34 changes: 18 additions & 16 deletions lib/portal/dependencies.properties
Original file line number Diff line number Diff line change
Expand Up @@ -12,11 +12,11 @@ aspectj-rt=org.aspectj:aspectjrt:1.8.13
aspectj-weaver=org.aspectj:aspectjweaver:1.8.13
axis-ant=org.apache.axis:axis-ant:1.4
axis=com.liferay:org.apache.axis:1.4.LIFERAY-PATCHED-4
bcmail=org.bouncycastle:bcmail-jdk16:1.45
bcprov=org.bouncycastle:bcprov-jdk16:1.45
bcmail=org.bouncycastle:bcmail-jdk15on:1.61
bcprov=org.bouncycastle:bcprov-jdk15on:1.61
boilerpipe=com.liferay:de.l3s.boilerpipe:1.1.0.LIFERAY-PATCHED-1
bsf=bsf:bsf:2.4.0
c3p0=com.mchange:c3p0:0.9.5.3
c3p0=com.mchange:c3p0:0.9.5.4
ccpp-ri=com.liferay:javax.ccpp.ccpp-ri:1.0
ccpp=javax.ccpp:ccpp:1.0
cglib-nodep=cglib:cglib-nodep:2.2.2
Expand All @@ -27,14 +27,14 @@ commons-chain=commons-chain:commons-chain:1.2
commons-codec=commons-codec:commons-codec:1.9
commons-collections4=org.apache.commons:commons-collections4:4.2
commons-collections=commons-collections:commons-collections:3.2.2
commons-compress=org.apache.commons:commons-compress:1.18
commons-compress=org.apache.commons:commons-compress:1.19
commons-configuration=com.liferay:org.apache.commons.configuration:1.10.LIFERAY-PATCHED-2
commons-dbcp=commons-dbcp:commons-dbcp:1.2.2
commons-digester=commons-digester:commons-digester:1.8.1
commons-discovery=commons-discovery:commons-discovery:0.4
commons-exec=org.apache.commons:commons-exec:1.3
commons-fileupload=commons-fileupload:commons-fileupload:1.3.3
commons-httpclient=commons-httpclient:commons-httpclient:3.1
commons-httpclient=com.liferay:org.apache.commons.httpclient:3.1.LIFERAY-PATCHED-1
commons-io=commons-io:commons-io:2.5
commons-lang=commons-lang:commons-lang:2.6
commons-logging=commons-logging:commons-logging:1.2
Expand All @@ -46,7 +46,7 @@ concurrent=concurrent:concurrent:1.3.4
crypt=com.liferay:org.vps.crypt:1.0
daisydiff=com.liferay:org.outerj.daisy.daisydiff:1.2
displaytag=displaytag:displaytag:1.2
dom4j=dom4j:dom4j:1.6.1
dom4j=org.dom4j:dom4j:2.1.3
eclipse-core-runtime=org.eclipse.core:runtime:20070801
ecs=ecs:ecs:1.4.2
fontbox=org.apache.pdfbox:fontbox:2.0.13
Expand All @@ -64,6 +64,7 @@ ical4j=net.fortuna.ical4j:ical4j:1.0-rc3
im4java=org.im4java:im4java:1.2.0
isoparser=com.googlecode.mp4parser:isoparser:1.1.22
jabsorb=com.liferay:org.jabsorb:1.3.2.LIFERAY-PATCHED-1
jackson-databind=com.liferay:com.fasterxml.jackson.databind:2.10.3.LIFERAY-PATCHED-1
jai-imageio-core=com.github.jai-imageio:jai-imageio-core:1.4.0
jai-imageio-jpeg2000=com.github.jai-imageio:jai-imageio-jpeg2000:1.3.0
jai_codec=com.sun.media:jai-codec:1.1.3
Expand All @@ -83,13 +84,13 @@ jazzy=net.sf.jazzy:jazzy:0.5.2-rtext-1.4.1-2
jbig2-imageio=org.apache.pdfbox:jbig2-imageio:3.0.2
jcifs=org.samba.jcifs:jcifs:1.3.14-kohsuke-1
jcl-over-slf4j=org.slf4j:jcl-over-slf4j:1.7.2
jcommon=jfree:jcommon:1.0.16
jcommon=org.jfree:jcommon:1.0.24
jdom=org.jdom:jdom:1.1.3
jempbox=org.apache.pdfbox:jempbox:1.8.16
jena=com.liferay:com.hp.hpl.jena:1.4
jericho-html=net.htmlparser.jericho:jericho-html:3.1
jersey-common=org.glassfish.jersey.core:jersey-common:2.26
jfreechart=jfree:jfreechart:1.0.13
jfreechart=org.jfree:jfreechart:1.0.19
jhighlight=com.uwyn:jhighlight:1.0
jhlabs-filters=com.jhlabs:imaging:01012005
jmatio=org.tallison:jmatio:1.2
Expand Down Expand Up @@ -123,14 +124,14 @@ mimepull=org.jvnet:mimepull:1.3
monte-cc=com.liferay:org.monte:0.7.7
nekohtml=net.sourceforge.nekohtml:nekohtml:1.9.22
netcdf=edu.ucar:netcdf:4.3.23
netty-all=io.netty:netty-all:4.1.32.Final
netty-all=io.netty:netty-all:4.1.48.Final
odmg=odmg:odmg:3.0
oro=oro:oro:2.0.8
pdfbox=org.apache.pdfbox:pdfbox:2.0.13
poi-ooxml-schemas=org.apache.poi:poi-ooxml-schemas:4.0.1
poi-ooxml=org.apache.poi:poi-ooxml:4.0.1
poi-scratchpad=org.apache.poi:poi-scratchpad:4.0.1
poi=org.apache.poi:poi:4.0.1
poi-ooxml-schemas=org.apache.poi:poi-ooxml-schemas:4.1.2
poi-ooxml=org.apache.poi:poi-ooxml:4.1.2
poi-scratchpad=org.apache.poi:poi-scratchpad:4.1.2
poi=org.apache.poi:poi:4.1.2
rdffilter=com.liferay:com.megginson.sax.rdf:1.0
rhino=org.mozilla:rhino:1.7R4
ridl=org.openoffice:ridl:2.3.1
Expand All @@ -145,6 +146,7 @@ simplecaptcha=com.liferay:nl.captcha.simplecaptcha:1.1.1
slf4j-api=org.slf4j:slf4j-api:1.7.26
soap-api=com.liferay:javax.xml.soap:1.4.0.LIFERAY-PATCHED-1
soap=soap:soap:2.2
sparse-bit-set=com.zaxxer:SparseBitSet:1.2
spring-aop=org.springframework:spring-aop:4.3.22.RELEASE
spring-aspects=org.springframework:spring-aspects:4.3.22.RELEASE
spring-beans=org.springframework:spring-beans:4.3.22.RELEASE
Expand All @@ -165,8 +167,8 @@ stax=stax:stax-api:1.0.1
streambuffer=com.sun.xml.stream.buffer:streambuffer:0.9
stringtemplate=org.antlr:stringtemplate:3.0
tagsoup=org.ccil.cowan.tagsoup:tagsoup:1.2.1
tika-core=org.apache.tika:tika-core:1.22
tika-parsers=org.apache.tika:tika-parsers:1.22
tika-core=org.apache.tika:tika-core:1.24
tika-parsers=org.apache.tika:tika-parsers:1.24
tomcat-jdbc=org.apache.tomcat:tomcat-jdbc:9.0.17
tomcat-juli=org.apache.tomcat:tomcat-juli:9.0.17
transaction=javax.transaction:javax.transaction-api:1.3
Expand All @@ -185,7 +187,7 @@ xml-apis=xml-apis:xml-apis:1.4.01
xmlsec=org.apache.santuario:xmlsec:1.5.8
xmpcore=com.adobe.xmp:xmpcore:5.1.3
xpp3=xpp3:xpp3_min:1.1.4c
xstream=com.thoughtworks.xstream:xstream:1.4.11.1
xstream=com.thoughtworks.xstream:xstream:1.4.15
xuggle-xuggler-noarch=com.liferay:xuggle.xuggler.noarch:5.4
xz=org.tukaani:xz:1.8
yui-compressor=com.yahoo.platform.yui:yuicompressor:2.4.8
12 changes: 6 additions & 6 deletions lib/versions-complete.xml
Original file line number Diff line number Diff line change
Expand Up @@ -5693,7 +5693,7 @@
</library>
<library>
<file-name>lib/portal/commons-httpclient.jar</file-name>
<version>3.1.0</version>
<version>3.1.LIFERAY-PATCHED-1</version>
<project-name>Commons HttpClient</project-name>
<project-url>http://hc.apache.org/httpclient-legacy/index.html</project-url>
<licenses>
Expand Down Expand Up @@ -6787,7 +6787,7 @@
</library>
<library>
<file-name>lib/portal/netty-all.jar</file-name>
<version>4.1.32.Final</version>
<version>4.1.48.Final</version>
<project-name>Netty</project-name>
<project-url>http://netty.io</project-url>
<licenses>
Expand Down Expand Up @@ -6836,7 +6836,7 @@
</library>
<library>
<file-name>lib/portal/poi-ooxml-schemas.jar</file-name>
<version>4.0.1</version>
<version>4.1.2</version>
<project-name>POI</project-name>
<project-url>http://poi.apache.org</project-url>
<licenses>
Expand All @@ -6849,7 +6849,7 @@
</library>
<library>
<file-name>lib/portal/poi-ooxml.jar</file-name>
<version>4.0.1</version>
<version>4.1.2</version>
<project-name>POI</project-name>
<project-url>http://poi.apache.org</project-url>
<licenses>
Expand All @@ -6862,7 +6862,7 @@
</library>
<library>
<file-name>lib/portal/poi-scratchpad.jar</file-name>
<version>4.0.1</version>
<version>4.1.2</version>
<project-name>POI</project-name>
<project-url>http://poi.apache.org</project-url>
<licenses>
Expand All @@ -6875,7 +6875,7 @@
</library>
<library>
<file-name>lib/portal/poi.jar</file-name>
<version>4.0.1</version>
<version>4.1.2</version>
<project-name>POI</project-name>
<project-url>http://poi.apache.org</project-url>
<licenses>
Expand Down
16 changes: 8 additions & 8 deletions lib/versions-ext.xml
Original file line number Diff line number Diff line change
Expand Up @@ -552,7 +552,7 @@
</library>
<library>
<file-name>lib/development/mysql.jar</file-name>
<version>8.0.16</version>
<version>8.0.21</version>
<project-name>MySQL Connector/J</project-name>
<project-url>http://www.mysql.com/products/connector/j</project-url>
<licenses>
Expand Down Expand Up @@ -1387,7 +1387,7 @@
</library>
<library>
<file-name>lib/portal/commons-httpclient.jar</file-name>
<version>3.1.0</version>
<version>3.1.LIFERAY-PATCHED-1</version>
<project-name>Commons HttpClient</project-name>
<project-url>http://hc.apache.org/httpclient-legacy/index.html</project-url>
<licenses>
Expand Down Expand Up @@ -2500,7 +2500,7 @@
</library>
<library>
<file-name>lib/portal/netty-all.jar</file-name>
<version>4.1.32.Final</version>
<version>4.1.48.Final</version>
<project-name>Netty</project-name>
<project-url>http://netty.io</project-url>
<licenses>
Expand Down Expand Up @@ -2549,7 +2549,7 @@
</library>
<library>
<file-name>lib/portal/poi.jar</file-name>
<version>4.0.1</version>
<version>4.1.2</version>
<project-name>POI</project-name>
<project-url>http://poi.apache.org</project-url>
<licenses>
Expand All @@ -2562,7 +2562,7 @@
</library>
<library>
<file-name>lib/portal/poi-ooxml.jar</file-name>
<version>4.0.1</version>
<version>4.1.2</version>
<project-name>POI</project-name>
<project-url>http://poi.apache.org</project-url>
<licenses>
Expand All @@ -2575,7 +2575,7 @@
</library>
<library>
<file-name>lib/portal/poi-ooxml-schemas.jar</file-name>
<version>4.0.1</version>
<version>4.1.2</version>
<project-name>POI</project-name>
<project-url>http://poi.apache.org</project-url>
<licenses>
Expand All @@ -2588,7 +2588,7 @@
</library>
<library>
<file-name>lib/portal/poi-scratchpad.jar</file-name>
<version>4.0.1</version>
<version>4.1.2</version>
<project-name>POI</project-name>
<project-url>http://poi.apache.org</project-url>
<licenses>
Expand Down Expand Up @@ -3359,7 +3359,7 @@
</library>
<library>
<file-name>lib/portal/xstream.jar</file-name>
<version>1.4.11.1</version>
<version>1.4.15</version>
<project-name>XStream</project-name>
<project-url>http://xstream.codehaus.org</project-url>
<licenses>
Expand Down
12 changes: 6 additions & 6 deletions lib/versions.html
Original file line number Diff line number Diff line change
Expand Up @@ -2494,7 +2494,7 @@
</td><td></td>
</tr>
<tr>
<td nowrap>lib/portal/commons-httpclient.jar</td><td nowrap>3.1.0</td><td nowrap><a href="http://hc.apache.org/httpclient-legacy/index.html">Commons HttpClient</a></td><td nowrap><a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License 2.0</a>
<td nowrap>lib/portal/commons-httpclient.jar</td><td nowrap>3.1.LIFERAY-PATCHED-1</td><td nowrap><a href="http://hc.apache.org/httpclient-legacy/index.html">Commons HttpClient</a></td><td nowrap><a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License 2.0</a>
<br>
</td><td></td>
</tr>
Expand Down Expand Up @@ -2984,7 +2984,7 @@
</td><td></td>
</tr>
<tr>
<td nowrap>lib/portal/netty-all.jar</td><td nowrap>4.1.32.Final</td><td nowrap><a href="http://netty.io">Netty</a></td><td nowrap><a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License 2.0</a>
<td nowrap>lib/portal/netty-all.jar</td><td nowrap>4.1.48.Final</td><td nowrap><a href="http://netty.io">Netty</a></td><td nowrap><a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License 2.0</a>
<br>
</td><td></td>
</tr>
Expand All @@ -3008,28 +3008,28 @@
</td><td></td>
</tr>
<tr>
<td nowrap>lib/portal/poi-ooxml-schemas.jar</td><td nowrap>4.0.1</td><td nowrap><a href="http://poi.apache.org">POI</a></td><td nowrap><a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License 2.0</a>
<td nowrap>lib/portal/poi-ooxml-schemas.jar</td><td nowrap>4.1.2</td><td nowrap><a href="http://poi.apache.org">POI</a></td><td nowrap><a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License 2.0</a>
<br>
<copyright-notice>Copyright (c) 2009 The Apache Software Foundation</copyright-notice>
<br>
</td><td></td>
</tr>
<tr>
<td nowrap>lib/portal/poi-ooxml.jar</td><td nowrap>4.0.1</td><td nowrap><a href="http://poi.apache.org">POI</a></td><td nowrap><a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License 2.0</a>
<td nowrap>lib/portal/poi-ooxml.jar</td><td nowrap>4.1.2</td><td nowrap><a href="http://poi.apache.org">POI</a></td><td nowrap><a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License 2.0</a>
<br>
<copyright-notice>Copyright (c) 2009 The Apache Software Foundation</copyright-notice>
<br>
</td><td></td>
</tr>
<tr>
<td nowrap>lib/portal/poi-scratchpad.jar</td><td nowrap>4.0.1</td><td nowrap><a href="http://poi.apache.org">POI</a></td><td nowrap><a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License 2.0</a>
<td nowrap>lib/portal/poi-scratchpad.jar</td><td nowrap>4.1.2</td><td nowrap><a href="http://poi.apache.org">POI</a></td><td nowrap><a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License 2.0</a>
<br>
<copyright-notice>Copyright (c) 2009 The Apache Software Foundation</copyright-notice>
<br>
</td><td></td>
</tr>
<tr>
<td nowrap>lib/portal/poi.jar</td><td nowrap>4.0.1</td><td nowrap><a href="http://poi.apache.org">POI</a></td><td nowrap><a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License 2.0</a>
<td nowrap>lib/portal/poi.jar</td><td nowrap>4.1.2</td><td nowrap><a href="http://poi.apache.org">POI</a></td><td nowrap><a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License 2.0</a>
<br>
<copyright-notice>Copyright (c) 2009 The Apache Software Foundation</copyright-notice>
<br>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -100,7 +100,7 @@ if (vocabulary != null) {
for (ClassType classType : classTypes) {
%>

<aui:option label="<%= classType.getName() %>" selected="<%= (classNameId == assetRendererFactory.getClassNameId()) && (classTypePK == classType.getClassTypeId()) %>" value="<%= classType.getClassTypeId() %>" />
<aui:option label="<%= HtmlUtil.escape(classType.getName()) %>" selected="<%= (classNameId == assetRendererFactory.getClassNameId()) && (classTypePK == classType.getClassTypeId()) %>" value="<%= classType.getClassTypeId() %>" />

<%
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -142,7 +142,7 @@ SearchContainer searchContainer = assetPublisherDisplayContext.getSearchContaine
</c:if>

<aui:script sandbox="<%= true %>">
const assetEntryId = '<%= assetPublisherDisplayContext.getAssetEntryId() %>';
const assetEntryId = '<%= HtmlUtil.escape(assetPublisherDisplayContext.getAssetEntryId()) %>';

if (assetEntryId) {
window.location.hash = assetEntryId;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -126,7 +126,7 @@ class AssetTagsSelector extends Component {
const filteredItems = event.target.filteredItems;

if (!filteredItems || (filteredItems && filteredItems.length === 0)) {
const inputValue = event.target.inputValue;
const inputValue = Liferay.Util.escape(event.target.inputValue);

if (inputValue) {
const existingTag = this.selectedItems.find(
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -116,6 +116,7 @@
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.stream.Stream;

import javax.portlet.PortletRequest;
import javax.portlet.PortletURL;
Expand Down Expand Up @@ -573,6 +574,8 @@ else if (imageSelector.getImageBytes() != null) {
entry.getUserId(), entry.getGroupId(), entryId, imageSelector);
}

validate(smallImageFileEntryId);

entry.setSmallImage(smallImage);
entry.setSmallImageFileEntryId(smallImageFileEntryId);
entry.setSmallImageURL(smallImageURL);
Expand Down Expand Up @@ -2259,22 +2262,7 @@ protected void validate(long smallImageFileEntryId) throws PortalException {
FileEntry fileEntry = _portletFileRepository.getPortletFileEntry(
smallImageFileEntryId);

boolean validSmallImageExtension = false;

for (String imageExtension :
_blogsFileUploadsConfiguration.imageExtensions()) {

if (StringPool.STAR.equals(imageExtension) ||
imageExtension.equals(
StringPool.PERIOD + fileEntry.getExtension())) {

validSmallImageExtension = true;

break;
}
}

if (!validSmallImageExtension) {
if (!_isValidImageMimeType(fileEntry)) {
throw new EntrySmallImageNameException(
"Invalid small image for file entry " +
smallImageFileEntryId);
Expand Down Expand Up @@ -2470,6 +2458,29 @@ private String _getURLTitle(long entryId) {
return StringPool.BLANK;
}

private boolean _isValidImageMimeType(FileEntry fileEntry) {
if (ArrayUtil.contains(
_blogsFileUploadsConfiguration.imageExtensions(),
StringPool.STAR)) {

return true;
}

Set<String> extensions = MimeTypesUtil.getExtensions(
fileEntry.getMimeType());

if (Stream.of(
_blogsFileUploadsConfiguration.imageExtensions()).anyMatch(
extension ->
extension.equals(StringPool.STAR) ||
extensions.contains(extension))) {

return true;
}

return false;
}

private static final String _COVER_IMAGE_FOLDER_NAME = "Cover Image";

private static final String _SMALL_IMAGE_FOLDER_NAME = "Small Image";
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30,14 +30,16 @@
import com.liferay.portal.kernel.security.permission.resource.PortletResourcePermission;
import com.liferay.portal.kernel.theme.ThemeDisplay;
import com.liferay.portal.kernel.upload.UploadPortletRequest;
import com.liferay.portal.kernel.util.FileUtil;
import com.liferay.portal.kernel.util.MimeTypesUtil;
import com.liferay.portal.kernel.util.WebKeys;
import com.liferay.upload.UploadFileEntryHandler;

import java.io.IOException;
import java.io.InputStream;

import java.util.Map;
import java.util.Set;
import java.util.stream.Stream;

import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
Expand Down Expand Up @@ -68,12 +70,13 @@ public FileEntry upload(UploadPortletRequest uploadPortletRequest)
ActionKeys.ADD_ENTRY);

String fileName = uploadPortletRequest.getFileName(_PARAMETER_NAME);

_validateFile(fileName, uploadPortletRequest.getSize(_PARAMETER_NAME));

String contentType = uploadPortletRequest.getContentType(
_PARAMETER_NAME);

_validateFile(
fileName, contentType,
uploadPortletRequest.getSize(_PARAMETER_NAME));

try (InputStream inputStream = uploadPortletRequest.getFileAsStream(
_PARAMETER_NAME)) {

Expand Down Expand Up @@ -116,7 +119,7 @@ protected FileEntry addFileEntry(
@Reference(target = "(resource.name=" + BlogsConstants.RESOURCE_NAME + ")")
protected PortletResourcePermission portletResourcePermission;

private void _validateFile(String fileName, long size)
private void _validateFile(String fileName, String contentType, long size)
throws PortalException {

long blogsImageMaxSize = _blogsFileUploadsConfiguration.imageMaxSize();
Expand All @@ -125,20 +128,20 @@ private void _validateFile(String fileName, long size)
throw new EntryImageSizeException();
}

String extension = FileUtil.getExtension(fileName);
Set<String> extensions = MimeTypesUtil.getExtensions(contentType);

for (String imageExtension :
_blogsFileUploadsConfiguration.imageExtensions()) {
boolean validContentType = Stream.of(
_blogsFileUploadsConfiguration.imageExtensions()
).anyMatch(
extension ->
extension.equals(StringPool.STAR) ||
extensions.contains(extension)
);

if (StringPool.STAR.equals(imageExtension) ||
imageExtension.equals(StringPool.PERIOD + extension)) {

return;
}
if (!validContentType) {
throw new EntryImageNameException(
"Invalid image for file name " + fileName);
}

throw new EntryImageNameException(
"Invalid image for file name " + fileName);
}

private static final String _PARAMETER_NAME = "imageSelectorFileName";
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,9 @@ String coverImageCaption = BeanParamUtil.getString(entry, request, "coverImageCa
long coverImageFileEntryId = BeanParamUtil.getLong(entry, request, "coverImageFileEntryId");
long smallImageFileEntryId = BeanParamUtil.getLong(entry, request, "smallImageFileEntryId");
BlogsFileUploadsConfiguration blogsFileUploadsConfiguration = ConfigurationProviderUtil.getSystemConfiguration(BlogsFileUploadsConfiguration.class);
BlogsGroupServiceSettings blogsGroupServiceSettings = BlogsGroupServiceSettings.getInstance(scopeGroupId);
portletDisplay.setShowBackIcon(true);
portletDisplay.setURLBack(redirect);
Expand All @@ -53,8 +56,6 @@ if (portletTitleBasedNavigation) {
renderResponse.setTitle((entry != null) ? BlogsEntryUtil.getDisplayTitle(resourceBundle, entry) : LanguageUtil.get(request, "new-blog-entry"));
}
BlogsGroupServiceSettings blogsGroupServiceSettings = BlogsGroupServiceSettings.getInstance(scopeGroupId);
BlogsPortletInstanceConfiguration blogsPortletInstanceConfiguration = BlogsPortletInstanceConfigurationUtil.getBlogsPortletInstanceConfiguration(themeDisplay);
%>

Expand Down Expand Up @@ -121,6 +122,11 @@ BlogsPortletInstanceConfiguration blogsPortletInstanceConfiguration = BlogsPortl
<liferay-ui:error exception="<%= DuplicateFriendlyURLEntryException.class %>" message="the-url-title-is-already-in-use-please-enter-a-unique-url-title" />
<liferay-ui:error exception="<%= EntryContentException.class %>" message="please-enter-valid-content" />
<liferay-ui:error exception="<%= EntryCoverImageCropException.class %>" message="an-error-occurred-while-cropping-the-cover-image" />

<liferay-ui:error exception="<%= EntrySmallImageNameException.class %>">
<liferay-ui:message key="image-names-must-end-with-one-of-the-following-extensions" /> <%= StringUtil.merge(blogsFileUploadsConfiguration.imageExtensions()) %>.
</liferay-ui:error>

<liferay-ui:error exception="<%= EntryDescriptionException.class %>" message="please-enter-a-valid-abstract" />
<liferay-ui:error exception="<%= EntryTitleException.class %>" message="please-enter-a-valid-title" />
<liferay-ui:error exception="<%= EntryUrlTitleException.class %>" message="please-enter-a-valid-url-title" />
Expand All @@ -144,7 +150,6 @@ BlogsPortletInstanceConfiguration blogsPortletInstanceConfiguration = BlogsPortl
<aui:model-context bean="<%= entry %>" model="<%= BlogsEntry.class %>" />

<%
BlogsFileUploadsConfiguration blogsFileUploadsConfiguration = ConfigurationProviderUtil.getSystemConfiguration(BlogsFileUploadsConfiguration.class);
BlogsItemSelectorHelper blogsItemSelectorHelper = (BlogsItemSelectorHelper)request.getAttribute(BlogsWebKeys.BLOGS_ITEM_SELECTOR_HELPER);
RequestBackedPortletURLFactory requestBackedPortletURLFactory = RequestBackedPortletURLFactoryUtil.create(liferayPortletRequest);
%>
Expand Down
2 changes: 1 addition & 1 deletion modules/apps/bulk/bulk-rest-api/build.gradle
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
dependencies {
compileOnly group: "com.fasterxml.jackson.core", name: "jackson-annotations", version: "2.9.10"
compileOnly group: "com.fasterxml.jackson.core", name: "jackson-annotations", version: "2.10.3"
compileOnly group: "com.liferay", name: "com.liferay.petra.function", version: "3.0.0"
compileOnly group: "com.liferay", name: "com.liferay.petra.string", version: "3.0.0"
compileOnly group: "com.liferay", name: "com.liferay.portal.vulcan.api", version: "3.3.0"
Expand Down
2 changes: 1 addition & 1 deletion modules/apps/bulk/bulk-rest-impl/build.gradle
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
dependencies {
compileOnly group: "com.fasterxml.jackson.core", name: "jackson-annotations", version: "2.9.10"
compileOnly group: "com.fasterxml.jackson.core", name: "jackson-annotations", version: "2.10.3"
compileOnly group: "com.liferay", name: "com.liferay.bulk.rest.api", version: "1.3.0"
compileOnly group: "com.liferay", name: "com.liferay.bulk.selection.api", version: "1.0.0"
compileOnly group: "com.liferay", name: "com.liferay.document.library.api", version: "5.0.0"
Expand Down
6 changes: 3 additions & 3 deletions modules/apps/bulk/bulk-rest-test/build.gradle
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
dependencies {
testIntegrationCompile group: "com.fasterxml.jackson.core", name: "jackson-annotations", version: "2.9.10"
testIntegrationCompile group: "com.fasterxml.jackson.core", name: "jackson-core", version: "2.9.10"
testIntegrationCompile group: "com.fasterxml.jackson.core", name: "jackson-databind", version: "2.9.10.1"
testIntegrationCompile group: "com.fasterxml.jackson.core", name: "jackson-annotations", version: "2.10.3"
testIntegrationCompile group: "com.fasterxml.jackson.core", name: "jackson-core", version: "2.10.3"
testIntegrationCompile group: "com.fasterxml.jackson.core", name: "jackson-databind", version: "2.10.5.1"
testIntegrationCompile group: "com.liferay", name: "com.liferay.arquillian.extension.junit.bridge", version: "1.0.19"
testIntegrationCompile group: "com.liferay.portal", name: "com.liferay.portal.kernel", version: "default"
testIntegrationCompile project(":apps:bulk:bulk-rest-api")
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
import com.liferay.calendar.service.CalendarResourceLocalService;
import com.liferay.portal.kernel.exception.ModelListenerException;
import com.liferay.portal.kernel.model.BaseModelListener;
import com.liferay.portal.kernel.model.GroupConstants;
import com.liferay.portal.kernel.model.ModelListener;
import com.liferay.portal.kernel.model.User;
import com.liferay.portal.kernel.util.LocaleUtil;
Expand Down Expand Up @@ -57,6 +58,10 @@ public void onAfterUpdate(User user) throws ModelListenerException {
return;
}

if (user.isDefaultUser() && name.equals(GroupConstants.GUEST)) {
return;
}

Map<Locale, String> nameMap = new HashMap<>();

nameMap.put(LocaleUtil.getSiteDefault(), user.getFullName());
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -582,7 +582,7 @@ AUI.add(

_syncInviteesContent(contentNode, calendarResources) {
var values = calendarResources.map(item => {
return item.name;
return Lang.String.escapeHTML(item.name);
});

contentNode = A.one(contentNode);
Expand Down
6 changes: 3 additions & 3 deletions modules/apps/comment/comment-sanitizer/build.gradle
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
dependencies {
compileInclude group: "com.google.errorprone", name: "error_prone_annotations", version: "2.2.0"
compileInclude group: "com.google.guava", name: "failureaccess", version: "1.0.1"
compileInclude group: "com.google.guava", name: "guava", version: "27.1-jre"
compileInclude group: "com.google.guava", name: "guava", version: "30.1.1-jre"
compileInclude group: "com.google.guava", name: "listenablefuture", version: "9999.0-empty-to-avoid-conflict-with-guava"
compileInclude group: "com.google.j2objc", name: "j2objc-annotations", version: "1.1"
compileInclude group: "com.google.j2objc", name: "j2objc-annotations", version: "1.3"
compileInclude group: "com.googlecode.owasp-java-html-sanitizer", name: "owasp-java-html-sanitizer", version: "r239"
compileInclude group: "org.checkerframework", name: "checker-qual", version: "2.5.2"
compileInclude group: "org.checkerframework", name: "checker-qual", version: "3.11.0"

compileOnly group: "com.liferay", name: "com.liferay.petra.string", version: "3.0.0"
compileOnly group: "com.liferay.portal", name: "com.liferay.portal.impl", version: "4.0.0"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,15 +17,15 @@
<%@ include file="/init.jsp" %>

<%
String redirect = renderRequest.getParameter("redirect");
String redirect = PortalUtil.escapeRedirect(renderRequest.getParameter("redirect"));
ConfigurationEntryIterator configurationEntryIterator = (ConfigurationEntryIterator)request.getAttribute(ConfigurationAdminWebKeys.CONFIGURATION_ENTRY_ITERATOR);
ConfigurationEntryRetriever configurationEntryRetriever = (ConfigurationEntryRetriever)request.getAttribute(ConfigurationAdminWebKeys.CONFIGURATION_ENTRY_RETRIEVER);
ConfigurationScopeDisplayContext configurationScopeDisplayContext = new ConfigurationScopeDisplayContext(renderRequest);
if (redirect == null) {
redirect = renderResponse.createRenderURL();
if (Validator.isNull(redirect)) {
redirect = String.valueOf(renderResponse.createRenderURL());
}
PortletURL searchURL = renderResponse.createRenderURL();
Expand Down
2 changes: 1 addition & 1 deletion modules/apps/data-engine/data-engine-rest-api/build.gradle
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
dependencies {
compileOnly group: "com.fasterxml.jackson.core", name: "jackson-annotations", version: "2.9.10"
compileOnly group: "com.fasterxml.jackson.core", name: "jackson-annotations", version: "2.10.3"
compileOnly group: "com.liferay", name: "com.liferay.petra.function", version: "3.0.0"
compileOnly group: "com.liferay", name: "com.liferay.petra.string", version: "3.0.0"
compileOnly group: "com.liferay", name: "com.liferay.portal.vulcan.api", version: "3.3.0"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ dependencies {
compileInclude group: "net.minidev", name: "accessors-smart", version: "1.1"
compileInclude group: "net.minidev", name: "json-smart", version: "2.2.1"

compileOnly group: "com.fasterxml.jackson.core", name: "jackson-annotations", version: "2.9.10"
compileOnly group: "com.fasterxml.jackson.core", name: "jackson-annotations", version: "2.10.3"
compileOnly group: "com.liferay", name: "com.liferay.captcha.taglib", version: "3.0.0"
compileOnly group: "com.liferay", name: "com.liferay.data.engine.api", version: "2.1.0"
compileOnly group: "com.liferay", name: "com.liferay.data.engine.rest.api", version: "9.2.0"
Expand Down
6 changes: 3 additions & 3 deletions modules/apps/data-engine/data-engine-rest-test/build.gradle
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
dependencies {
testIntegrationCompile group: "com.fasterxml.jackson.core", name: "jackson-annotations", version: "2.9.10"
testIntegrationCompile group: "com.fasterxml.jackson.core", name: "jackson-core", version: "2.9.10"
testIntegrationCompile group: "com.fasterxml.jackson.core", name: "jackson-databind", version: "2.9.10.1"
testIntegrationCompile group: "com.fasterxml.jackson.core", name: "jackson-annotations", version: "2.10.3"
testIntegrationCompile group: "com.fasterxml.jackson.core", name: "jackson-core", version: "2.10.3"
testIntegrationCompile group: "com.fasterxml.jackson.core", name: "jackson-databind", version: "2.10.5.1"
testIntegrationCompile group: "com.liferay", name: "com.liferay.arquillian.extension.junit.bridge", version: "1.0.19"
testIntegrationCompile group: "com.liferay.portal", name: "com.liferay.portal.kernel", version: "default"
testIntegrationCompile project(":apps:data-engine:data-engine-rest-api")
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@ Bundle-Name: Liferay Document Library Opener Google Drive Web
Bundle-SymbolicName: com.liferay.document.library.opener.google.drive.web
Bundle-Version: 1.0.23
Import-Package:\
!com.google.common.util.concurrent.*,\
\
!javax.jdo.*,\
\
!org.apache.http.*,\
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,15 +5,15 @@ dependencies {
compileInclude group: "com.google.api-client", name: "google-api-client-servlet", version: "1.23.0"
compileInclude group: "com.google.apis", name: "google-api-services-drive", version: "v3-rev20190311-1.28.0"
compileInclude group: "com.google.apis", name: "google-api-services-oauth2", version: "v2-rev137-1.23.0"
compileInclude group: "com.google.errorprone", name: "error_prone_annotations", version: "2.3.1"
compileInclude group: "com.google.guava", name: "guava", version: "25.1-jre"
compileInclude group: "com.google.errorprone", name: "error_prone_annotations", version: "2.5.1"
compileInclude group: "com.google.guava", name: "guava", version: "30.1.1-jre"
compileInclude group: "com.google.http-client", name: "google-http-client", version: "1.23.0"
compileInclude group: "com.google.http-client", name: "google-http-client-jackson2", version: "1.23.0"
compileInclude group: "com.google.oauth-client", name: "google-oauth-client", version: "1.23.0"
compileInclude group: "com.google.oauth-client", name: "google-oauth-client-java6", version: "1.23.0"
compileInclude group: "com.google.oauth-client", name: "google-oauth-client-servlet", version: "1.23.0"
compileInclude group: "com.google.oauth-client", name: "google-oauth-client", version: "1.31.0"
compileInclude group: "com.google.oauth-client", name: "google-oauth-client-java6", version: "1.31.0"
compileInclude group: "com.google.oauth-client", name: "google-oauth-client-servlet", version: "1.31.0"

compileOnly group: "com.fasterxml.jackson.core", name: "jackson-core", version: "2.9.10"
compileOnly group: "com.fasterxml.jackson.core", name: "jackson-core", version: "2.10.3"
compileOnly group: "com.liferay", name: "com.liferay.connected.app.api", version: "1.0.0"
compileOnly group: "com.liferay", name: "com.liferay.document.library.api", version: "5.0.0"
compileOnly group: "com.liferay", name: "com.liferay.document.library.google.drive.api", version: "1.0.0"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@
import com.liferay.portal.kernel.servlet.taglib.ui.URLMenuItem;
import com.liferay.portal.kernel.theme.ThemeDisplay;
import com.liferay.portal.kernel.util.Constants;
import com.liferay.portal.kernel.util.HtmlUtil;
import com.liferay.portal.kernel.util.JavaConstants;
import com.liferay.portal.kernel.util.Portal;
import com.liferay.portal.kernel.util.PortalUtil;
Expand Down Expand Up @@ -269,13 +270,17 @@ private void _updateCancelCheckoutAndCheckinMenuItems(
javaScriptUIItem.setOnClick(
StringBundler.concat(
"window.location.href = '",
_getActionURL(Constants.CHECKIN), "'"));
HtmlUtil.escapeJS(
_getActionURL(Constants.CHECKIN)),
"'"));
}
else {
javaScriptUIItem.setOnClick(
StringBundler.concat(
_getNamespace(), "showVersionDetailsDialog('",
_getActionURL(Constants.CHECKIN), "');"));
HtmlUtil.escapeJS(
_getActionURL(Constants.CHECKIN)),
"');"));
}
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -26,4 +26,7 @@ Import-Package:\
\
!org.relaxng.datatype.*,\
\
!org.springframework.osgi.io.*,\
!org.springframework.osgi.util.*,\
\
*
Original file line number Diff line number Diff line change
Expand Up @@ -4,17 +4,17 @@ dependencies {
compileInclude group: "org.apache.chemistry.opencmis", name: "chemistry-opencmis-client-impl", version: "0.14.0"
compileInclude group: "org.apache.chemistry.opencmis", name: "chemistry-opencmis-commons-api", version: "0.14.0"
compileInclude group: "org.apache.chemistry.opencmis", name: "chemistry-opencmis-commons-impl", version: "0.14.0"
compileInclude group: "org.apache.cxf", name: "cxf-api", version: "2.7.11"
compileInclude group: "org.apache.cxf", name: "cxf-rt-bindings-soap", version: "2.7.11"
compileInclude group: "org.apache.cxf", name: "cxf-rt-bindings-xml", version: "2.7.11"
compileInclude group: "org.apache.cxf", name: "cxf-rt-core", version: "2.7.11"
compileInclude group: "org.apache.cxf", name: "cxf-rt-databinding-jaxb", version: "2.7.11"
compileInclude group: "org.apache.cxf", name: "cxf-rt-frontend-jaxws", version: "2.7.11"
compileInclude group: "org.apache.cxf", name: "cxf-rt-frontend-simple", version: "2.7.11"
compileInclude group: "org.apache.cxf", name: "cxf-rt-transports-http", version: "2.7.11"
compileInclude group: "org.apache.cxf", name: "cxf-rt-ws-addr", version: "2.7.11"
compileInclude group: "org.apache.cxf", name: "cxf-rt-ws-policy", version: "2.7.11"
compileInclude group: "org.apache.neethi", name: "neethi", version: "3.0.3"
compileInclude group: "org.apache.cxf", name: "cxf-core", version: "3.2.14"
compileInclude group: "org.apache.cxf", name: "cxf-rt-bindings-soap", version: "3.2.14"
compileInclude group: "org.apache.cxf", name: "cxf-rt-bindings-xml", version: "3.2.14"
compileInclude group: "org.apache.cxf", name: "cxf-rt-databinding-jaxb", version: "3.2.14"
compileInclude group: "org.apache.cxf", name: "cxf-rt-frontend-jaxws", version: "3.2.14"
compileInclude group: "org.apache.cxf", name: "cxf-rt-frontend-simple", version: "3.2.14"
compileInclude group: "org.apache.cxf", name: "cxf-rt-transports-http", version: "3.2.14"
compileInclude group: "org.apache.cxf", name: "cxf-rt-ws-addr", version: "3.2.14"
compileInclude group: "org.apache.cxf", name: "cxf-rt-ws-policy", version: "3.2.14"
compileInclude group: "org.apache.cxf", name: "cxf-rt-wsdl", version: "3.2.14"
compileInclude group: "org.apache.neethi", name: "neethi", version: "3.1.1"

compileOnly group: "com.liferay", name: "com.liferay.document.library.repository.cmis.api", version: "3.0.0"
compileOnly group: "com.liferay", name: "com.liferay.petra.concurrent", version: "3.0.0"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@
import com.liferay.document.library.kernel.exception.SourceFileNameException;
import com.liferay.document.library.kernel.util.DLUtil;
import com.liferay.document.library.kernel.util.DLValidator;
import com.liferay.petra.string.CharPool;
import com.liferay.petra.string.StringBundler;
import com.liferay.petra.string.StringPool;
import com.liferay.portal.configuration.metatype.bnd.util.ConfigurableUtil;
Expand Down Expand Up @@ -141,11 +142,17 @@ public void validateFileExtension(String fileName)

boolean validFileExtension = false;

String[] fileExtensions = _dlConfiguration.fileExtensions();
for (String fileExtension : _dlConfiguration.fileExtensions()) {
String fileNameExtension = StringUtil.toLowerCase(
FileUtil.getExtension(fileName));

for (String fileExtension : fileExtensions) {
if (StringPool.STAR.equals(fileExtension) ||
StringUtil.endsWith(fileName, fileExtension)) {
StringUtil.equals(
fileNameExtension,
StringUtil.toLowerCase(
StringUtil.replace(
fileExtension, CharPool.PERIOD,
StringPool.BLANK)))) {

validFileExtension = true;

Expand Down Expand Up @@ -263,6 +270,10 @@ protected void activate(Map<String, Object> properties) {
DLConfiguration.class, properties);
}

protected void setDLConfiguration(DLConfiguration dlConfiguration) {
_dlConfiguration = dlConfiguration;
}

private String _replaceDLCharLastBlacklist(String title) {
String previousTitle = null;

Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,91 @@
/**
* Copyright (c) 2000-present Liferay, Inc. All rights reserved.
*
* This library is free software; you can redistribute it and/or modify it under
* the terms of the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 2.1 of the License, or (at your option)
* any later version.
*
* This library is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
* details.
*/

package com.liferay.document.library.internal.util;

import com.liferay.document.library.configuration.DLConfiguration;
import com.liferay.document.library.kernel.exception.FileExtensionException;
import com.liferay.document.library.kernel.util.DLValidator;
import com.liferay.portal.kernel.util.FileUtil;
import com.liferay.portal.util.FileImpl;

import org.junit.Before;
import org.junit.Test;

import org.mockito.Mockito;

/**
* @author Adolfo Pérez
*/
public class DLValidatorImplTest {

@Before
public void setUp() {
DLValidatorImpl dlValidatorImpl = new DLValidatorImpl();

_dlConfiguration = Mockito.mock(DLConfiguration.class);

dlValidatorImpl.setDLConfiguration(_dlConfiguration);

_dlValidator = dlValidatorImpl;

FileUtil fileUtil = new FileUtil();

fileUtil.setFile(FileImpl.getInstance());
}

@Test(expected = FileExtensionException.class)
public void testInvalidExtension() throws Exception {
_validateFileExtension("test.gıf");
}

@Test
public void testValidLowerCaseExtension() throws Exception {
_validateFileExtension("test.gif");
}

@Test
public void testValidMixedCaseExtension() throws Exception {
_validateFileExtension("test.GiF");
}

@Test
public void testValidUpperCaseExtension() throws Exception {
_validateFileExtension("test.GIF");
}

private void _validateFileExtension(String fileName)
throws FileExtensionException {

Mockito.when(
_dlConfiguration.fileExtensions()
).thenReturn(
new String[] {".gif"}
);

_dlValidator.validateFileExtension(fileName);

Mockito.when(
_dlConfiguration.fileExtensions()
).thenReturn(
new String[] {"gif"}
);

_dlValidator.validateFileExtension(fileName);
}

private DLConfiguration _dlConfiguration;
private DLValidator _dlValidator;

}
Original file line number Diff line number Diff line change
Expand Up @@ -475,7 +475,7 @@ public List<LabelItem> getFilterLabelItems() {
String label = String.format(
"%s: %s",
LanguageUtil.get(_httpServletRequest, "owner"),
user.getFullName());
HtmlUtil.escape(user.getFullName()));

labelItem.setLabel(label);
});
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -190,8 +190,8 @@ public void addCheckinToolbarItem(List<ToolbarItem> toolbarItems)
new JavaScriptToolbarItem(), toolbarItems, DLUIItemKeys.CHECKIN,
LanguageUtil.get(_resourceBundle, "checkin"),
StringBundler.concat(
getNamespace(), "showVersionDetailsDialog('", portletURL,
"');"));
getNamespace(), "showVersionDetailsDialog('",
HtmlUtil.escapeJS(portletURL.toString()), "');"));

String javaScript =
"/com/liferay/document/library/web/display/context/dependencies" +
Expand Down Expand Up @@ -290,7 +290,7 @@ public void addCompareToMenuItem(List<MenuItem> menuItems)

sb.append(jsNamespace);
sb.append("compareVersionDialog('");
sb.append(selectFileVersionURL.toString());
sb.append(HtmlUtil.escapeJS(selectFileVersionURL.toString()));
sb.append("');");

JavaScriptMenuItem javaScriptMenuItem = _addJavaScriptUIItem(
Expand Down Expand Up @@ -634,7 +634,8 @@ public void addOpenInMsOfficeMenuItem(List<MenuItem> menuItems)
true);

String onClick = StringBundler.concat(
getNamespace(), "openDocument('", webDavURL, "');");
getNamespace(), "openDocument('", HtmlUtil.escapeJS(webDavURL),
"');");

JavaScriptMenuItem javaScriptMenuItem = _addJavaScriptUIItem(
new JavaScriptMenuItem(), menuItems, DLUIItemKeys.OPEN_IN_MS_OFFICE,
Expand Down Expand Up @@ -683,7 +684,7 @@ public void addOpenInMsOfficeToolbarItem(List<ToolbarItem> toolbarItems)

sb.append(getNamespace());
sb.append("openDocument('");
sb.append(webDavURL);
sb.append(HtmlUtil.escapeJS(webDavURL));
sb.append("');");

_addJavaScriptUIItem(
Expand Down Expand Up @@ -763,7 +764,7 @@ public void addPermissionsToolbarItem(List<ToolbarItem> toolbarItems)
sb.append("'dialog-with-footer'}, title: '");
sb.append(UnicodeLanguageUtil.get(_resourceBundle, "permissions"));
sb.append("', uri: '");
sb.append(permissionsURL);
sb.append(HtmlUtil.escapeJS(permissionsURL));
sb.append("'});");

_addJavaScriptUIItem(
Expand Down Expand Up @@ -932,8 +933,8 @@ public MenuItem getCheckinMenuItem() throws PortalException {
javaScriptMenuItem.setLabel("checkin");
javaScriptMenuItem.setOnClick(
StringBundler.concat(
getNamespace(), "showVersionDetailsDialog('", portletURL,
"');"));
getNamespace(), "showVersionDetailsDialog('",
HtmlUtil.escapeJS(portletURL.toString()), "');"));

String javaScript =
"/com/liferay/document/library/web/display/context/dependencies" +
Expand Down Expand Up @@ -994,7 +995,7 @@ protected String getSubmitFormJavaScript(String cmd, String redirect) {
sb.append("fm.");
sb.append(getNamespace());
sb.append("redirect.value = '");
sb.append(redirect);
sb.append(HtmlUtil.escapeJS(redirect));
sb.append("';");
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -185,7 +185,8 @@ DLPortletInstanceSettingsHelper dlPortletInstanceSettingsHelper = new DLPortletI
currentColumnsElement,
'<option value="action"><%= UnicodeLanguageUtil.get(request, "action") %></option>'
);
} else {
}
else {
var options = document.querySelectorAll(
'#<portlet:namespace />currentEntryColumns option[value="action"], #<portlet:namespace />availableEntryColumns option[value="action"]'
);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -588,7 +588,8 @@ if (portletTitleBasedNavigation) {
if (<%= dlAdminDisplayContext.isVersioningStrategyOverridable() %>) {
<portlet:namespace />showVersionDetailsDialog(form);
} else {
}
else {
submitForm(form);
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -353,7 +353,8 @@ if (portletTitleBasedNavigation) {

if (!searchContainerData.length) {
searchContainerData = [];
} else {
}
else {
searchContainerData = searchContainerData.split(',');
}

Expand Down Expand Up @@ -531,7 +532,8 @@ if (portletTitleBasedNavigation) {
);

restrictionTypeWorkflow.show();
} else {
}
else {
selectContainer.show();
}
},
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -98,7 +98,7 @@ long assetClassPK = DLAssetHelperUtil.getAssetClassPK(fileEntry, fileVersion);
<div class="autofit-col autofit-col-expand">
<div class="component-title h4 username">
<c:if test="<%= owner != null %>">
<a href="<%= owner.isDefaultUser() ? StringPool.BLANK : owner.getDisplayURL(themeDisplay) %>"><%= owner.getFullName() %></a>
<a href="<%= owner.isDefaultUser() ? StringPool.BLANK : owner.getDisplayURL(themeDisplay) %>"><%= HtmlUtil.escape(owner.getFullName()) %></a>
</c:if>
</div>

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,8 @@ class BulkStatus extends Component {

if (error) {
message = Liferay.Language.get('an-unexpected-error-occurred');
} else {
}
else {
message = Liferay.Language.get('changes-saved');
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -55,9 +55,7 @@ class EditCategories extends Component {
created() {
this.append = true;
this.dataSource = [];
this.urlCategories = `/bulk/v1.0/sites/${
this.groupIds[0]
}/taxonomy-vocabularies/common`;
this.urlCategories = `/bulk/v1.0/sites/${this.groupIds[0]}/taxonomy-vocabularies/common`;

this._feedbackErrorClass = 'form-feedback-item';
this._requiredVocabularyErrorMarkupText =
Expand Down Expand Up @@ -93,7 +91,8 @@ class EditCategories extends Component {

if (inputNode.value) {
inputNode.parentElement.parentElement.classList.remove('has-error');
} else {
}
else {
inputNode.parentElement.parentElement.classList.add('has-error');

const feedbackErrorNode = inputNode.parentElement.querySelector(
Expand Down Expand Up @@ -282,7 +281,8 @@ class EditCategories extends Component {

if (!this.append) {
addedCategories = finalCategories;
} else {
}
else {
addedCategories = finalCategories.filter(
categoryId =>
this.initialCategories.indexOf(categoryId) == -1
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -172,7 +172,8 @@ class EditTags extends Component {

if (!this.append) {
addedTags = finalTags;
} else {
}
else {
addedTags = finalTags.filter(
tag => this._initialTags.indexOf(tag) == -1
);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,8 @@ AUI.add(
instance._selectedFileEntries = selectedElements.attr(
'value'
);
} else {
}
else {
instance._selectedFileEntries = [];
}
},
Expand Down Expand Up @@ -285,7 +286,8 @@ AUI.add(
form.get(namespace + 'javax-portlet-action').val(
action
);
} else {
}
else {
form.get(namespace + 'cmd').val(action);
}

Expand Down Expand Up @@ -327,31 +329,38 @@ AUI.add(
instance._openModalTags();

action = null;
} else if (action === 'editCategories') {
}
else if (action === 'editCategories') {
instance._openModalCategories();

action = null;
} else if (action === 'move' || action === 'moveEntries') {
}
else if (action === 'move' || action === 'moveEntries') {
instance._openModalMove();

action = null;
} else if (action === 'download') {
}
else if (action === 'download') {
url = instance.get('downloadEntryUrl');
} else if (action === 'deleteEntries') {
}
else if (action === 'deleteEntries') {
if (instance.get('trashEnabled')) {
action = 'move_to_trash';
} else if (
}
else if (
confirm(
Liferay.Language.get(
'are-you-sure-you-want-to-delete-the-selected-entries'
)
)
) {
action = 'delete';
} else {
}
else {
action = null;
}
} else if (action === 'checkin') {
}
else if (action === 'checkin') {
Liferay.DocumentLibraryCheckin.showDialog(
namespace,
(versionIncrease, changeLog) => {
Expand Down Expand Up @@ -525,7 +534,8 @@ AUI.add(
dialogTitle = Liferay.Language.get(
'select-destination-folder-for-x-item'
);
} else {
}
else {
dialogTitle = Liferay.Language.get(
'select-destination-folder-for-x-items'
);
Expand All @@ -550,7 +560,8 @@ AUI.add(
parameterName,
parameterValue
);
} else {
}
else {
instance._moveCurrentSelection(event.folderid);
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -301,7 +301,8 @@ AUI.add(
data
)
);
} else {
}
else {
handles.push(
uploader.after(
'fileuploadstart',
Expand Down Expand Up @@ -522,7 +523,8 @@ AUI.add(
entriesContainer = searchContainer.one('tbody');

entryNode = instance._createEntryRow(name, size);
} else {
}
else {
var entriesContainerSelector =
'ul.tabular-list-group:last-of-type';

Expand Down Expand Up @@ -613,11 +615,14 @@ AUI.add(

if (item == STR_NAME) {
value = sub(TPL_ENTRY_ROW_TITLE, [name]);
} else if (item == STR_SIZE) {
}
else if (item == STR_SIZE) {
value = Liferay.Util.formatStorage(size);
} else if (item == 'downloads') {
}
else if (item == 'downloads') {
value = '0';
} else if (index === 0) {
}
else if (index === 0) {
value = sub(TPL_HIDDEN_CHECK_BOX, [
instance.get(STR_HOST).ns('rowIdsFileEntry')
]);
Expand Down Expand Up @@ -678,7 +683,8 @@ AUI.add(
file.overlay = overlay;
file.progressBar = progressBar;
file.target = target;
} else {
}
else {
target.overlay = overlay;
target.progressBar = progressBar;
}
Expand Down Expand Up @@ -740,7 +746,8 @@ AUI.add(
'src',
PATH_THEME_IMAGES + '/common/close.png'
);
} else {
}
else {
node.addClass(CSS_UPLOAD_ERROR);
}

Expand Down Expand Up @@ -782,7 +789,8 @@ AUI.add(

if (error === true) {
uploadResultClass = CSS_UPLOAD_ERROR;
} else if (error == ERROR_RESULTS_MIXED) {
}
else if (error == ERROR_RESULTS_MIXED) {
uploadResultClass = CSS_UPLOAD_WARNING;
}
}
Expand Down Expand Up @@ -859,7 +867,8 @@ AUI.add(
var overlay = A.Widget.getByNode(target);

folderEntry = overlay._originalConfig.target;
} else {
}
else {
if (target.attr('data-folder') === 'true') {
folderEntry = target;
}
Expand Down Expand Up @@ -893,19 +902,23 @@ AUI.add(
instance.get(STR_FOLDER_ID),
fileName
]);
} else {
}
else {
if (
LString.endsWith(
fileName.toLowerCase(),
STR_EXTENSION_PDF
)
) {
thumbnailName = STR_THUMBNAIL_PDF;
} else if (REGEX_AUDIO.test(fileName)) {
}
else if (REGEX_AUDIO.test(fileName)) {
thumbnailName = STR_THUMBNAIL_AUDIO;
} else if (REGEX_VIDEO.test(fileName)) {
}
else if (REGEX_VIDEO.test(fileName)) {
thumbnailName = STR_THUMBNAIL_VIDEO;
} else if (REGEX_COMPRESSED.test(fileName)) {
}
else if (REGEX_COMPRESSED.test(fileName)) {
thumbnailName = STR_THUMBNAIL_COMPRESSED;
}

Expand Down Expand Up @@ -974,17 +987,19 @@ AUI.add(

try {
responseData = JSON.parse(responseData);
} catch (e) {}
}
catch (e) {}

if (Lang.isObject(responseData)) {
error =
responseData.status &&
(responseData.status >= 490 &&
responseData.status < 500);
responseData.status >= 490 &&
responseData.status < 500;

if (error) {
message = responseData.message;
} else {
}
else {
message =
instance.get(STR_HOST).ns('fileEntryId=') +
responseData.fileEntryId;
Expand Down Expand Up @@ -1141,7 +1156,8 @@ AUI.add(

if (keyData) {
instance._updateDataSetEntry(key, keyData, validFiles);
} else {
}
else {
var dataSet = instance._getDataSet();

var folderNode = null;
Expand Down Expand Up @@ -1196,7 +1212,8 @@ AUI.add(
response.message,
displayStyle
);
} else {
}
else {
var displayStyleList = displayStyle == STR_LIST;

var fileEntryId = JSON.parse(event.data)
Expand Down Expand Up @@ -1335,7 +1352,8 @@ AUI.add(
instance._attachSubscriptions(uploadData);

uploader.uploadThese(fileList, uploadURL);
} else {
}
else {
uploader.fire('alluploadscomplete');
}
},
Expand All @@ -1347,7 +1365,8 @@ AUI.add(

if (currentUploadData.folderId === key) {
instance._addFilesToQueueBottom(unmergedData);
} else {
}
else {
instance._combineFileLists(data.fileList, unmergedData);

var dataSet = instance._getDataSet();
Expand Down Expand Up @@ -1414,12 +1433,14 @@ AUI.add(
folderEntryNode.progressBar,
0
);
} else {
}
else {
instance._createUploadStatus(folderEntryNode);
}

folderEntryNode.removeClass(CSS_ACTIVE_AREA);
} else {
}
else {
var displayStyle = instance._getDisplayStyle();

filesPartition.matches.map(file => {
Expand Down Expand Up @@ -1487,7 +1508,8 @@ AUI.add(
instance._maxFileSize
)
]);
} else if (size === 0) {
}
else if (size === 0) {
errorMessage = strings.zeroByteFile;
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ entriesChecker.setRememberCheckBoxStateURLRegex("^(?!.*" + liferayPortletRespons

<div class="document-container" id="<portlet:namespace />entriesContainer">
<liferay-ui:search-container
emptyResultsMessage='<%= LanguageUtil.format(request, "no-documents-were-found-that-matched-the-keywords-x", keywords, false) %>'
emptyResultsMessage='<%= LanguageUtil.format(request, "no-documents-were-found-that-matched-the-keywords-x", HtmlUtil.escape(keywords), false) %>'
id="entries"
searchContainer="<%= dlSearchContainer %>"
total="<%= dlSearchContainer.getTotal() %>"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -200,13 +200,15 @@ if (portletTitleBasedNavigation) {
if (originalFileName === item.fileName) {
childHTML =
'<span class="card-bottom success-message"><%= UnicodeLanguageUtil.get(request, "successfully-saved") %></span>';
} else {
}
else {
childHTML =
'<span class="card-bottom success-message"><%= UnicodeLanguageUtil.get(request, "successfully-saved") %> (' +
item.fileName +
')</span>';
}
} else {
}
else {
cssClass = 'upload-error';

childHTML =
Expand All @@ -228,7 +230,8 @@ if (portletTitleBasedNavigation) {

if (commonFileMetadataContainer.io) {
commonFileMetadataContainer.io.start();
} else {
}
else {
commonFileMetadataContainer.load(
'<%= uploadMultipleFileEntries %>'
);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -259,7 +259,8 @@ else {
if (selectedFilesCount === fileNodes.length) {
selectedFilesText =
'<%= UnicodeLanguageUtil.get(request, "all-files-selected") %>';
} else {
}
else {
selectedFilesText = Liferay.Util.sub(
'<%= UnicodeLanguageUtil.get(request, "x-files-selected") %>',
selectedFilesCount
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -267,7 +267,8 @@ embeddedPlayerURL.setWindowState(LiferayWindowState.POP_UP);
imageViewer._syncPlaying = function() {
if (this.get('playing')) {
this._player.setHTML(TPL_PLAYER_PAUSE);
} else {
}
else {
this._player.setHTML(TPL_PLAYER_PLAY);
}
};
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ Bundle-Name: Liferay Dynamic Data Lists Service
Bundle-SymbolicName: com.liferay.dynamic.data.lists.service
Bundle-Version: 3.0.27
Import-Package:\
!org.apache.commons.collections4.*,\
!org.apache.poi.hssf.usermodel.*,\
!org.apache.poi.ss.usermodel.*,\
\
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,9 @@ buildService {
}

dependencies {
compileInclude group: "org.apache.poi", name: "poi", version: "3.15"
compileInclude group: "com.zaxxer", name: "SparseBitSet", version: "1.2"
compileInclude group: "org.apache.commons", name: "commons-math3", version: "3.6.1"
compileInclude group: "org.apache.poi", name: "poi", version: "4.1.2"

compileOnly group: "biz.aQute.bnd", name: "biz.aQute.bnd.annotation", version: "4.2.0"
compileOnly group: "com.liferay", name: "com.liferay.dynamic.data.lists.api", version: "4.1.0"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ dependencies {
compileOnly group: "com.liferay", name: "com.liferay.petra.string", version: "3.0.0"
compileOnly group: "com.liferay", name: "com.liferay.portal.configuration.metatype.api", version: "2.0.0"
compileOnly group: "com.liferay", name: "com.liferay.portal.upgrade.api", version: "3.0.0"
compileOnly group: "com.liferay.portal", name: "com.liferay.portal.impl", version: "4.0.0"
compileOnly group: "com.liferay.portal", name: "com.liferay.portal.impl", version: "default"
compileOnly group: "com.liferay.portal", name: "com.liferay.portal.kernel", version: "4.34.0"
compileOnly group: "com.liferay.portal", name: "com.liferay.util.taglib", version: "4.0.0"
compileOnly group: "javax.portlet", name: "portlet-api", version: "3.0.1"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,8 +25,6 @@
import com.liferay.portal.kernel.template.TemplateConstants;
import com.liferay.portal.kernel.template.TemplateHandler;
import com.liferay.portal.kernel.template.TemplateHandlerRegistryUtil;
import com.liferay.portal.kernel.template.TemplateManager;
import com.liferay.portal.kernel.template.TemplateManagerUtil;
import com.liferay.portal.kernel.theme.ThemeDisplay;
import com.liferay.portal.kernel.util.Constants;
import com.liferay.portal.kernel.util.ParamUtil;
Expand Down Expand Up @@ -88,23 +86,17 @@ public String transform() throws Exception {
contextObjects.put(
TemplateConstants.CLASS_NAME_ID, ddmTemplate.getClassNameId());

TemplateManager templateManager =
TemplateManagerUtil.getTemplateManager(ddmTemplate.getLanguage());

TemplateHandler templateHandler =
TemplateHandlerRegistryUtil.getTemplateHandler(
DDLRecordSet.class.getName());

templateManager.addContextObjects(
contextObjects, templateHandler.getCustomContextObjects());

templateManager.addTaglibSupport(
contextObjects, PortalUtil.getHttpServletRequest(_renderRequest),
_themeDisplay.getResponse());
contextObjects.putAll(templateHandler.getCustomContextObjects());

return transformer.transform(
_themeDisplay, contextObjects, ddmTemplate.getScript(),
ddmTemplate.getLanguage(), new UnsyncStringWriter());
ddmTemplate.getLanguage(), new UnsyncStringWriter(),
PortalUtil.getHttpServletRequest(_renderRequest),
_themeDisplay.getResponse());
}

private final long _ddmTemplateId;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ dependencies {
testCompile group: "com.liferay.portal", name: "com.liferay.util.java", version: "default"
testCompile group: "commons-collections", name: "commons-collections", version: "3.2.2"
testCompile group: "commons-lang", name: "commons-lang", version: "2.6"
testCompile group: "org.dom4j", name: "dom4j", version: "2.0.0"
testCompile group: "org.dom4j", name: "dom4j", version: "2.1.3"
testCompile group: "org.jabsorb", name: "jabsorb", version: "1.3.1"
testCompile group: "org.jodd", name: "jodd-bean", version: "3.6.4"
testCompile group: "org.jodd", name: "jodd-json", version: "3.6.4"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -299,7 +299,7 @@ public boolean hasAddFormInstanceRecordPermission() throws PortalException {
return _hasAddFormInstanceRecordPermission;
}

_hasAddFormInstanceRecordPermission = true;
_hasAddFormInstanceRecordPermission = false;

DDMFormInstance ddmFormInstance = getFormInstance();

Expand All @@ -320,7 +320,7 @@ public boolean hasViewPermission() throws PortalException {
return _hasViewPermission;
}

_hasViewPermission = true;
_hasViewPermission = false;

DDMFormInstance ddmFormInstance =
_ddmFormInstanceLocalService.fetchFormInstance(getFormInstanceId());
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@
import com.liferay.dynamic.data.mapping.storage.DDMFormValues;
import com.liferay.portal.kernel.exception.PortalException;
import com.liferay.portal.kernel.language.LanguageUtil;
import com.liferay.portal.kernel.model.User;
import com.liferay.portal.kernel.portlet.bridges.mvc.BaseMVCResourceCommand;
import com.liferay.portal.kernel.portlet.bridges.mvc.MVCResourceCommand;
import com.liferay.portal.kernel.service.ServiceContext;
Expand Down Expand Up @@ -108,7 +109,12 @@ protected void doServeResource(

boolean preview = ParamUtil.getBoolean(resourceRequest, "preview");

if (preview) {
ThemeDisplay themeDisplay = (ThemeDisplay)resourceRequest.getAttribute(
WebKeys.THEME_DISPLAY);

User user = themeDisplay.getUser();

if (preview || user.isDefaultUser()) {
return;
}

Expand All @@ -125,9 +131,6 @@ protected void doServeResource(
return;
}

ThemeDisplay themeDisplay = (ThemeDisplay)resourceRequest.getAttribute(
WebKeys.THEME_DISPLAY);

DDMFormInstanceRecordVersion ddmFormInstanceRecordVersion =
_ddmFormInstanceRecordVersionLocalService.
fetchLatestFormInstanceRecordVersion(
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -150,11 +150,25 @@ protected void updateFormInstancePermission(
_portal.getCompanyId(actionRequest), RoleConstants.GUEST);

ResourcePermission resourcePermission =
_resourcePermissionLocalService.getResourcePermission(
_resourcePermissionLocalService.fetchResourcePermission(
role.getCompanyId(), DDMFormInstance.class.getName(),
ResourceConstants.SCOPE_INDIVIDUAL,
String.valueOf(formInstanceId), role.getRoleId());

if (resourcePermission == null) {
_resourcePermissionLocalService.setResourcePermissions(
role.getCompanyId(), DDMFormInstance.class.getName(),
ResourceConstants.SCOPE_INDIVIDUAL,
String.valueOf(formInstanceId), role.getRoleId(),
new String[] {DDMActionKeys.ADD_FORM_INSTANCE_RECORD});

resourcePermission =
_resourcePermissionLocalService.fetchResourcePermission(
role.getCompanyId(), DDMFormInstance.class.getName(),
ResourceConstants.SCOPE_INDIVIDUAL,
String.valueOf(formInstanceId), role.getRoleId());
}

if (published) {
resourcePermission.addResourceAction(
DDMActionKeys.ADD_FORM_INSTANCE_RECORD);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -177,12 +177,16 @@ long formInstanceId = ddmFormDisplayContext.getFormInstanceId();
</div>

<aui:script use="aui-base">
function <portlet:namespace />clearInterval(intervalId) {
if (intervalId) {
clearInterval(intervalId);
}
}

var <portlet:namespace />intervalId;

function <portlet:namespace />clearPortletHandlers(event) {
if (<portlet:namespace />intervalId) {
clearInterval(<portlet:namespace />intervalId);
}
<portlet:namespace />clearInterval(<portlet:namespace />intervalId);

Liferay.detach('destroyPortlet', <portlet:namespace />clearPortletHandlers);
}
Expand Down Expand Up @@ -211,6 +215,10 @@ long formInstanceId = ddmFormDisplayContext.getFormInstanceId();
<portlet:param name="preview" value="<%= String.valueOf(ddmFormDisplayContext.isPreview()) %>" />
</liferay-portlet:resourceURL>

Liferay.on('sessionExpired', function (event) {
<portlet:namespace />clearInterval(<portlet:namespace />intervalId);
});

function <portlet:namespace />autoSave() {
const data = new URLSearchParams({
<portlet:namespace />formInstanceId: <%= formInstanceId %>,
Expand All @@ -226,9 +234,7 @@ long formInstanceId = ddmFormDisplayContext.getFormInstanceId();
}

function <portlet:namespace />startAutoSave() {
if (<portlet:namespace />intervalId) {
clearInterval(<portlet:namespace />intervalId);
}
<portlet:namespace />clearInterval(<portlet:namespace />intervalId);

<portlet:namespace />intervalId = setInterval(
<portlet:namespace />autoSave,
Expand All @@ -238,9 +244,7 @@ long formInstanceId = ddmFormDisplayContext.getFormInstanceId();
</c:when>
<c:otherwise>
function <portlet:namespace />startAutoExtendSession() {
if (<portlet:namespace />intervalId) {
clearInterval(<portlet:namespace />intervalId);
}
<portlet:namespace />clearInterval(<portlet:namespace />intervalId);

var tenSeconds = 10000;

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ dependencies {
compileOnly group: "com.liferay", name: "com.liferay.staging.api", version: "4.0.0"
compileOnly group: "com.liferay", name: "com.liferay.xstream.configurator.api", version: "4.0.0"
compileOnly group: "com.liferay.portal", name: "com.liferay.portal.impl", version: "4.0.0"
compileOnly group: "com.liferay.portal", name: "com.liferay.portal.kernel", version: "4.34.0"
compileOnly group: "com.liferay.portal", name: "com.liferay.portal.kernel", version: "default"
compileOnly group: "com.liferay.portal", name: "com.liferay.util.java", version: "4.0.0"
compileOnly group: "javax.mail", name: "mail", version: "1.4"
compileOnly group: "javax.portlet", name: "portlet-api", version: "3.0.1"
Expand All @@ -42,7 +42,7 @@ dependencies {
compileOnly group: "org.osgi", name: "osgi.core", version: "6.0.0"

testCompile group: "commons-configuration", name: "commons-configuration", version: "1.10"
testCompile group: "org.dom4j", name: "dom4j", version: "2.0.0"
testCompile group: "org.dom4j", name: "dom4j", version: "2.1.3"
testCompile group: "org.jodd", name: "jodd-bean", version: "3.6.4"
testCompile group: "org.jodd", name: "jodd-json", version: "3.6.4"
testCompile group: "org.json", name: "json", version: "20180813"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,6 @@
import com.liferay.portal.kernel.template.Template;
import com.liferay.portal.kernel.template.TemplateConstants;
import com.liferay.portal.kernel.template.TemplateException;
import com.liferay.portal.kernel.template.TemplateManager;
import com.liferay.portal.kernel.template.TemplateManagerUtil;
import com.liferay.portal.kernel.template.TemplateResource;
import com.liferay.portal.kernel.template.TemplateResourceLoaderUtil;
Expand Down Expand Up @@ -661,12 +660,7 @@ protected String processFTL(
template.put(entry.getKey(), entry.getValue());
}

TemplateManager templateManager =
TemplateManagerUtil.getTemplateManager(
TemplateConstants.LANG_TYPE_FTL);

templateManager.addTaglibSupport(
template, httpServletRequest, httpServletResponse);
template.prepareTaglib(httpServletRequest, httpServletResponse);

return processFTL(httpServletRequest, httpServletResponse, template);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,15 +21,24 @@
import com.liferay.dynamic.data.mapping.storage.DDMFormValues;
import com.liferay.portal.aop.AopService;
import com.liferay.portal.kernel.exception.PortalException;
import com.liferay.portal.kernel.json.JSONArray;
import com.liferay.portal.kernel.json.JSONFactory;
import com.liferay.portal.kernel.json.JSONObject;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.security.permission.ActionKeys;
import com.liferay.portal.kernel.security.permission.resource.ModelResourcePermission;
import com.liferay.portal.kernel.security.permission.resource.PortletResourcePermission;
import com.liferay.portal.kernel.service.ServiceContext;
import com.liferay.portal.kernel.util.OrderByComparator;
import com.liferay.portal.kernel.util.StringUtil;

import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.stream.Collectors;
import java.util.stream.Stream;

import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
Expand Down Expand Up @@ -160,8 +169,34 @@ public List<DDMDataProviderInstance> search(
long companyId, long[] groupIds, String keywords, int start, int end,
OrderByComparator<DDMDataProviderInstance> orderByComparator) {

return ddmDataProviderInstanceFinder.filterByKeywords(
companyId, groupIds, keywords, start, end, orderByComparator);
List<DDMDataProviderInstance> ddmDataProviderInstances =
ddmDataProviderInstanceFinder.filterByKeywords(
companyId, groupIds, keywords, start, end, orderByComparator);

Stream<DDMDataProviderInstance> ddmDataProviderInstanceStream =
ddmDataProviderInstances.stream();

return ddmDataProviderInstanceStream.filter(
ddmDataProviderInstance -> {
try {
return _ddmDataProviderInstanceModelResourcePermission.
contains(
getPermissionChecker(),
ddmDataProviderInstance.getDataProviderInstanceId(),
ActionKeys.VIEW);
}
catch (PortalException portalException) {
_log.error(portalException, portalException);

return false;
}
}
).map(
ddmDataProviderInstance -> _removeAuthenticationData(
ddmDataProviderInstance)
).collect(
Collectors.toList()
);
}

@Override
Expand Down Expand Up @@ -205,12 +240,77 @@ public DDMDataProviderInstance updateDataProviderInstance(
ddmFormValues, serviceContext);
}

@Reference(unbind = "-")
protected void setJSONFactory(JSONFactory jsonFactory) {
_jsonFactory = jsonFactory;
}

private JSONArray _filterFieldValues(JSONArray fieldValuesJSONArray) {
JSONArray filteredFieldValuesJSONArray = _jsonFactory.createJSONArray();

Iterator iterator = fieldValuesJSONArray.iterator();

while (iterator.hasNext()) {
JSONObject fieldValueJSONObject = (JSONObject)iterator.next();

String fieldValueName = fieldValueJSONObject.getString("name");

if (StringUtil.equals(fieldValueName, "password") ||
StringUtil.equals(fieldValueName, "username")) {

continue;
}

filteredFieldValuesJSONArray.put(fieldValueJSONObject);
}

return filteredFieldValuesJSONArray;
}

private DDMDataProviderInstance _removeAuthenticationData(
DDMDataProviderInstance ddmDataProviderInstance) {

try {
JSONObject definitionJSONObject = _jsonFactory.createJSONObject(
ddmDataProviderInstance.getDefinition());

if (!definitionJSONObject.has("fieldValues")) {
return ddmDataProviderInstance;
}

JSONArray fieldValuesJSONArray = definitionJSONObject.getJSONArray(
"fieldValues");

definitionJSONObject.put(
"fieldValues", _filterFieldValues(fieldValuesJSONArray));

ddmDataProviderInstance.setDefinition(
definitionJSONObject.toJSONString());
}
catch (Exception exception) {
if (_log.isWarnEnabled()) {
_log.warn(
"Unable to remove authentication data from data " +
"providers search",
exception);
}
}

return ddmDataProviderInstance;
}

private static final Log _log = LogFactoryUtil.getLog(
DDMDataProviderInstanceServiceImpl.class);

@Reference(
target = "(model.class.name=com.liferay.dynamic.data.mapping.model.DDMDataProviderInstance)"
)
private ModelResourcePermission<DDMDataProviderInstance>
_ddmDataProviderInstanceModelResourcePermission;

@Reference
private JSONFactory _jsonFactory;

@Reference(target = "(resource.name=" + DDMConstants.RESOURCE_NAME + ")")
private PortletResourcePermission _portletResourcePermission;

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,11 +16,7 @@
<action-key>ADD_FORM_INSTANCE</action-key>
<action-key>ADD_STRUCTURE</action-key>
</supports>
<site-member-defaults>
<action-key>ADD_DATA_PROVIDER_INSTANCE</action-key>
<action-key>ADD_FORM_INSTANCE</action-key>
<action-key>ADD_STRUCTURE</action-key>
</site-member-defaults>
<site-member-defaults />
<guest-defaults />
<guest-unsupported>
<action-key>ADD_DATA_PROVIDER_INSTANCE</action-key>
Expand Down Expand Up @@ -69,9 +65,7 @@
<site-member-defaults>
<action-key>VIEW</action-key>
</site-member-defaults>
<guest-defaults>
<action-key>VIEW</action-key>
</guest-defaults>
<guest-defaults />
<guest-unsupported>
<action-key>DELETE</action-key>
<action-key>PERMISSIONS</action-key>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ dependencies {
testCompile group: "commons-lang", name: "commons-lang", version: "2.6"
testCompile group: "javax.portlet", name: "portlet-api", version: "3.0.1"
testCompile group: "org.apache.felix", name: "org.apache.felix.http.servlet-api", version: "1.1.2"
testCompile group: "org.dom4j", name: "dom4j", version: "2.0.0"
testCompile group: "org.dom4j", name: "dom4j", version: "2.1.3"
testCompile group: "org.jabsorb", name: "jabsorb", version: "1.3.1"
testCompile group: "org.jodd", name: "jodd-bean", version: "3.6.4"
testCompile group: "org.jodd", name: "jodd-json", version: "3.6.4"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ dependencies {
compileOnly group: "com.liferay.portal", name: "com.liferay.portal.impl", version: "4.0.0"
compileOnly group: "com.liferay.portal", name: "com.liferay.portal.kernel", version: "4.34.0"
compileOnly group: "com.liferay.portal", name: "com.liferay.util.java", version: "4.0.0"
compileOnly group: "com.thoughtworks.xstream", name: "xstream", version: "1.4.11.1"
compileOnly group: "com.thoughtworks.xstream", name: "xstream", version: "1.4.15"
compileOnly group: "commons-lang", name: "commons-lang", version: "2.6"
compileOnly group: "javax.portlet", name: "portlet-api", version: "3.0.1"
compileOnly group: "org.apache.felix", name: "org.apache.felix.http.servlet-api", version: "1.1.2"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2363,6 +2363,8 @@ public long publishLayouts(
long userId, ExportImportConfiguration exportImportConfiguration)
throws PortalException {

_checkPermission(exportImportConfiguration);

Map<String, Serializable> settingsMap =
exportImportConfiguration.getSettingsMap();

Expand Down Expand Up @@ -3654,6 +3656,8 @@ protected long doCopyRemoteLayouts(
boolean secureConnection, boolean remotePrivateLayout)
throws PortalException {

_checkPermission(exportImportConfiguration);

Map<String, Serializable> settingsMap =
exportImportConfiguration.getSettingsMap();

Expand Down Expand Up @@ -4163,6 +4167,15 @@ protected void setRecentLayoutSetBranchId(
ProxiedLayoutsThreadLocal.clearProxiedLayouts();
}

private void _checkPermission(
ExportImportConfiguration exportImportConfiguration)
throws PortalException {

GroupPermissionUtil.check(
PermissionThreadLocal.getPermissionChecker(),
exportImportConfiguration.getGroupId(), ActionKeys.PUBLISH_STAGING);
}

private void _setGroupTypeSetting(long groupId, String key, String value) {
Group group = _groupLocalService.fetchGroup(groupId);

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
import com.liferay.portal.kernel.exception.PortalException;
import com.liferay.portal.kernel.exception.SystemException;
import com.liferay.portal.kernel.jsonwebservice.JSONWebService;
import com.liferay.portal.kernel.jsonwebservice.JSONWebServiceMode;
import com.liferay.portal.kernel.security.access.control.AccessControlled;
import com.liferay.portal.kernel.service.BaseService;
import com.liferay.portal.kernel.service.ServiceContext;
Expand Down Expand Up @@ -48,6 +49,7 @@ public interface FlagsEntryService extends BaseService {
*
* Never modify or reference this interface directly. Always use {@link FlagsEntryServiceUtil} to access the flags entry remote service. Add custom service methods to <code>com.liferay.flags.service.impl.FlagsEntryServiceImpl</code> and rerun ServiceBuilder to automatically copy the method declarations to this interface.
*/
@JSONWebService(mode = JSONWebServiceMode.IGNORE)
public void addEntry(
String className, long classPK, String reporterEmailAddress,
long reportedUserId, String contentTitle, String contentURL,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -261,16 +261,13 @@ protected void notify(
subscriptionSender.setBody(body);
subscriptionSender.setCompanyId(company.getCompanyId());
subscriptionSender.setContextAttributes(
"[$CONTENT_ID$]", contentId, "[$CONTENT_TYPE$]", contentType,
"[$CONTENT_ID$]", contentId, "[$CONTENT_TITLE$]", contentTitle,
"[$CONTENT_TYPE$]", contentType, "[$CONTENT_URL$]", contentURL,
"[$DATE$]", now.toString(), "[$REASON$]", reason,
"[$REPORTED_USER_ADDRESS$]", reportedEmailAddress,
"[$REPORTED_USER_NAME$]", reportedUserName, "[$REPORTED_USER_URL$]",
reportedUserURL, "[$REPORTER_USER_ADDRESS$]", reporterEmailAddress,
"[$REPORTER_USER_NAME$]", reporterUserName);
subscriptionSender.setContextAttribute(
"[$CONTENT_TITLE$]", contentTitle, false);
subscriptionSender.setContextAttribute(
"[$CONTENT_URL$]", contentURL, false);
subscriptionSender.setCreatorUserId(reporterUserId);
subscriptionSender.setFrom(fromAddress, fromName);
subscriptionSender.setHtmlFormat(true);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,8 @@
import com.liferay.portal.aop.AopService;
import com.liferay.portal.kernel.exception.EmailAddressException;
import com.liferay.portal.kernel.exception.PortalException;
import com.liferay.portal.kernel.jsonwebservice.JSONWebService;
import com.liferay.portal.kernel.jsonwebservice.JSONWebServiceMode;
import com.liferay.portal.kernel.messaging.DestinationNames;
import com.liferay.portal.kernel.messaging.Message;
import com.liferay.portal.kernel.messaging.MessageBus;
Expand All @@ -40,6 +42,7 @@
)
public class FlagsEntryServiceImpl extends FlagsEntryServiceBaseImpl {

@JSONWebService(mode = JSONWebServiceMode.IGNORE)
@Override
public void addEntry(
String className, long classPK, String reporterEmailAddress,
Expand Down
3 changes: 3 additions & 0 deletions modules/apps/flags/flags-taglib/package.json
Original file line number Diff line number Diff line change
@@ -1,11 +1,14 @@
{
"dependencies": {
"@clayui/alert": "3.2.0",
"@clayui/button": "3.0.0",
"@clayui/icon": "3.0.0",
"@clayui/modal": "3.0.0",
"clay-button": "2.18.1",
"clay-icon": "2.18.1",

"frontend-js-web": "*",
"metal-dom": "2.16.8",
"metal-soy": "2.16.8",
"metal-state": "2.16.8",
"prop-types": "15.7.2",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@
import com.liferay.portal.kernel.model.User;
import com.liferay.portal.kernel.theme.ThemeDisplay;
import com.liferay.portal.kernel.util.AggregateResourceBundle;
import com.liferay.portal.kernel.util.HashMapBuilder;
import com.liferay.portal.kernel.util.PortalUtil;
import com.liferay.portal.kernel.util.PortletKeys;
import com.liferay.portal.kernel.util.ResourceBundleUtil;
Expand Down Expand Up @@ -177,12 +178,14 @@ private Map<String, Object> _getData(String message)

data.put("context", context);

Map<String, Object> props = new HashMap<>();

ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(
WebKeys.THEME_DISPLAY);

props.put("baseData", _getDataJSONObject(themeDisplay));
Map<String, Object> props = HashMapBuilder.<String, Object>put(
"baseData", _getDataJSONObject(themeDisplay)
).put(
"captchaURI", FlagsTagUtil.getCaptchaURI(request)
).build();

Company company = themeDisplay.getCompany();

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
import com.liferay.portal.kernel.exception.PortalException;
import com.liferay.portal.kernel.language.LanguageUtil;
import com.liferay.portal.kernel.module.configuration.ConfigurationProviderUtil;
import com.liferay.portal.kernel.portlet.LiferayPortletURL;
import com.liferay.portal.kernel.portlet.PortletURLFactoryUtil;
import com.liferay.portal.kernel.portlet.PortletURLUtil;
import com.liferay.portal.kernel.theme.ThemeDisplay;
Expand All @@ -40,6 +41,17 @@
*/
public class FlagsTagUtil {

public static String getCaptchaURI(HttpServletRequest httpServletRequest) {
LiferayPortletURL captchaResourceURL = PortletURLFactoryUtil.create(
httpServletRequest, PortletKeys.FLAGS,
PortletRequest.RESOURCE_PHASE);

captchaResourceURL.setCopyCurrentRenderParameters(false);
captchaResourceURL.setResourceID("/flags/get_captcha");

return captchaResourceURL.toString();
}

public static String getCurrentURL(HttpServletRequest httpServletRequest) {
PortletRequest portletRequest =
(PortletRequest)httpServletRequest.getAttribute(
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
/**
* Copyright (c) 2000-present Liferay, Inc. All rights reserved.
*
* This library is free software; you can redistribute it and/or modify it under
* the terms of the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 2.1 of the License, or (at your option)
* any later version.
*
* This library is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
* details.
*/

import {fetch} from 'frontend-js-web';
import {globalEval} from 'metal-dom';
import PropTypes from 'prop-types';
import React, {useEffect, useLayoutEffect, useRef, useState} from 'react';

function Captcha({uri}) {
const ref = useRef(null);
const [html, setHtml] = useState(null);

useEffect(() => {
fetch(uri)
.then(res => res.text())
.then(setHtml);
}, [uri]);

useLayoutEffect(() => {
if (html) {
ref.current.innerHTML = html;
globalEval.runScriptsInElement(ref.current);
}
}, [html]);

return html ? <div className="captcha w-50" ref={ref} /> : null;
}

Captcha.propTypes = {
uri: PropTypes.string.isRequired
};

export default Captcha;
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ import FlagsModal from './FlagsModal.es';

const Flags = ({
baseData,
captchaURI,
companyName,
disabled = false,
forceLogin = false,
Expand All @@ -47,6 +48,7 @@ const Flags = ({
const [status, setStatus] = useState(
forceLogin ? STATUS_LOGIN : STATUS_REPORT
);
const [error, setError] = useState(null);

const [otherReason, setOtherReason] = useState('');
const [reporterEmailAddress, setReporterEmailAddress] = useState('');
Expand All @@ -68,6 +70,7 @@ const Flags = ({
};

const handleClickClose = () => {
setError(false);
setReportDialogOpen(false);
};

Expand Down Expand Up @@ -105,15 +108,16 @@ const Flags = ({
}

fetch(uri, {
body: objectToFormData(formDataObj),
body: objectToFormData(formDataObj, new FormData(event.target)),
method: 'post'
})
.then(({status}) => {
.then(res => res.json())
.then(({error}) => {
if (isMounted()) {
if (status === Liferay.STATUS_CODE.OK) {
setError(error);
setIsSending(false);
if (!error) {
setStatus(STATUS_SUCCESS);
} else {
setStatus(STATUS_ERROR);
}
}
})
Expand Down Expand Up @@ -154,7 +158,9 @@ const Flags = ({
</ClayButton>
{reportDialogOpen && (
<FlagsModal
captchaURI={captchaURI}
companyName={companyName}
error={error}
handleClose={handleClickClose}
handleInputChange={handleInputChange}
handleSubmit={handleSubmitReport}
Expand All @@ -172,6 +178,7 @@ const Flags = ({
};
Flags.propTypes = {
baseData: PropTypes.object.isRequired,
captchaURI: PropTypes.string.isRequired,
companyName: PropTypes.string.isRequired,
disabled: PropTypes.bool,
forceLogin: PropTypes.bool,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
* details.
*/

import ClayAlert from '@clayui/alert';
import ClayButton from '@clayui/button';
import ClayModal from '@clayui/modal';
import PropTypes from 'prop-types';
Expand All @@ -26,8 +27,11 @@ import {
STATUS_SUCCESS
} from '../constants.es';
import {sub} from '../utils.es';
import Captcha from './Captcha.es';

const ModalContentForm = ({
captchaURI,
error,
handleClose,
handleInputChange,
handleSubmit,
Expand All @@ -42,6 +46,14 @@ const ModalContentForm = ({
return (
<form onSubmit={handleSubmit}>
<ClayModal.Body>
{error && (
<ClayAlert
displayType="danger"
title={Liferay.Language.get('error')}
>
{error}
</ClayAlert>
)}
<p>
{sub(
Liferay.Language.get(
Expand Down Expand Up @@ -113,6 +125,7 @@ const ModalContentForm = ({
/>
</div>
)}
{captchaURI && <Captcha uri={captchaURI} />}
</ClayModal.Body>
<ClayModal.Footer
last={
Expand Down Expand Up @@ -192,7 +205,9 @@ const ModalBody = ({companyName, status}) => {
};

const FlagsModal = ({
captchaURI,
companyName,
error,
handleClose,
handleInputChange,
handleSubmit,
Expand All @@ -211,6 +226,8 @@ const FlagsModal = ({
</ClayModal.Header>
{status === STATUS_REPORT ? (
<ModalContentForm
captchaURI={captchaURI}
error={error}
handleClose={handleClose}
handleInputChange={handleInputChange}
handleSubmit={handleSubmit}
Expand Down Expand Up @@ -244,7 +261,9 @@ const FlagsModal = ({
};

FlagsModal.propTypes = {
captchaURI: PropTypes.string.isRequired,
companyName: PropTypes.string.isRequired,
error: PropTypes.string,
handleClose: PropTypes.func.isRequired,
handleInputChange: PropTypes.func.isRequired,
handleSubmit: PropTypes.func.isRequired,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ const formDataToObject = formData =>
);

function _renderFlagsComponent({
captchaURI = '',
companyName = 'Liferay',
baseData = {},
onlyIcon = false,
Expand All @@ -45,6 +46,7 @@ function _renderFlagsComponent({
return render(
<Flags
baseData={baseData}
captchaURI={captchaURI}
companyName={companyName}
onlyIcon={onlyIcon}
pathTermsOfUse={pathTermsOfUse}
Expand Down Expand Up @@ -87,6 +89,10 @@ describe('Flags', () => {

const form = await waitForElement(() => getByRole('form'));

[...form.elements].forEach(element => {
element.value = 'someValue';
});

fireEvent.submit(form);
});

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ import {
} from '../../../src/main/resources/META-INF/resources/flags/js/constants.es';

function _renderFlagsModalComponent({
captchaURI = '',
companyName = 'Liferay',
handleClose = () => {},
handleInputChange = () => {},
Expand All @@ -42,6 +43,7 @@ function _renderFlagsModalComponent({

return render(
<FlagsModal
captchaURI={captchaURI}
companyName={companyName}
handleClose={handleClose}
handleInputChange={handleInputChange}
Expand Down
2 changes: 2 additions & 0 deletions modules/apps/flags/flags-web/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -13,5 +13,7 @@ dependencies {
compileOnly group: "javax.portlet", name: "portlet-api", version: "3.0.1"
compileOnly group: "org.apache.felix", name: "org.apache.felix.http.servlet-api", version: "1.1.2"
compileOnly group: "org.osgi", name: "org.osgi.service.component.annotations", version: "1.3.0"
compileOnly project(":apps:captcha:captcha-api")
compileOnly project(":apps:captcha:captcha-taglib")
compileOnly project(":core:petra:petra-string")
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
/**
* Copyright (c) 2000-present Liferay, Inc. All rights reserved.
*
* This library is free software; you can redistribute it and/or modify it under
* the terms of the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 2.1 of the License, or (at your option)
* any later version.
*
* This library is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
* details.
*/

package com.liferay.flags.web.internal.portlet.action;

import com.liferay.captcha.util.CaptchaUtil;
import com.liferay.flags.web.internal.constants.FlagsPortletKeys;
import com.liferay.portal.kernel.portlet.bridges.mvc.MVCResourceCommand;

import java.io.IOException;

import javax.portlet.PortletException;
import javax.portlet.ResourceRequest;
import javax.portlet.ResourceResponse;

import org.osgi.service.component.annotations.Component;

/**
* @author Alejandro Tardín
*/
@Component(
immediate = true,
property = {
"javax.portlet.name=" + FlagsPortletKeys.FLAGS,
"mvc.command.name=/flags/captcha"
},
service = MVCResourceCommand.class
)
public class CaptchaMVCResourceCommand implements MVCResourceCommand {

@Override
public boolean serveResource(
ResourceRequest resourceRequest, ResourceResponse resourceResponse)
throws PortletException {

try {
CaptchaUtil.serveImage(resourceRequest, resourceResponse);

return false;
}
catch (IOException ioException) {
throw new PortletException(ioException);
}
}

}
Original file line number Diff line number Diff line change
Expand Up @@ -14,13 +14,24 @@

package com.liferay.flags.web.internal.portlet.action;

import com.liferay.captcha.util.CaptchaUtil;
import com.liferay.flags.service.FlagsEntryService;
import com.liferay.flags.web.internal.constants.FlagsPortletKeys;
import com.liferay.portal.kernel.captcha.CaptchaException;
import com.liferay.portal.kernel.captcha.CaptchaTextException;
import com.liferay.portal.kernel.json.JSONFactoryUtil;
import com.liferay.portal.kernel.json.JSONObject;
import com.liferay.portal.kernel.language.LanguageUtil;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.portlet.JSONPortletResponseUtil;
import com.liferay.portal.kernel.portlet.bridges.mvc.BaseMVCActionCommand;
import com.liferay.portal.kernel.portlet.bridges.mvc.MVCActionCommand;
import com.liferay.portal.kernel.service.ServiceContext;
import com.liferay.portal.kernel.service.ServiceContextFactory;
import com.liferay.portal.kernel.theme.ThemeDisplay;
import com.liferay.portal.kernel.util.ParamUtil;
import com.liferay.portal.kernel.util.WebKeys;

import javax.portlet.ActionRequest;
import javax.portlet.ActionResponse;
Expand All @@ -46,32 +57,74 @@ protected void doProcessAction(
ActionRequest actionRequest, ActionResponse actionResponse)
throws Exception {

String className = ParamUtil.getString(actionRequest, "className");
long classPK = ParamUtil.getLong(actionRequest, "classPK");
String reporterEmailAddress = ParamUtil.getString(
actionRequest, "reporterEmailAddress");
long reportedUserId = ParamUtil.getLong(
actionRequest, "reportedUserId");
String contentTitle = ParamUtil.getString(
actionRequest, "contentTitle");
String contentURL = ParamUtil.getString(actionRequest, "contentURL");
String reason = ParamUtil.getString(actionRequest, "reason");

ServiceContext serviceContext = ServiceContextFactory.getInstance(
"com.liferay.portlet.flags.model.FlagsEntry", actionRequest);

_flagsEntryService.addEntry(
className, classPK, reporterEmailAddress, reportedUserId,
contentTitle, contentURL, reason, serviceContext);

actionResponse.setRenderParameter("mvcPath", "/view.jsp");
JSONObject jsonObject = JSONFactoryUtil.createJSONObject();

try {
CaptchaUtil.check(actionRequest);

String className = ParamUtil.getString(actionRequest, "className");
long classPK = ParamUtil.getLong(actionRequest, "classPK");
String reporterEmailAddress = ParamUtil.getString(
actionRequest, "reporterEmailAddress");
long reportedUserId = ParamUtil.getLong(
actionRequest, "reportedUserId");
String contentTitle = ParamUtil.getString(
actionRequest, "contentTitle");
String contentURL = ParamUtil.getString(
actionRequest, "contentURL");
String reason = ParamUtil.getString(actionRequest, "reason");

ServiceContext serviceContext = ServiceContextFactory.getInstance(
"com.liferay.portlet.flags.model.FlagsEntry", actionRequest);

_flagsEntryService.addEntry(
className, classPK, reporterEmailAddress, reportedUserId,
contentTitle, contentURL, reason, serviceContext);
}
catch (CaptchaException captchaException) {
ThemeDisplay themeDisplay =
(ThemeDisplay)actionRequest.getAttribute(WebKeys.THEME_DISPLAY);

jsonObject.put(
"error",
LanguageUtil.get(
themeDisplay.getRequest(),
_getCaptchaExceptionErrorMessageKey(captchaException)));
}
catch (Exception exception) {
_log.error(exception, exception);

ThemeDisplay themeDisplay =
(ThemeDisplay)actionRequest.getAttribute(WebKeys.THEME_DISPLAY);

jsonObject.put(
"error",
LanguageUtil.get(
themeDisplay.getRequest(), "an-unexpected-error-occurred"));
}

JSONPortletResponseUtil.writeJSON(
actionRequest, actionResponse, jsonObject);
}

@Reference(unbind = "-")
protected void setFlagsEntryService(FlagsEntryService flagsEntryService) {
_flagsEntryService = flagsEntryService;
}

private String _getCaptchaExceptionErrorMessageKey(
CaptchaException captchaException) {

if (captchaException instanceof CaptchaTextException) {
return "text-verification-failed";
}

return "captcha-verification-failed";
}

private static final Log _log = LogFactoryUtil.getLog(
EditEntryMVCActionCommand.class);

private FlagsEntryService _flagsEntryService;

}
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
/**
* Copyright (c) 2000-present Liferay, Inc. All rights reserved.
*
* This library is free software; you can redistribute it and/or modify it under
* the terms of the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 2.1 of the License, or (at your option)
* any later version.
*
* This library is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
* details.
*/

package com.liferay.flags.web.internal.portlet.action;

import com.liferay.flags.web.internal.constants.FlagsPortletKeys;
import com.liferay.portal.kernel.portlet.bridges.mvc.BaseMVCResourceCommand;
import com.liferay.portal.kernel.portlet.bridges.mvc.MVCResourceCommand;

import javax.portlet.ResourceRequest;
import javax.portlet.ResourceResponse;

import org.osgi.service.component.annotations.Component;

/**
* @author Alejandro Tardín
*/
@Component(
immediate = true,
property = {
"javax.portlet.name=" + FlagsPortletKeys.FLAGS,
"mvc.command.name=/flags/get_captcha"
},
service = MVCResourceCommand.class
)
public class GetCaptchaMVCResourceCommand extends BaseMVCResourceCommand {

@Override
protected void doServeResource(
ResourceRequest resourceRequest, ResourceResponse resourceResponse)
throws Exception {

include(resourceRequest, resourceResponse, "/get_captcha.jsp");
}

}
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
<%--
/**
* Copyright (c) 2000-present Liferay, Inc. All rights reserved.
*
* This library is free software; you can redistribute it and/or modify it under
* the terms of the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 2.1 of the License, or (at your option)
* any later version.
*
* This library is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
* details.
*/
--%>

<%@ include file="/init.jsp" %>

<liferay-portlet:resourceURL copyCurrentRenderParameters="<%= false %>" id="/flags/captcha" var="captchaURL" />

<liferay-captcha:captcha
url="<%= captchaURL %>"
/>
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,10 @@
*/
--%>

<%@ taglib uri="http://liferay.com/tld/flags" prefix="liferay-flags" %><%@
<%@ taglib uri="http://liferay.com/tld/captcha" prefix="liferay-captcha" %><%@
taglib uri="http://liferay.com/tld/flags" prefix="liferay-flags" %><%@
taglib uri="http://liferay.com/tld/frontend" prefix="liferay-frontend" %><%@
taglib uri="http://liferay.com/tld/portlet" prefix="liferay-portlet" %><%@
taglib uri="http://liferay.com/tld/theme" prefix="liferay-theme" %>

<%@ page import="com.liferay.portal.kernel.model.Group" %><%@
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ dependencies {
compileOnly group: "com.liferay", name: "com.liferay.petra.string", version: "3.0.0"
compileOnly group: "com.liferay", name: "com.liferay.portal.configuration.metatype.api", version: "2.0.0"
compileOnly group: "com.liferay", name: "com.liferay.segments.api", version: "1.9.0"
compileOnly group: "com.liferay.portal", name: "com.liferay.portal.kernel", version: "4.34.0"
compileOnly group: "com.liferay.portal", name: "com.liferay.portal.kernel", version: "default"
compileOnly group: "org.apache.felix", name: "org.apache.felix.http.servlet-api", version: "1.1.2"
compileOnly group: "org.osgi", name: "org.osgi.service.component.annotations", version: "1.3.0"
}
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,6 @@
import com.liferay.portal.kernel.template.Template;
import com.liferay.portal.kernel.template.TemplateConstants;
import com.liferay.portal.kernel.template.TemplateException;
import com.liferay.portal.kernel.template.TemplateManager;
import com.liferay.portal.kernel.template.TemplateManagerUtil;
import com.liferay.portal.kernel.util.ResourceBundleUtil;
import com.liferay.portal.kernel.util.Validator;
Expand Down Expand Up @@ -113,10 +112,6 @@ public String processFragmentEntryLinkHTML(

template.put(TemplateConstants.WRITER, unsyncStringWriter);

TemplateManager templateManager =
TemplateManagerUtil.getTemplateManager(
TemplateConstants.LANG_TYPE_FTL);

Map<String, Object> contextObjects = new HashMap<>();

JSONObject configurationValuesJSONObject =
Expand All @@ -135,10 +130,10 @@ public String processFragmentEntryLinkHTML(
configurationValuesJSONObject,
fragmentEntryLink.getConfiguration()));

templateManager.addContextObjects(template, contextObjects);
template.putAll(contextObjects);

templateManager.addTaglibSupport(
template, fragmentEntryProcessorContext.getHttpServletRequest(),
template.prepareTaglib(
fragmentEntryProcessorContext.getHttpServletRequest(),
fragmentEntryProcessorContext.getHttpServletResponse());

template.prepare(fragmentEntryProcessorContext.getHttpServletRequest());
Expand Down Expand Up @@ -187,10 +182,6 @@ public void validateFragmentEntryHTML(String html, String configuration)
(httpServletRequest.getAttribute(WebKeys.THEME_DISPLAY) !=
null)) {

TemplateManager templateManager =
TemplateManagerUtil.getTemplateManager(
TemplateConstants.LANG_TYPE_FTL);

Map<String, Object> contextObjects = new HashMap<>();

JSONObject configurationDefaultValuesJSONObject =
Expand All @@ -207,10 +198,9 @@ public void validateFragmentEntryHTML(String html, String configuration)
FragmentEntryConfigUtil.getContextObjects(
configurationDefaultValuesJSONObject, configuration));

templateManager.addContextObjects(template, contextObjects);
template.putAll(contextObjects);

templateManager.addTaglibSupport(
template, httpServletRequest, httpServletResponse);
template.prepareTaglib(httpServletRequest, httpServletResponse);

template.prepare(httpServletRequest);

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ dependencies {
compileOnly group: "com.liferay", name: "com.liferay.info.api", version: "4.1.0"
compileOnly group: "com.liferay", name: "com.liferay.petra.string", version: "3.0.0"
compileOnly group: "com.liferay", name: "com.liferay.segments.api", version: "1.9.0"
compileOnly group: "com.liferay.portal", name: "com.liferay.portal.kernel", version: "4.34.0"
compileOnly group: "com.liferay.portal", name: "com.liferay.portal.kernel", version: "default"
compileOnly group: "javax.portlet", name: "portlet-api", version: "3.0.1"
compileOnly group: "org.apache.felix", name: "org.apache.felix.http.servlet-api", version: "1.1.2"
compileOnly group: "org.jsoup", name: "jsoup", version: "1.10.2"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,6 @@
import com.liferay.portal.kernel.template.StringTemplateResource;
import com.liferay.portal.kernel.template.Template;
import com.liferay.portal.kernel.template.TemplateConstants;
import com.liferay.portal.kernel.template.TemplateManager;
import com.liferay.portal.kernel.template.TemplateManagerUtil;
import com.liferay.portal.kernel.trash.TrashHandler;
import com.liferay.portal.kernel.trash.TrashHandlerRegistryUtil;
Expand Down Expand Up @@ -211,15 +210,7 @@ public String processTemplate(
TemplateConstants.LANG_TYPE_FTL,
new StringTemplateResource("template_id", "[#ftl] " + html), true);

TemplateManager templateManager =
TemplateManagerUtil.getTemplateManager(
TemplateConstants.LANG_TYPE_FTL);

templateManager.addTaglibSupport(
template, fragmentEntryProcessorContext.getHttpServletRequest(),
fragmentEntryProcessorContext.getHttpServletResponse());
templateManager.addTaglibTheme(
template, "taglibLiferay",
template.prepareTaglib(
fragmentEntryProcessorContext.getHttpServletRequest(),
fragmentEntryProcessorContext.getHttpServletResponse());

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -255,6 +255,13 @@ protected void validate(String name) throws PortalException {
if (Validator.isNull(name)) {
throw new FragmentCollectionNameException("Name must not be null");
}

if (name.contains(StringPool.PERIOD) ||
name.contains(StringPool.SLASH)) {

throw new FragmentCollectionNameException(
"Name contains invalid characters");
}
}

protected void validateFragmentCollectionKey(
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -758,6 +758,13 @@ protected void validate(String name) throws PortalException {
throw new FragmentEntryNameException("Name must not be null");
}

if (name.contains(StringPool.PERIOD) ||
name.contains(StringPool.SLASH)) {

throw new FragmentEntryNameException(
"Name contains invalid characters");
}

int nameMaxLength = ModelHintsUtil.getMaxLength(
FragmentEntry.class.getName(), "name");

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -302,11 +302,9 @@ private String _getCssContent() {
return _cssContent;
}

_cssContent = ParamUtil.getString(_httpServletRequest, "cssContent");

FragmentEntry fragmentEntry = getFragmentEntry();

if ((fragmentEntry != null) && Validator.isNull(_cssContent)) {
if (fragmentEntry != null) {
_cssContent = fragmentEntry.getCss();

if (Validator.isNull(_cssContent)) {
Expand Down Expand Up @@ -348,11 +346,9 @@ private String _getHtmlContent() {
return _htmlContent;
}

_htmlContent = ParamUtil.getString(_httpServletRequest, "htmlContent");

FragmentEntry fragmentEntry = getFragmentEntry();

if ((fragmentEntry != null) && Validator.isNull(_htmlContent)) {
if (fragmentEntry != null) {
_htmlContent = fragmentEntry.getHtml();

if (Validator.isNull(_htmlContent)) {
Expand All @@ -374,11 +370,9 @@ private String _getJsContent() {
return _jsContent;
}

_jsContent = ParamUtil.getString(_httpServletRequest, "jsContent");

FragmentEntry fragmentEntry = getFragmentEntry();

if ((fragmentEntry != null) && Validator.isNull(_jsContent)) {
if (fragmentEntry != null) {
_jsContent = fragmentEntry.getJs();
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -143,7 +143,7 @@ List<FragmentCollectionContributor> fragmentCollectionContributors = fragmentDis

<ul class="mb-2 nav nav-stacked">
<c:if test="<%= ListUtil.isNotEmpty(fragmentCollections) %>">
<span class="truncate-text"><%= fragmentDisplayContext.getGroupName(scopeGroupId) %></span>
<span class="truncate-text"><%= HtmlUtil.escape(fragmentDisplayContext.getGroupName(scopeGroupId)) %></span>

<%
for (FragmentCollection fragmentCollection : fragmentCollections) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ task buildCKEditorPlugins(type: Copy)
task buildCKEditorScayt(type: Copy)
task buildCKEditorWsc(type: Copy)

String ckEditorVersion = "4.11.3"
String ckEditorVersion = "4.14.1"

String ckEditorScaytUrl = "https://ckeditor.com/cke4/sites/default/files/scayt/releases/scayt_${ckEditorVersion}.zip"
String ckEditorWscUrl = "https://ckeditor.com/cke4/sites/default/files/wsc/releases/wsc_${ckEditorVersion}.zip"
Expand Down
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"dependencies": {
"liferay-ckeditor": "4.11.4-liferay.2"
"liferay-ckeditor": "4.14.1-liferay.10"
},
"name": "frontend-editor-ckeditor-web",
"scripts": {
Expand Down
Loading