/
UploadAction.java
313 lines (279 loc) · 12.8 KB
/
UploadAction.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
/*
* See the NOTICE file distributed with this work for additional
* information regarding copyright ownership.
*
* This is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this software; if not, write to the Free
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
package com.xpn.xwiki.web;
import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Map.Entry;
import javax.inject.Named;
import javax.inject.Singleton;
import javax.script.ScriptContext;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.exception.ExceptionUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xwiki.component.annotation.Component;
import org.xwiki.localization.LocaleUtils;
import org.xwiki.model.reference.DocumentReference;
import com.xpn.xwiki.XWikiContext;
import com.xpn.xwiki.XWikiException;
import com.xpn.xwiki.doc.XWikiAttachment;
import com.xpn.xwiki.doc.XWikiDocument;
import com.xpn.xwiki.plugin.fileupload.FileUploadPlugin;
/**
* Action that handles uploading document attachments. It saves all the uploaded files whose fieldname start with
* {@code filepath}.
*
* @version $Id$
*/
@Component
@Named("upload")
@Singleton
public class UploadAction extends XWikiAction
{
/** Logging helper object. */
private static final Logger LOGGER = LoggerFactory.getLogger(UploadAction.class);
/** The prefix of the accepted file input field name. */
private static final String FILE_FIELD_NAME = "filepath";
/** The prefix of the corresponding filename input field name. */
private static final String FILENAME_FIELD_NAME = "filename";
@Override
public boolean action(XWikiContext context) throws XWikiException
{
XWikiResponse response = context.getResponse();
Object exception = context.get("exception");
boolean ajax = ((Boolean) context.get("ajax")).booleanValue();
// check Exception File upload is large
if (exception != null) {
if (exception instanceof XWikiException) {
XWikiException exp = (XWikiException) exception;
if (exp.getCode() == XWikiException.ERROR_XWIKI_APP_FILE_EXCEPTION_MAXSIZE) {
response.setStatus(HttpServletResponse.SC_REQUEST_ENTITY_TOO_LARGE);
getCurrentScriptContext().setAttribute("message", "core.action.upload.failure.maxSize",
ScriptContext.ENGINE_SCOPE);
context.put("message", "fileuploadislarge");
return true;
}
}
}
// CSRF prevention
if (!csrfTokenCheck(context)) {
return false;
}
// We need to clone the document before we modify it because the cached storage gives the same instance to other
// requests (until the cache is invalidated).
XWikiDocument doc = context.getDoc().clone();
// It is possible to submit an attachment to a new document (the WYSIWYG content editor does it for instance).
// Let's make sure the new document is created with the right (default) language.
if (doc.isNew()) {
doc.setLocale(Locale.ROOT);
if (doc.getDefaultLocale() == Locale.ROOT) {
doc.setDefaultLocale(
LocaleUtils.toLocale(context.getWiki().getLanguagePreference(context), Locale.ROOT));
}
}
// The document is saved for each attachment in the group.
FileUploadPlugin fileupload = (FileUploadPlugin) context.get("fileuploadplugin");
if (fileupload == null) {
getCurrentScriptContext().setAttribute("message", "core.action.upload.failure.noFiles",
ScriptContext.ENGINE_SCOPE);
return true;
}
Map<String, String> fileNames = new LinkedHashMap<String, String>();
List<String> wrongFileNames = new ArrayList<String>();
Map<String, String> failedFiles = new LinkedHashMap<String, String>();
for (String fieldName : fileupload.getFileItemNames(context)) {
try {
if (fieldName.startsWith(FILE_FIELD_NAME)) {
String fileName = getFileName(fieldName, fileupload, context);
if (fileName != null) {
fileNames.put(fileName, fieldName);
}
}
} catch (Exception ex) {
wrongFileNames.add(fileupload.getFileName(fieldName, context));
}
}
for (Entry<String, String> file : fileNames.entrySet()) {
try {
uploadAttachment(file.getValue(), file.getKey(), fileupload, doc, context);
} catch (Exception ex) {
LOGGER.warn("Saving uploaded file failed", ex);
failedFiles.put(file.getKey(), ExceptionUtils.getRootCauseMessage(ex));
}
}
LOGGER.debug("Found files to upload: " + fileNames);
LOGGER.debug("Failed attachments: " + failedFiles);
LOGGER.debug("Wrong attachment names: " + wrongFileNames);
if (ajax) {
try {
response.getOutputStream().println("ok");
} catch (IOException ex) {
LOGGER.error("Unhandled exception writing output:", ex);
}
return false;
}
// Forward to the attachment page
if (failedFiles.size() > 0 || !wrongFileNames.isEmpty()) {
getCurrentScriptContext().setAttribute("message", "core.action.upload.failure", ScriptContext.ENGINE_SCOPE);
getCurrentScriptContext().setAttribute("failedFiles", failedFiles, ScriptContext.ENGINE_SCOPE);
getCurrentScriptContext().setAttribute("wrongFileNames", wrongFileNames, ScriptContext.ENGINE_SCOPE);
return true;
}
String redirect = fileupload.getFileItemAsString("xredirect", context);
if (StringUtils.isEmpty(redirect)) {
redirect = context.getDoc().getURL("attach", true, context);
}
sendRedirect(response, redirect);
return false;
}
/**
* Attach a file to the current document.
*
* @param fieldName the target file field
* @param filename
* @param fileupload the {@link FileUploadPlugin} holding the form data
* @param doc the target document
* @param context the current request context
* @return {@code true} if the file was successfully attached, {@code false} otherwise.
* @throws XWikiException if the form data cannot be accessed, or if the database operation failed
*/
public boolean uploadAttachment(String fieldName, String filename, FileUploadPlugin fileupload, XWikiDocument doc,
XWikiContext context) throws XWikiException
{
XWikiResponse response = context.getResponse();
DocumentReference usernameReference = context.getUserReference();
XWikiAttachment attachment;
try {
InputStream contentInputStream = fileupload.getFileItemInputStream(fieldName, context);
attachment = doc.setAttachment(filename, contentInputStream, context);
} catch (IOException e) {
throw new XWikiException(XWikiException.MODULE_XWIKI_APP,
XWikiException.ERROR_XWIKI_APP_UPLOAD_FILE_EXCEPTION, "Exception while reading uploaded parsed file",
e);
}
// Set the document author
doc.setAuthorReference(usernameReference);
if (doc.isNew()) {
doc.setCreatorReference(usernameReference);
}
// Calculate and store mime type
attachment.resetMimeType(context);
// Remember character encoding
attachment.setCharset(context.getRequest().getCharacterEncoding());
// Add a comment to the attachment history.
String attachmentComment = StringUtils.defaultString(context.getRequest().getParameter("comment"));
attachment.setComment(attachmentComment);
// Add a comment to the document history. Include the attachment name, revision and comment.
String documentComment;
ArrayList<String> params = new ArrayList<>();
params.add(filename);
String nextRev = attachment.getNextVersion();
if (StringUtils.isBlank(attachmentComment)) {
params.add(nextRev);
} else {
params.add(String.format("%s (%s)", nextRev, attachmentComment));
}
if (attachment.isImage(context)) {
documentComment = localizePlainOrKey("core.comment.uploadImageComment", params.toArray());
} else {
documentComment = localizePlainOrKey("core.comment.uploadAttachmentComment", params.toArray());
}
// Make sure the user is allowed to make this modification
context.getWiki().checkSavingDocument(context.getUserReference(), doc, documentComment, true, context);
// Save the document.
try {
context.getWiki().saveDocument(doc, documentComment, context);
} catch (XWikiException e) {
// check Exception is ERROR_XWIKI_APP_JAVA_HEAP_SPACE when saving Attachment
if (e.getCode() == XWikiException.ERROR_XWIKI_APP_JAVA_HEAP_SPACE) {
response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
context.put("message", "javaheapspace");
return true;
}
throw e;
}
return false;
}
/**
* Extract the corresponding attachment name for a given file field. It can either be specified in a separate form
* input field, or it is extracted from the original filename.
*
* @param fieldName the target file field
* @param fileupload the {@link FileUploadPlugin} holding the form data
* @param context the current request context
* @return a valid attachment name
* @throws XWikiException if the form data cannot be accessed, or if the specified filename is invalid
*/
protected String getFileName(String fieldName, FileUploadPlugin fileupload, XWikiContext context)
throws XWikiException
{
String filenameField = FILENAME_FIELD_NAME + fieldName.substring(FILE_FIELD_NAME.length());
String filename = null;
// Try to use the name provided by the user
filename = fileupload.getFileItemAsString(filenameField, context);
if (!StringUtils.isBlank(filename)) {
// TODO These should be supported, the URL should just contain escapes.
if (filename.indexOf("/") != -1 || filename.indexOf("\\") != -1 || filename.indexOf(";") != -1) {
throw new XWikiException(XWikiException.MODULE_XWIKI_APP, XWikiException.ERROR_XWIKI_APP_INVALID_CHARS,
"Invalid filename: " + filename);
}
}
if (StringUtils.isBlank(filename)) {
// Try to get the actual filename on the client
String fname = fileupload.getFileName(fieldName, context);
if (StringUtils.indexOf(fname, "/") >= 0) {
fname = StringUtils.substringAfterLast(fname, "/");
}
if (StringUtils.indexOf(fname, "\\") >= 0) {
fname = StringUtils.substringAfterLast(fname, "\\");
}
filename = fname;
}
// Sometimes spaces are replaced with '+' by the browser.
filename = filename.replaceAll("\\+", " ");
if (StringUtils.isBlank(filename)) {
// The file field was left empty, ignore this
return null;
}
return filename;
}
@Override
public String render(XWikiContext context) throws XWikiException
{
boolean ajax = ((Boolean) context.get("ajax")).booleanValue();
if (ajax) {
try {
context.getResponse().getOutputStream()
.println("error: " + localizePlainOrKey((String) context.get("message")));
} catch (IOException ex) {
LOGGER.error("Unhandled exception writing output:", ex);
}
return null;
}
getCurrentScriptContext().setAttribute("viewer", "uploadfailure", ScriptContext.ENGINE_SCOPE);
return "view";
}
}