Permalink
Browse files

Enforced controls on vocabulary editing operations.

  • Loading branch information...
luccioman committed Feb 20, 2018
1 parent 2532db2 commit 348d07a999f574c8b02f9a30e37091ff2eceeb33
Showing with 22 additions and 4 deletions.
  1. +3 −1 htroot/Vocabulary_p.html
  2. +19 −3 htroot/Vocabulary_p.java
@@ -106,7 +106,8 @@ <h2>Vocabulary Administration</h2>
</form>
#(create)#::
<form action="Vocabulary_p.html" id="searchform" method="get" accept-charset="UTF-8" class="form-horizontal">
<form action="Vocabulary_p.html" id="searchform" method="post" accept-charset="UTF-8" class="form-horizontal">
<input type="hidden" name="transactionToken" value="#[transactionToken]#" />
<fieldset>
<legend>Vocabulary Production</legend>
#(csvFileStatus)#
@@ -253,6 +254,7 @@ <h2>Vocabulary Administration</h2>
#(edit)#::
<form action="Vocabulary_p.html" method="post" enctype="multipart/form-data" accept-charset="UTF-8" class="form-horizontal">
<input type="hidden" name="transactionToken" value="#[transactionToken]#" />
<fieldset><legend>Vocabulary Editor</legend>
<dl>
<dt>Vocabulary Name</dt><dd>#[name]#</dd>
@@ -47,6 +47,7 @@
import net.yacy.cora.protocol.RequestHeader;
import net.yacy.cora.util.CommonPattern;
import net.yacy.cora.util.ConcurrentLog;
import net.yacy.data.TransactionManager;
import net.yacy.data.WorkTables;
import net.yacy.document.LibraryProvider;
import net.yacy.kelondro.data.meta.URIMetadataNode;
@@ -65,18 +66,30 @@
/** Logger */
private final static ConcurrentLog LOG = new ConcurrentLog(Vocabulary_p.class.getSimpleName());
public static serverObjects respond(@SuppressWarnings("unused") final RequestHeader header, final serverObjects post, final serverSwitch env) {
public static serverObjects respond(final RequestHeader header, final serverObjects post, final serverSwitch env) {
final Switchboard sb = (Switchboard) env;
final serverObjects prop = new serverObjects();
/* Acquire a transaction token for the next POST form submission */
final String nextToken = TransactionManager.getTransactionToken(header);
prop.put(TransactionManager.TRANSACTION_TOKEN_PARAM, nextToken);
prop.put("edit_" + TransactionManager.TRANSACTION_TOKEN_PARAM, nextToken);
prop.put("create_" + TransactionManager.TRANSACTION_TOKEN_PARAM, nextToken);
Collection<Tagging> vocs = LibraryProvider.autotagging.getVocabularies();
String vocabularyName = (post == null) ? null : post.get("vocabulary", null);
String discovername = (post == null) ? null : post.get("discovername", null);
Tagging vocabulary = vocabularyName == null ? null : LibraryProvider.autotagging.getVocabulary(vocabularyName);
if (vocabulary == null) vocabularyName = null;
if (vocabulary == null) {
vocabularyName = null;
}
if (post != null) {
// create a vocabulary
if (vocabulary == null && discovername != null && discovername.length() > 0) {
/* Check the transaction is valid */
TransactionManager.checkPostTransaction(header, post);
// get details of creation
String discoverobjectspace = post.get("discoverobjectspace", "");
MultiProtocolURL discoveruri = null;
@@ -189,7 +202,10 @@ public static serverObjects respond(@SuppressWarnings("unused") final RequestHea
LOG.severe("Could not write vocabulary file at " + vocabPath, e);
}
}
} else if (vocabulary != null) {
} else if (vocabulary != null && post.containsKey("set")) {
/* Check the transaction is valid */
TransactionManager.checkPostTransaction(header, post);
try {
// check if objectspace was set
vocabulary.setObjectspace(post.get("objectspace", vocabulary.getObjectspace() == null ? "" : vocabulary.getObjectspace()));

0 comments on commit 348d07a

Please sign in to comment.