Merge branch 'roller-5.2.x'
# Conflicts:
# app/pom.xml
# assembly-release/pom.xml
# assembly-release/sign-release.sh
# it-selenium/pom.xml
# it-selenium/src/test/resources/roller-jettyrun.properties
# pom.xml
diff --git a/app/src/main/java/org/apache/roller/weblogger/business/WebloggerImpl.java b/app/src/main/java/org/apache/roller/weblogger/business/WebloggerImpl.java
index 1cf6359..476ad89 100644
--- a/app/src/main/java/org/apache/roller/weblogger/business/WebloggerImpl.java
+++ b/app/src/main/java/org/apache/roller/weblogger/business/WebloggerImpl.java
@@ -33,6 +33,15 @@
import org.apache.roller.weblogger.business.runnable.ThreadManager;
import org.apache.roller.weblogger.business.themes.ThemeManager;
import org.apache.roller.weblogger.config.PingConfig;
+import org.apache.roller.weblogger.config.WebloggerConfig;
+import org.apache.roller.weblogger.config.WebloggerRuntimeConfig;
+import org.apache.xmlrpc.util.SAXParsers;
+import org.springframework.security.access.method.P;
+import org.xml.sax.SAXNotRecognizedException;
+import org.xml.sax.SAXNotSupportedException;
+
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.parsers.SAXParserFactory;
/**
@@ -134,7 +143,7 @@
/**
*
*
- * @see org.apache.roller.weblogger.modelWebloggerr#getThreadManager()
+ * @see org.apache.roller.weblogger.business.Weblogger#getThreadManager()
*/
public ThreadManager getThreadManager() {
return threadManager;
@@ -144,7 +153,7 @@
/**
*
*
- * @see org.apache.roller.weblogger.model.Weblogger#getIndexManager()
+ * @see org.apache.roller.weblogger.business.Weblogger#getIndexManager()
*/
public IndexManager getIndexManager() {
return indexManager;
@@ -154,7 +163,7 @@
/**
*
*
- * @see org.apache.roller.weblogger.modelWebloggerr#getThemeManager()
+ * @see org.apache.roller.weblogger.business.Weblogger#getThemeManager()
*/
public ThemeManager getThemeManager() {
return themeManager;
@@ -164,7 +173,7 @@
/**
*
*
- * @see org.apache.roller.weblogger.modelWebloggerr#getUserManager()
+ * @see org.apache.roller.weblogger.business.Weblogger#getUserManager()
*/
public UserManager getUserManager() {
return userManager;
@@ -174,7 +183,7 @@
/**
*
*
- * @see org.apache.roller.weblogger.modelWebloggerr#getBookmarkManager()
+ * @see org.apache.roller.weblogger.business.Weblogger#getBookmarkManager()
*/
public BookmarkManager getBookmarkManager() {
return bookmarkManager;
@@ -184,7 +193,7 @@
/**
*
*
- * @see org.apache.roller.weblogger.modelWebloggerr#getMediaFileManager()
+ * @see org.apache.roller.weblogger.business.Weblogger#getMediaFileManager()
*/
public MediaFileManager getMediaFileManager() {
return mediaFileManager;
@@ -193,7 +202,7 @@
/**
*
*
- * @see org.apache.roller.weblogger.modelWebloggerr#getFileContentManager()
+ * @see org.apache.roller.weblogger.business.Weblogger#getFileContentManager()
*/
public FileContentManager getFileContentManager() {
return fileContentManager;
@@ -203,7 +212,7 @@
/**
*
*
- * @see org.apache.roller.weblogger.modelWebloggerr#getWeblogEntryManager()
+ * @see org.apache.roller.weblogger.business.Weblogger#getWeblogEntryManager()
*/
public WeblogEntryManager getWeblogEntryManager() {
return weblogEntryManager;
@@ -213,7 +222,7 @@
/**
*
*
- * @see org.apache.roller.weblogger.modelWebloggerr#getWeblogManager()
+ * @see org.apache.roller.weblogger.business.Weblogger#getWeblogManager()
*/
public WeblogManager getWeblogManager() {
return weblogManager;
@@ -223,7 +232,7 @@
/**
*
*
- * @see org.apache.roller.weblogger.modelWebloggerr#getPropertiesManager()
+ * @see org.apache.roller.weblogger.business.Weblogger#getPropertiesManager()
*/
public PropertiesManager getPropertiesManager() {
return propertiesManager;
@@ -233,7 +242,7 @@
/**
*
*
- * @see org.apache.roller.weblogger.modelWebloggerr#getPingTargetManager()
+ * @see org.apache.roller.weblogger.business.Weblogger#getPingTargetManager()
*/
public PingQueueManager getPingQueueManager() {
return pingQueueManager;
@@ -243,7 +252,7 @@
/**
*
*
- * @see org.apache.roller.weblogger.modelWebloggerr#getPingTargetManager()
+ * @see org.apache.roller.weblogger.business.Weblogger#getPingTargetManager()
*/
public AutoPingManager getAutopingManager() {
return autoPingManager;
@@ -253,7 +262,7 @@
/**
*
*
- * @see org.apache.roller.weblogger.modelWebloggerr#getPingTargetManager()
+ * @see org.apache.roller.weblogger.business.Weblogger#getPingTargetManager()
*/
public PingTargetManager getPingTargetManager() {
return pingTargetManager;
@@ -263,7 +272,7 @@
/**
*
*
- * @see org.apache.roller.weblogger.modelWebloggerr#getPluginManager()
+ * @see org.apache.roller.weblogger.business.Weblogger#getPluginManager()
*/
public PluginManager getPluginManager() {
return pluginManager;
@@ -273,7 +282,7 @@
/**
*
*
- * @see org.apache.roller.weblogger.modelWebloggerr#getOauthManager()
+ * @see org.apache.roller.weblogger.business.Weblogger#getOAuthManager()
*/
public OAuthManager getOAuthManager() {
return oauthManager;
@@ -334,7 +343,21 @@
getThreadManager().initialize();
getIndexManager().initialize();
getMediaFileManager().initialize();
-
+
+ // Turn off External DTD support in SAXParser to protect Roller from vulnerability.
+ SAXParserFactory spf = SAXParsers.getSAXParserFactory();
+ try {
+ spf.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+ spf.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
+ } catch (ParserConfigurationException | SAXNotRecognizedException | SAXNotSupportedException e) {
+ String message = "Unable to turn off External DTD support in SAXParser. XML-RLC is vulnerable";
+ if ( log.isDebugEnabled() ) {
+ log.error(message, e);
+ } else {
+ log.error(message);
+ }
+ }
+
try {
// Initialize ping systems
// TODO: this should probably be moving inside ping manager initialize() methods?
diff --git a/app/src/main/java/org/apache/roller/weblogger/ui/struts2/admin/GlobalConfig.java b/app/src/main/java/org/apache/roller/weblogger/ui/struts2/admin/GlobalConfig.java
index da71a41..0ee3641 100644
--- a/app/src/main/java/org/apache/roller/weblogger/ui/struts2/admin/GlobalConfig.java
+++ b/app/src/main/java/org/apache/roller/weblogger/ui/struts2/admin/GlobalConfig.java
@@ -169,16 +169,17 @@
// it may not always be the case, but we should be okay for now
// null check below needed w/Oracle
if( updProp.getValue() != null
- && (updProp.getValue().equals("true") || updProp.getValue().equals("false"))) {
-
- if(incomingProp == null || !incomingProp.equals("on")) {
- incomingProp = "false";
- }
- else {
+ && ( updProp.getValue().equals("true") || updProp.getValue().equals("false")
+ || updProp.getValue().equals("on") || updProp.getValue().equals("off")
+ )) {
+ if (incomingProp != null && (incomingProp.equalsIgnoreCase("true") || incomingProp.equalsIgnoreCase("on"))) {
incomingProp = "true";
}
+ else {
+ incomingProp = "false";
+ }
}
-
+
// only work on props that were submitted with the request
if(incomingProp != null) {
log.debug("Setting new value for ["+propName+"]");
diff --git a/app/src/main/webapp/WEB-INF/velocity/feeds.vm b/app/src/main/webapp/WEB-INF/velocity/feeds.vm
index 228e11e..065a548 100644
--- a/app/src/main/webapp/WEB-INF/velocity/feeds.vm
+++ b/app/src/main/webapp/WEB-INF/velocity/feeds.vm
@@ -141,4 +141,9 @@
#if($pager.prevLink && $pager.items.size() > 0)
<link rel="previous" type="application/atom+xml" href="$utils.escapeXML($pager.prevLink)" />
#end
+#end
+
+#macro(showFirefoxFeedWorkaround)
+<!-- 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153
+-->
#end
\ No newline at end of file
diff --git a/app/src/main/webapp/WEB-INF/velocity/templates/feeds/site-comments-atom.vm b/app/src/main/webapp/WEB-INF/velocity/templates/feeds/site-comments-atom.vm
index a7ce1fa..5cd92c4 100644
--- a/app/src/main/webapp/WEB-INF/velocity/templates/feeds/site-comments-atom.vm
+++ b/app/src/main/webapp/WEB-INF/velocity/templates/feeds/site-comments-atom.vm
@@ -16,6 +16,7 @@
directory of this distribution.
*#<?xml version="1.0" encoding='utf-8'?>
+#showFirefoxFeedWorkaround()
#if($config.feedStyle)<?xml-stylesheet type="text/xsl" href="$url.absoluteSite/roller-ui/styles/atom.xsl" media="screen"?>#end
#set($pager = $site.getCommentsPager(-1, $config.feedSize) )
<feed xmlns="http://www.w3.org/2005/Atom">
diff --git a/app/src/main/webapp/WEB-INF/velocity/templates/feeds/site-comments-rss.vm b/app/src/main/webapp/WEB-INF/velocity/templates/feeds/site-comments-rss.vm
index 01ee0e7..b45c984 100644
--- a/app/src/main/webapp/WEB-INF/velocity/templates/feeds/site-comments-rss.vm
+++ b/app/src/main/webapp/WEB-INF/velocity/templates/feeds/site-comments-rss.vm
@@ -16,6 +16,7 @@
directory of this distribution.
*#<?xml version="1.0" encoding="utf-8"?>
+#showFirefoxFeedWorkaround()
#if($config.feedStyle)<?xml-stylesheet type="text/xsl" href="$url.absoluteSite/roller-ui/styles/rss.xsl" media="screen"?>#end
<rss version="2.0"
xmlns:dc="http://purl.org/dc/elements/1.1/"
diff --git a/app/src/main/webapp/WEB-INF/velocity/templates/feeds/site-entries-atom.vm b/app/src/main/webapp/WEB-INF/velocity/templates/feeds/site-entries-atom.vm
index 84a43a9..73ad02f 100644
--- a/app/src/main/webapp/WEB-INF/velocity/templates/feeds/site-entries-atom.vm
+++ b/app/src/main/webapp/WEB-INF/velocity/templates/feeds/site-entries-atom.vm
@@ -16,6 +16,7 @@
directory of this distribution.
*#<?xml version="1.0" encoding='utf-8'?>
+#showFirefoxFeedWorkaround()
#if($config.feedStyle)<?xml-stylesheet type="text/xsl" href="$url.absoluteSite/roller-ui/styles/atom.xsl" media="screen"?>#end
#set($pager = $site.getWeblogEntriesPager(-1, $config.feedSize))
<feed xmlns="http://www.w3.org/2005/Atom">
diff --git a/app/src/main/webapp/WEB-INF/velocity/templates/feeds/site-entries-rss.vm b/app/src/main/webapp/WEB-INF/velocity/templates/feeds/site-entries-rss.vm
index acfe54b..fa693f8 100644
--- a/app/src/main/webapp/WEB-INF/velocity/templates/feeds/site-entries-rss.vm
+++ b/app/src/main/webapp/WEB-INF/velocity/templates/feeds/site-entries-rss.vm
@@ -16,6 +16,7 @@
directory of this distribution.
*#<?xml version="1.0" encoding="utf-8"?>
+#showFirefoxFeedWorkaround()
#if($config.feedStyle)<?xml-stylesheet type="text/xsl" href="$url.absoluteSite/roller-ui/styles/rss.xsl" media="screen"?>#end
<rss version="2.0"
xmlns:dc="http://purl.org/dc/elements/1.1/"
diff --git a/app/src/main/webapp/WEB-INF/velocity/templates/feeds/site-search-atom.vm b/app/src/main/webapp/WEB-INF/velocity/templates/feeds/site-search-atom.vm
index 510e77a..b18405c 100644
--- a/app/src/main/webapp/WEB-INF/velocity/templates/feeds/site-search-atom.vm
+++ b/app/src/main/webapp/WEB-INF/velocity/templates/feeds/site-search-atom.vm
@@ -16,6 +16,7 @@
directory of this distribution.
*#<?xml version="1.0" encoding='utf-8'?>
+#showFirefoxFeedWorkaround()
#if($config.feedStyle)<?xml-stylesheet type="text/xsl" href="$url.absoluteSite/roller-ui/styles/atom.xsl" media="screen"?>#end
#set($pager = $model.searchResultsPager)
<feed xmlns="http://www.w3.org/2005/Atom"
diff --git a/app/src/main/webapp/WEB-INF/velocity/templates/feeds/weblog-comments-atom.vm b/app/src/main/webapp/WEB-INF/velocity/templates/feeds/weblog-comments-atom.vm
index b923542..bda27a1 100644
--- a/app/src/main/webapp/WEB-INF/velocity/templates/feeds/weblog-comments-atom.vm
+++ b/app/src/main/webapp/WEB-INF/velocity/templates/feeds/weblog-comments-atom.vm
@@ -16,6 +16,7 @@
directory of this distribution.
*#<?xml version="1.0" encoding='utf-8'?>
+#showFirefoxFeedWorkaround()
#if($config.feedStyle)<?xml-stylesheet type="text/xsl" href="$url.absoluteSite/roller-ui/styles/atom.xsl" media="screen"?>#end
#set($pager = $model.commentsPager)
<feed xmlns="http://www.w3.org/2005/Atom">
diff --git a/app/src/main/webapp/WEB-INF/velocity/templates/feeds/weblog-comments-rss.vm b/app/src/main/webapp/WEB-INF/velocity/templates/feeds/weblog-comments-rss.vm
index 0529875..8b3ad81 100644
--- a/app/src/main/webapp/WEB-INF/velocity/templates/feeds/weblog-comments-rss.vm
+++ b/app/src/main/webapp/WEB-INF/velocity/templates/feeds/weblog-comments-rss.vm
@@ -16,6 +16,7 @@
directory of this distribution.
*#<?xml version="1.0" encoding="utf-8"?>
+#showFirefoxFeedWorkaround()
#if($config.feedStyle)<?xml-stylesheet type="text/xsl" href="$url.absoluteSite/roller-ui/styles/rss.xsl" media="screen"?>#end
<rss version="2.0"
xmlns:dc="http://purl.org/dc/elements/1.1/"
diff --git a/app/src/main/webapp/WEB-INF/velocity/templates/feeds/weblog-entries-atom.vm b/app/src/main/webapp/WEB-INF/velocity/templates/feeds/weblog-entries-atom.vm
index 7c8e4cf..eee05c3 100644
--- a/app/src/main/webapp/WEB-INF/velocity/templates/feeds/weblog-entries-atom.vm
+++ b/app/src/main/webapp/WEB-INF/velocity/templates/feeds/weblog-entries-atom.vm
@@ -16,6 +16,7 @@
directory of this distribution.
*#<?xml version="1.0" encoding='utf-8'?>
+#showFirefoxFeedWorkaround()
#if($config.feedStyle)<?xml-stylesheet type="text/xsl" href="$url.absoluteSite/roller-ui/styles/atom.xsl" media="screen"?>#end
#set($pager = $model.weblogEntriesPager)
<feed xmlns="http://www.w3.org/2005/Atom">
diff --git a/app/src/main/webapp/WEB-INF/velocity/templates/feeds/weblog-entries-rss.vm b/app/src/main/webapp/WEB-INF/velocity/templates/feeds/weblog-entries-rss.vm
index 0be1bfe..0b70113 100644
--- a/app/src/main/webapp/WEB-INF/velocity/templates/feeds/weblog-entries-rss.vm
+++ b/app/src/main/webapp/WEB-INF/velocity/templates/feeds/weblog-entries-rss.vm
@@ -16,6 +16,7 @@
directory of this distribution.
*#<?xml version="1.0" encoding="utf-8"?>
+#showFirefoxFeedWorkaround()
#if($config.feedStyle)<?xml-stylesheet type="text/xsl" href="$url.absoluteSite/roller-ui/styles/rss.xsl" media="screen"?>#end
<rss version="2.0"
xmlns:dc="http://purl.org/dc/elements/1.1/"
diff --git a/app/src/main/webapp/WEB-INF/velocity/templates/feeds/weblog-files-atom.vm b/app/src/main/webapp/WEB-INF/velocity/templates/feeds/weblog-files-atom.vm
index 5fdf545..95537d3 100644
--- a/app/src/main/webapp/WEB-INF/velocity/templates/feeds/weblog-files-atom.vm
+++ b/app/src/main/webapp/WEB-INF/velocity/templates/feeds/weblog-files-atom.vm
@@ -16,6 +16,7 @@
directory of this distribution.
*#<?xml version="1.0" encoding='utf-8'?>
+#showFirefoxFeedWorkaround()
#if($config.feedStyle)<?xml-stylesheet type="text/xsl" href="$url.absoluteSite/roller-ui/styles/atom.xsl" media="screen"?>#end
#set($pager = $model.mediaFilesPager)
<feed xmlns="http://www.w3.org/2005/Atom">
diff --git a/app/src/main/webapp/WEB-INF/velocity/templates/feeds/weblog-search-atom.vm b/app/src/main/webapp/WEB-INF/velocity/templates/feeds/weblog-search-atom.vm
index 2efbc79..0e9d247 100644
--- a/app/src/main/webapp/WEB-INF/velocity/templates/feeds/weblog-search-atom.vm
+++ b/app/src/main/webapp/WEB-INF/velocity/templates/feeds/weblog-search-atom.vm
@@ -16,6 +16,7 @@
directory of this distribution.
*#<?xml version="1.0" encoding='utf-8'?>
+#showFirefoxFeedWorkaround()
#if($config.feedStyle)<?xml-stylesheet type="text/xsl" href="$url.absoluteSite/roller-ui/styles/atom.xsl" media="screen"?>#end
#set($pager = $model.searchResultsPager)
<feed xmlns="http://www.w3.org/2005/Atom"