Reverts previous commit which contained unexpected changes which were not yet
ready to be committed.
Only remains a not functional change, only formatting and imports cleaning of
FormRenderer.java
Sorry for the trouble
git-svn-id: https://svn.apache.org/repos/asf/ofbiz/trunk@1777448 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/applications/content/src/main/java/org/apache/ofbiz/content/content/ContentWorker.java b/applications/content/src/main/java/org/apache/ofbiz/content/content/ContentWorker.java
index f891e01..049e6eb 100644
--- a/applications/content/src/main/java/org/apache/ofbiz/content/content/ContentWorker.java
+++ b/applications/content/src/main/java/org/apache/ofbiz/content/content/ContentWorker.java
@@ -335,22 +335,18 @@
String mimeTypeId, boolean cache) throws GeneralException, IOException {
Writer writer = new StringWriter();
renderContentAsText(dispatcher, contentId, writer, templateContext, locale, mimeTypeId, null, null, cache);
- GenericValue content = EntityQuery.use(dispatcher.getDelegator()).from("Content").where("contentId", contentId).queryOne();
- String contentTypeId = content.getString("contentTypeId");
String rendered = writer.toString();
// According to https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#XSS_Prevention_Rules_Summary
// Normally head is protected by X-XSS-Protection Response Header by default
- if (!"REPORT".equals(contentTypeId)) { // FIXME here BIRT_REPORT_BUILDER_USAGE_POLICY should be used but I could not tweak it yet: the content of <script> are removed and should not. Also a more annoying no yet spotted issue with contentId dissapearing
- if (rendered.contains("<script>")
- || rendered.contains("<!--")
- || rendered.contains("<div")
- || rendered.contains("<style>")
- || rendered.contains("<span")
- || rendered.contains("<input")
- || rendered.contains("<iframe")
- || rendered.contains("<a")) {
- rendered = encoder.sanitize(rendered, contentTypeId);
- }
+ if (rendered.contains("<script>")
+ || rendered.contains("<!--")
+ || rendered.contains("<div")
+ || rendered.contains("<style>")
+ || rendered.contains("<span")
+ || rendered.contains("<input")
+ || rendered.contains("<iframe")
+ || rendered.contains("<a")) {
+ rendered = encoder.sanitize(rendered);
}
return rendered;
}
diff --git a/applications/content/src/main/java/org/apache/ofbiz/content/data/DataResourceWorker.java b/applications/content/src/main/java/org/apache/ofbiz/content/data/DataResourceWorker.java
index 338de6b..eac98f2 100644
--- a/applications/content/src/main/java/org/apache/ofbiz/content/data/DataResourceWorker.java
+++ b/applications/content/src/main/java/org/apache/ofbiz/content/data/DataResourceWorker.java
@@ -747,38 +747,13 @@
} else {
throw new GeneralException("The dataResource file [" + dataResourceId + "] could not be found");
}
- } catch (SAXException | ParserConfigurationException e) {
+ } catch (SAXException e) {
+ throw new GeneralException("Error rendering Screen template", e);
+ } catch (ParserConfigurationException e) {
throw new GeneralException("Error rendering Screen template", e);
} catch (TemplateException e) {
throw new GeneralException("Error creating Screen renderer", e);
}
- } else if ("FORM_COMBINED".equals(dataTemplateTypeId)){
- try {
- Map<String, Object> context = UtilGenerics.checkMap(templateContext.get("globalContext"));
- context.put("locale", locale);
- context.put("simpleEncoder", UtilCodec.getEncoder(UtilProperties.getPropertyValue("widget", "screen.encoder")));
- HttpServletRequest request = (HttpServletRequest) context.get("request");
- HttpServletResponse response = (HttpServletResponse) context.get("response");
- ModelForm modelForm = null;
- ModelReader entityModelReader = delegator.getModelReader();
- String formText = getDataResourceText(dataResource, targetMimeTypeId, locale, templateContext, delegator, cache);
- Document formXml = UtilXml.readXmlDocument(formText, true, true);
- Map<String, ModelForm> modelFormMap = FormFactory.readFormDocument(formXml, entityModelReader, dispatcher.getDispatchContext(), null);
-
- if (UtilValidate.isNotEmpty(modelFormMap)) {
- Map.Entry<String, ModelForm> entry = modelFormMap.entrySet().iterator().next(); // get first entry, only one form allowed per file
- modelForm = entry.getValue();
- }
- MacroFormRenderer renderer = new MacroFormRenderer(formrenderer, request, response);
- FormRenderer formRenderer = new FormRenderer(modelForm, renderer);
- formRenderer.render(out, context);
- } catch (SAXException | ParserConfigurationException e) {
- throw new GeneralException("Error rendering Screen template", e);
- } catch (TemplateException e) {
- throw new GeneralException("Error creating Screen renderer", e);
- } catch (Exception e) {
- throw new GeneralException("Error rendering Screen template", e);
- }
} else {
throw new GeneralException("The dataTemplateTypeId [" + dataTemplateTypeId + "] is not yet supported");
}
diff --git a/applications/order/src/main/java/org/apache/ofbiz/order/order/OrderContentWrapper.java b/applications/order/src/main/java/org/apache/ofbiz/order/order/OrderContentWrapper.java
index 2e4b5cb..e6c3bbd 100644
--- a/applications/order/src/main/java/org/apache/ofbiz/order/order/OrderContentWrapper.java
+++ b/applications/order/src/main/java/org/apache/ofbiz/order/order/OrderContentWrapper.java
@@ -111,7 +111,7 @@
if (UtilValidate.isEmpty(outString)) {
outString = outString == null? "" : outString;
}
- outString = encoder.sanitize(outString, null);
+ outString = encoder.sanitize(outString);
if (orderContentCache != null) {
orderContentCache.put(cacheKey, outString);
}
diff --git a/applications/party/src/main/java/org/apache/ofbiz/party/content/PartyContentWrapper.java b/applications/party/src/main/java/org/apache/ofbiz/party/content/PartyContentWrapper.java
index 4dbb12c..984acb0 100644
--- a/applications/party/src/main/java/org/apache/ofbiz/party/content/PartyContentWrapper.java
+++ b/applications/party/src/main/java/org/apache/ofbiz/party/content/PartyContentWrapper.java
@@ -168,7 +168,7 @@
outString = party.getModelEntity().isField(candidateFieldName) ? party.getString(candidateFieldName): "";
outString = outString == null? "" : outString;
}
- outString = encoder.sanitize(outString, null);
+ outString = encoder.sanitize(outString);
if (partyContentCache != null) {
partyContentCache.put(cacheKey, outString);
}
@@ -176,11 +176,11 @@
} catch (GeneralException e) {
Debug.logError(e, "Error rendering PartyContent, inserting empty String", module);
String candidateOut = party.getModelEntity().isField(candidateFieldName) ? party.getString(candidateFieldName): "";
- return candidateOut == null? "" : encoder.sanitize(candidateOut, null);
+ return candidateOut == null? "" : encoder.sanitize(candidateOut);
} catch (IOException e) {
Debug.logError(e, "Error rendering PartyContent, inserting empty String", module);
String candidateOut = party.getModelEntity().isField(candidateFieldName) ? party.getString(candidateFieldName): "";
- return candidateOut == null? "" : encoder.sanitize(candidateOut, null);
+ return candidateOut == null? "" : encoder.sanitize(candidateOut);
}
}
diff --git a/applications/product/src/main/java/org/apache/ofbiz/product/category/CategoryContentWrapper.java b/applications/product/src/main/java/org/apache/ofbiz/product/category/CategoryContentWrapper.java
index ad728be..8bc9d70 100644
--- a/applications/product/src/main/java/org/apache/ofbiz/product/category/CategoryContentWrapper.java
+++ b/applications/product/src/main/java/org/apache/ofbiz/product/category/CategoryContentWrapper.java
@@ -110,7 +110,7 @@
outString = productCategory.getModelEntity().isField(candidateFieldName) ? productCategory.getString(candidateFieldName): "";
outString = outString == null? "" : outString;
}
- outString = encoder.sanitize(outString, null);
+ outString = encoder.sanitize(outString);
if (categoryContentCache != null) {
categoryContentCache.put(cacheKey, outString);
}
diff --git a/applications/product/src/main/java/org/apache/ofbiz/product/config/ProductConfigItemContentWrapper.java b/applications/product/src/main/java/org/apache/ofbiz/product/config/ProductConfigItemContentWrapper.java
index 96ed13a..415b182 100644
--- a/applications/product/src/main/java/org/apache/ofbiz/product/config/ProductConfigItemContentWrapper.java
+++ b/applications/product/src/main/java/org/apache/ofbiz/product/config/ProductConfigItemContentWrapper.java
@@ -133,7 +133,7 @@
outString = productConfigItem.getModelEntity().isField(candidateFieldName) ? productConfigItem.getString(candidateFieldName): "";
outString = outString == null? "" : outString;
}
- outString = encoder.sanitize(outString, null);
+ outString = encoder.sanitize(outString);
if (configItemContentCache != null) {
configItemContentCache.put(cacheKey, outString);
}
@@ -141,11 +141,11 @@
} catch (GeneralException e) {
Debug.logError(e, "Error rendering ProdConfItemContent, inserting empty String", module);
String candidateOut = productConfigItem.getModelEntity().isField(candidateFieldName) ? productConfigItem.getString(candidateFieldName): "";
- return candidateOut == null? "" : encoder.sanitize(candidateOut, null);
+ return candidateOut == null? "" : encoder.sanitize(candidateOut);
} catch (IOException e) {
Debug.logError(e, "Error rendering ProdConfItemContent, inserting empty String", module);
String candidateOut = productConfigItem.getModelEntity().isField(candidateFieldName) ? productConfigItem.getString(candidateFieldName): "";
- return candidateOut == null? "" : encoder.sanitize(candidateOut, null);
+ return candidateOut == null? "" : encoder.sanitize(candidateOut);
}
}
diff --git a/applications/product/src/main/java/org/apache/ofbiz/product/product/ProductContentWrapper.java b/applications/product/src/main/java/org/apache/ofbiz/product/product/ProductContentWrapper.java
index c70a9e7..0911ec4 100644
--- a/applications/product/src/main/java/org/apache/ofbiz/product/product/ProductContentWrapper.java
+++ b/applications/product/src/main/java/org/apache/ofbiz/product/product/ProductContentWrapper.java
@@ -123,7 +123,7 @@
outString = product.getModelEntity().isField(candidateFieldName) ? product.getString(candidateFieldName): "";
outString = outString == null? "" : outString;
}
- outString = encoder.sanitize(outString, null);
+ outString = encoder.sanitize(outString);
if (productContentCache != null) {
productContentCache.put(cacheKey, outString);
}
@@ -131,11 +131,11 @@
} catch (GeneralException e) {
Debug.logError(e, "Error rendering ProductContent, inserting empty String", module);
String candidateOut = product.getModelEntity().isField(candidateFieldName) ? product.getString(candidateFieldName): "";
- return candidateOut == null? "" : encoder.sanitize(candidateOut, null);
+ return candidateOut == null? "" : encoder.sanitize(candidateOut);
} catch (IOException e) {
Debug.logError(e, "Error rendering ProductContent, inserting empty String", module);
String candidateOut = product.getModelEntity().isField(candidateFieldName) ? product.getString(candidateFieldName): "";
- return candidateOut == null? "" : encoder.sanitize(candidateOut, null);
+ return candidateOut == null? "" : encoder.sanitize(candidateOut);
}
}
diff --git a/applications/product/src/main/java/org/apache/ofbiz/product/product/ProductPromoContentWrapper.java b/applications/product/src/main/java/org/apache/ofbiz/product/product/ProductPromoContentWrapper.java
index bc4ab5f..5fcc368 100644
--- a/applications/product/src/main/java/org/apache/ofbiz/product/product/ProductPromoContentWrapper.java
+++ b/applications/product/src/main/java/org/apache/ofbiz/product/product/ProductPromoContentWrapper.java
@@ -128,7 +128,7 @@
outString = productPromo.getModelEntity().isField(candidateFieldName) ? productPromo.getString(candidateFieldName): "";
outString = outString == null? "" : outString;
}
- outString = encoder.sanitize(outString, null);
+ outString = encoder.sanitize(outString);
if (productPromoContentCache != null) {
productPromoContentCache.put(cacheKey, outString);
}
@@ -136,11 +136,11 @@
} catch (GeneralException e) {
Debug.logError(e, "Error rendering ProductPromoContent, inserting empty String", module);
String candidateOut = productPromo.getModelEntity().isField(candidateFieldName) ? productPromo.getString(candidateFieldName): "";
- return candidateOut == null? "" : encoder.sanitize(candidateOut, null);
+ return candidateOut == null? "" : encoder.sanitize(candidateOut);
} catch (IOException e) {
Debug.logError(e, "Error rendering ProductPromoContent, inserting empty String", module);
String candidateOut = productPromo.getModelEntity().isField(candidateFieldName) ? productPromo.getString(candidateFieldName): "";
- return candidateOut == null? "" : encoder.sanitize(candidateOut, null);
+ return candidateOut == null? "" : encoder.sanitize(candidateOut);
}
}
diff --git a/applications/workeffort/src/main/java/org/apache/ofbiz/workeffort/content/WorkEffortContentWrapper.java b/applications/workeffort/src/main/java/org/apache/ofbiz/workeffort/content/WorkEffortContentWrapper.java
index b56e820..975ecfe 100644
--- a/applications/workeffort/src/main/java/org/apache/ofbiz/workeffort/content/WorkEffortContentWrapper.java
+++ b/applications/workeffort/src/main/java/org/apache/ofbiz/workeffort/content/WorkEffortContentWrapper.java
@@ -256,7 +256,7 @@
outString = workEffort.getModelEntity().isField(candidateFieldName) ? workEffort.getString(candidateFieldName): "";
outString = outString == null? "" : outString;
}
- outString = encoder.sanitize(outString, null);
+ outString = encoder.sanitize(outString);
if (workEffortContentCache != null) {
workEffortContentCache.put(cacheKey, outString);
}
@@ -264,11 +264,11 @@
} catch (GeneralException e) {
Debug.logError(e, "Error rendering WorkEffortContent, inserting empty String", module);
String candidateOut = workEffort.getModelEntity().isField(candidateFieldName) ? workEffort.getString(candidateFieldName): "";
- return candidateOut == null? "" : encoder.sanitize(candidateOut, null);
+ return candidateOut == null? "" : encoder.sanitize(candidateOut);
} catch (IOException e) {
Debug.logError(e, "Error rendering WorkEffortContent, inserting empty String", module);
String candidateOut = workEffort.getModelEntity().isField(candidateFieldName) ? workEffort.getString(candidateFieldName): "";
- return candidateOut == null? "" : encoder.sanitize(candidateOut, null);
+ return candidateOut == null? "" : encoder.sanitize(candidateOut);
}
}