velocity-engine-core/src/main/java/org/apache/velocity/app/event/implement/EscapeReference.java - velocity-engine - Git at Google

 package org.apache.velocity.app.event.implement;

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *   http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */

 import org.apache.velocity.app.event.ReferenceInsertionEventHandler;
 import org.apache.velocity.context.Context;
 import org.apache.velocity.runtime.RuntimeServices;
 import org.apache.velocity.util.RuntimeServicesAware;

 import org.apache.commons.lang3.StringUtils;

 import org.slf4j.Logger;

 import java.util.regex.PatternSyntaxException;

 /**
  * Base class for escaping references.  To use it, override the following methods:
  * <DL>
  * <DT><code>String escape(String text)</code></DT>
  * <DD>escape the provided text</DD>
  * <DT><code>String getMatchAttribute()</code></DT>
  * <DD>retrieve the configuration attribute used to match references (see below)</DD>
  * </DL>
  *
  * <P>By default, all references are escaped.  However, by setting the match attribute
  * in the configuration file to a regular expression, users can specify which references
  * to escape.  For example the following configuration property tells the EscapeSqlReference
  * event handler to only escape references that start with "sql".
  * (e.g. <code>$sql</code>, <code>$sql.toString(),</code>, etc).
  *
  * <PRE>
  * <CODE>eventhandler.escape.sql.match = sql.*</CODE>
  * </PRE>
  *
  * Regular expressions should follow the format used by the Java language.  More info in the
  * <a href="http://docs.oracle.com/javase/7/docs/api/java/util/regex/Pattern.html">Pattern class documentation</a>.
  *
  * @author <a href="mailto:wglass@forio.com">Will Glass-Husain </a>
  * @version $Id$
  * @since 1.5
  */
 public abstract class EscapeReference implements ReferenceInsertionEventHandler,RuntimeServicesAware {

     private RuntimeServices rs;

     private String matchRegExp = null;

     protected Logger log;

     /**
      * Escape the given text.  Override this in a subclass to do the actual
      * escaping.
      *
      * @param text the text to escape
      * @return the escaped text
      */
     protected abstract String escape(Object text);

     /**
      * Specify the configuration attribute that specifies the
      * regular expression.  Ideally should be in a form
      * <pre><code>eventhandler.escape.XYZ.match</code></pre>
      *
      * <p>where <code>XYZ</code> is the type of escaping being done.
      * @return configuration attribute
      */
     protected abstract String getMatchAttribute();

     /**
      * Escape the provided text if it matches the configured regular expression.
      *
      * @param reference
      * @param value
      * @return Escaped text.
      */
     public Object referenceInsert(Context context, String reference, Object value)
     {
         if(value == null)
         {
             return value;
         }

         if (matchRegExp == null)
         {
             return escape(value);
         }

         else if (reference.matches(matchRegExp))
         {
             return escape(value);
         }

         else
         {
             return value;
         }
     }

     /**
      * Called automatically when event cartridge is initialized.
      *
      * @param rs instance of RuntimeServices
      */
     public void setRuntimeServices(RuntimeServices rs)
     {
         this.rs = rs;
         log = rs.getLog("event");

         // Get the regular expression pattern.
         matchRegExp = StringUtils.trim(rs.getString(getMatchAttribute()));
         if (org.apache.commons.lang3.StringUtils.isEmpty(matchRegExp))
         {
             matchRegExp = null;
         }

         // Test the regular expression for a well formed pattern
         if (matchRegExp != null)
         {
             try
             {
                 "".matches(matchRegExp);
             }
             catch (PatternSyntaxException E)
             {
                 log.error("Invalid regular expression '{}'. No escaping will be performed.",
                           matchRegExp, E);
                 matchRegExp = null;
             }
         }

     }

     /**
      * Retrieve a reference to RuntimeServices.  Use this for checking additional
      * configuration properties.
      *
      * @return The current runtime services object.
      */
     protected RuntimeServices getRuntimeServices()
     {
         return rs;
     }

 }
	package org.apache.velocity.app.event.implement;

	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/

	import org.apache.velocity.app.event.ReferenceInsertionEventHandler;
	import org.apache.velocity.context.Context;
	import org.apache.velocity.runtime.RuntimeServices;
	import org.apache.velocity.util.RuntimeServicesAware;

	import org.apache.commons.lang3.StringUtils;

	import org.slf4j.Logger;

	import java.util.regex.PatternSyntaxException;

	/**
	* Base class for escaping references. To use it, override the following methods:
	* <DL>
	* <DT><code>String escape(String text)</code></DT>
	* <DD>escape the provided text</DD>
	* <DT><code>String getMatchAttribute()</code></DT>
	* <DD>retrieve the configuration attribute used to match references (see below)</DD>
	* </DL>
	*
	* <P>By default, all references are escaped. However, by setting the match attribute
	* in the configuration file to a regular expression, users can specify which references
	* to escape. For example the following configuration property tells the EscapeSqlReference
	* event handler to only escape references that start with "sql".
	* (e.g. <code>$sql</code>, <code>$sql.toString(),</code>, etc).
	*
	* <PRE>
	* <CODE>eventhandler.escape.sql.match = sql.*</CODE>
	* </PRE>
	*
	* Regular expressions should follow the format used by the Java language. More info in the
	* <a href="http://docs.oracle.com/javase/7/docs/api/java/util/regex/Pattern.html">Pattern class documentation</a>.
	*
	* @author <a href="mailto:wglass@forio.com">Will Glass-Husain </a>
	* @version $Id$
	* @since 1.5
	*/
	public abstract class EscapeReference implements ReferenceInsertionEventHandler,RuntimeServicesAware {

	private RuntimeServices rs;

	private String matchRegExp = null;

	protected Logger log;

	/**
	* Escape the given text. Override this in a subclass to do the actual
	* escaping.
	*
	* @param text the text to escape
	* @return the escaped text
	*/
	protected abstract String escape(Object text);

	/**
	* Specify the configuration attribute that specifies the
	* regular expression. Ideally should be in a form
	* <pre><code>eventhandler.escape.XYZ.match</code></pre>
	*
	* <p>where <code>XYZ</code> is the type of escaping being done.
	* @return configuration attribute
	*/
	protected abstract String getMatchAttribute();

	/**
	* Escape the provided text if it matches the configured regular expression.
	*
	* @param reference
	* @param value
	* @return Escaped text.
	*/
	public Object referenceInsert(Context context, String reference, Object value)
	{
	if(value == null)
	{
	return value;
	}

	if (matchRegExp == null)
	{
	return escape(value);
	}

	else if (reference.matches(matchRegExp))
	{
	return escape(value);
	}

	else
	{
	return value;
	}
	}

	/**
	* Called automatically when event cartridge is initialized.
	*
	* @param rs instance of RuntimeServices
	*/
	public void setRuntimeServices(RuntimeServices rs)
	{
	this.rs = rs;
	log = rs.getLog("event");

	// Get the regular expression pattern.
	matchRegExp = StringUtils.trim(rs.getString(getMatchAttribute()));
	if (org.apache.commons.lang3.StringUtils.isEmpty(matchRegExp))
	{
	matchRegExp = null;
	}

	// Test the regular expression for a well formed pattern
	if (matchRegExp != null)
	{
	try
	{
	"".matches(matchRegExp);
	}
	catch (PatternSyntaxException E)
	{
	log.error("Invalid regular expression '{}'. No escaping will be performed.",
	matchRegExp, E);
	matchRegExp = null;
	}
	}

	}

	/**
	* Retrieve a reference to RuntimeServices. Use this for checking additional
	* configuration properties.
	*
	* @return The current runtime services object.
	*/
	protected RuntimeServices getRuntimeServices()
	{
	return rs;
	}

	}