal-impl/src/com/liferay/portal/util/PortalImpl.java +++ b/portal-impl/src/com/liferay/portal/util/PortalImpl.java @@ -931,18 +931,28 @@ public String escapeRedirect(String url) { return url; } - url = url.trim(); + String domain = HttpUtil.getDomain(url); + String protocol = HttpUtil.getProtocol(url); - if ((url.charAt(0) == CharPool.SLASH) && - ((url.length() == 1) || - ((url.length() > 1) && (url.charAt(1) != CharPool.SLASH)))) { + if (Validator.isBlank(domain)) { + if (Validator.isBlank(HttpUtil.getPath(url))) { + return null; + } + + // Specs allow URL of protocol followed by path, but we do not + + if (!Validator.isBlank(protocol)) { + return null; + } + + // The URL is a relative path return url; } - String domain = HttpUtil.getDomain(url); + // Specs regard URL starting with double slashes as valid, but we do not - if (domain.isEmpty()) { + if (Validator.isBlank(protocol)) { return null; } diff --git a/portal-impl/src/com/liferay/portal/verify/VerifyProperties.java b/portal-impl/src/com/liferay/portal/verify/VerifyProperties.java index d82717ec648f69..ab9cbef4e5d965 100644 --- a/portal-impl/src/com/liferay/portal/verify/VerifyProperties.java +++ b/portal-impl/src/com/liferay/portal/verify/VerifyProperties.java @@ -1687,7 +1687,10 @@ protected void verifySystemProperties() throws Exception { "configuration.jsp", "editor.wysiwyg.portal-web.docroot.html.portlet.portal_settings." + "email_notifications.jsp", + "ehcache.bootstrap.cache.loader.enabled", "ehcache.bootstrap.cache.loader.factory", + "ehcache.bootstrap.cache.loader.properties", + "ehcache.bootstrap.cache.loader.properties.default", "ehcache.cache.event.listener.factory", "ehcache.cache.manager.peer.listener.factory", "ehcache.cache.manager.peer.provider.factory", diff --git a/portal-impl/src/com/liferay/portal/webserver/WebServerEntry.java b/portal-impl/src/com/liferay/portal/webserver/WebServerEntry.java index d1d4bebd414acb..ae77ad1040e722 100644 --- a/portal-impl/src/com/liferay/portal/webserver/WebServerEntry.java +++ b/portal-impl/src/com/liferay/portal/webserver/WebServerEntry.java @@ -15,10 +15,13 @@ package com.liferay.portal.webserver; import com.liferay.petra.string.StringPool; +import com.liferay.portal.kernel.util.FastDateFormatFactoryUtil; import com.liferay.portal.kernel.util.GetterUtil; import com.liferay.portal.kernel.util.HttpUtil; import com.liferay.portal.kernel.util.URLCodec; +import java.text.Format; + import java.util.Date; /** @@ -38,6 +41,14 @@ public WebServerEntry( _name = name; _createDate = createDate; _modifiedDate = modifiedDate; + + if (modifiedDate != null) { + Format format = FastDateFormatFactoryUtil.getSimpleDateFormat( + "d MMM yyyy HH:mm z"); + + _modifiedDateString = format.format(modifiedDate); + } + _description = GetterUtil.getString(description); _size = size; } @@ -54,6 +65,10 @@ public Date getModifiedDate() { return _modifiedDate; } + public String getModifiedDateString() { + return _modifiedDateString; + } + public String getName() { return _name; } @@ -78,6 +93,10 @@ public void setModifiedDate(Date modifiedDate) { _modifiedDate = modifiedDate; } + public void setModifiedDateString(String modifiedDateString) { + _modifiedDateString = modifiedDateString; + } + public void setName(String name) { _name = name; } @@ -110,6 +129,7 @@ protected String getPath(String path, String name) { private Date _createDate; private String _description; private Date _modifiedDate; + private String _modifiedDateString; private String _name; private String _path; private long _size; diff --git a/portal-impl/src/com/liferay/portal/webserver/WebServerServlet.java b/portal-impl/src/com/liferay/portal/webserver/WebServerServlet.java index ed64c3ad1323c6..33fe805dfd91ab 100644 --- a/portal-impl/src/com/liferay/portal/webserver/WebServerServlet.java +++ b/portal-impl/src/com/liferay/portal/webserver/WebServerServlet.java @@ -86,7 +86,6 @@ import com.liferay.portal.kernel.transaction.TransactionInvokerUtil; import com.liferay.portal.kernel.util.ContentTypes; import com.liferay.portal.kernel.util.DigesterUtil; -import com.liferay.portal.kernel.util.FastDateFormatFactoryUtil; import com.liferay.portal.kernel.util.FileUtil; import com.liferay.portal.kernel.util.GetterUtil; import com.liferay.portal.kernel.util.HtmlUtil; @@ -120,8 +119,6 @@ import java.net.URL; -import java.text.Format; - import java.util.ArrayList; import java.util.Date; import java.util.List; @@ -1230,7 +1227,6 @@ protected void sendHTML( Template template = TemplateManagerUtil.getTemplate( TemplateConstants.LANG_TYPE_FTL, _templateResource, true); - template.put("dateFormat", _dateFormat); template.put("entries", webServerEntries); template.put("path", HttpUtil.encodePath(path)); @@ -1653,8 +1649,6 @@ private boolean _processCompanyInactiveRequest( UserFileUploadsSettings.class, WebServerServlet.class, "_userFileUploadsSettings", false); - private final Format _dateFormat = - FastDateFormatFactoryUtil.getSimpleDateFormat("d MMM yyyy HH:mm z"); private boolean _lastModified = true; private TemplateResource _templateResource; diff --git a/portal-impl/src/com/liferay/portal/webserver/dependencies/template.ftl b/portal-impl/src/com/liferay/portal/webserver/dependencies/template.ftl index 121f541146b17c..25a4b60691c5d8 100644 --- a/portal-impl/src/com/liferay/portal/webserver/dependencies/template.ftl +++ b/portal-impl/src/com/liferay/portal/webserver/dependencies/template.ftl @@ -26,8 +26,8 @@ ${entry.name} - <#if entry.getModifiedDate()??> - ${dateFormat.format(entry.modifiedDate)} + <#if entry.getModifiedDateString()??> + ${entry.modifiedDateString} <#else> - diff --git a/portal-impl/src/portal.properties b/portal-impl/src/portal.properties index 87c4eba4eef83a..aa18a93b4b9e60 100644 --- a/portal-impl/src/portal.properties +++ b/portal-impl/src/portal.properties @@ -1624,29 +1624,6 @@ ehcache.single.vm.config.location=/ehcache/liferay-single-vm.xml ehcache.multi.vm.config.location=/ehcache/liferay-multi-vm.xml - # - # Set this to true to enable the Ehcache bootstrap cache loader. - # - # Env: LIFERAY_EHCACHE_PERIOD_BOOTSTRAP_PERIOD_CACHE_PERIOD_LOADER_PERIOD_ENABLED - # - ehcache.bootstrap.cache.loader.enabled=false - - # - # Input a list of comma delimited key value pair to set bootstrap loader - # properties for the default cache. - # - # Env: LIFERAY_EHCACHE_PERIOD_BOOTSTRAP_PERIOD_CACHE_PERIOD_LOADER_PERIOD_PROPERTIES_PERIOD_DEFAULT - # - ehcache.bootstrap.cache.loader.properties.default= - - # - # Input a list of comma delimited key value pair to set bootstrap loader - # properties for a specific cache. - # - # Env: LIFERAY_EHCACHE_PERIOD_BOOTSTRAP_PERIOD_CACHE_PERIOD_LOADER_PERIOD_PROPERTIES_PERIOD__DOLLAR__OPENCURLYBRACE_SPECIFIC_PERIOD_CACHE_PERIOD_NAME_CLOSECURLYBRACE_ - # - #ehcache.bootstrap.cache.loader.properties.${specific.cache.name}= - # # Input a list of comma delimited key value pair to set replication # properties for the default cache. @@ -5900,7 +5877,7 @@ # Env: LIFERAY_SETUP_PERIOD_DATABASE_PERIOD_JAR_PERIOD_URL_OPENBRACKET_COM_PERIOD_MYSQL_PERIOD_CJ_PERIOD_JDBC_PERIOD__UPPERCASED_RIVER_CLOSEBRACKET_ # setup.database.jar.name[com.mysql.cj.jdbc.Driver]=mysql.jar - setup.database.jar.url[com.mysql.cj.jdbc.Driver]=http://repo1.maven.org/maven2/mysql/mysql-connector-java/8.0.15/mysql-connector-java-8.0.15.jar + setup.database.jar.url[com.mysql.cj.jdbc.Driver]=https://repo1.maven.org/maven2/mysql/mysql-connector-java/8.0.15/mysql-connector-java-8.0.15.jar # # Env: LIFERAY_SETUP_PERIOD_DATABASE_PERIOD_URL_OPENBRACKET_DB_NUMBER2__CLOSEBRACKET_ diff --git a/portal-impl/test/unit/com/liferay/portal/dao/orm/hibernate/region/dependencies/test-multi-ehcache-config.xml b/portal-impl/test/unit/com/liferay/portal/dao/orm/hibernate/region/dependencies/test-multi-ehcache-config.xml index 8736b2d6e2a9e5..29c30947438bac 100644 --- a/portal-impl/test/unit/com/liferay/portal/dao/orm/hibernate/region/dependencies/test-multi-ehcache-config.xml +++ b/portal-impl/test/unit/com/liferay/portal/dao/orm/hibernate/region/dependencies/test-multi-ehcache-config.xml @@ -19,7 +19,6 @@ propertySeparator="," /> - @@ -29,6 +28,5 @@ propertySeparator="," /> - \ No newline at end of file diff --git a/portal-kernel/src/com/liferay/portal/kernel/template/Template.java b/portal-kernel/src/com/liferay/portal/kernel/template/Template.java index 3e36af5b159b5f..38163d5e048eab 100644 --- a/portal-kernel/src/com/liferay/portal/kernel/template/Template.java +++ b/portal-kernel/src/com/liferay/portal/kernel/template/Template.java @@ -20,14 +20,22 @@ import java.util.function.Supplier; import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.osgi.annotation.versioning.ProviderType; /** * @author Tina Tian */ +@ProviderType public interface Template extends Map { public void prepare(HttpServletRequest httpServletRequest); + public void prepareTaglib( + HttpServletRequest httpServletRequest, + HttpServletResponse httpServletResponse); + public void processTemplate(Writer writer) throws TemplateException; public void processTemplate( diff --git a/portal-kernel/src/com/liferay/portal/kernel/template/TemplateManager.java b/portal-kernel/src/com/liferay/portal/kernel/template/TemplateManager.java index 3868b3638c2431..a24dda0352eb61 100644 --- a/portal-kernel/src/com/liferay/portal/kernel/template/TemplateManager.java +++ b/portal-kernel/src/com/liferay/portal/kernel/template/TemplateManager.java @@ -26,32 +26,60 @@ */ public interface TemplateManager { + /** + * @deprecated As of Athanasius (7.3.x), with no direct replacement + */ + @Deprecated public void addContextObjects( Map contextObjects, Map newContextObjects); + /** + * @deprecated As of Athanasius (7.3.x), with no direct replacement + */ + @Deprecated public void addStaticClassSupport( Map contextObjects, String variableName, Class variableClass); + /** + * @deprecated As of Athanasius (7.3.x), with no direct replacement + */ + @Deprecated public void addTaglibApplication( Map contextObjects, String applicationName, ServletContext servletContext); + /** + * @deprecated As of Athanasius (7.3.x), with no direct replacement + */ + @Deprecated public void addTaglibFactory( Map contextObjects, String taglibLiferayHash, ServletContext servletContext); + /** + * @deprecated As of Athanasius (7.3.x), with no direct replacement + */ + @Deprecated public void addTaglibRequest( Map contextObjects, String applicationName, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse); + /** + * @deprecated As of Athanasius (7.3.x), with no direct replacement + */ + @Deprecated public void addTaglibSupport( Map contextObjects, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse); + /** + * @deprecated As of Athanasius (7.3.x), with no direct replacement + */ + @Deprecated public void addTaglibTheme( Map contextObjects, String string, HttpServletRequest httpServletRequest, diff --git a/portal-kernel/src/com/liferay/portal/kernel/util/PropsKeys.java b/portal-kernel/src/com/liferay/portal/kernel/util/PropsKeys.java index 10a66dadc41bfa..b693c7e6602f38 100644 --- a/portal-kernel/src/com/liferay/portal/kernel/util/PropsKeys.java +++ b/portal-kernel/src/com/liferay/portal/kernel/util/PropsKeys.java @@ -1247,12 +1247,24 @@ public interface PropsKeys { public static final String EHCACHE_BLOCKING_CACHE_ALLOWED = "ehcache.blocking.cache.allowed"; + /** + * @deprecated As of Mueller (7.2.x), with no direct replacement + */ + @Deprecated public static final String EHCACHE_BOOTSTRAP_CACHE_LOADER_ENABLED = "ehcache.bootstrap.cache.loader.enabled"; + /** + * @deprecated As of Mueller (7.2.x), with no direct replacement + */ + @Deprecated public static final String EHCACHE_BOOTSTRAP_CACHE_LOADER_PROPERTIES = "ehcache.bootstrap.cache.loader.properties"; + /** + * @deprecated As of Mueller (7.2.x), with no direct replacement + */ + @Deprecated public static final String EHCACHE_BOOTSTRAP_CACHE_LOADER_PROPERTIES_DEFAULT = "ehcache.bootstrap.cache.loader.properties.default"; diff --git a/portal-web/docroot/html/common/themes/top_js.jspf b/portal-web/docroot/html/common/themes/top_js.jspf index 7e60dfb15a9d6a..9f92a54f05f8fd 100644 --- a/portal-web/docroot/html/common/themes/top_js.jspf +++ b/portal-web/docroot/html/common/themes/top_js.jspf @@ -194,7 +194,7 @@ String completeURL = PortalUtil.getCurrentCompleteURL(request); %> - return '<%= PortalUtil.getCanonicalURL(completeURL, themeDisplay, layout, false, false) %>'; + return '<%= HtmlUtil.escapeJS(PortalUtil.getCanonicalURL(completeURL, themeDisplay, layout, false, false)) %>'; }, getCDNBaseURL: function() { return '<%= themeDisplay.getCDNBaseURL() %>'; diff --git a/portal-web/docroot/html/taglib/ui/menu_item/page.jsp b/portal-web/docroot/html/taglib/ui/menu_item/page.jsp index 9c0e54a1e99536..2a156c2f840eba 100644 --- a/portal-web/docroot/html/taglib/ui/menu_item/page.jsp +++ b/portal-web/docroot/html/taglib/ui/menu_item/page.jsp @@ -43,7 +43,7 @@ MenuItem menuItem = (MenuItem)request.getAttribute("liferay-ui:menu_item:menuIte data="<%= javaScriptMenuItem.getData() %>" iconCssClass="<%= javaScriptMenuItem.getIcon() %>" message="<%= HtmlUtil.escape(javaScriptMenuItem.getLabel()) %>" - onClick="<%= HtmlUtil.escapeAttribute(javaScriptMenuItem.getOnClick()) %>" + onClick="<%= javaScriptMenuItem.getOnClick() %>" url="javascript:;" /> diff --git a/portal-web/docroot/html/taglib/ui/page_iterator/lexicon/start.jsp b/portal-web/docroot/html/taglib/ui/page_iterator/lexicon/start.jsp index ba5ece16ed41d5..fd940690f2431b 100644 --- a/portal-web/docroot/html/taglib/ui/page_iterator/lexicon/start.jsp +++ b/portal-web/docroot/html/taglib/ui/page_iterator/lexicon/start.jsp @@ -70,7 +70,7 @@ if (forcePost && (portletURL != null)) { %> -
    + @@ -102,7 +102,7 @@ if (forcePost && (portletURL != null)) { %>
  • - "> + "> <%= String.valueOf(curDelta) %> @@ -344,7 +344,7 @@ if (forcePost && (portletURL != null)) { namespace: '<%= namespace %>', pages: '<%= pages %>', randomNamespace: '<%= randomNamespace %>', - url: '<%= url %>', + url: '<%= HtmlUtil.escapeJS(url) %>', urlAnchor: '<%= urlAnchor %>' } ); @@ -369,7 +369,7 @@ if (forcePost && (portletURL != null)) { <%! private String _getHREF(String formName, String curParam, int cur, String jsCall, String url, String urlAnchor) throws Exception { if (Validator.isNotNull(url)) { - return HttpUtil.addParameter(HttpUtil.removeParameter(url, curParam) + urlAnchor, curParam, cur); + return HtmlUtil.escapeHREF(HttpUtil.addParameter(HttpUtil.removeParameter(url, curParam) + urlAnchor, curParam, cur)); } return "javascript:document." + formName + "." + curParam + ".value = '" + cur + "'; " + jsCall; diff --git a/portal-web/docroot/html/taglib/ui/page_iterator/start.jsp b/portal-web/docroot/html/taglib/ui/page_iterator/start.jsp index 2d124c1d5237d9..d0d898682e4d2e 100644 --- a/portal-web/docroot/html/taglib/ui/page_iterator/start.jsp +++ b/portal-web/docroot/html/taglib/ui/page_iterator/start.jsp @@ -83,7 +83,7 @@ if (forcePost && (portletURL != null)) { url = url.split(namespace)[0]; %> -
    + @@ -204,7 +204,7 @@ if (forcePost && (portletURL != null)) { <% @@ -239,7 +239,7 @@ if (forcePost && (portletURL != null)) { <% diff --git a/portal-web/test/functional/com/liferay/portalweb/tests/coreinfrastructureee/clustering/clusteringframework/ClusteringMissingPlugins.testcase b/portal-web/test/functional/com/liferay/portalweb/tests/coreinfrastructureee/clustering/clusteringframework/ClusteringMissingPlugins.testcase index 5d74a76a1e66ed..24f729bce1d048 100644 --- a/portal-web/test/functional/com/liferay/portalweb/tests/coreinfrastructureee/clustering/clusteringframework/ClusteringMissingPlugins.testcase +++ b/portal-web/test/functional/com/liferay/portalweb/tests/coreinfrastructureee/clustering/clusteringframework/ClusteringMissingPlugins.testcase @@ -27,66 +27,9 @@ definition { } } - @ignore = "true" - @priority = "3" - test CacheBootstrapLoader { - property custom.properties = "ehcache.bootstrap.cache.loader.enabled=true${line.separator}ehcache.bootstrap.cache.loader.properties.test.cache=bootstrapAsynchronously=false"; - property test.name.skip.portal.instance = "ClusteringMissingPlugins#CacheBootstrapLoader"; - - Clustering.viewClusterStatusInConsole(); - - Clustering.enableDebugging( - categoryName = "com.liferay.portal.cache.ehcache.internal.event.PortalCacheCacheEventListener.test.cache", - nodePort = "8080"); - - Clustering.enableDebugging( - categoryName = "com.liferay.portal.cache.ehcache.internal.event.PortalCacheCacheEventListener.test.cache", - nodePort = "9080"); - - Clustering.deployJarOnSpecificServer( - liferayDependencyJars = "com.liferay.cluster.test.module.7.2.jar", - nodePort = "8080"); - - Clustering.viewTextNotPresentOnSpecificNode( - exceptionText = "Could not resolve module: com.liferay.cluster.test.module", - nodePort = "8080"); - - Clustering.runGroovyScript( - nodePort = "8080", - scriptFile = "groovy-script-portal-cache-put-modules.groovy"); - - Clustering.viewTextPresentOnSpecificNode( - expectedText = "Put test.key into test.cache", - nodePort = "8080"); - - Clustering.viewTextNotPresentOnSpecificNode( - exceptionText = "Unable to deserialize object", - nodePort = "9080"); - - Clustering.deployJarOnSpecificServer( - liferayDependencyJars = "com.liferay.cluster.test.module.7.2.jar", - nodePort = "9080"); - - Clustering.viewTextNotPresentOnSpecificNode( - exceptionText = "Could not resolve module: com.liferay.cluster.test.module", - nodePort = "9080"); - - Clustering.runGroovyScript( - nodePort = "9080", - scriptFile = "groovy-script-portal-cache-get.groovy"); - - Clustering.viewTextPresentOnSpecificNode( - expectedText = "Put test.key into test.cache", - nodePort = "9080"); - - AssertTextEquals( - locator1 = "ServerAdministrationScript#OUTPUT_FIELD", - value1 = "test.key=test.value"); - } - @priority = "4" test CacheReplicationbyCopy { - property custom.properties = "ehcache.bootstrap.cache.loader.enabled=false${line.separator}ehcache.replicator.properties.test.cache=replicatePutsViaCopy=true"; + property custom.properties = "ehcache.replicator.properties.test.cache=replicatePutsViaCopy=true"; property test.name.skip.portal.instance = "ClusteringMissingPlugins#CacheReplicationbyCopy"; Clustering.viewClusterStatusInConsole(); diff --git a/source-formatter-api-signature-check-exceptions.txt b/source-formatter-api-signature-check-exceptions.txt index ff6b81ad2ec132..a4b4dbf63185af 100644 --- a/source-formatter-api-signature-check-exceptions.txt +++ b/source-formatter-api-signature-check-exceptions.txt @@ -343,7 +343,7 @@ com.liferay.portal.setup.SetupWizardUtil#isDefaultDatabase(HttpServletRequest) com.liferay.portal.setup.SetupWizardUtil#testDatabase(HttpServletRequest) com.liferay.portal.setup.SetupWizardUtil#updateLanguage(HttpServletRequest,HttpServletResponse) com.liferay.portal.setup.SetupWizardUtil#updateSetup(HttpServletRequest,HttpServletResponse) -com.liferay.portal.templateparser.Transformer#transform(ThemeDisplay,Map,String,String,UnsyncStringWriter) +com.liferay.portal.templateparser.Transformer#transform(ThemeDisplay,Map,String,String,UnsyncStringWriter,HttpServletRequest,HttpServletResponse) com.liferay.portal.util.LayoutClone#get(HttpServletRequest,long) com.liferay.portal.util.LayoutClone#update(HttpServletRequest,long,String) com.liferay.portal.util.LayoutURLUtil#getLayoutURL(Layout,ServiceContext) diff --git a/util-bridges/src/com/liferay/util/bridges/freemarker/FreeMarkerPortlet.java b/util-bridges/src/com/liferay/util/bridges/freemarker/FreeMarkerPortlet.java index c71ec32c19c023..e73f6d5145912b 100644 --- a/util-bridges/src/com/liferay/util/bridges/freemarker/FreeMarkerPortlet.java +++ b/util-bridges/src/com/liferay/util/bridges/freemarker/FreeMarkerPortlet.java @@ -21,7 +21,6 @@ import com.liferay.portal.kernel.template.Template; import com.liferay.portal.kernel.template.TemplateConstants; import com.liferay.portal.kernel.template.TemplateException; -import com.liferay.portal.kernel.template.TemplateManager; import com.liferay.portal.kernel.template.TemplateManagerUtil; import com.liferay.portal.kernel.template.TemplateResource; import com.liferay.portal.kernel.template.TemplateResourceLoaderUtil; @@ -86,15 +85,11 @@ protected void include( TemplateResourceLoaderUtil.getTemplateResource( TemplateConstants.LANG_TYPE_FTL, resourcePath); - TemplateManager templateManager = - TemplateManagerUtil.getTemplateManager( - TemplateConstants.LANG_TYPE_FTL); - Template template = TemplateManagerUtil.getTemplate( TemplateConstants.LANG_TYPE_FTL, templateResource, false); - templateManager.addTaglibSupport( - template, PortalUtil.getHttpServletRequest(portletRequest), + template.prepareTaglib( + PortalUtil.getHttpServletRequest(portletRequest), PortalUtil.getHttpServletResponse(portletResponse)); template.put("portletContext", getPortletContext()); diff --git a/util-taglib/src/com/liferay/taglib/aui/ATag.java b/util-taglib/src/com/liferay/taglib/aui/ATag.java index 44baead5ff5882..e73a112137df73 100644 --- a/util-taglib/src/com/liferay/taglib/aui/ATag.java +++ b/util-taglib/src/com/liferay/taglib/aui/ATag.java @@ -143,7 +143,7 @@ protected int processStartTag() throws Exception { if (Validator.isNotNull(onClick)) { jspWriter.write("onClick=\""); - jspWriter.write(onClick); + jspWriter.write(HtmlUtil.escapeAttribute(onClick)); jspWriter.write("\" "); } diff --git a/util-taglib/src/com/liferay/taglib/ui/IconTag.java b/util-taglib/src/com/liferay/taglib/ui/IconTag.java index 5c17e05130eb8e..3b6d43842a6419 100644 --- a/util-taglib/src/com/liferay/taglib/ui/IconTag.java +++ b/util-taglib/src/com/liferay/taglib/ui/IconTag.java @@ -596,8 +596,9 @@ private String _getDetails(ThemeDisplay themeDisplay) { String details = null; if (_alt != null) { - details = - " alt=\"" + LanguageUtil.get(_getResourceBundle(), _alt) + "\""; + String alt = LanguageUtil.get(_getResourceBundle(), _alt); + + details = " alt=\"" + HtmlUtil.escapeAttribute(alt) + "\""; } else if (isLabel()) { details = " alt=\"\""; @@ -609,7 +610,8 @@ else if (isLabel()) { String localizedProcessedMessage = StringPool.BLANK; - String processedMessage = getProcessedMessage(); + String processedMessage = HtmlUtil.escapeAttribute( + getProcessedMessage()); if (processedMessage != null) { localizedProcessedMessage = LanguageUtil.get( @@ -727,7 +729,7 @@ else if (isLabel()) { sb.append(details); sb.append(" style=\"background-image: url('"); - sb.append(spriteFileURL); + sb.append(HtmlUtil.escapeCSS(spriteFileURL)); sb.append("'); background-position: 50% -"); sb.append(spriteImage.getOffset()); sb.append("px; background-repeat: no-repeat; height: "); diff --git a/util-taglib/src/com/liferay/taglib/util/ThemeUtil.java b/util-taglib/src/com/liferay/taglib/util/ThemeUtil.java index aa8ab6351c9ebb..acac21d4c93f75 100644 --- a/util-taglib/src/com/liferay/taglib/util/ThemeUtil.java +++ b/util-taglib/src/com/liferay/taglib/util/ThemeUtil.java @@ -25,7 +25,6 @@ import com.liferay.portal.kernel.template.Template; import com.liferay.portal.kernel.template.TemplateConstants; import com.liferay.portal.kernel.template.TemplateContextContributor; -import com.liferay.portal.kernel.template.TemplateManager; import com.liferay.portal.kernel.template.TemplateManagerUtil; import com.liferay.portal.kernel.template.TemplateResource; import com.liferay.portal.kernel.template.TemplateResourceLoaderUtil; @@ -284,14 +283,7 @@ protected static String doIncludeFTL( httpServletResponse, writer); } - TemplateManager templateManager = - TemplateManagerUtil.getTemplateManager( - TemplateConstants.LANG_TYPE_FTL); - - templateManager.addTaglibSupport( - template, httpServletRequest, httpServletResponse); - templateManager.addTaglibTheme( - template, "taglibLiferay", httpServletRequest, httpServletResponse); + template.prepareTaglib(httpServletRequest, httpServletResponse); template.put(TemplateConstants.WRITER, writer); @@ -434,10 +426,6 @@ protected static String doIncludeVM( "Unable to load template resource " + resourcePath); } - TemplateManager templateManager = - TemplateManagerUtil.getTemplateManager( - TemplateConstants.LANG_TYPE_VM); - Template template = TemplateManagerUtil.getTemplate( TemplateConstants.LANG_TYPE_VM, templateResource, restricted); @@ -474,9 +462,6 @@ protected static String doIncludeVM( httpServletResponse, writer); } - templateManager.addTaglibTheme( - template, "taglibLiferay", httpServletRequest, httpServletResponse); - template.put(TemplateConstants.WRITER, writer); // Merge templates From d9b51b77452f2a426ea617c130011f7bc5e5ff54 Mon Sep 17 00:00:00 2001 From: Samuel Kong Date: Tue, 9 Jun 2020 11:14:05 +0800 Subject: [PATCH 03/15] Update README --- README.markdown | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/README.markdown b/README.markdown index 62d47e21084c88..2e25fa6c7da577 100644 --- a/README.markdown +++ b/README.markdown @@ -8,17 +8,17 @@ information about security in Liferay Portal, please see [https://github.com/community-security-team/liferay-portal/compare/7.2.1-ga2...7.2.1-cumulative.patch](https://github.com/community-security-team/liferay-portal/compare/7.2.1-ga2...7.2.1-cumulative.patch) The [June 2020]() release contains fixes for the following issues: -[CST-7213](), -[CST-7214](), -[CST-7216](), -[CST-7217](), -[CST-7218](), -[CST-7219](), -[CST-7220](), -[CST-7221](), -[CST-7301](), -[CST-7302](), -[CST-7303]() +[CST-7213](https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119317427), +[CST-7214](https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119317439), +[CST-7216](https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119318646), +[CST-7217](https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119319717), +[CST-7218](https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119319747), +[CST-7219](https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119320878), +[CST-7220](https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119324436), +[CST-7221](https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119326522), +[CST-7301](https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119317396), +[CST-7302](https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119317411), +[CST-7303](https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119326567) # Liferay Portal Community Edition License From ed211f44d636d07647d7b8e2d1f0b0016866ab15 Mon Sep 17 00:00:00 2001 From: yxingwu Date: Mon, 10 Aug 2020 11:01:59 +0800 Subject: [PATCH 04/15] September 2020 --- lib/portal/dependencies.properties | 4 +- lib/versions-complete.xml | 2 +- lib/versions-ext.xml | 2 +- lib/versions.html | 2 +- .../impl/BlogsEntryLocalServiceImpl.java | 43 ++-- .../ImageBlogsUploadFileEntryHandler.java | 35 ++-- .../META-INF/resources/blogs/edit_entry.jsp | 11 +- .../model/listener/UserModelListener.java | 5 + .../META-INF/resources/search_results.jsp | 6 +- .../bnd.bnd | 3 + .../build.gradle | 22 +-- ...LAdminManagementToolbarDisplayContext.java | 2 +- .../document_library/configuration.jsp | 3 +- .../document_library/edit_file_entry.jsp | 3 +- .../document_library/edit_folder.jsp | 6 +- .../info_panel_file_entry.jsp | 2 +- .../document_library/js/bulk/BulkStatus.es.js | 3 +- .../js/categorization/EditCategories.es.js | 10 +- .../js/categorization/EditTags.es.js | 3 +- .../document_library/js/legacy/main.js | 33 ++-- .../document_library/js/legacy/upload.js | 70 ++++--- .../upload_multiple_file_entries.jsp | 9 +- ...upload_multiple_file_entries_resources.jsp | 3 +- .../image_gallery_display/view_images.jsp | 3 +- .../build.gradle | 2 +- .../dynamic-data-mapping-service/build.gradle | 2 +- .../dynamic-data-mapping-test/build.gradle | 2 +- .../internal/staging/StagingImpl.java | 13 ++ .../EditFragmentEntryDisplayContext.java | 12 +- .../frontend-js-jquery-web/package.json | 2 +- .../imageio-plugins/build.gradle | 30 +-- .../ForgotPasswordMVCActionCommand.java | 186 ++++++++++++------ .../META-INF/resources/create_account.jsp | 2 +- .../META-INF/resources/forgot_password.jsp | 27 +-- .../resources/view_search_results.jsp | 6 +- .../verifier/OAuth2JSONWSAuthVerifier.java | 5 + .../auth/verifier/OAuth2RESTAuthVerifier.java | 7 + modules/apps/petra/petra-log4j/build.gradle | 2 +- modules/apps/petra/petra-xml/build.gradle | 2 +- .../portal-odata/portal-odata-impl/bnd.bnd | 37 +++- .../portal-odata-impl/build.gradle | 17 +- .../expression/ExpressionVisitorImpl.java | 10 + .../portal-vulcan-impl/build.gradle | 1 + .../internal/jaxrs/feature/VulcanFeature.java | 8 +- .../body/MultipartBodyMessageBodyReader.java | 18 ++ .../definition/edit_workflow_definition.jsp | 4 +- ...gingProcessesWebToolbarDisplayContext.java | 98 +++++---- .../PublishTemplatesConfigurationIcon.java | 24 +++ .../publish_layouts_processes.jsp | 6 + .../resources/META-INF/resources/toolbar.jsp | 9 +- .../system.packages.extra.bnd | 2 +- modules/yarn.lock | 8 +- .../liferay/portal/action/SitemapAction.java | 10 + .../upload/UploadServletRequestImpl.java | 12 +- .../com/liferay/portal/util/PortalImpl.java | 26 +++ 55 files changed, 599 insertions(+), 276 deletions(-) diff --git a/lib/portal/dependencies.properties b/lib/portal/dependencies.properties index 02687255aa6aac..6acb6f9855d6da 100644 --- a/lib/portal/dependencies.properties +++ b/lib/portal/dependencies.properties @@ -46,7 +46,7 @@ concurrent=concurrent:concurrent:1.3.4 crypt=com.liferay:org.vps.crypt:1.0 daisydiff=com.liferay:org.outerj.daisy.daisydiff:1.2 displaytag=displaytag:displaytag:1.2 -dom4j=dom4j:dom4j:1.6.1 +dom4j=org.dom4j:dom4j:2.1.3 eclipse-core-runtime=org.eclipse.core:runtime:20070801 ecs=ecs:ecs:1.4.2 fontbox=org.apache.pdfbox:fontbox:2.0.13 @@ -123,7 +123,7 @@ mimepull=org.jvnet:mimepull:1.3 monte-cc=com.liferay:org.monte:0.7.7 nekohtml=net.sourceforge.nekohtml:nekohtml:1.9.22 netcdf=edu.ucar:netcdf:4.3.23 -netty-all=io.netty:netty-all:4.1.42.Final +netty-all=io.netty:netty-all:4.1.48.Final odmg=odmg:odmg:3.0 oro=oro:oro:2.0.8 pdfbox=org.apache.pdfbox:pdfbox:2.0.13 diff --git a/lib/versions-complete.xml b/lib/versions-complete.xml index dcfe7452463bb0..48e89515308563 100644 --- a/lib/versions-complete.xml +++ b/lib/versions-complete.xml @@ -6787,7 +6787,7 @@ lib/portal/netty-all.jar - 4.1.32.Final + 4.1.48.Final Netty http://netty.io diff --git a/lib/versions-ext.xml b/lib/versions-ext.xml index 59b801a6181165..88b68b553614bc 100644 --- a/lib/versions-ext.xml +++ b/lib/versions-ext.xml @@ -2500,7 +2500,7 @@ lib/portal/netty-all.jar - 4.1.32.Final + 4.1.48.Final Netty http://netty.io diff --git a/lib/versions.html b/lib/versions.html index 989e86bfbe1d09..ffcb1674d01be5 100644 --- a/lib/versions.html +++ b/lib/versions.html @@ -2984,7 +2984,7 @@ -lib/portal/netty-all.jar4.1.32.Final
    NettyApache License 2.0 +lib/portal/netty-all.jar4.1.48.FinalNettyApache License 2.0
    diff --git a/modules/apps/blogs/blogs-service/src/main/java/com/liferay/blogs/service/impl/BlogsEntryLocalServiceImpl.java b/modules/apps/blogs/blogs-service/src/main/java/com/liferay/blogs/service/impl/BlogsEntryLocalServiceImpl.java index 0a4d0c6c646e31..b2a93c1991b56d 100644 --- a/modules/apps/blogs/blogs-service/src/main/java/com/liferay/blogs/service/impl/BlogsEntryLocalServiceImpl.java +++ b/modules/apps/blogs/blogs-service/src/main/java/com/liferay/blogs/service/impl/BlogsEntryLocalServiceImpl.java @@ -116,6 +116,7 @@ import java.util.Locale; import java.util.Map; import java.util.Set; +import java.util.stream.Stream; import javax.portlet.PortletRequest; import javax.portlet.PortletURL; @@ -573,6 +574,8 @@ else if (imageSelector.getImageBytes() != null) { entry.getUserId(), entry.getGroupId(), entryId, imageSelector); } + validate(smallImageFileEntryId); + entry.setSmallImage(smallImage); entry.setSmallImageFileEntryId(smallImageFileEntryId); entry.setSmallImageURL(smallImageURL); @@ -2259,22 +2262,7 @@ protected void validate(long smallImageFileEntryId) throws PortalException { FileEntry fileEntry = _portletFileRepository.getPortletFileEntry( smallImageFileEntryId); - boolean validSmallImageExtension = false; - - for (String imageExtension : - _blogsFileUploadsConfiguration.imageExtensions()) { - - if (StringPool.STAR.equals(imageExtension) || - imageExtension.equals( - StringPool.PERIOD + fileEntry.getExtension())) { - - validSmallImageExtension = true; - - break; - } - } - - if (!validSmallImageExtension) { + if (!_isValidImageMimeType(fileEntry)) { throw new EntrySmallImageNameException( "Invalid small image for file entry " + smallImageFileEntryId); @@ -2470,6 +2458,29 @@ private String _getURLTitle(long entryId) { return StringPool.BLANK; } + private boolean _isValidImageMimeType(FileEntry fileEntry) { + if (ArrayUtil.contains( + _blogsFileUploadsConfiguration.imageExtensions(), + StringPool.STAR)) { + + return true; + } + + Set extensions = MimeTypesUtil.getExtensions( + fileEntry.getMimeType()); + + if (Stream.of( + _blogsFileUploadsConfiguration.imageExtensions()).anyMatch( + extension -> + extension.equals(StringPool.STAR) || + extensions.contains(extension))) { + + return true; + } + + return false; + } + private static final String _COVER_IMAGE_FOLDER_NAME = "Cover Image"; private static final String _SMALL_IMAGE_FOLDER_NAME = "Small Image"; diff --git a/modules/apps/blogs/blogs-web/src/main/java/com/liferay/blogs/web/internal/upload/ImageBlogsUploadFileEntryHandler.java b/modules/apps/blogs/blogs-web/src/main/java/com/liferay/blogs/web/internal/upload/ImageBlogsUploadFileEntryHandler.java index 84aeb8b2754822..1294fb098502c7 100644 --- a/modules/apps/blogs/blogs-web/src/main/java/com/liferay/blogs/web/internal/upload/ImageBlogsUploadFileEntryHandler.java +++ b/modules/apps/blogs/blogs-web/src/main/java/com/liferay/blogs/web/internal/upload/ImageBlogsUploadFileEntryHandler.java @@ -30,7 +30,7 @@ import com.liferay.portal.kernel.security.permission.resource.PortletResourcePermission; import com.liferay.portal.kernel.theme.ThemeDisplay; import com.liferay.portal.kernel.upload.UploadPortletRequest; -import com.liferay.portal.kernel.util.FileUtil; +import com.liferay.portal.kernel.util.MimeTypesUtil; import com.liferay.portal.kernel.util.WebKeys; import com.liferay.upload.UploadFileEntryHandler; @@ -38,6 +38,8 @@ import java.io.InputStream; import java.util.Map; +import java.util.Set; +import java.util.stream.Stream; import org.osgi.service.component.annotations.Activate; import org.osgi.service.component.annotations.Component; @@ -68,12 +70,13 @@ public FileEntry upload(UploadPortletRequest uploadPortletRequest) ActionKeys.ADD_ENTRY); String fileName = uploadPortletRequest.getFileName(_PARAMETER_NAME); - - _validateFile(fileName, uploadPortletRequest.getSize(_PARAMETER_NAME)); - String contentType = uploadPortletRequest.getContentType( _PARAMETER_NAME); + _validateFile( + fileName, contentType, + uploadPortletRequest.getSize(_PARAMETER_NAME)); + try (InputStream inputStream = uploadPortletRequest.getFileAsStream( _PARAMETER_NAME)) { @@ -116,7 +119,7 @@ protected FileEntry addFileEntry( @Reference(target = "(resource.name=" + BlogsConstants.RESOURCE_NAME + ")") protected PortletResourcePermission portletResourcePermission; - private void _validateFile(String fileName, long size) + private void _validateFile(String fileName, String contentType, long size) throws PortalException { long blogsImageMaxSize = _blogsFileUploadsConfiguration.imageMaxSize(); @@ -125,20 +128,20 @@ private void _validateFile(String fileName, long size) throw new EntryImageSizeException(); } - String extension = FileUtil.getExtension(fileName); + Set extensions = MimeTypesUtil.getExtensions(contentType); - for (String imageExtension : - _blogsFileUploadsConfiguration.imageExtensions()) { + boolean validContentType = Stream.of( + _blogsFileUploadsConfiguration.imageExtensions() + ).anyMatch( + extension -> + extension.equals(StringPool.STAR) || + extensions.contains(extension) + ); - if (StringPool.STAR.equals(imageExtension) || - imageExtension.equals(StringPool.PERIOD + extension)) { - - return; - } + if (!validContentType) { + throw new EntryImageNameException( + "Invalid image for file name " + fileName); } - - throw new EntryImageNameException( - "Invalid image for file name " + fileName); } private static final String _PARAMETER_NAME = "imageSelectorFileName"; diff --git a/modules/apps/blogs/blogs-web/src/main/resources/META-INF/resources/blogs/edit_entry.jsp b/modules/apps/blogs/blogs-web/src/main/resources/META-INF/resources/blogs/edit_entry.jsp index 5e0ce232429449..53f9f0d771b643 100644 --- a/modules/apps/blogs/blogs-web/src/main/resources/META-INF/resources/blogs/edit_entry.jsp +++ b/modules/apps/blogs/blogs-web/src/main/resources/META-INF/resources/blogs/edit_entry.jsp @@ -44,6 +44,9 @@ String coverImageCaption = BeanParamUtil.getString(entry, request, "coverImageCa long coverImageFileEntryId = BeanParamUtil.getLong(entry, request, "coverImageFileEntryId"); long smallImageFileEntryId = BeanParamUtil.getLong(entry, request, "smallImageFileEntryId"); +BlogsFileUploadsConfiguration blogsFileUploadsConfiguration = ConfigurationProviderUtil.getSystemConfiguration(BlogsFileUploadsConfiguration.class); +BlogsGroupServiceSettings blogsGroupServiceSettings = BlogsGroupServiceSettings.getInstance(scopeGroupId); + portletDisplay.setShowBackIcon(true); portletDisplay.setURLBack(redirect); @@ -53,8 +56,6 @@ if (portletTitleBasedNavigation) { renderResponse.setTitle((entry != null) ? BlogsEntryUtil.getDisplayTitle(resourceBundle, entry) : LanguageUtil.get(request, "new-blog-entry")); } -BlogsGroupServiceSettings blogsGroupServiceSettings = BlogsGroupServiceSettings.getInstance(scopeGroupId); - BlogsPortletInstanceConfiguration blogsPortletInstanceConfiguration = BlogsPortletInstanceConfigurationUtil.getBlogsPortletInstanceConfiguration(themeDisplay); %> @@ -121,6 +122,11 @@ BlogsPortletInstanceConfiguration blogsPortletInstanceConfiguration = BlogsPortl + + + <%= StringUtil.merge(blogsFileUploadsConfiguration.imageExtensions()) %>. + + @@ -144,7 +150,6 @@ BlogsPortletInstanceConfiguration blogsPortletInstanceConfiguration = BlogsPortl <% - BlogsFileUploadsConfiguration blogsFileUploadsConfiguration = ConfigurationProviderUtil.getSystemConfiguration(BlogsFileUploadsConfiguration.class); BlogsItemSelectorHelper blogsItemSelectorHelper = (BlogsItemSelectorHelper)request.getAttribute(BlogsWebKeys.BLOGS_ITEM_SELECTOR_HELPER); RequestBackedPortletURLFactory requestBackedPortletURLFactory = RequestBackedPortletURLFactoryUtil.create(liferayPortletRequest); %> diff --git a/modules/apps/calendar/calendar-service/src/main/java/com/liferay/calendar/internal/model/listener/UserModelListener.java b/modules/apps/calendar/calendar-service/src/main/java/com/liferay/calendar/internal/model/listener/UserModelListener.java index 3f64230be9ec40..e7c2ac3bebd16b 100644 --- a/modules/apps/calendar/calendar-service/src/main/java/com/liferay/calendar/internal/model/listener/UserModelListener.java +++ b/modules/apps/calendar/calendar-service/src/main/java/com/liferay/calendar/internal/model/listener/UserModelListener.java @@ -18,6 +18,7 @@ import com.liferay.calendar.service.CalendarResourceLocalService; import com.liferay.portal.kernel.exception.ModelListenerException; import com.liferay.portal.kernel.model.BaseModelListener; +import com.liferay.portal.kernel.model.GroupConstants; import com.liferay.portal.kernel.model.ModelListener; import com.liferay.portal.kernel.model.User; import com.liferay.portal.kernel.util.LocaleUtil; @@ -57,6 +58,10 @@ public void onAfterUpdate(User user) throws ModelListenerException { return; } + if (user.isDefaultUser() && name.equals(GroupConstants.GUEST)) { + return; + } + Map nameMap = new HashMap<>(); nameMap.put(LocaleUtil.getSiteDefault(), user.getFullName()); diff --git a/modules/apps/configuration-admin/configuration-admin-web/src/main/resources/META-INF/resources/search_results.jsp b/modules/apps/configuration-admin/configuration-admin-web/src/main/resources/META-INF/resources/search_results.jsp index 0872e0b2699334..bf5ed0f37f722b 100644 --- a/modules/apps/configuration-admin/configuration-admin-web/src/main/resources/META-INF/resources/search_results.jsp +++ b/modules/apps/configuration-admin/configuration-admin-web/src/main/resources/META-INF/resources/search_results.jsp @@ -17,15 +17,15 @@ <%@ include file="/init.jsp" %> <% -String redirect = renderRequest.getParameter("redirect"); +String redirect = PortalUtil.escapeRedirect(renderRequest.getParameter("redirect")); ConfigurationEntryIterator configurationEntryIterator = (ConfigurationEntryIterator)request.getAttribute(ConfigurationAdminWebKeys.CONFIGURATION_ENTRY_ITERATOR); ConfigurationEntryRetriever configurationEntryRetriever = (ConfigurationEntryRetriever)request.getAttribute(ConfigurationAdminWebKeys.CONFIGURATION_ENTRY_RETRIEVER); ConfigurationScopeDisplayContext configurationScopeDisplayContext = new ConfigurationScopeDisplayContext(renderRequest); -if (redirect == null) { - redirect = renderResponse.createRenderURL(); +if (Validator.isNull(redirect)) { + redirect = String.valueOf(renderResponse.createRenderURL()); } PortletURL searchURL = renderResponse.createRenderURL(); diff --git a/modules/apps/document-library/document-library-repository-cmis-impl/bnd.bnd b/modules/apps/document-library/document-library-repository-cmis-impl/bnd.bnd index 3d576ce1c57b87..2ee7899360c5f3 100644 --- a/modules/apps/document-library/document-library-repository-cmis-impl/bnd.bnd +++ b/modules/apps/document-library/document-library-repository-cmis-impl/bnd.bnd @@ -26,4 +26,7 @@ Import-Package:\ \ !org.relaxng.datatype.*,\ \ + !org.springframework.osgi.io.*,\ + !org.springframework.osgi.util.*,\ + \ * \ No newline at end of file diff --git a/modules/apps/document-library/document-library-repository-cmis-impl/build.gradle b/modules/apps/document-library/document-library-repository-cmis-impl/build.gradle index 6623f19c40177b..9d8dd0d8a611c6 100644 --- a/modules/apps/document-library/document-library-repository-cmis-impl/build.gradle +++ b/modules/apps/document-library/document-library-repository-cmis-impl/build.gradle @@ -4,17 +4,17 @@ dependencies { compileInclude group: "org.apache.chemistry.opencmis", name: "chemistry-opencmis-client-impl", version: "0.14.0" compileInclude group: "org.apache.chemistry.opencmis", name: "chemistry-opencmis-commons-api", version: "0.14.0" compileInclude group: "org.apache.chemistry.opencmis", name: "chemistry-opencmis-commons-impl", version: "0.14.0" - compileInclude group: "org.apache.cxf", name: "cxf-api", version: "2.7.11" - compileInclude group: "org.apache.cxf", name: "cxf-rt-bindings-soap", version: "2.7.11" - compileInclude group: "org.apache.cxf", name: "cxf-rt-bindings-xml", version: "2.7.11" - compileInclude group: "org.apache.cxf", name: "cxf-rt-core", version: "2.7.11" - compileInclude group: "org.apache.cxf", name: "cxf-rt-databinding-jaxb", version: "2.7.11" - compileInclude group: "org.apache.cxf", name: "cxf-rt-frontend-jaxws", version: "2.7.11" - compileInclude group: "org.apache.cxf", name: "cxf-rt-frontend-simple", version: "2.7.11" - compileInclude group: "org.apache.cxf", name: "cxf-rt-transports-http", version: "2.7.11" - compileInclude group: "org.apache.cxf", name: "cxf-rt-ws-addr", version: "2.7.11" - compileInclude group: "org.apache.cxf", name: "cxf-rt-ws-policy", version: "2.7.11" - compileInclude group: "org.apache.neethi", name: "neethi", version: "3.0.3" + compileInclude group: "org.apache.cxf", name: "cxf-core", version: "3.2.12" + compileInclude group: "org.apache.cxf", name: "cxf-rt-bindings-soap", version: "3.2.12" + compileInclude group: "org.apache.cxf", name: "cxf-rt-bindings-xml", version: "3.2.12" + compileInclude group: "org.apache.cxf", name: "cxf-rt-databinding-jaxb", version: "3.2.12" + compileInclude group: "org.apache.cxf", name: "cxf-rt-frontend-jaxws", version: "3.2.12" + compileInclude group: "org.apache.cxf", name: "cxf-rt-frontend-simple", version: "3.2.12" + compileInclude group: "org.apache.cxf", name: "cxf-rt-transports-http", version: "3.2.12" + compileInclude group: "org.apache.cxf", name: "cxf-rt-ws-addr", version: "3.2.12" + compileInclude group: "org.apache.cxf", name: "cxf-rt-ws-policy", version: "3.2.12" + compileInclude group: "org.apache.cxf", name: "cxf-rt-wsdl", version: "3.2.12" + compileInclude group: "org.apache.neethi", name: "neethi", version: "3.1.1" compileOnly group: "com.liferay", name: "com.liferay.document.library.repository.cmis.api", version: "3.0.0" compileOnly group: "com.liferay", name: "com.liferay.petra.concurrent", version: "3.0.0" diff --git a/modules/apps/document-library/document-library-web/src/main/java/com/liferay/document/library/web/internal/display/context/DLAdminManagementToolbarDisplayContext.java b/modules/apps/document-library/document-library-web/src/main/java/com/liferay/document/library/web/internal/display/context/DLAdminManagementToolbarDisplayContext.java index 54ece284bf2a58..57eed1aa4618a3 100644 --- a/modules/apps/document-library/document-library-web/src/main/java/com/liferay/document/library/web/internal/display/context/DLAdminManagementToolbarDisplayContext.java +++ b/modules/apps/document-library/document-library-web/src/main/java/com/liferay/document/library/web/internal/display/context/DLAdminManagementToolbarDisplayContext.java @@ -475,7 +475,7 @@ public List getFilterLabelItems() { String label = String.format( "%s: %s", LanguageUtil.get(_httpServletRequest, "owner"), - user.getFullName()); + HtmlUtil.escape(user.getFullName())); labelItem.setLabel(label); }); diff --git a/modules/apps/document-library/document-library-web/src/main/resources/META-INF/resources/document_library/configuration.jsp b/modules/apps/document-library/document-library-web/src/main/resources/META-INF/resources/document_library/configuration.jsp index cec83375b3a648..f6512ff7dfe05f 100644 --- a/modules/apps/document-library/document-library-web/src/main/resources/META-INF/resources/document_library/configuration.jsp +++ b/modules/apps/document-library/document-library-web/src/main/resources/META-INF/resources/document_library/configuration.jsp @@ -185,7 +185,8 @@ DLPortletInstanceSettingsHelper dlPortletInstanceSettingsHelper = new DLPortletI currentColumnsElement, '' ); - } else { + } + else { var options = document.querySelectorAll( '#currentEntryColumns option[value="action"], #availableEntryColumns option[value="action"]' ); diff --git a/modules/apps/document-library/document-library-web/src/main/resources/META-INF/resources/document_library/edit_file_entry.jsp b/modules/apps/document-library/document-library-web/src/main/resources/META-INF/resources/document_library/edit_file_entry.jsp index f4cdcc6ea19706..473d58fd58aac9 100644 --- a/modules/apps/document-library/document-library-web/src/main/resources/META-INF/resources/document_library/edit_file_entry.jsp +++ b/modules/apps/document-library/document-library-web/src/main/resources/META-INF/resources/document_library/edit_file_entry.jsp @@ -588,7 +588,8 @@ if (portletTitleBasedNavigation) { if (<%= dlAdminDisplayContext.isVersioningStrategyOverridable() %>) { showVersionDetailsDialog(form); - } else { + } + else { submitForm(form); } } diff --git a/modules/apps/document-library/document-library-web/src/main/resources/META-INF/resources/document_library/edit_folder.jsp b/modules/apps/document-library/document-library-web/src/main/resources/META-INF/resources/document_library/edit_folder.jsp index efdbb4b2b9da1d..6672fa588ddfd1 100644 --- a/modules/apps/document-library/document-library-web/src/main/resources/META-INF/resources/document_library/edit_folder.jsp +++ b/modules/apps/document-library/document-library-web/src/main/resources/META-INF/resources/document_library/edit_folder.jsp @@ -353,7 +353,8 @@ if (portletTitleBasedNavigation) { if (!searchContainerData.length) { searchContainerData = []; - } else { + } + else { searchContainerData = searchContainerData.split(','); } @@ -531,7 +532,8 @@ if (portletTitleBasedNavigation) { ); restrictionTypeWorkflow.show(); - } else { + } + else { selectContainer.show(); } }, diff --git a/modules/apps/document-library/document-library-web/src/main/resources/META-INF/resources/document_library/info_panel_file_entry.jsp b/modules/apps/document-library/document-library-web/src/main/resources/META-INF/resources/document_library/info_panel_file_entry.jsp index 57fdbd9196aaf0..793fc2f3430e88 100644 --- a/modules/apps/document-library/document-library-web/src/main/resources/META-INF/resources/document_library/info_panel_file_entry.jsp +++ b/modules/apps/document-library/document-library-web/src/main/resources/META-INF/resources/document_library/info_panel_file_entry.jsp @@ -98,7 +98,7 @@ long assetClassPK = DLAssetHelperUtil.getAssetClassPK(fileEntry, fileVersion);
    diff --git a/modules/apps/document-library/document-library-web/src/main/resources/META-INF/resources/document_library/js/bulk/BulkStatus.es.js b/modules/apps/document-library/document-library-web/src/main/resources/META-INF/resources/document_library/js/bulk/BulkStatus.es.js index 0172f85b41a663..f6d17b3680d2bc 100644 --- a/modules/apps/document-library/document-library-web/src/main/resources/META-INF/resources/document_library/js/bulk/BulkStatus.es.js +++ b/modules/apps/document-library/document-library-web/src/main/resources/META-INF/resources/document_library/js/bulk/BulkStatus.es.js @@ -104,7 +104,8 @@ class BulkStatus extends Component { if (error) { message = Liferay.Language.get('an-unexpected-error-occurred'); - } else { + } + else { message = Liferay.Language.get('changes-saved'); } diff --git a/modules/apps/document-library/document-library-web/src/main/resources/META-INF/resources/document_library/js/categorization/EditCategories.es.js b/modules/apps/document-library/document-library-web/src/main/resources/META-INF/resources/document_library/js/categorization/EditCategories.es.js index c82a3765417ea2..0712ab054691da 100644 --- a/modules/apps/document-library/document-library-web/src/main/resources/META-INF/resources/document_library/js/categorization/EditCategories.es.js +++ b/modules/apps/document-library/document-library-web/src/main/resources/META-INF/resources/document_library/js/categorization/EditCategories.es.js @@ -55,9 +55,7 @@ class EditCategories extends Component { created() { this.append = true; this.dataSource = []; - this.urlCategories = `/bulk/v1.0/sites/${ - this.groupIds[0] - }/taxonomy-vocabularies/common`; + this.urlCategories = `/bulk/v1.0/sites/${this.groupIds[0]}/taxonomy-vocabularies/common`; this._feedbackErrorClass = 'form-feedback-item'; this._requiredVocabularyErrorMarkupText = @@ -93,7 +91,8 @@ class EditCategories extends Component { if (inputNode.value) { inputNode.parentElement.parentElement.classList.remove('has-error'); - } else { + } + else { inputNode.parentElement.parentElement.classList.add('has-error'); const feedbackErrorNode = inputNode.parentElement.querySelector( @@ -282,7 +281,8 @@ class EditCategories extends Component { if (!this.append) { addedCategories = finalCategories; - } else { + } + else { addedCategories = finalCategories.filter( categoryId => this.initialCategories.indexOf(categoryId) == -1 diff --git a/modules/apps/document-library/document-library-web/src/main/resources/META-INF/resources/document_library/js/categorization/EditTags.es.js b/modules/apps/document-library/document-library-web/src/main/resources/META-INF/resources/document_library/js/categorization/EditTags.es.js index bd69ffebb2876f..ac9da0665f1909 100644 --- a/modules/apps/document-library/document-library-web/src/main/resources/META-INF/resources/document_library/js/categorization/EditTags.es.js +++ b/modules/apps/document-library/document-library-web/src/main/resources/META-INF/resources/document_library/js/categorization/EditTags.es.js @@ -172,7 +172,8 @@ class EditTags extends Component { if (!this.append) { addedTags = finalTags; - } else { + } + else { addedTags = finalTags.filter( tag => this._initialTags.indexOf(tag) == -1 ); diff --git a/modules/apps/document-library/document-library-web/src/main/resources/META-INF/resources/document_library/js/legacy/main.js b/modules/apps/document-library/document-library-web/src/main/resources/META-INF/resources/document_library/js/legacy/main.js index 990d643aeef74d..797ef6f50f6a43 100644 --- a/modules/apps/document-library/document-library-web/src/main/resources/META-INF/resources/document_library/js/legacy/main.js +++ b/modules/apps/document-library/document-library-web/src/main/resources/META-INF/resources/document_library/js/legacy/main.js @@ -84,7 +84,8 @@ AUI.add( instance._selectedFileEntries = selectedElements.attr( 'value' ); - } else { + } + else { instance._selectedFileEntries = []; } }, @@ -285,7 +286,8 @@ AUI.add( form.get(namespace + 'javax-portlet-action').val( action ); - } else { + } + else { form.get(namespace + 'cmd').val(action); } @@ -327,20 +329,25 @@ AUI.add( instance._openModalTags(); action = null; - } else if (action === 'editCategories') { + } + else if (action === 'editCategories') { instance._openModalCategories(); action = null; - } else if (action === 'move' || action === 'moveEntries') { + } + else if (action === 'move' || action === 'moveEntries') { instance._openModalMove(); action = null; - } else if (action === 'download') { + } + else if (action === 'download') { url = instance.get('downloadEntryUrl'); - } else if (action === 'deleteEntries') { + } + else if (action === 'deleteEntries') { if (instance.get('trashEnabled')) { action = 'move_to_trash'; - } else if ( + } + else if ( confirm( Liferay.Language.get( 'are-you-sure-you-want-to-delete-the-selected-entries' @@ -348,10 +355,12 @@ AUI.add( ) ) { action = 'delete'; - } else { + } + else { action = null; } - } else if (action === 'checkin') { + } + else if (action === 'checkin') { Liferay.DocumentLibraryCheckin.showDialog( namespace, (versionIncrease, changeLog) => { @@ -525,7 +534,8 @@ AUI.add( dialogTitle = Liferay.Language.get( 'select-destination-folder-for-x-item' ); - } else { + } + else { dialogTitle = Liferay.Language.get( 'select-destination-folder-for-x-items' ); @@ -550,7 +560,8 @@ AUI.add( parameterName, parameterValue ); - } else { + } + else { instance._moveCurrentSelection(event.folderid); } } diff --git a/modules/apps/document-library/document-library-web/src/main/resources/META-INF/resources/document_library/js/legacy/upload.js b/modules/apps/document-library/document-library-web/src/main/resources/META-INF/resources/document_library/js/legacy/upload.js index f640c67e4af279..1daf69c5d8688b 100644 --- a/modules/apps/document-library/document-library-web/src/main/resources/META-INF/resources/document_library/js/legacy/upload.js +++ b/modules/apps/document-library/document-library-web/src/main/resources/META-INF/resources/document_library/js/legacy/upload.js @@ -301,7 +301,8 @@ AUI.add( data ) ); - } else { + } + else { handles.push( uploader.after( 'fileuploadstart', @@ -522,7 +523,8 @@ AUI.add( entriesContainer = searchContainer.one('tbody'); entryNode = instance._createEntryRow(name, size); - } else { + } + else { var entriesContainerSelector = 'ul.tabular-list-group:last-of-type'; @@ -613,11 +615,14 @@ AUI.add( if (item == STR_NAME) { value = sub(TPL_ENTRY_ROW_TITLE, [name]); - } else if (item == STR_SIZE) { + } + else if (item == STR_SIZE) { value = Liferay.Util.formatStorage(size); - } else if (item == 'downloads') { + } + else if (item == 'downloads') { value = '0'; - } else if (index === 0) { + } + else if (index === 0) { value = sub(TPL_HIDDEN_CHECK_BOX, [ instance.get(STR_HOST).ns('rowIdsFileEntry') ]); @@ -678,7 +683,8 @@ AUI.add( file.overlay = overlay; file.progressBar = progressBar; file.target = target; - } else { + } + else { target.overlay = overlay; target.progressBar = progressBar; } @@ -740,7 +746,8 @@ AUI.add( 'src', PATH_THEME_IMAGES + '/common/close.png' ); - } else { + } + else { node.addClass(CSS_UPLOAD_ERROR); } @@ -782,7 +789,8 @@ AUI.add( if (error === true) { uploadResultClass = CSS_UPLOAD_ERROR; - } else if (error == ERROR_RESULTS_MIXED) { + } + else if (error == ERROR_RESULTS_MIXED) { uploadResultClass = CSS_UPLOAD_WARNING; } } @@ -859,7 +867,8 @@ AUI.add( var overlay = A.Widget.getByNode(target); folderEntry = overlay._originalConfig.target; - } else { + } + else { if (target.attr('data-folder') === 'true') { folderEntry = target; } @@ -893,7 +902,8 @@ AUI.add( instance.get(STR_FOLDER_ID), fileName ]); - } else { + } + else { if ( LString.endsWith( fileName.toLowerCase(), @@ -901,11 +911,14 @@ AUI.add( ) ) { thumbnailName = STR_THUMBNAIL_PDF; - } else if (REGEX_AUDIO.test(fileName)) { + } + else if (REGEX_AUDIO.test(fileName)) { thumbnailName = STR_THUMBNAIL_AUDIO; - } else if (REGEX_VIDEO.test(fileName)) { + } + else if (REGEX_VIDEO.test(fileName)) { thumbnailName = STR_THUMBNAIL_VIDEO; - } else if (REGEX_COMPRESSED.test(fileName)) { + } + else if (REGEX_COMPRESSED.test(fileName)) { thumbnailName = STR_THUMBNAIL_COMPRESSED; } @@ -974,17 +987,19 @@ AUI.add( try { responseData = JSON.parse(responseData); - } catch (e) {} + } + catch (e) {} if (Lang.isObject(responseData)) { error = responseData.status && - (responseData.status >= 490 && - responseData.status < 500); + responseData.status >= 490 && + responseData.status < 500; if (error) { message = responseData.message; - } else { + } + else { message = instance.get(STR_HOST).ns('fileEntryId=') + responseData.fileEntryId; @@ -1141,7 +1156,8 @@ AUI.add( if (keyData) { instance._updateDataSetEntry(key, keyData, validFiles); - } else { + } + else { var dataSet = instance._getDataSet(); var folderNode = null; @@ -1196,7 +1212,8 @@ AUI.add( response.message, displayStyle ); - } else { + } + else { var displayStyleList = displayStyle == STR_LIST; var fileEntryId = JSON.parse(event.data) @@ -1335,7 +1352,8 @@ AUI.add( instance._attachSubscriptions(uploadData); uploader.uploadThese(fileList, uploadURL); - } else { + } + else { uploader.fire('alluploadscomplete'); } }, @@ -1347,7 +1365,8 @@ AUI.add( if (currentUploadData.folderId === key) { instance._addFilesToQueueBottom(unmergedData); - } else { + } + else { instance._combineFileLists(data.fileList, unmergedData); var dataSet = instance._getDataSet(); @@ -1414,12 +1433,14 @@ AUI.add( folderEntryNode.progressBar, 0 ); - } else { + } + else { instance._createUploadStatus(folderEntryNode); } folderEntryNode.removeClass(CSS_ACTIVE_AREA); - } else { + } + else { var displayStyle = instance._getDisplayStyle(); filesPartition.matches.map(file => { @@ -1487,7 +1508,8 @@ AUI.add( instance._maxFileSize ) ]); - } else if (size === 0) { + } + else if (size === 0) { errorMessage = strings.zeroByteFile; } diff --git a/modules/apps/document-library/document-library-web/src/main/resources/META-INF/resources/document_library/upload_multiple_file_entries.jsp b/modules/apps/document-library/document-library-web/src/main/resources/META-INF/resources/document_library/upload_multiple_file_entries.jsp index 1679d14a086f8b..021104b318b7e9 100644 --- a/modules/apps/document-library/document-library-web/src/main/resources/META-INF/resources/document_library/upload_multiple_file_entries.jsp +++ b/modules/apps/document-library/document-library-web/src/main/resources/META-INF/resources/document_library/upload_multiple_file_entries.jsp @@ -200,13 +200,15 @@ if (portletTitleBasedNavigation) { if (originalFileName === item.fileName) { childHTML = '<%= UnicodeLanguageUtil.get(request, "successfully-saved") %>'; - } else { + } + else { childHTML = '<%= UnicodeLanguageUtil.get(request, "successfully-saved") %> (' + item.fileName + ')'; } - } else { + } + else { cssClass = 'upload-error'; childHTML = @@ -228,7 +230,8 @@ if (portletTitleBasedNavigation) { if (commonFileMetadataContainer.io) { commonFileMetadataContainer.io.start(); - } else { + } + else { commonFileMetadataContainer.load( '<%= uploadMultipleFileEntries %>' ); diff --git a/modules/apps/document-library/document-library-web/src/main/resources/META-INF/resources/document_library/upload_multiple_file_entries_resources.jsp b/modules/apps/document-library/document-library-web/src/main/resources/META-INF/resources/document_library/upload_multiple_file_entries_resources.jsp index 35d5e3902d3754..c07932831a306c 100644 --- a/modules/apps/document-library/document-library-web/src/main/resources/META-INF/resources/document_library/upload_multiple_file_entries_resources.jsp +++ b/modules/apps/document-library/document-library-web/src/main/resources/META-INF/resources/document_library/upload_multiple_file_entries_resources.jsp @@ -259,7 +259,8 @@ else { if (selectedFilesCount === fileNodes.length) { selectedFilesText = '<%= UnicodeLanguageUtil.get(request, "all-files-selected") %>'; - } else { + } + else { selectedFilesText = Liferay.Util.sub( '<%= UnicodeLanguageUtil.get(request, "x-files-selected") %>', selectedFilesCount diff --git a/modules/apps/document-library/document-library-web/src/main/resources/META-INF/resources/image_gallery_display/view_images.jsp b/modules/apps/document-library/document-library-web/src/main/resources/META-INF/resources/image_gallery_display/view_images.jsp index a07f7dd5b53bf5..2548fd493e0a08 100644 --- a/modules/apps/document-library/document-library-web/src/main/resources/META-INF/resources/image_gallery_display/view_images.jsp +++ b/modules/apps/document-library/document-library-web/src/main/resources/META-INF/resources/image_gallery_display/view_images.jsp @@ -267,7 +267,8 @@ embeddedPlayerURL.setWindowState(LiferayWindowState.POP_UP); imageViewer._syncPlaying = function() { if (this.get('playing')) { this._player.setHTML(TPL_PLAYER_PAUSE); - } else { + } + else { this._player.setHTML(TPL_PLAYER_PLAY); } }; diff --git a/modules/apps/dynamic-data-mapping/dynamic-data-mapping-form-field-type/build.gradle b/modules/apps/dynamic-data-mapping/dynamic-data-mapping-form-field-type/build.gradle index 9bbe58e9b75f4f..2ecb0435d63197 100644 --- a/modules/apps/dynamic-data-mapping/dynamic-data-mapping-form-field-type/build.gradle +++ b/modules/apps/dynamic-data-mapping/dynamic-data-mapping-form-field-type/build.gradle @@ -20,7 +20,7 @@ dependencies { testCompile group: "com.liferay.portal", name: "com.liferay.util.java", version: "default" testCompile group: "commons-collections", name: "commons-collections", version: "3.2.2" testCompile group: "commons-lang", name: "commons-lang", version: "2.6" - testCompile group: "org.dom4j", name: "dom4j", version: "2.0.0" + testCompile group: "org.dom4j", name: "dom4j", version: "2.1.3" testCompile group: "org.jabsorb", name: "jabsorb", version: "1.3.1" testCompile group: "org.jodd", name: "jodd-bean", version: "3.6.4" testCompile group: "org.jodd", name: "jodd-json", version: "3.6.4" diff --git a/modules/apps/dynamic-data-mapping/dynamic-data-mapping-service/build.gradle b/modules/apps/dynamic-data-mapping/dynamic-data-mapping-service/build.gradle index a58b08f1e26a26..6eebd854147800 100644 --- a/modules/apps/dynamic-data-mapping/dynamic-data-mapping-service/build.gradle +++ b/modules/apps/dynamic-data-mapping/dynamic-data-mapping-service/build.gradle @@ -42,7 +42,7 @@ dependencies { compileOnly group: "org.osgi", name: "osgi.core", version: "6.0.0" testCompile group: "commons-configuration", name: "commons-configuration", version: "1.10" - testCompile group: "org.dom4j", name: "dom4j", version: "2.0.0" + testCompile group: "org.dom4j", name: "dom4j", version: "2.1.3" testCompile group: "org.jodd", name: "jodd-bean", version: "3.6.4" testCompile group: "org.jodd", name: "jodd-json", version: "3.6.4" testCompile group: "org.json", name: "json", version: "20180813" diff --git a/modules/apps/dynamic-data-mapping/dynamic-data-mapping-test/build.gradle b/modules/apps/dynamic-data-mapping/dynamic-data-mapping-test/build.gradle index 02a92967483d7f..a0519155b04a30 100644 --- a/modules/apps/dynamic-data-mapping/dynamic-data-mapping-test/build.gradle +++ b/modules/apps/dynamic-data-mapping/dynamic-data-mapping-test/build.gradle @@ -12,7 +12,7 @@ dependencies { testCompile group: "commons-lang", name: "commons-lang", version: "2.6" testCompile group: "javax.portlet", name: "portlet-api", version: "3.0.1" testCompile group: "org.apache.felix", name: "org.apache.felix.http.servlet-api", version: "1.1.2" - testCompile group: "org.dom4j", name: "dom4j", version: "2.0.0" + testCompile group: "org.dom4j", name: "dom4j", version: "2.1.3" testCompile group: "org.jabsorb", name: "jabsorb", version: "1.3.1" testCompile group: "org.jodd", name: "jodd-bean", version: "3.6.4" testCompile group: "org.jodd", name: "jodd-json", version: "3.6.4" diff --git a/modules/apps/export-import/export-import-service/src/main/java/com/liferay/exportimport/internal/staging/StagingImpl.java b/modules/apps/export-import/export-import-service/src/main/java/com/liferay/exportimport/internal/staging/StagingImpl.java index 191aa1f2b2ba69..1d687d12d3687b 100644 --- a/modules/apps/export-import/export-import-service/src/main/java/com/liferay/exportimport/internal/staging/StagingImpl.java +++ b/modules/apps/export-import/export-import-service/src/main/java/com/liferay/exportimport/internal/staging/StagingImpl.java @@ -2363,6 +2363,8 @@ public long publishLayouts( long userId, ExportImportConfiguration exportImportConfiguration) throws PortalException { + _checkPermission(exportImportConfiguration); + Map settingsMap = exportImportConfiguration.getSettingsMap(); @@ -3654,6 +3656,8 @@ protected long doCopyRemoteLayouts( boolean secureConnection, boolean remotePrivateLayout) throws PortalException { + _checkPermission(exportImportConfiguration); + Map settingsMap = exportImportConfiguration.getSettingsMap(); @@ -4163,6 +4167,15 @@ protected void setRecentLayoutSetBranchId( ProxiedLayoutsThreadLocal.clearProxiedLayouts(); } + private void _checkPermission( + ExportImportConfiguration exportImportConfiguration) + throws PortalException { + + GroupPermissionUtil.check( + PermissionThreadLocal.getPermissionChecker(), + exportImportConfiguration.getGroupId(), ActionKeys.PUBLISH_STAGING); + } + private void _setGroupTypeSetting(long groupId, String key, String value) { Group group = _groupLocalService.fetchGroup(groupId); diff --git a/modules/apps/fragment/fragment-web/src/main/java/com/liferay/fragment/web/internal/display/context/EditFragmentEntryDisplayContext.java b/modules/apps/fragment/fragment-web/src/main/java/com/liferay/fragment/web/internal/display/context/EditFragmentEntryDisplayContext.java index df38a783b8f5cb..6bdcac0275d65f 100644 --- a/modules/apps/fragment/fragment-web/src/main/java/com/liferay/fragment/web/internal/display/context/EditFragmentEntryDisplayContext.java +++ b/modules/apps/fragment/fragment-web/src/main/java/com/liferay/fragment/web/internal/display/context/EditFragmentEntryDisplayContext.java @@ -302,11 +302,9 @@ private String _getCssContent() { return _cssContent; } - _cssContent = ParamUtil.getString(_httpServletRequest, "cssContent"); - FragmentEntry fragmentEntry = getFragmentEntry(); - if ((fragmentEntry != null) && Validator.isNull(_cssContent)) { + if (fragmentEntry != null) { _cssContent = fragmentEntry.getCss(); if (Validator.isNull(_cssContent)) { @@ -348,11 +346,9 @@ private String _getHtmlContent() { return _htmlContent; } - _htmlContent = ParamUtil.getString(_httpServletRequest, "htmlContent"); - FragmentEntry fragmentEntry = getFragmentEntry(); - if ((fragmentEntry != null) && Validator.isNull(_htmlContent)) { + if (fragmentEntry != null) { _htmlContent = fragmentEntry.getHtml(); if (Validator.isNull(_htmlContent)) { @@ -374,11 +370,9 @@ private String _getJsContent() { return _jsContent; } - _jsContent = ParamUtil.getString(_httpServletRequest, "jsContent"); - FragmentEntry fragmentEntry = getFragmentEntry(); - if ((fragmentEntry != null) && Validator.isNull(_jsContent)) { + if (fragmentEntry != null) { _jsContent = fragmentEntry.getJs(); } diff --git a/modules/apps/frontend-js/frontend-js-jquery-web/package.json b/modules/apps/frontend-js/frontend-js-jquery-web/package.json index dc48d0455d8127..c9184d0e09cafa 100644 --- a/modules/apps/frontend-js/frontend-js-jquery-web/package.json +++ b/modules/apps/frontend-js/frontend-js-jquery-web/package.json @@ -1,7 +1,7 @@ { "dependencies": { "bootstrap": "4.3.1", - "jquery": "3.4.1", + "jquery": "3.5.1", "popper.js": "1.14.7" }, "name": "frontend-js-jquery-web", diff --git a/modules/apps/imageio-plugins/imageio-plugins/build.gradle b/modules/apps/imageio-plugins/imageio-plugins/build.gradle index 8843347d4f7ee2..71d1de1f9ad152 100644 --- a/modules/apps/imageio-plugins/imageio-plugins/build.gradle +++ b/modules/apps/imageio-plugins/imageio-plugins/build.gradle @@ -2,21 +2,21 @@ dependencies { compileInclude group: "com.twelvemonkeys.common", name: "common-image", version: "3.3.2" compileInclude group: "com.twelvemonkeys.common", name: "common-io", version: "3.3.2" compileInclude group: "com.twelvemonkeys.common", name: "common-lang", version: "3.3.2" - compileInclude group: "com.twelvemonkeys.imageio", name: "imageio-bmp", version: "3.3.2" - compileInclude group: "com.twelvemonkeys.imageio", name: "imageio-core", version: "3.3.2" - compileInclude group: "com.twelvemonkeys.imageio", name: "imageio-hdr", version: "3.3.2" - compileInclude group: "com.twelvemonkeys.imageio", name: "imageio-icns", version: "3.3.2" - compileInclude group: "com.twelvemonkeys.imageio", name: "imageio-iff", version: "3.3.2" - compileInclude group: "com.twelvemonkeys.imageio", name: "imageio-jpeg", version: "3.3.2" - compileInclude group: "com.twelvemonkeys.imageio", name: "imageio-metadata", version: "3.3.2" - compileInclude group: "com.twelvemonkeys.imageio", name: "imageio-pcx", version: "3.3.2" - compileInclude group: "com.twelvemonkeys.imageio", name: "imageio-pict", version: "3.3.2" - compileInclude group: "com.twelvemonkeys.imageio", name: "imageio-pnm", version: "3.3.2" - compileInclude group: "com.twelvemonkeys.imageio", name: "imageio-psd", version: "3.3.2" - compileInclude group: "com.twelvemonkeys.imageio", name: "imageio-sgi", version: "3.3.2" - compileInclude group: "com.twelvemonkeys.imageio", name: "imageio-tga", version: "3.3.2" - compileInclude group: "com.twelvemonkeys.imageio", name: "imageio-thumbsdb", version: "3.3.2" - compileInclude group: "com.twelvemonkeys.imageio", name: "imageio-tiff", version: "3.3.2" + compileInclude group: "com.twelvemonkeys.imageio", name: "imageio-bmp", version: "3.5" + compileInclude group: "com.twelvemonkeys.imageio", name: "imageio-core", version: "3.5" + compileInclude group: "com.twelvemonkeys.imageio", name: "imageio-hdr", version: "3.5" + compileInclude group: "com.twelvemonkeys.imageio", name: "imageio-icns", version: "3.5" + compileInclude group: "com.twelvemonkeys.imageio", name: "imageio-iff", version: "3.5" + compileInclude group: "com.twelvemonkeys.imageio", name: "imageio-jpeg", version: "3.5" + compileInclude group: "com.twelvemonkeys.imageio", name: "imageio-metadata", version: "3.5" + compileInclude group: "com.twelvemonkeys.imageio", name: "imageio-pcx", version: "3.5" + compileInclude group: "com.twelvemonkeys.imageio", name: "imageio-pict", version: "3.5" + compileInclude group: "com.twelvemonkeys.imageio", name: "imageio-pnm", version: "3.5" + compileInclude group: "com.twelvemonkeys.imageio", name: "imageio-psd", version: "3.5" + compileInclude group: "com.twelvemonkeys.imageio", name: "imageio-sgi", version: "3.5" + compileInclude group: "com.twelvemonkeys.imageio", name: "imageio-tga", version: "3.5" + compileInclude group: "com.twelvemonkeys.imageio", name: "imageio-thumbsdb", version: "3.5" + compileInclude group: "com.twelvemonkeys.imageio", name: "imageio-tiff", version: "3.5" compileOnly group: "com.liferay.portal", name: "com.liferay.portal.kernel", version: "4.34.0" compileOnly group: "org.osgi", name: "osgi.core", version: "6.0.0" diff --git a/modules/apps/login/login-web/src/main/java/com/liferay/login/web/internal/portlet/action/ForgotPasswordMVCActionCommand.java b/modules/apps/login/login-web/src/main/java/com/liferay/login/web/internal/portlet/action/ForgotPasswordMVCActionCommand.java index e273abe549d62e..4b3585efc35b56 100644 --- a/modules/apps/login/login-web/src/main/java/com/liferay/login/web/internal/portlet/action/ForgotPasswordMVCActionCommand.java +++ b/modules/apps/login/login-web/src/main/java/com/liferay/login/web/internal/portlet/action/ForgotPasswordMVCActionCommand.java @@ -28,7 +28,10 @@ import com.liferay.portal.kernel.exception.UserLockoutException; import com.liferay.portal.kernel.exception.UserReminderQueryException; import com.liferay.portal.kernel.language.LanguageUtil; +import com.liferay.portal.kernel.log.Log; +import com.liferay.portal.kernel.log.LogFactoryUtil; import com.liferay.portal.kernel.model.Company; +import com.liferay.portal.kernel.model.CompanyConstants; import com.liferay.portal.kernel.model.User; import com.liferay.portal.kernel.module.configuration.ConfigurationProvider; import com.liferay.portal.kernel.portlet.bridges.mvc.BaseMVCActionCommand; @@ -38,6 +41,7 @@ import com.liferay.portal.kernel.servlet.SessionErrors; import com.liferay.portal.kernel.servlet.SessionMessages; import com.liferay.portal.kernel.theme.ThemeDisplay; +import com.liferay.portal.kernel.util.GetterUtil; import com.liferay.portal.kernel.util.ParamUtil; import com.liferay.portal.kernel.util.Portal; import com.liferay.portal.kernel.util.PropsKeys; @@ -45,6 +49,9 @@ import com.liferay.portal.kernel.util.WebKeys; import com.liferay.portal.util.PropsValues; +import java.util.Iterator; +import java.util.Set; + import javax.portlet.ActionRequest; import javax.portlet.ActionResponse; import javax.portlet.PortletPreferences; @@ -86,22 +93,27 @@ protected void checkReminderQueries( int step = ParamUtil.getInteger(actionRequest, "step"); + String login = (String)portletSession.getAttribute( + WebKeys.FORGOT_PASSWORD_REMINDER_USER_EMAIL_ADDRESS); + + if (login == null) { + step = 1; + } + if (step == 1) { checkCaptcha(actionRequest); portletSession.removeAttribute( WebKeys.FORGOT_PASSWORD_REMINDER_ATTEMPTS); - portletSession.removeAttribute( - WebKeys.FORGOT_PASSWORD_REMINDER_USER_EMAIL_ADDRESS); - } - User user = getUser(actionRequest); + login = ParamUtil.getString(actionRequest, "login"); - portletSession.setAttribute( - WebKeys.FORGOT_PASSWORD_REMINDER_USER_EMAIL_ADDRESS, - user.getEmailAddress()); + portletSession.setAttribute( + WebKeys.FORGOT_PASSWORD_REMINDER_USER_EMAIL_ADDRESS, login); + } - actionRequest.setAttribute(WebKeys.FORGOT_PASSWORD_REMINDER_USER, user); + actionRequest.setAttribute( + WebKeys.FORGOT_PASSWORD_REMINDER_USER, getUser(actionRequest)); if (step == 2) { Integer reminderAttempts = (Integer)portletSession.getAttribute( @@ -149,18 +161,24 @@ protected void doProcessAction( sendPassword(actionRequest, actionResponse); } } - catch (Exception e) { - if (e instanceof CaptchaException || - e instanceof UserEmailAddressException) { + catch (Exception exception) { + if (_log.isDebugEnabled()) { + _log.debug( + "Unable to send password: " + exception.getMessage(), + exception); + } + + if (exception instanceof CaptchaException || + exception instanceof UserEmailAddressException || + exception instanceof UserReminderQueryException) { - SessionErrors.add(actionRequest, e.getClass()); + SessionErrors.add(actionRequest, exception.getClass()); } - else if (e instanceof NoSuchUserException || - e instanceof RequiredReminderQueryException || - e instanceof SendPasswordException || - e instanceof UserActiveException || - e instanceof UserLockoutException || - e instanceof UserReminderQueryException) { + else if (exception instanceof NoSuchUserException || + exception instanceof RequiredReminderQueryException || + exception instanceof SendPasswordException || + exception instanceof UserActiveException || + exception instanceof UserLockoutException) { if (PropsValues.LOGIN_SECURE_FORGOT_PASSWORD) { SessionMessages.add( @@ -170,11 +188,11 @@ else if (e instanceof NoSuchUserException || sendRedirect(actionRequest, actionResponse, null); } else { - SessionErrors.add(actionRequest, e.getClass(), e); + SessionErrors.add(actionRequest, exception.getClass(), exception); } } else { - _portal.sendError(e, actionRequest, actionResponse); + _portal.sendError(exception, actionRequest, actionResponse); } } } @@ -192,64 +210,57 @@ protected CaptchaConfiguration getCaptchaConfiguration() } protected User getUser(ActionRequest actionRequest) throws Exception { - PortletSession portletSession = actionRequest.getPortletSession(); + try { + return _getUser(actionRequest); + } + catch (Exception exception) { + if (_log.isDebugEnabled()) { + _log.debug( + "Unable to get user: " + exception.getMessage(), exception); + } + + if (!PropsValues.LOGIN_SECURE_FORGOT_PASSWORD) { + throw exception; + } + } ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute( WebKeys.THEME_DISPLAY); - String sessionEmailAddress = (String)portletSession.getAttribute( - WebKeys.FORGOT_PASSWORD_REMINDER_USER_EMAIL_ADDRESS); + User defaultUser = _userLocalService.getDefaultUser( + themeDisplay.getCompanyId()); - User user = null; + Set reminderQueryQuestions = + defaultUser.getReminderQueryQuestions(); - if (Validator.isNotNull(sessionEmailAddress)) { - user = _userLocalService.getUserByEmailAddress( - themeDisplay.getCompanyId(), sessionEmailAddress); + if (!reminderQueryQuestions.isEmpty()) { + Iterator iterator = reminderQueryQuestions.iterator(); + + defaultUser.setReminderQueryQuestion(iterator.next()); } else { - long userId = ParamUtil.getLong(actionRequest, "userId"); - String screenName = ParamUtil.getString( - actionRequest, "screenName"); - String emailAddress = ParamUtil.getString( - actionRequest, "emailAddress"); - - if (Validator.isNotNull(emailAddress)) { - user = _userLocalService.getUserByEmailAddress( - themeDisplay.getCompanyId(), emailAddress); - } - else if (Validator.isNotNull(screenName)) { - user = _userLocalService.getUserByScreenName( - themeDisplay.getCompanyId(), screenName); - } - else if (userId > 0) { - user = _userLocalService.getUserById(userId); - } - else { - throw new NoSuchUserException("User does not exist"); - } + defaultUser.setReminderQueryQuestion( + "what-is-your-library-card-number"); } - if (!user.isActive()) { - throw new UserActiveException("Inactive user " + user.getUuid()); - } + defaultUser.setReminderQueryAnswer( + defaultUser.getReminderQueryQuestion()); - _userLocalService.checkLockout(user); - - return user; + return defaultUser; } protected void sendPassword( ActionRequest actionRequest, ActionResponse actionResponse) throws Exception { - ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute( - WebKeys.THEME_DISPLAY); - - Company company = themeDisplay.getCompany(); - User user = getUser(actionRequest); if (PropsValues.USERS_REMINDER_QUERIES_ENABLED) { + if (user.isDefaultUser()) { + throw new UserReminderQueryException( + "Reminder query answer does not match answer"); + } + if (PropsValues.USERS_REMINDER_QUERIES_REQUIRED && !user.hasReminderQuery()) { @@ -268,6 +279,19 @@ protected void sendPassword( } } + if (user.isDefaultUser()) { + SessionMessages.add( + _portal.getHttpServletRequest(actionRequest), + "forgotPasswordSent"); + + return; + } + + ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute( + WebKeys.THEME_DISPLAY); + + Company company = themeDisplay.getCompany(); + PortletPreferences portletPreferences = actionRequest.getPreferences(); String languageId = LanguageUtil.getLanguageId(actionRequest); @@ -304,6 +328,52 @@ protected void setUserLocalService(UserLocalService userLocalService) { _userLocalService = userLocalService; } + private User _getUser(ActionRequest actionRequest) throws Exception { + User user = null; + + ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute( + WebKeys.THEME_DISPLAY); + + Company company = themeDisplay.getCompany(); + + String authType = company.getAuthType(); + + PortletSession portletSession = actionRequest.getPortletSession(); + + String login = (String)portletSession.getAttribute( + WebKeys.FORGOT_PASSWORD_REMINDER_USER_EMAIL_ADDRESS); + + if (Validator.isNull(login)) { + login = ParamUtil.getString(actionRequest, "login"); + } + + if (authType.equals(CompanyConstants.AUTH_TYPE_EA)) { + user = _userLocalService.getUserByEmailAddress( + themeDisplay.getCompanyId(), login); + } + else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) { + user = _userLocalService.getUserByScreenName( + themeDisplay.getCompanyId(), login); + } + else if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) { + user = _userLocalService.getUserById(GetterUtil.getLong(login)); + } + else { + throw new NoSuchUserException("User does not exist"); + } + + if (!user.isActive()) { + throw new UserActiveException("Inactive user " + user.getUuid()); + } + + _userLocalService.checkLockout(user); + + return user; + } + + private static final Log _log = LogFactoryUtil.getLog( + ForgotPasswordMVCActionCommand.class); + @Reference private ConfigurationProvider _configurationProvider; diff --git a/modules/apps/login/login-web/src/main/resources/META-INF/resources/create_account.jsp b/modules/apps/login/login-web/src/main/resources/META-INF/resources/create_account.jsp index 9fbb1fd312ff89..2c618b4a49d874 100644 --- a/modules/apps/login/login-web/src/main/resources/META-INF/resources/create_account.jsp +++ b/modules/apps/login/login-web/src/main/resources/META-INF/resources/create_account.jsp @@ -33,7 +33,7 @@ renderResponse.setTitle(LanguageUtil.get(request, "create-account"));
    - +
    diff --git a/modules/apps/login/login-web/src/main/resources/META-INF/resources/forgot_password.jsp b/modules/apps/login/login-web/src/main/resources/META-INF/resources/forgot_password.jsp index ff97130890db3f..524ed01c99ac2f 100644 --- a/modules/apps/login/login-web/src/main/resources/META-INF/resources/forgot_password.jsp +++ b/modules/apps/login/login-web/src/main/resources/META-INF/resources/forgot_password.jsp @@ -23,6 +23,8 @@ if (Validator.isNull(authType)) { authType = company.getAuthType(); } +String login = (String)portletSession.getAttribute(WebKeys.FORGOT_PASSWORD_REMINDER_USER_EMAIL_ADDRESS); + Integer reminderAttempts = (Integer)portletSession.getAttribute(WebKeys.FORGOT_PASSWORD_REMINDER_ATTEMPTS); if (reminderAttempts == null) { @@ -74,23 +76,17 @@ renderResponse.setTitle(LanguageUtil.get(request, "forgot-password")); <% - String loginParameter = null; String loginLabel = null; if (authType.equals(CompanyConstants.AUTH_TYPE_EA)) { - loginParameter = "emailAddress"; loginLabel = "email-address"; } else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) { - loginParameter = "screenName"; loginLabel = "screen-name"; } else if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) { - loginParameter = "userId"; loginLabel = "id"; } - - String loginValue = ParamUtil.getString(request, loginParameter); %> @@ -103,7 +99,7 @@ renderResponse.setTitle(LanguageUtil.get(request, "forgot-password")); - + @@ -119,7 +115,7 @@ renderResponse.setTitle(LanguageUtil.get(request, "forgot-password")); - + @@ -129,21 +125,6 @@ renderResponse.setTitle(LanguageUtil.get(request, "forgot-password")); - - <% - String login = null; - - if (authType.equals(CompanyConstants.AUTH_TYPE_EA)) { - login = user2.getEmailAddress(); - } - else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) { - login = user2.getScreenName(); - } - else if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) { - login = String.valueOf(user2.getUserId()); - } - %> -
    diff --git a/modules/apps/marketplace/marketplace-app-manager-web/src/main/resources/META-INF/resources/view_search_results.jsp b/modules/apps/marketplace/marketplace-app-manager-web/src/main/resources/META-INF/resources/view_search_results.jsp index 86a4ad1b9f9820..8e4cc6f2ec320f 100644 --- a/modules/apps/marketplace/marketplace-app-manager-web/src/main/resources/META-INF/resources/view_search_results.jsp +++ b/modules/apps/marketplace/marketplace-app-manager-web/src/main/resources/META-INF/resources/view_search_results.jsp @@ -17,7 +17,11 @@ <%@ include file="/init.jsp" %> <% -String redirect = ParamUtil.getString(request, "redirect", String.valueOf(renderResponse.createRenderURL())); +String redirect = PortalUtil.escapeRedirect(ParamUtil.getString(request, "redirect")); + +if (Validator.isNull(redirect)) { + redirect = String.valueOf(renderResponse.createRenderURL()); +} portletDisplay.setShowBackIcon(true); portletDisplay.setURLBack(redirect); diff --git a/modules/apps/oauth2-provider/oauth2-provider-jsonws/src/main/java/com/liferay/oauth2/provider/jsonws/internal/security/auth/verifier/OAuth2JSONWSAuthVerifier.java b/modules/apps/oauth2-provider/oauth2-provider-jsonws/src/main/java/com/liferay/oauth2/provider/jsonws/internal/security/auth/verifier/OAuth2JSONWSAuthVerifier.java index 1991861a54e8fe..337408c8541817 100644 --- a/modules/apps/oauth2-provider/oauth2-provider-jsonws/src/main/java/com/liferay/oauth2/provider/jsonws/internal/security/auth/verifier/OAuth2JSONWSAuthVerifier.java +++ b/modules/apps/oauth2-provider/oauth2-provider-jsonws/src/main/java/com/liferay/oauth2/provider/jsonws/internal/security/auth/verifier/OAuth2JSONWSAuthVerifier.java @@ -35,6 +35,7 @@ import com.liferay.portal.kernel.log.LogFactoryUtil; import com.liferay.portal.kernel.security.auth.AccessControlContext; import com.liferay.portal.kernel.security.auth.AuthException; +import com.liferay.portal.kernel.security.auth.CompanyThreadLocal; import com.liferay.portal.kernel.security.auth.verifier.AuthVerifier; import com.liferay.portal.kernel.security.auth.verifier.AuthVerifierResult; import com.liferay.portal.kernel.security.service.access.policy.ServiceAccessPolicy; @@ -101,6 +102,10 @@ public AuthVerifierResult verify( long companyId = oAuth2Application.getCompanyId(); + if (companyId != CompanyThreadLocal.getCompanyId()) { + return authVerifierResult; + } + BearerTokenProvider bearerTokenProvider = _bearerTokenProviderAccessor.getBearerTokenProvider( companyId, oAuth2Application.getClientId()); diff --git a/modules/apps/oauth2-provider/oauth2-provider-rest/src/main/java/com/liferay/oauth2/provider/rest/internal/security/auth/verifier/OAuth2RESTAuthVerifier.java b/modules/apps/oauth2-provider/oauth2-provider-rest/src/main/java/com/liferay/oauth2/provider/rest/internal/security/auth/verifier/OAuth2RESTAuthVerifier.java index 1adec7d8dbfc20..35f3bb824d1cb1 100644 --- a/modules/apps/oauth2-provider/oauth2-provider-rest/src/main/java/com/liferay/oauth2/provider/rest/internal/security/auth/verifier/OAuth2RESTAuthVerifier.java +++ b/modules/apps/oauth2-provider/oauth2-provider-rest/src/main/java/com/liferay/oauth2/provider/rest/internal/security/auth/verifier/OAuth2RESTAuthVerifier.java @@ -30,6 +30,7 @@ import com.liferay.portal.kernel.log.LogFactoryUtil; import com.liferay.portal.kernel.security.auth.AccessControlContext; import com.liferay.portal.kernel.security.auth.AuthException; +import com.liferay.portal.kernel.security.auth.CompanyThreadLocal; import com.liferay.portal.kernel.security.auth.verifier.AuthVerifier; import com.liferay.portal.kernel.security.auth.verifier.AuthVerifierResult; import com.liferay.portal.kernel.servlet.HttpHeaders; @@ -84,6 +85,12 @@ public AuthVerifierResult verify( OAuth2Application oAuth2Application = accessToken.getOAuth2Application(); + long companyId = oAuth2Application.getCompanyId(); + + if (companyId != CompanyThreadLocal.getCompanyId()) { + return authVerifierResult; + } + BearerTokenProvider bearerTokenProvider = _bearerTokenProviderAccessor.getBearerTokenProvider( oAuth2Application.getCompanyId(), diff --git a/modules/apps/petra/petra-log4j/build.gradle b/modules/apps/petra/petra-log4j/build.gradle index f0ab10f43e8b98..e70e04bf61e78f 100644 --- a/modules/apps/petra/petra-log4j/build.gradle +++ b/modules/apps/petra/petra-log4j/build.gradle @@ -2,6 +2,6 @@ dependencies { compileOnly group: "com.liferay", name: "com.liferay.petra.reflect", version: "3.0.0" compileOnly group: "com.liferay", name: "com.liferay.petra.string", version: "3.0.0" compileOnly group: "com.liferay.portal", name: "com.liferay.portal.kernel", version: "4.34.0" - compileOnly group: "dom4j", name: "dom4j", version: "1.6.1" + compileOnly group: "org.dom4j", name: "dom4j", version: "2.1.3" compileOnly group: "log4j", name: "log4j", version: "1.2.17" } \ No newline at end of file diff --git a/modules/apps/petra/petra-xml/build.gradle b/modules/apps/petra/petra-xml/build.gradle index af74ffc13c6bae..17627e63cbb0ac 100644 --- a/modules/apps/petra/petra-xml/build.gradle +++ b/modules/apps/petra/petra-xml/build.gradle @@ -1,5 +1,5 @@ dependencies { compileOnly group: "com.liferay", name: "com.liferay.petra.string", version: "3.0.0" compileOnly group: "com.liferay.portal", name: "com.liferay.portal.kernel", version: "4.34.0" - compileOnly group: "dom4j", name: "dom4j", version: "1.6.1" + compileOnly group: "org.dom4j", name: "dom4j", version: "2.1.3" } \ No newline at end of file diff --git a/modules/apps/portal-odata/portal-odata-impl/bnd.bnd b/modules/apps/portal-odata/portal-odata-impl/bnd.bnd index 169bc63854e435..f8eba8fa15569c 100644 --- a/modules/apps/portal-odata/portal-odata-impl/bnd.bnd +++ b/modules/apps/portal-odata/portal-odata-impl/bnd.bnd @@ -1,4 +1,39 @@ Bundle-Name: Liferay Portal OData Implementation Bundle-SymbolicName: com.liferay.portal.odata.impl Bundle-Version: 2.0.8 -Import-Package: * \ No newline at end of file +Import-Package:\ + !com.google.protobuf.*,\ + \ + !com.jcraft.jzlib.*,\ + \ + !com.ning.compress.*,\ + \ + !com.oracle.svm.core.annotate.*,\ + \ + !io.netty.internal.tcnative.*,\ + \ + !lzma.sdk.*,\ + \ + !net.jpountz.lz4.*,\ + !net.jpountz.xxhash.*,\ + \ + !org.apache.logging.log4j.*,\ + \ + !org.bouncycastle.asn1.x500.*,\ + !org.bouncycastle.cert.*,\ + !org.bouncycastle.jce.provider.*,\ + !org.bouncycastle.operator.*,\ + \ + !org.conscrypt.*,\ + \ + !org.eclipse.jetty.alpn.*,\ + !org.eclipse.jetty.npn.*,\ + \ + !org.jboss.marshalling.*,\ + \ + !reactor.blockhound.*,\ + \ + !sun.security.util.*,\ + !sun.security.x509.*,\ + \ + * \ No newline at end of file diff --git a/modules/apps/portal-odata/portal-odata-impl/build.gradle b/modules/apps/portal-odata/portal-odata-impl/build.gradle index e8d5178bf98423..8215925ed93b44 100644 --- a/modules/apps/portal-odata/portal-odata-impl/build.gradle +++ b/modules/apps/portal-odata/portal-odata-impl/build.gradle @@ -1,9 +1,16 @@ dependencies { - compileInclude group: "org.apache.olingo", name: "odata-commons-api", version: "4.4.0" - compileInclude group: "org.apache.olingo", name: "odata-commons-core", version: "4.4.0" - compileInclude group: "org.apache.olingo", name: "odata-server-api", version: "4.4.0" - compileInclude group: "org.apache.olingo", name: "odata-server-core", version: "4.4.0" - compileInclude group: "org.apache.olingo", name: "odata-server-core-ext", version: "4.4.0" + compileInclude group: "io.netty", name: "netty-buffer", version: "4.1.50.Final" + compileInclude group: "io.netty", name: "netty-codec", version: "4.1.50.Final" + compileInclude group: "io.netty", name: "netty-codec-http", version: "4.1.50.Final" + compileInclude group: "io.netty", name: "netty-common", version: "4.1.50.Final" + compileInclude group: "io.netty", name: "netty-handler", version: "4.1.50.Final" + compileInclude group: "io.netty", name: "netty-resolver", version: "4.1.50.Final" + compileInclude group: "io.netty", name: "netty-transport", version: "4.1.50.Final" + compileInclude group: "org.apache.olingo", name: "odata-commons-api", version: "4.7.1" + compileInclude group: "org.apache.olingo", name: "odata-commons-core", version: "4.7.1" + compileInclude group: "org.apache.olingo", name: "odata-server-api", version: "4.7.1" + compileInclude group: "org.apache.olingo", name: "odata-server-core", version: "4.7.1" + compileInclude group: "org.apache.olingo", name: "odata-server-core-ext", version: "4.7.1" compileOnly group: "com.fasterxml.jackson.core", name: "jackson-databind", version: "2.9.10.1" compileOnly group: "com.liferay", name: "com.liferay.osgi.util", version: "5.0.0" diff --git a/modules/apps/portal-odata/portal-odata-impl/src/main/java/com/liferay/portal/odata/internal/filter/expression/ExpressionVisitorImpl.java b/modules/apps/portal-odata/portal-odata-impl/src/main/java/com/liferay/portal/odata/internal/filter/expression/ExpressionVisitorImpl.java index 256f7ed9eecdf6..9ea74f98134da3 100644 --- a/modules/apps/portal-odata/portal-odata-impl/src/main/java/com/liferay/portal/odata/internal/filter/expression/ExpressionVisitorImpl.java +++ b/modules/apps/portal-odata/portal-odata-impl/src/main/java/com/liferay/portal/odata/internal/filter/expression/ExpressionVisitorImpl.java @@ -85,6 +85,16 @@ public Expression visitBinaryOperator( ); } + @Override + public Expression visitBinaryOperator( + BinaryOperatorKind binaryOperatorKind, + Expression leftBinaryOperationExpression, + List rightBinaryOperationExpressions) { + + throw new UnsupportedOperationException( + "Binary operator: " + binaryOperatorKind); + } + @Override public Expression visitEnum(EdmEnumType edmEnumType, List list) { throw new UnsupportedOperationException( diff --git a/modules/apps/portal-vulcan/portal-vulcan-impl/build.gradle b/modules/apps/portal-vulcan/portal-vulcan-impl/build.gradle index 549fa83b5af77f..9138aa471e92b9 100644 --- a/modules/apps/portal-vulcan/portal-vulcan-impl/build.gradle +++ b/modules/apps/portal-vulcan/portal-vulcan-impl/build.gradle @@ -62,6 +62,7 @@ dependencies { compileOnly group: "org.osgi", name: "org.osgi.util.promise", version: "1.1.0" compileOnly group: "org.osgi", name: "osgi.core", version: "6.0.0" compileOnly group: "org.springframework", name: "spring-tx", version: "4.1.9.RELEASE" + compileOnly project(":apps:document-library:document-library-api") testCompile group: "org.hamcrest", name: "hamcrest-all", version: "1.3" } diff --git a/modules/apps/portal-vulcan/portal-vulcan-impl/src/main/java/com/liferay/portal/vulcan/internal/jaxrs/feature/VulcanFeature.java b/modules/apps/portal-vulcan/portal-vulcan-impl/src/main/java/com/liferay/portal/vulcan/internal/jaxrs/feature/VulcanFeature.java index 127d8da7422ffe..55fde89467026a 100644 --- a/modules/apps/portal-vulcan/portal-vulcan-impl/src/main/java/com/liferay/portal/vulcan/internal/jaxrs/feature/VulcanFeature.java +++ b/modules/apps/portal-vulcan/portal-vulcan-impl/src/main/java/com/liferay/portal/vulcan/internal/jaxrs/feature/VulcanFeature.java @@ -17,6 +17,7 @@ import com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider; import com.fasterxml.jackson.jaxrs.xml.JacksonXMLProvider; +import com.liferay.document.library.kernel.util.DLValidator; import com.liferay.portal.kernel.language.Language; import com.liferay.portal.kernel.search.filter.Filter; import com.liferay.portal.kernel.service.GroupLocalService; @@ -101,7 +102,6 @@ public boolean configure(FeatureContext featureContext) { featureContext.register(JsonParseExceptionMapper.class); featureContext.register(InvalidFormatExceptionMapper.class); featureContext.register(LogContainerRequestFilter.class); - featureContext.register(MultipartBodyMessageBodyReader.class); featureContext.register(NestedFieldsContainerRequestFilter.class); featureContext.register(NoSuchModelExceptionMapper.class); featureContext.register(ObjectMapperContextResolver.class); @@ -126,6 +126,9 @@ public boolean configure(FeatureContext featureContext) { featureContext.register( new FilterContextProvider( _expressionConvert, _filterParserProvider, _language, _portal)); + featureContext.register( + new MultipartBodyMessageBodyReader( + _dlValidator.getMaxAllowableSize())); _nestedFieldsWriterInterceptor = new NestedFieldsWriterInterceptor( _bundleContext); @@ -156,6 +159,9 @@ protected void deactivate() { private BundleContext _bundleContext; + @Reference + private DLValidator _dlValidator; + @Reference( target = "(result.class.name=com.liferay.portal.kernel.search.filter.Filter)" ) diff --git a/modules/apps/portal-vulcan/portal-vulcan-impl/src/main/java/com/liferay/portal/vulcan/internal/jaxrs/message/body/MultipartBodyMessageBodyReader.java b/modules/apps/portal-vulcan/portal-vulcan-impl/src/main/java/com/liferay/portal/vulcan/internal/jaxrs/message/body/MultipartBodyMessageBodyReader.java index 92a936ba826a31..3efca5c1c8260d 100644 --- a/modules/apps/portal-vulcan/portal-vulcan-impl/src/main/java/com/liferay/portal/vulcan/internal/jaxrs/message/body/MultipartBodyMessageBodyReader.java +++ b/modules/apps/portal-vulcan/portal-vulcan-impl/src/main/java/com/liferay/portal/vulcan/internal/jaxrs/message/body/MultipartBodyMessageBodyReader.java @@ -44,6 +44,7 @@ import javax.ws.rs.ext.Providers; import org.apache.commons.fileupload.FileItem; +import org.apache.commons.fileupload.FileUploadBase; import org.apache.commons.fileupload.disk.DiskFileItemFactory; import org.apache.commons.fileupload.servlet.ServletFileUpload; import org.apache.commons.fileupload.util.Streams; @@ -57,6 +58,10 @@ public class MultipartBodyMessageBodyReader implements MessageBodyReader { + public MultipartBodyMessageBodyReader(long fileMaxSize) { + _fileMaxSize = fileMaxSize; + } + @Override public boolean isReadable( Class clazz, Type genericType, Annotation[] annotations, @@ -103,6 +108,9 @@ public MultipartBody readFrom( ServletFileUpload servletFileUpload = new ServletFileUpload( new DiskFileItemFactory()); + servletFileUpload.setFileSizeMax(_fileMaxSize); + servletFileUpload.setSizeMax(_fileMaxSize); + List fileItems = servletFileUpload.parseRequest( _httpServletRequest); @@ -125,12 +133,22 @@ public MultipartBody readFrom( return MultipartBody.of( binaryFiles, contextResolver::getContext, values); } + catch (FileUploadBase.SizeLimitExceededException + sizeLimitExceededException) { + + throw new BadRequestException( + "Please enter a file with a valid file size no larger than " + + _fileMaxSize, + sizeLimitExceededException); + } catch (Exception e) { throw new BadRequestException( "Request body is not a valid multipart form", e); } } + private final long _fileMaxSize; + @Context private HttpServletRequest _httpServletRequest; diff --git a/modules/apps/portal-workflow/portal-workflow-web/src/main/resources/META-INF/resources/definition/edit_workflow_definition.jsp b/modules/apps/portal-workflow/portal-workflow-web/src/main/resources/META-INF/resources/definition/edit_workflow_definition.jsp index 9e23a000e7940a..1393151b5494b0 100644 --- a/modules/apps/portal-workflow/portal-workflow-web/src/main/resources/META-INF/resources/definition/edit_workflow_definition.jsp +++ b/modules/apps/portal-workflow/portal-workflow-web/src/main/resources/META-INF/resources/definition/edit_workflow_definition.jsp @@ -150,7 +150,7 @@ renderResponse.setTitle((workflowDefinition == null) ? LanguageUtil.get(request, <%= dateFormatTime.format(workflowDefinitionDisplayContext.getCreatedDate(workflowDefinition)) %>
    - + @@ -163,7 +163,7 @@ renderResponse.setTitle((workflowDefinition == null) ? LanguageUtil.get(request, <%= dateFormatTime.format(workflowDefinition.getModifiedDate()) %>
    - + diff --git a/modules/apps/staging/staging-processes-web/src/main/java/com/liferay/staging/processes/web/internal/display/context/StagingProcessesWebToolbarDisplayContext.java b/modules/apps/staging/staging-processes-web/src/main/java/com/liferay/staging/processes/web/internal/display/context/StagingProcessesWebToolbarDisplayContext.java index 246338a3402514..6149a615b5207b 100644 --- a/modules/apps/staging/staging-processes-web/src/main/java/com/liferay/staging/processes/web/internal/display/context/StagingProcessesWebToolbarDisplayContext.java +++ b/modules/apps/staging/staging-processes-web/src/main/java/com/liferay/staging/processes/web/internal/display/context/StagingProcessesWebToolbarDisplayContext.java @@ -57,7 +57,20 @@ public StagingProcessesWebToolbarDisplayContext( portlet.getRootPortletId()); } + /** + * @deprecated As of Mueller (7.2.x), replaced by {@link + * #getActionDropdownItems(boolean)} + */ + @Deprecated public List getActionDropdownItems() { + return getActionDropdownItems(true); + } + + public List getActionDropdownItems(boolean hasPermission) { + if (!hasPermission) { + return null; + } + return new DropdownItemList() { { add( @@ -72,7 +85,20 @@ public List getActionDropdownItems() { }; } + /** + * @deprecated As of Mueller (7.2.x), replaced by {@link + * #getCreationMenu(boolean)} + */ + @Deprecated + public CreationMenu getCreationMenu() { + return getCreationMenu(true); + } + public CreationMenu getCreationMenu(boolean hasPermission) { + if (!hasPermission) { + return null; + } + return new CreationMenu() { { int configurationType = 0; @@ -93,38 +119,15 @@ public CreationMenu getCreationMenu(boolean hasPermission) { TYPE_PUBLISH_LAYOUT_LOCAL; } - if (hasPermission) { - List exportImportConfigurations = - ExportImportConfigurationLocalServiceUtil. - getExportImportConfigurations( - stagingGroupId, configurationType); - - for (ExportImportConfiguration exportImportConfiguration : - exportImportConfigurations) { - - addRestDropdownItem( - dropdownItem -> { - String cmd = Constants.PUBLISH_TO_LIVE; - - if (stagingGroup.isStagedRemotely()) { - cmd = Constants.PUBLISH_TO_REMOTE; - } - - dropdownItem.setHref( - _portletResponse.createRenderURL(), - "mvcRenderCommandName", "publishLayouts", - Constants.CMD, cmd, - "exportImportConfigurationId", - String.valueOf( - exportImportConfiguration. - getExportImportConfigurationId()), - "groupId", String.valueOf(stagingGroupId)); - dropdownItem.setLabel( - exportImportConfiguration.getName()); - }); - } - - addPrimaryDropdownItem( + List exportImportConfigurations = + ExportImportConfigurationLocalServiceUtil. + getExportImportConfigurations( + stagingGroupId, configurationType); + + for (ExportImportConfiguration exportImportConfiguration : + exportImportConfigurations) { + + addRestDropdownItem( dropdownItem -> { String cmd = Constants.PUBLISH_TO_LIVE; @@ -135,14 +138,35 @@ public CreationMenu getCreationMenu(boolean hasPermission) { dropdownItem.setHref( _portletResponse.createRenderURL(), "mvcRenderCommandName", "publishLayouts", - Constants.CMD, cmd, "groupId", - String.valueOf(stagingGroupId), "privateLayout", - Boolean.FALSE.toString()); + Constants.CMD, cmd, + "exportImportConfigurationId", + String.valueOf( + exportImportConfiguration. + getExportImportConfigurationId()), + "groupId", String.valueOf(stagingGroupId)); dropdownItem.setLabel( - LanguageUtil.get( - _httpServletRequest, "custom-publication")); + exportImportConfiguration.getName()); }); } + + addPrimaryDropdownItem( + dropdownItem -> { + String cmd = Constants.PUBLISH_TO_LIVE; + + if (stagingGroup.isStagedRemotely()) { + cmd = Constants.PUBLISH_TO_REMOTE; + } + + dropdownItem.setHref( + _portletResponse.createRenderURL(), + "mvcRenderCommandName", "publishLayouts", + Constants.CMD, cmd, "groupId", + String.valueOf(stagingGroupId), "privateLayout", + Boolean.FALSE.toString()); + dropdownItem.setLabel( + LanguageUtil.get( + _httpServletRequest, "custom-publication")); + }); } }; } diff --git a/modules/apps/staging/staging-processes-web/src/main/java/com/liferay/staging/processes/web/internal/portlet/configuration/icon/PublishTemplatesConfigurationIcon.java b/modules/apps/staging/staging-processes-web/src/main/java/com/liferay/staging/processes/web/internal/portlet/configuration/icon/PublishTemplatesConfigurationIcon.java index 3da83001e0a314..c72455b75c5b83 100644 --- a/modules/apps/staging/staging-processes-web/src/main/java/com/liferay/staging/processes/web/internal/portlet/configuration/icon/PublishTemplatesConfigurationIcon.java +++ b/modules/apps/staging/staging-processes-web/src/main/java/com/liferay/staging/processes/web/internal/portlet/configuration/icon/PublishTemplatesConfigurationIcon.java @@ -14,11 +14,16 @@ package com.liferay.staging.processes.web.internal.portlet.configuration.icon; +import com.liferay.portal.kernel.exception.PortalException; import com.liferay.portal.kernel.language.LanguageUtil; +import com.liferay.portal.kernel.log.Log; +import com.liferay.portal.kernel.log.LogFactoryUtil; import com.liferay.portal.kernel.model.Group; import com.liferay.portal.kernel.model.User; import com.liferay.portal.kernel.portlet.configuration.icon.BasePortletConfigurationIcon; import com.liferay.portal.kernel.portlet.configuration.icon.PortletConfigurationIcon; +import com.liferay.portal.kernel.security.permission.ActionKeys; +import com.liferay.portal.kernel.service.permission.GroupPermissionUtil; import com.liferay.portal.kernel.theme.ThemeDisplay; import com.liferay.portal.kernel.util.Portal; import com.liferay.portal.kernel.util.ResourceBundleUtil; @@ -82,6 +87,22 @@ public boolean isShow(PortletRequest portletRequest) { Group scopeGroup = themeDisplay.getScopeGroup(); + try { + if (!GroupPermissionUtil.contains( + themeDisplay.getPermissionChecker(), scopeGroup, + ActionKeys.PUBLISH_STAGING)) { + + return false; + } + } + catch (PortalException portalException) { + if (_log.isDebugEnabled()) { + _log.debug(portalException, portalException); + } + + return false; + } + if ((scopeGroup != null) && (scopeGroup.hasStagingGroup() || (scopeGroup.hasRemoteStagingGroup() && @@ -110,6 +131,9 @@ public boolean isUseDialog() { return false; } + private static final Log _log = LogFactoryUtil.getLog( + PublishTemplatesConfigurationIcon.class); + @Reference private Portal _portal; diff --git a/modules/apps/staging/staging-processes-web/src/main/resources/META-INF/resources/processes_list/publish_layouts_processes.jsp b/modules/apps/staging/staging-processes-web/src/main/resources/META-INF/resources/processes_list/publish_layouts_processes.jsp index 13c1fc888e665e..737c9fe2007e56 100644 --- a/modules/apps/staging/staging-processes-web/src/main/resources/META-INF/resources/processes_list/publish_layouts_processes.jsp +++ b/modules/apps/staging/staging-processes-web/src/main/resources/META-INF/resources/processes_list/publish_layouts_processes.jsp @@ -16,10 +16,16 @@ <%@ include file="/init.jsp" %> +<% +boolean hasPublishStagingPermission = GroupPermissionUtil.contains(permissionChecker, scopeGroupId, ActionKeys.PUBLISH_STAGING); +%> + \ No newline at end of file diff --git a/modules/apps/staging/staging-processes-web/src/main/resources/META-INF/resources/toolbar.jsp b/modules/apps/staging/staging-processes-web/src/main/resources/META-INF/resources/toolbar.jsp index d83cefc9268f91..c9ef8af5c43353 100644 --- a/modules/apps/staging/staging-processes-web/src/main/resources/META-INF/resources/toolbar.jsp +++ b/modules/apps/staging/staging-processes-web/src/main/resources/META-INF/resources/toolbar.jsp @@ -27,6 +27,8 @@ String orderByCol = ParamUtil.getString(request, "orderByCol"); String orderByType = ParamUtil.getString(request, "orderByType"); String searchContainerId = ParamUtil.getString(request, "searchContainerId"); +boolean hasPublishStagingPermission = GroupPermissionUtil.contains(permissionChecker, scopeGroupId, ActionKeys.PUBLISH_STAGING); + PortletURL portletURL = liferayPortletResponse.createRenderURL(); portletURL.setParameter("mvcRenderCommandName", mvcRenderCommandName); @@ -39,11 +41,12 @@ portletURL.setParameter("searchContainerId", String.valueOf(searchContainerId)); %> 0) { servletFileUpload.setSizeMax(maxRequestSize); } + else { + servletFileUpload.setSizeMax(uploadServletRequestImplMaxSize); + } if (maxFileSize > 0) { servletFileUpload.setFileSizeMax(maxFileSize); } + else { + servletFileUpload.setFileSizeMax( + uploadServletRequestImplMaxSize); + } liferayServletRequest = new LiferayServletRequest( httpServletRequest); @@ -116,8 +126,6 @@ public UploadServletRequestImpl( liferayServletRequest.setFinishedReadingOriginalStream(true); - long uploadServletRequestImplMaxSize = - UploadServletRequestConfigurationHelperUtil.getMaxSize(); long uploadServletRequestImplSize = 0; int contentLength = httpServletRequest.getContentLength(); diff --git a/portal-impl/src/com/liferay/portal/util/PortalImpl.java b/portal-impl/src/com/liferay/portal/util/PortalImpl.java index 22a626768ddb0b..406c5965a8a133 100644 --- a/portal-impl/src/com/liferay/portal/util/PortalImpl.java +++ b/portal-impl/src/com/liferay/portal/util/PortalImpl.java @@ -6629,6 +6629,28 @@ public boolean isValidResourceId(String resourceId) { return false; } + int count = _PORTLET_RESOURCE_ID_URL_DECODE_COUNT; + + while ((count > 0) && resourceId.contains("%")) { + resourceId = HttpUtil.decodePath(resourceId); + + if (Validator.isNull(resourceId)) { + return false; + } + + matcher = _bannedResourceIdPattern.matcher(resourceId); + + if (matcher.matches()) { + return false; + } + + count--; + + if (count == 0) { + return false; + } + } + return true; } @@ -8858,6 +8880,10 @@ private boolean _isSameHostName( private static final Locale _NULL_LOCALE; + private static final int _PORTLET_RESOURCE_ID_URL_DECODE_COUNT = + GetterUtil.getInteger( + PropsUtil.get("portlet.resource.id.url.decode.count"), 10); + private static final String _PRIVATE_GROUP_SERVLET_MAPPING = PropsValues.LAYOUT_FRIENDLY_URL_PRIVATE_GROUP_SERVLET_MAPPING; From af5048f91a569026aba6037846b6322d56c4dc74 Mon Sep 17 00:00:00 2001 From: yxingwu Date: Tue, 1 Sep 2020 10:09:59 +0800 Subject: [PATCH 05/15] Update README --- README.markdown | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/README.markdown b/README.markdown index 2e25fa6c7da577..02725c6907feac 100644 --- a/README.markdown +++ b/README.markdown @@ -7,6 +7,22 @@ information about security in Liferay Portal, please see **Cumulative diff patch:** [https://github.com/community-security-team/liferay-portal/compare/7.2.1-ga2...7.2.1-cumulative.patch](https://github.com/community-security-team/liferay-portal/compare/7.2.1-ga2...7.2.1-cumulative.patch) +The [September 2020]() release contains fixes for the following issues: +[CST-7224](https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119784785), +[CST-7225](https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119784802), +[CST-7226](https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119784815), +[CST-7307](https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119761505), +[CST-7308](https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119772204), +[CST-7309](https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119772218), +[CST-7310](https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119784734), +[CST-7311](https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119784748), +[CST-7312](https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119784846), +[CST-7313](https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119784872), +[CST-7314](https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119784884), +[CST-7315](https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119784897), +[CST-7316](https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119784916), +[CST-7317](https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119784928) + The [June 2020]() release contains fixes for the following issues: [CST-7213](https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119317427), [CST-7214](https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119317439), From 6ce1823e51fceedb2925a70ee67dd586846f4ff3 Mon Sep 17 00:00:00 2001 From: yxingwu Date: Wed, 5 May 2021 11:10:43 +0800 Subject: [PATCH 06/15] Fix the links in the readme file --- README.markdown | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.markdown b/README.markdown index 02725c6907feac..f098879423ad72 100644 --- a/README.markdown +++ b/README.markdown @@ -7,7 +7,7 @@ information about security in Liferay Portal, please see **Cumulative diff patch:** [https://github.com/community-security-team/liferay-portal/compare/7.2.1-ga2...7.2.1-cumulative.patch](https://github.com/community-security-team/liferay-portal/compare/7.2.1-ga2...7.2.1-cumulative.patch) -The [September 2020]() release contains fixes for the following issues: +The [September 2020](https://github.com/community-security-team/liferay-portal/commit/ed211f44d636d07647d7b8e2d1f0b0016866ab15) release contains fixes for the following issues: [CST-7224](https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119784785), [CST-7225](https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119784802), [CST-7226](https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119784815), @@ -23,7 +23,7 @@ The [September 2020]() release contains fixes for the following issues: [CST-7316](https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119784916), [CST-7317](https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119784928) -The [June 2020]() release contains fixes for the following issues: +The [June 2020](https://github.com/community-security-team/liferay-portal/commit/064e6b01afa1e087e4c6bbaf7f71c97ee33f3ee9) release contains fixes for the following issues: [CST-7213](https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119317427), [CST-7214](https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119317439), [CST-7216](https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119318646), From ce56c3137a8a97ffdad8a3e95ede563dd97c946f Mon Sep 17 00:00:00 2001 From: yxingwu Date: Thu, 1 Apr 2021 15:33:30 +0800 Subject: [PATCH 07/15] May 2021 --- .classpath | 1 + lib/.gitignore | 1 + lib/portal/dependencies.properties | 15 +- lib/versions-complete.xml | 8 +- lib/versions-ext.xml | 10 +- lib/versions.html | 8 +- .../resources/edit_vocabulary_settings.jspf | 2 +- .../resources/META-INF/resources/view.jsp | 2 +- .../AssetTagsSelector.es.js | 2 +- .../build.gradle | 6 +- .../build.gradle | 20 +- .../dynamic-data-lists-service/bnd.bnd | 1 + .../dynamic-data-lists-service/build.gradle | 4 +- .../context/DDMFormDisplayContext.java | 4 +- ...dFormInstanceRecordMVCResourceCommand.java | 11 +- .../PublishFormInstanceMVCActionCommand.java | 16 +- .../META-INF/resources/display/view.jsp | 22 +- .../META-INF/resource-actions/default.xml | 4 +- .../export-import-service/build.gradle | 3 +- modules/apps/flags/flags-taglib/package.json | 3 + .../taglib/servlet/taglib/react/FlagsTag.java | 9 +- .../servlet/taglib/util/FlagsTagUtil.java | 12 + .../flags/js/components/Captcha.es.js | 44 ++ .../resources/flags/js/components/Flags.es.js | 17 +- .../flags/js/components/FlagsModal.es.js | 19 + .../test/js/components/Flags.es.js | 6 + .../test/js/components/FlagsModal.es.js | 2 + modules/apps/flags/flags-web/build.gradle | 2 + .../action/CaptchaMVCResourceCommand.java | 57 ++ .../action/EditEntryMVCActionCommand.java | 91 +++- .../action/GetCaptchaMVCResourceCommand.java | 47 ++ .../META-INF/resources/get_captcha.jsp | 23 + .../resources/META-INF/resources/init.jsp | 4 +- .../resources/META-INF/resources/view.jsp | 2 +- .../frontend-editor-ckeditor-web/build.gradle | 2 +- .../frontend-editor-ckeditor-web/package.json | 2 +- .../META-INF/resources/liferay/util_window.js | 2 +- .../frontend-js-lodash-web/package.json | 2 +- .../frontend-taglib-clay/build.gradle | 4 + .../META-INF/resources/journal_template.jsp | 2 +- .../knowledge-base-service/build.gradle | 2 +- .../apps/layout/layout-admin-web/build.gradle | 4 +- .../context/LayoutsAdminDisplayContext.java | 59 +- .../META-INF/resources/add_layout.jsp | 8 + .../META-INF/resources/flattened_view.jsp | 8 +- .../portlet/NotificationsPortlet.java | 6 +- .../oauth2-provider-rest/build.gradle | 16 +- .../oauth2-provider-scope-impl/build.gradle | 4 +- ...viderScopeLiferayAccessControlContext.java | 11 +- .../oauth2-provider-test/build.gradle | 2 +- .../portal-odata-impl/build.gradle | 2 +- .../portal-remote-cors-impl/build.gradle | 1 + .../feature/CORSAnnotationDynamicFeature.java | 81 ++- .../servlet/filter/CORSServletFilter.java | 86 +-- ...rablePortalCORSServletFilterPublisher.java | 2 +- .../portal-remote-cxf-common/build.gradle | 4 +- .../portal-remote-jaxrs-whiteboard/bnd.bnd | 288 +++++----- .../build.gradle | 14 +- .../org/apache/cxf/.lfrbuild-packageinfo | 4 + .../build.gradle | 2 +- .../portal-remote-rest-extender/build.gradle | 8 +- .../build.gradle | 8 +- .../build.gradle | 8 +- .../portal-scheduler-quartz/build.gradle | 2 +- .../portal-scripting-groovy/build.gradle | 2 +- .../build.gradle | 6 +- .../build.gradle | 6 +- .../build.gradle | 2 +- .../portal-security-antisamy/build.gradle | 8 +- .../configuration/S3StoreConfiguration.java | 2 +- .../portal-template-velocity/build.gradle | 2 +- .../portal-vulcan-api/build.gradle | 2 +- .../portal-vulcan-impl/build.gradle | 10 +- .../portal-vulcan-test/build.gradle | 4 +- .../service/KaleoInstanceLocalService.java | 4 + .../KaleoInstanceLocalServiceUtil.java | 7 + .../KaleoInstanceLocalServiceWrapper.java | 8 + .../persistence/KaleoInstancePersistence.java | 60 ++ .../persistence/KaleoInstanceUtil.java | 82 +++ .../build.gradle | 2 +- .../internal/DefaultWorkflowEngineImpl.java | 23 +- .../build.gradle | 2 +- .../internal/WorkflowInstanceManagerImpl.java | 14 + .../build.gradle | 2 +- .../portal-workflow-kaleo-service/service.xml | 5 + .../model/impl/KaleoInstanceModelImpl.java | 21 +- .../impl/KaleoInstanceLocalServiceImpl.java | 8 + .../impl/KaleoInstancePersistenceImpl.java | 350 ++++++++++++ .../main/resources/META-INF/sql/indexes.sql | 1 + .../test/KaleoInstancePersistenceTest.java | 35 ++ .../portal-workflow-task-web/build.gradle | 4 +- .../WorkflowTaskPermissionChecker.java | 39 +- .../portlet/MyWorkflowTaskPortlet.java | 11 +- .../action/AssignTaskMVCResourceCommand.java | 11 +- .../WorkflowTaskBaseMVCActionCommand.java | 6 +- .../resources/META-INF/resources/init.jsp | 1 + .../resources/workflow_task_assign.jsp | 2 +- .../portal-workflow-web/build.gradle | 4 +- .../WorkflowInstanceEditDisplayContext.java | 5 +- .../internal/portlet/UserWorkflowPortlet.java | 77 +++ ...eleteWorkflowInstanceMVCActionCommand.java | 2 +- .../tab/WorkflowInstancePortletTab.java | 3 +- .../META-INF/resources/advanced_styling.jsp | 6 +- .../resources/META-INF/resources/init.jsp | 1 + .../resources/META-INF/resources/view.jsp | 2 +- ...onfigurationPermissionsDisplayContext.java | 3 - modules/apps/powwow/powwow-portlet/ivy.xml | 2 +- .../build.gradle | 4 +- .../resources/preview_membership_request.jsp | 4 +- .../portal-lpkg-deployer-test/build.gradle | 2 +- .../build.gradle | 2 +- modules/apps/tasks/tasks-portlet/ivy.xml | 2 +- modules/apps/upload/upload-web/build.gradle | 2 +- ...eOrganizationPortletConfigurationIcon.java | 3 +- .../system.packages.extra.bnd | 2 +- .../build.gradle | 2 +- modules/yarn.lock | 515 ++---------------- nbproject/project.properties | 1 + .../portal/action/JSONServiceAction.java | 11 +- .../JSONWebServiceServiceAction.java | 24 +- .../service/http/LayoutServiceHttp.java | 196 +++++-- .../service/http/LayoutServiceSoap.java | 40 ++ .../service/impl/LayoutLocalServiceImpl.java | 105 +++- .../service/impl/LayoutServiceImpl.java | 31 ++ .../service/impl/UserLocalServiceImpl.java | 34 +- ...UserNotificationEventLocalServiceImpl.java | 40 +- .../permission/UserPermissionImpl.java | 4 +- .../com/liferay/portal/struts/JSONAction.java | 11 +- .../com/liferay/portal/util/PropsValues.java | 4 + portal-impl/src/portal-developer.properties | 2 + portal-impl/src/portal.properties | 12 +- .../kernel/service/LayoutLocalService.java | 29 + .../service/LayoutLocalServiceUtil.java | 39 ++ .../service/LayoutLocalServiceWrapper.java | 42 ++ .../portal/kernel/service/LayoutService.java | 13 + .../kernel/service/LayoutServiceUtil.java | 21 + .../kernel/service/LayoutServiceWrapper.java | 22 + .../UserNotificationEventLocalService.java | 7 +- ...UserNotificationEventLocalServiceUtil.java | 12 +- ...rNotificationEventLocalServiceWrapper.java | 13 +- .../liferay/portal/kernel/util/PropsKeys.java | 3 + .../workflow/WorkflowInstanceManager.java | 7 + .../workflow/WorkflowInstanceManagerUtil.java | 8 + 143 files changed, 2241 insertions(+), 997 deletions(-) create mode 100644 modules/apps/flags/flags-taglib/src/main/resources/META-INF/resources/flags/js/components/Captcha.es.js create mode 100644 modules/apps/flags/flags-web/src/main/java/com/liferay/flags/web/internal/portlet/action/CaptchaMVCResourceCommand.java create mode 100644 modules/apps/flags/flags-web/src/main/java/com/liferay/flags/web/internal/portlet/action/GetCaptchaMVCResourceCommand.java create mode 100644 modules/apps/flags/flags-web/src/main/resources/META-INF/resources/get_captcha.jsp create mode 100644 modules/apps/portal-remote/portal-remote-jaxrs-whiteboard/src/main/resources/org/apache/cxf/.lfrbuild-packageinfo diff --git a/.classpath b/.classpath index ed9d9bb98a8c6a..38479a0881e41b 100644 --- a/.classpath +++ b/.classpath @@ -262,6 +262,7 @@ + diff --git a/lib/.gitignore b/lib/.gitignore index f1557c2a87acc1..677bc3104013ec 100644 --- a/lib/.gitignore +++ b/lib/.gitignore @@ -232,6 +232,7 @@ /portal/slf4j-api.jar /portal/soap.jar /portal/soap-api.jar +/portal/sparse-bit-set.jar /portal/spring-aop.jar /portal/spring-aspects.jar /portal/spring-beans.jar diff --git a/lib/portal/dependencies.properties b/lib/portal/dependencies.properties index 6acb6f9855d6da..2f3802df2cbda5 100644 --- a/lib/portal/dependencies.properties +++ b/lib/portal/dependencies.properties @@ -127,10 +127,10 @@ netty-all=io.netty:netty-all:4.1.48.Final odmg=odmg:odmg:3.0 oro=oro:oro:2.0.8 pdfbox=org.apache.pdfbox:pdfbox:2.0.13 -poi-ooxml-schemas=org.apache.poi:poi-ooxml-schemas:4.0.1 -poi-ooxml=org.apache.poi:poi-ooxml:4.0.1 -poi-scratchpad=org.apache.poi:poi-scratchpad:4.0.1 -poi=org.apache.poi:poi:4.0.1 +poi-ooxml-schemas=org.apache.poi:poi-ooxml-schemas:4.1.2 +poi-ooxml=org.apache.poi:poi-ooxml:4.1.2 +poi-scratchpad=org.apache.poi:poi-scratchpad:4.1.2 +poi=org.apache.poi:poi:4.1.2 rdffilter=com.liferay:com.megginson.sax.rdf:1.0 rhino=org.mozilla:rhino:1.7R4 ridl=org.openoffice:ridl:2.3.1 @@ -145,6 +145,7 @@ simplecaptcha=com.liferay:nl.captcha.simplecaptcha:1.1.1 slf4j-api=org.slf4j:slf4j-api:1.7.26 soap-api=com.liferay:javax.xml.soap:1.4.0.LIFERAY-PATCHED-1 soap=soap:soap:2.2 +sparse-bit-set=com.zaxxer:SparseBitSet:1.2 spring-aop=org.springframework:spring-aop:4.3.22.RELEASE spring-aspects=org.springframework:spring-aspects:4.3.22.RELEASE spring-beans=org.springframework:spring-beans:4.3.22.RELEASE @@ -165,8 +166,8 @@ stax=stax:stax-api:1.0.1 streambuffer=com.sun.xml.stream.buffer:streambuffer:0.9 stringtemplate=org.antlr:stringtemplate:3.0 tagsoup=org.ccil.cowan.tagsoup:tagsoup:1.2.1 -tika-core=org.apache.tika:tika-core:1.22 -tika-parsers=org.apache.tika:tika-parsers:1.22 +tika-core=org.apache.tika:tika-core:1.24 +tika-parsers=org.apache.tika:tika-parsers:1.24 tomcat-jdbc=org.apache.tomcat:tomcat-jdbc:9.0.17 tomcat-juli=org.apache.tomcat:tomcat-juli:9.0.17 transaction=javax.transaction:javax.transaction-api:1.3 @@ -185,7 +186,7 @@ xml-apis=xml-apis:xml-apis:1.4.01 xmlsec=org.apache.santuario:xmlsec:1.5.8 xmpcore=com.adobe.xmp:xmpcore:5.1.3 xpp3=xpp3:xpp3_min:1.1.4c -xstream=com.thoughtworks.xstream:xstream:1.4.11.1 +xstream=com.thoughtworks.xstream:xstream:1.4.14 xuggle-xuggler-noarch=com.liferay:xuggle.xuggler.noarch:5.4 xz=org.tukaani:xz:1.8 yui-compressor=com.yahoo.platform.yui:yuicompressor:2.4.8 \ No newline at end of file diff --git a/lib/versions-complete.xml b/lib/versions-complete.xml index 48e89515308563..5b798666a88418 100644 --- a/lib/versions-complete.xml +++ b/lib/versions-complete.xml @@ -6836,7 +6836,7 @@ lib/portal/poi-ooxml-schemas.jar - 4.0.1 + 4.1.2 POI http://poi.apache.org @@ -6849,7 +6849,7 @@ lib/portal/poi-ooxml.jar - 4.0.1 + 4.1.2 POI http://poi.apache.org @@ -6862,7 +6862,7 @@ lib/portal/poi-scratchpad.jar - 4.0.1 + 4.1.2 POI http://poi.apache.org @@ -6875,7 +6875,7 @@ lib/portal/poi.jar - 4.0.1 + 4.1.2 POI http://poi.apache.org diff --git a/lib/versions-ext.xml b/lib/versions-ext.xml index 88b68b553614bc..3ffbd03cc19e96 100644 --- a/lib/versions-ext.xml +++ b/lib/versions-ext.xml @@ -2549,7 +2549,7 @@ lib/portal/poi.jar - 4.0.1 + 4.1.2 POI http://poi.apache.org @@ -2562,7 +2562,7 @@ lib/portal/poi-ooxml.jar - 4.0.1 + 4.1.2 POI http://poi.apache.org @@ -2575,7 +2575,7 @@ lib/portal/poi-ooxml-schemas.jar - 4.0.1 + 4.1.2 POI http://poi.apache.org @@ -2588,7 +2588,7 @@ lib/portal/poi-scratchpad.jar - 4.0.1 + 4.1.2 POI http://poi.apache.org @@ -3359,7 +3359,7 @@ lib/portal/xstream.jar - 1.4.11.1 + 1.4.14 XStream http://xstream.codehaus.org diff --git a/lib/versions.html b/lib/versions.html index ffcb1674d01be5..67cf35b4877995 100644 --- a/lib/versions.html +++ b/lib/versions.html @@ -3008,28 +3008,28 @@ -lib/portal/poi-ooxml-schemas.jar4.0.1POIApache License 2.0 +lib/portal/poi-ooxml-schemas.jar4.1.2POIApache License 2.0
    Copyright (c) 2009 The Apache Software Foundation
    -lib/portal/poi-ooxml.jar4.0.1POIApache License 2.0 +lib/portal/poi-ooxml.jar4.1.2POIApache License 2.0
    Copyright (c) 2009 The Apache Software Foundation
    -lib/portal/poi-scratchpad.jar4.0.1POIApache License 2.0 +lib/portal/poi-scratchpad.jar4.1.2POIApache License 2.0
    Copyright (c) 2009 The Apache Software Foundation
    -lib/portal/poi.jar4.0.1POIApache License 2.0 +lib/portal/poi.jar4.1.2POIApache License 2.0
    Copyright (c) 2009 The Apache Software Foundation
    diff --git a/modules/apps/asset/asset-categories-admin-web/src/main/resources/META-INF/resources/edit_vocabulary_settings.jspf b/modules/apps/asset/asset-categories-admin-web/src/main/resources/META-INF/resources/edit_vocabulary_settings.jspf index c4d12cd98b0d1c..1cc6faf20c43b5 100644 --- a/modules/apps/asset/asset-categories-admin-web/src/main/resources/META-INF/resources/edit_vocabulary_settings.jspf +++ b/modules/apps/asset/asset-categories-admin-web/src/main/resources/META-INF/resources/edit_vocabulary_settings.jspf @@ -100,7 +100,7 @@ if (vocabulary != null) { for (ClassType classType : classTypes) { %> - + <% } diff --git a/modules/apps/asset/asset-publisher-web/src/main/resources/META-INF/resources/view.jsp b/modules/apps/asset/asset-publisher-web/src/main/resources/META-INF/resources/view.jsp index 64234fb7d91ef5..799a09613c8168 100644 --- a/modules/apps/asset/asset-publisher-web/src/main/resources/META-INF/resources/view.jsp +++ b/modules/apps/asset/asset-publisher-web/src/main/resources/META-INF/resources/view.jsp @@ -142,7 +142,7 @@ SearchContainer searchContainer = assetPublisherDisplayContext.getSearchContaine - const assetEntryId = '<%= assetPublisherDisplayContext.getAssetEntryId() %>'; + const assetEntryId = '<%= HtmlUtil.escape(assetPublisherDisplayContext.getAssetEntryId()) %>'; if (assetEntryId) { window.location.hash = assetEntryId; diff --git a/modules/apps/asset/asset-taglib/src/main/resources/META-INF/resources/asset_tags_selector/AssetTagsSelector.es.js b/modules/apps/asset/asset-taglib/src/main/resources/META-INF/resources/asset_tags_selector/AssetTagsSelector.es.js index 0155701ddd8c14..0d4b373fc9ef1d 100644 --- a/modules/apps/asset/asset-taglib/src/main/resources/META-INF/resources/asset_tags_selector/AssetTagsSelector.es.js +++ b/modules/apps/asset/asset-taglib/src/main/resources/META-INF/resources/asset_tags_selector/AssetTagsSelector.es.js @@ -126,7 +126,7 @@ class AssetTagsSelector extends Component { const filteredItems = event.target.filteredItems; if (!filteredItems || (filteredItems && filteredItems.length === 0)) { - const inputValue = event.target.inputValue; + const inputValue = Liferay.Util.escape(event.target.inputValue); if (inputValue) { const existingTag = this.selectedItems.find( diff --git a/modules/apps/document-library-opener/document-library-opener-google-drive-web/build.gradle b/modules/apps/document-library-opener/document-library-opener-google-drive-web/build.gradle index a18270866253d3..b8110569b63136 100644 --- a/modules/apps/document-library-opener/document-library-opener-google-drive-web/build.gradle +++ b/modules/apps/document-library-opener/document-library-opener-google-drive-web/build.gradle @@ -9,9 +9,9 @@ dependencies { compileInclude group: "com.google.guava", name: "guava", version: "25.1-jre" compileInclude group: "com.google.http-client", name: "google-http-client", version: "1.23.0" compileInclude group: "com.google.http-client", name: "google-http-client-jackson2", version: "1.23.0" - compileInclude group: "com.google.oauth-client", name: "google-oauth-client", version: "1.23.0" - compileInclude group: "com.google.oauth-client", name: "google-oauth-client-java6", version: "1.23.0" - compileInclude group: "com.google.oauth-client", name: "google-oauth-client-servlet", version: "1.23.0" + compileInclude group: "com.google.oauth-client", name: "google-oauth-client", version: "1.31.0" + compileInclude group: "com.google.oauth-client", name: "google-oauth-client-java6", version: "1.31.0" + compileInclude group: "com.google.oauth-client", name: "google-oauth-client-servlet", version: "1.31.0" compileOnly group: "com.fasterxml.jackson.core", name: "jackson-core", version: "2.9.10" compileOnly group: "com.liferay", name: "com.liferay.connected.app.api", version: "1.0.0" diff --git a/modules/apps/document-library/document-library-repository-cmis-impl/build.gradle b/modules/apps/document-library/document-library-repository-cmis-impl/build.gradle index 9d8dd0d8a611c6..8b64ce1de980ff 100644 --- a/modules/apps/document-library/document-library-repository-cmis-impl/build.gradle +++ b/modules/apps/document-library/document-library-repository-cmis-impl/build.gradle @@ -4,16 +4,16 @@ dependencies { compileInclude group: "org.apache.chemistry.opencmis", name: "chemistry-opencmis-client-impl", version: "0.14.0" compileInclude group: "org.apache.chemistry.opencmis", name: "chemistry-opencmis-commons-api", version: "0.14.0" compileInclude group: "org.apache.chemistry.opencmis", name: "chemistry-opencmis-commons-impl", version: "0.14.0" - compileInclude group: "org.apache.cxf", name: "cxf-core", version: "3.2.12" - compileInclude group: "org.apache.cxf", name: "cxf-rt-bindings-soap", version: "3.2.12" - compileInclude group: "org.apache.cxf", name: "cxf-rt-bindings-xml", version: "3.2.12" - compileInclude group: "org.apache.cxf", name: "cxf-rt-databinding-jaxb", version: "3.2.12" - compileInclude group: "org.apache.cxf", name: "cxf-rt-frontend-jaxws", version: "3.2.12" - compileInclude group: "org.apache.cxf", name: "cxf-rt-frontend-simple", version: "3.2.12" - compileInclude group: "org.apache.cxf", name: "cxf-rt-transports-http", version: "3.2.12" - compileInclude group: "org.apache.cxf", name: "cxf-rt-ws-addr", version: "3.2.12" - compileInclude group: "org.apache.cxf", name: "cxf-rt-ws-policy", version: "3.2.12" - compileInclude group: "org.apache.cxf", name: "cxf-rt-wsdl", version: "3.2.12" + compileInclude group: "org.apache.cxf", name: "cxf-core", version: "3.2.14" + compileInclude group: "org.apache.cxf", name: "cxf-rt-bindings-soap", version: "3.2.14" + compileInclude group: "org.apache.cxf", name: "cxf-rt-bindings-xml", version: "3.2.14" + compileInclude group: "org.apache.cxf", name: "cxf-rt-databinding-jaxb", version: "3.2.14" + compileInclude group: "org.apache.cxf", name: "cxf-rt-frontend-jaxws", version: "3.2.14" + compileInclude group: "org.apache.cxf", name: "cxf-rt-frontend-simple", version: "3.2.14" + compileInclude group: "org.apache.cxf", name: "cxf-rt-transports-http", version: "3.2.14" + compileInclude group: "org.apache.cxf", name: "cxf-rt-ws-addr", version: "3.2.14" + compileInclude group: "org.apache.cxf", name: "cxf-rt-ws-policy", version: "3.2.14" + compileInclude group: "org.apache.cxf", name: "cxf-rt-wsdl", version: "3.2.14" compileInclude group: "org.apache.neethi", name: "neethi", version: "3.1.1" compileOnly group: "com.liferay", name: "com.liferay.document.library.repository.cmis.api", version: "3.0.0" diff --git a/modules/apps/dynamic-data-lists/dynamic-data-lists-service/bnd.bnd b/modules/apps/dynamic-data-lists/dynamic-data-lists-service/bnd.bnd index 64150fa0a24c3d..73b6558fb13ebc 100644 --- a/modules/apps/dynamic-data-lists/dynamic-data-lists-service/bnd.bnd +++ b/modules/apps/dynamic-data-lists/dynamic-data-lists-service/bnd.bnd @@ -2,6 +2,7 @@ Bundle-Name: Liferay Dynamic Data Lists Service Bundle-SymbolicName: com.liferay.dynamic.data.lists.service Bundle-Version: 3.0.27 Import-Package:\ + !org.apache.commons.collections4.*,\ !org.apache.poi.hssf.usermodel.*,\ !org.apache.poi.ss.usermodel.*,\ \ diff --git a/modules/apps/dynamic-data-lists/dynamic-data-lists-service/build.gradle b/modules/apps/dynamic-data-lists/dynamic-data-lists-service/build.gradle index 1851a0b764b7aa..f603a0aaafb81e 100644 --- a/modules/apps/dynamic-data-lists/dynamic-data-lists-service/build.gradle +++ b/modules/apps/dynamic-data-lists/dynamic-data-lists-service/build.gradle @@ -4,7 +4,9 @@ buildService { } dependencies { - compileInclude group: "org.apache.poi", name: "poi", version: "3.15" + compileInclude group: "com.zaxxer", name: "SparseBitSet", version: "1.2" + compileInclude group: "org.apache.commons", name: "commons-math3", version: "3.6.1" + compileInclude group: "org.apache.poi", name: "poi", version: "4.1.2" compileOnly group: "biz.aQute.bnd", name: "biz.aQute.bnd.annotation", version: "4.2.0" compileOnly group: "com.liferay", name: "com.liferay.dynamic.data.lists.api", version: "4.1.0" diff --git a/modules/apps/dynamic-data-mapping/dynamic-data-mapping-form-web/src/main/java/com/liferay/dynamic/data/mapping/form/web/internal/display/context/DDMFormDisplayContext.java b/modules/apps/dynamic-data-mapping/dynamic-data-mapping-form-web/src/main/java/com/liferay/dynamic/data/mapping/form/web/internal/display/context/DDMFormDisplayContext.java index d5e4aa974f1758..a22b0f68894cc3 100644 --- a/modules/apps/dynamic-data-mapping/dynamic-data-mapping-form-web/src/main/java/com/liferay/dynamic/data/mapping/form/web/internal/display/context/DDMFormDisplayContext.java +++ b/modules/apps/dynamic-data-mapping/dynamic-data-mapping-form-web/src/main/java/com/liferay/dynamic/data/mapping/form/web/internal/display/context/DDMFormDisplayContext.java @@ -299,7 +299,7 @@ public boolean hasAddFormInstanceRecordPermission() throws PortalException { return _hasAddFormInstanceRecordPermission; } - _hasAddFormInstanceRecordPermission = true; + _hasAddFormInstanceRecordPermission = false; DDMFormInstance ddmFormInstance = getFormInstance(); @@ -320,7 +320,7 @@ public boolean hasViewPermission() throws PortalException { return _hasViewPermission; } - _hasViewPermission = true; + _hasViewPermission = false; DDMFormInstance ddmFormInstance = _ddmFormInstanceLocalService.fetchFormInstance(getFormInstanceId()); diff --git a/modules/apps/dynamic-data-mapping/dynamic-data-mapping-form-web/src/main/java/com/liferay/dynamic/data/mapping/form/web/internal/portlet/action/AddFormInstanceRecordMVCResourceCommand.java b/modules/apps/dynamic-data-mapping/dynamic-data-mapping-form-web/src/main/java/com/liferay/dynamic/data/mapping/form/web/internal/portlet/action/AddFormInstanceRecordMVCResourceCommand.java index e2a58169fc699d..104e8928dd3d83 100644 --- a/modules/apps/dynamic-data-mapping/dynamic-data-mapping-form-web/src/main/java/com/liferay/dynamic/data/mapping/form/web/internal/portlet/action/AddFormInstanceRecordMVCResourceCommand.java +++ b/modules/apps/dynamic-data-mapping/dynamic-data-mapping-form-web/src/main/java/com/liferay/dynamic/data/mapping/form/web/internal/portlet/action/AddFormInstanceRecordMVCResourceCommand.java @@ -28,6 +28,7 @@ import com.liferay.dynamic.data.mapping.storage.DDMFormValues; import com.liferay.portal.kernel.exception.PortalException; import com.liferay.portal.kernel.language.LanguageUtil; +import com.liferay.portal.kernel.model.User; import com.liferay.portal.kernel.portlet.bridges.mvc.BaseMVCResourceCommand; import com.liferay.portal.kernel.portlet.bridges.mvc.MVCResourceCommand; import com.liferay.portal.kernel.service.ServiceContext; @@ -108,7 +109,12 @@ protected void doServeResource( boolean preview = ParamUtil.getBoolean(resourceRequest, "preview"); - if (preview) { + ThemeDisplay themeDisplay = (ThemeDisplay)resourceRequest.getAttribute( + WebKeys.THEME_DISPLAY); + + User user = themeDisplay.getUser(); + + if (preview || user.isDefaultUser()) { return; } @@ -125,9 +131,6 @@ protected void doServeResource( return; } - ThemeDisplay themeDisplay = (ThemeDisplay)resourceRequest.getAttribute( - WebKeys.THEME_DISPLAY); - DDMFormInstanceRecordVersion ddmFormInstanceRecordVersion = _ddmFormInstanceRecordVersionLocalService. fetchLatestFormInstanceRecordVersion( diff --git a/modules/apps/dynamic-data-mapping/dynamic-data-mapping-form-web/src/main/java/com/liferay/dynamic/data/mapping/form/web/internal/portlet/action/PublishFormInstanceMVCActionCommand.java b/modules/apps/dynamic-data-mapping/dynamic-data-mapping-form-web/src/main/java/com/liferay/dynamic/data/mapping/form/web/internal/portlet/action/PublishFormInstanceMVCActionCommand.java index 7a9134f8908aee..ff0545b319aad3 100644 --- a/modules/apps/dynamic-data-mapping/dynamic-data-mapping-form-web/src/main/java/com/liferay/dynamic/data/mapping/form/web/internal/portlet/action/PublishFormInstanceMVCActionCommand.java +++ b/modules/apps/dynamic-data-mapping/dynamic-data-mapping-form-web/src/main/java/com/liferay/dynamic/data/mapping/form/web/internal/portlet/action/PublishFormInstanceMVCActionCommand.java @@ -150,11 +150,25 @@ protected void updateFormInstancePermission( _portal.getCompanyId(actionRequest), RoleConstants.GUEST); ResourcePermission resourcePermission = - _resourcePermissionLocalService.getResourcePermission( + _resourcePermissionLocalService.fetchResourcePermission( role.getCompanyId(), DDMFormInstance.class.getName(), ResourceConstants.SCOPE_INDIVIDUAL, String.valueOf(formInstanceId), role.getRoleId()); + if (resourcePermission == null) { + _resourcePermissionLocalService.setResourcePermissions( + role.getCompanyId(), DDMFormInstance.class.getName(), + ResourceConstants.SCOPE_INDIVIDUAL, + String.valueOf(formInstanceId), role.getRoleId(), + new String[] {DDMActionKeys.ADD_FORM_INSTANCE_RECORD}); + + resourcePermission = + _resourcePermissionLocalService.fetchResourcePermission( + role.getCompanyId(), DDMFormInstance.class.getName(), + ResourceConstants.SCOPE_INDIVIDUAL, + String.valueOf(formInstanceId), role.getRoleId()); + } + if (published) { resourcePermission.addResourceAction( DDMActionKeys.ADD_FORM_INSTANCE_RECORD); diff --git a/modules/apps/dynamic-data-mapping/dynamic-data-mapping-form-web/src/main/resources/META-INF/resources/display/view.jsp b/modules/apps/dynamic-data-mapping/dynamic-data-mapping-form-web/src/main/resources/META-INF/resources/display/view.jsp index e6f14172778d71..f2b1cb14cbe2fb 100644 --- a/modules/apps/dynamic-data-mapping/dynamic-data-mapping-form-web/src/main/resources/META-INF/resources/display/view.jsp +++ b/modules/apps/dynamic-data-mapping/dynamic-data-mapping-form-web/src/main/resources/META-INF/resources/display/view.jsp @@ -177,12 +177,16 @@ long formInstanceId = ddmFormDisplayContext.getFormInstanceId();
    + function clearInterval(intervalId) { + if (intervalId) { + clearInterval(intervalId); + } + } + var intervalId; function clearPortletHandlers(event) { - if (intervalId) { - clearInterval(intervalId); - } + clearInterval(intervalId); Liferay.detach('destroyPortlet', clearPortletHandlers); } @@ -211,6 +215,10 @@ long formInstanceId = ddmFormDisplayContext.getFormInstanceId(); + Liferay.on('sessionExpired', function (event) { + clearInterval(intervalId); + }); + function autoSave() { const data = new URLSearchParams({ formInstanceId: <%= formInstanceId %>, @@ -226,9 +234,7 @@ long formInstanceId = ddmFormDisplayContext.getFormInstanceId(); } function startAutoSave() { - if (intervalId) { - clearInterval(intervalId); - } + clearInterval(intervalId); intervalId = setInterval( autoSave, @@ -238,9 +244,7 @@ long formInstanceId = ddmFormDisplayContext.getFormInstanceId(); function startAutoExtendSession() { - if (intervalId) { - clearInterval(intervalId); - } + clearInterval(intervalId); var tenSeconds = 10000; diff --git a/modules/apps/dynamic-data-mapping/dynamic-data-mapping-service/src/main/resources/META-INF/resource-actions/default.xml b/modules/apps/dynamic-data-mapping/dynamic-data-mapping-service/src/main/resources/META-INF/resource-actions/default.xml index 583c0e4ceb0630..b2895379fed035 100644 --- a/modules/apps/dynamic-data-mapping/dynamic-data-mapping-service/src/main/resources/META-INF/resource-actions/default.xml +++ b/modules/apps/dynamic-data-mapping/dynamic-data-mapping-service/src/main/resources/META-INF/resource-actions/default.xml @@ -69,9 +69,7 @@ VIEW - - VIEW - + DELETE PERMISSIONS diff --git a/modules/apps/export-import/export-import-service/build.gradle b/modules/apps/export-import/export-import-service/build.gradle index c91725d1a0e1b8..9ca390c928919e 100644 --- a/modules/apps/export-import/export-import-service/build.gradle +++ b/modules/apps/export-import/export-import-service/build.gradle @@ -22,7 +22,8 @@ dependencies { compileOnly group: "com.liferay.portal", name: "com.liferay.portal.impl", version: "4.0.0" compileOnly group: "com.liferay.portal", name: "com.liferay.portal.kernel", version: "4.34.0" compileOnly group: "com.liferay.portal", name: "com.liferay.util.java", version: "4.0.0" - compileOnly group: "com.thoughtworks.xstream", name: "xstream", version: "1.4.11.1" + compileOnly group: "com.thoughtworks.xstream", name: "xstream", version: "1.4.14" + compileOnly group: "commons-lang", name: "commons-lang", version: "2.6" compileOnly group: "javax.portlet", name: "portlet-api", version: "3.0.1" compileOnly group: "org.apache.felix", name: "org.apache.felix.http.servlet-api", version: "1.1.2" diff --git a/modules/apps/flags/flags-taglib/package.json b/modules/apps/flags/flags-taglib/package.json index 48a3888551d25c..73f53f085915b0 100644 --- a/modules/apps/flags/flags-taglib/package.json +++ b/modules/apps/flags/flags-taglib/package.json @@ -1,11 +1,14 @@ { "dependencies": { + "@clayui/alert": "3.2.0", "@clayui/button": "3.0.0", "@clayui/icon": "3.0.0", "@clayui/modal": "3.0.0", "clay-button": "2.18.1", "clay-icon": "2.18.1", + "frontend-js-web": "*", + "metal-dom": "2.16.8", "metal-soy": "2.16.8", "metal-state": "2.16.8", "prop-types": "15.7.2", diff --git a/modules/apps/flags/flags-taglib/src/main/java/com/liferay/flags/taglib/servlet/taglib/react/FlagsTag.java b/modules/apps/flags/flags-taglib/src/main/java/com/liferay/flags/taglib/servlet/taglib/react/FlagsTag.java index 0a5704ee31ee17..5d25ce8c9ae4b6 100644 --- a/modules/apps/flags/flags-taglib/src/main/java/com/liferay/flags/taglib/servlet/taglib/react/FlagsTag.java +++ b/modules/apps/flags/flags-taglib/src/main/java/com/liferay/flags/taglib/servlet/taglib/react/FlagsTag.java @@ -26,6 +26,7 @@ import com.liferay.portal.kernel.model.User; import com.liferay.portal.kernel.theme.ThemeDisplay; import com.liferay.portal.kernel.util.AggregateResourceBundle; +import com.liferay.portal.kernel.util.HashMapBuilder; import com.liferay.portal.kernel.util.PortalUtil; import com.liferay.portal.kernel.util.PortletKeys; import com.liferay.portal.kernel.util.ResourceBundleUtil; @@ -177,12 +178,14 @@ private Map _getData(String message) data.put("context", context); - Map props = new HashMap<>(); - ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute( WebKeys.THEME_DISPLAY); - props.put("baseData", _getDataJSONObject(themeDisplay)); + Map props = HashMapBuilder.put( + "baseData", _getDataJSONObject(themeDisplay) + ).put( + "captchaURI", FlagsTagUtil.getCaptchaURI(request) + ).build(); Company company = themeDisplay.getCompany(); diff --git a/modules/apps/flags/flags-taglib/src/main/java/com/liferay/flags/taglib/servlet/taglib/util/FlagsTagUtil.java b/modules/apps/flags/flags-taglib/src/main/java/com/liferay/flags/taglib/servlet/taglib/util/FlagsTagUtil.java index 2b8ed44099ed56..f509494ba83df3 100644 --- a/modules/apps/flags/flags-taglib/src/main/java/com/liferay/flags/taglib/servlet/taglib/util/FlagsTagUtil.java +++ b/modules/apps/flags/flags-taglib/src/main/java/com/liferay/flags/taglib/servlet/taglib/util/FlagsTagUtil.java @@ -18,6 +18,7 @@ import com.liferay.portal.kernel.exception.PortalException; import com.liferay.portal.kernel.language.LanguageUtil; import com.liferay.portal.kernel.module.configuration.ConfigurationProviderUtil; +import com.liferay.portal.kernel.portlet.LiferayPortletURL; import com.liferay.portal.kernel.portlet.PortletURLFactoryUtil; import com.liferay.portal.kernel.portlet.PortletURLUtil; import com.liferay.portal.kernel.theme.ThemeDisplay; @@ -40,6 +41,17 @@ */ public class FlagsTagUtil { + public static String getCaptchaURI(HttpServletRequest httpServletRequest) { + LiferayPortletURL captchaResourceURL = PortletURLFactoryUtil.create( + httpServletRequest, PortletKeys.FLAGS, + PortletRequest.RESOURCE_PHASE); + + captchaResourceURL.setCopyCurrentRenderParameters(false); + captchaResourceURL.setResourceID("/flags/get_captcha"); + + return captchaResourceURL.toString(); + } + public static String getCurrentURL(HttpServletRequest httpServletRequest) { PortletRequest portletRequest = (PortletRequest)httpServletRequest.getAttribute( diff --git a/modules/apps/flags/flags-taglib/src/main/resources/META-INF/resources/flags/js/components/Captcha.es.js b/modules/apps/flags/flags-taglib/src/main/resources/META-INF/resources/flags/js/components/Captcha.es.js new file mode 100644 index 00000000000000..b6870d527221b6 --- /dev/null +++ b/modules/apps/flags/flags-taglib/src/main/resources/META-INF/resources/flags/js/components/Captcha.es.js @@ -0,0 +1,44 @@ +/** + * Copyright (c) 2000-present Liferay, Inc. All rights reserved. + * + * This library is free software; you can redistribute it and/or modify it under + * the terms of the GNU Lesser General Public License as published by the Free + * Software Foundation; either version 2.1 of the License, or (at your option) + * any later version. + * + * This library is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more + * details. + */ + +import {fetch} from 'frontend-js-web'; +import {globalEval} from 'metal-dom'; +import PropTypes from 'prop-types'; +import React, {useEffect, useLayoutEffect, useRef, useState} from 'react'; + +function Captcha({uri}) { + const ref = useRef(null); + const [html, setHtml] = useState(null); + + useEffect(() => { + fetch(uri) + .then(res => res.text()) + .then(setHtml); + }, [uri]); + + useLayoutEffect(() => { + if (html) { + ref.current.innerHTML = html; + globalEval.runScriptsInElement(ref.current); + } + }, [html]); + + return html ?
    : null; +} + +Captcha.propTypes = { + uri: PropTypes.string.isRequired +}; + +export default Captcha; diff --git a/modules/apps/flags/flags-taglib/src/main/resources/META-INF/resources/flags/js/components/Flags.es.js b/modules/apps/flags/flags-taglib/src/main/resources/META-INF/resources/flags/js/components/Flags.es.js index 629e6e47f36fdc..ec27827995dd7d 100644 --- a/modules/apps/flags/flags-taglib/src/main/resources/META-INF/resources/flags/js/components/Flags.es.js +++ b/modules/apps/flags/flags-taglib/src/main/resources/META-INF/resources/flags/js/components/Flags.es.js @@ -32,6 +32,7 @@ import FlagsModal from './FlagsModal.es'; const Flags = ({ baseData, + captchaURI, companyName, disabled = false, forceLogin = false, @@ -47,6 +48,7 @@ const Flags = ({ const [status, setStatus] = useState( forceLogin ? STATUS_LOGIN : STATUS_REPORT ); + const [error, setError] = useState(null); const [otherReason, setOtherReason] = useState(''); const [reporterEmailAddress, setReporterEmailAddress] = useState(''); @@ -68,6 +70,7 @@ const Flags = ({ }; const handleClickClose = () => { + setError(false); setReportDialogOpen(false); }; @@ -105,15 +108,16 @@ const Flags = ({ } fetch(uri, { - body: objectToFormData(formDataObj), + body: objectToFormData(formDataObj, new FormData(event.target)), method: 'post' }) - .then(({status}) => { + .then(res => res.json()) + .then(({error}) => { if (isMounted()) { - if (status === Liferay.STATUS_CODE.OK) { + setError(error); + setIsSending(false); + if (!error) { setStatus(STATUS_SUCCESS); - } else { - setStatus(STATUS_ERROR); } } }) @@ -154,7 +158,9 @@ const Flags = ({ {reportDialogOpen && ( + {error && ( + + {error} + + )}

    {sub( Liferay.Language.get( @@ -113,6 +125,7 @@ const ModalContentForm = ({ />

    )} + {captchaURI && } { }; const FlagsModal = ({ + captchaURI, companyName, + error, handleClose, handleInputChange, handleSubmit, @@ -211,6 +226,8 @@ const FlagsModal = ({ {status === STATUS_REPORT ? ( ); function _renderFlagsComponent({ + captchaURI = '', companyName = 'Liferay', baseData = {}, onlyIcon = false, @@ -45,6 +46,7 @@ function _renderFlagsComponent({ return render( { const form = await waitForElement(() => getByRole('form')); + [...form.elements].forEach(element => { + element.value = 'someValue'; + }); + fireEvent.submit(form); }); diff --git a/modules/apps/flags/flags-taglib/test/js/components/FlagsModal.es.js b/modules/apps/flags/flags-taglib/test/js/components/FlagsModal.es.js index d1b7ba4147164f..7394f19d6feed3 100644 --- a/modules/apps/flags/flags-taglib/test/js/components/FlagsModal.es.js +++ b/modules/apps/flags/flags-taglib/test/js/components/FlagsModal.es.js @@ -24,6 +24,7 @@ import { } from '../../../src/main/resources/META-INF/resources/flags/js/constants.es'; function _renderFlagsModalComponent({ + captchaURI = '', companyName = 'Liferay', handleClose = () => {}, handleInputChange = () => {}, @@ -42,6 +43,7 @@ function _renderFlagsModalComponent({ return render( + +<%@ include file="/init.jsp" %> + + + + \ No newline at end of file diff --git a/modules/apps/flags/flags-web/src/main/resources/META-INF/resources/init.jsp b/modules/apps/flags/flags-web/src/main/resources/META-INF/resources/init.jsp index c69e8de38f61fe..aecd27507179ab 100644 --- a/modules/apps/flags/flags-web/src/main/resources/META-INF/resources/init.jsp +++ b/modules/apps/flags/flags-web/src/main/resources/META-INF/resources/init.jsp @@ -14,8 +14,10 @@ */ --%> -<%@ taglib uri="http://liferay.com/tld/flags" prefix="liferay-flags" %><%@ +<%@ taglib uri="http://liferay.com/tld/captcha" prefix="liferay-captcha" %><%@ +taglib uri="http://liferay.com/tld/flags" prefix="liferay-flags" %><%@ taglib uri="http://liferay.com/tld/frontend" prefix="liferay-frontend" %><%@ +taglib uri="http://liferay.com/tld/portlet" prefix="liferay-portlet" %><%@ taglib uri="http://liferay.com/tld/theme" prefix="liferay-theme" %> <%@ page import="com.liferay.portal.kernel.model.Group" %><%@ diff --git a/modules/apps/fragment/fragment-web/src/main/resources/META-INF/resources/view.jsp b/modules/apps/fragment/fragment-web/src/main/resources/META-INF/resources/view.jsp index f31ae41d732a66..91288cdedb8cb8 100644 --- a/modules/apps/fragment/fragment-web/src/main/resources/META-INF/resources/view.jsp +++ b/modules/apps/fragment/fragment-web/src/main/resources/META-INF/resources/view.jsp @@ -143,7 +143,7 @@ List fragmentCollectionContributors = fragmentDis