You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cocoon.apache.org by "Nacho (Derecho.com)" <na...@derecho.com> on 2008/02/14 10:46:52 UTC
Doing string operations over sitemap values
Hola a todos:
I've needed to do some of string transformations over sitemap parameters
obtained from parts of a url, and i'm lookng for the smart way to it,
rigth now i have done it using the method described below:
* I have this URL "http://localhost:8080/b/menores-de-edad"
* In sitemap i have a match like "b/**"
* I need to do replace "-" in {1} to spaces
* I dothis using any input module inheriting from AbstractJXPathModule,
and using a xpath like expression, "{request:translate('{1}','-','')}"
Is there any othe way ( a more smart or polite one :) to do this?
TIA
------------
Ignacio J. Ortega
Dpto. soporte y desarrollo
http://www.derecho.com
http://www.elabogado.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org
Re: Doing string operations over sitemap values
Posted by Tobia Conforto <to...@linux.it>.
Joerg Heinicke wrote:
>> Nacho (Derecho.com) wrote:
>>> "{request:translate('{1}','-','')}"
>>
>> the user might go to: http://localhost:8080/b/hello',nasty.java.call(),'world
>
> It's JXPath, not JXTemplate. Does it evaluate Java calls at all?
> If your example really works, http://localhost:8080/b/nasty.java.call()
> will as well.
To be honest I don't know what JXPath can and cannot evaluate
(Java calls? any extensions to XPath? Java objects? request and
session objects?)
I just saw some bad/unusual quotation
{request:translate('{1}','-','')} and I thought I'd alert against
possible problems. But maybe I'm wrong.
Tobia
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org
Re: Doing string operations over sitemap values
Posted by Joerg Heinicke <jo...@gmx.de>.
On 15.02.2008 07:09, listas@carmenynacho.com wrote:
> None the should work as JXPath doesnt have access to arbitrary Classes, i'm
> correct on this?
I doubt it, but I would at least try it out. Something like
java.lang.System.exit(1) (don't do this on a production server ;)). Even
if that does not work try something without a parameter.
Joerg
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org
RE: Doing string operations over sitemap values
Posted by li...@carmenynacho.com.
> From: Joerg Heinicke [mailto:joerg.heinicke@gmx.de]
> Sent: Thursday, February 14, 2008 2:07 PM
>
> It's JXPath, not JXTemplate. Does it evaluate Java calls at all?
>
> If your example really works,
> http://localhost:8080/b/nasty.java.call()
> will as well.
>
None the should work as JXPath doesnt have access to arbitrary Classes, i'm
correct on this?
Thanks for your help, i think i'll stick with this technique for now.., it's
wonderfull, isn't it, i was amazed to make it work after some days
strungling here and there.. ;)
Saludos,
Ignacio J. Ortega
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org
Re: Doing string operations over sitemap values
Posted by Joerg Heinicke <jo...@gmx.de>.
On 14.02.2008 07:42, Tobia Conforto wrote:
> Nacho (Derecho.com) wrote:
>> * I have this URL "http://localhost:8080/b/menores-de-edad"
>> * In sitemap i have a match like "b/**"
>> * I need to do replace "-" in {1} to spaces
>> * I do this using an input module inheriting from
>> AbstractJXPathModule, and using a xpath like expression,
>> "{request:translate('{1}','-','')}"
>
> I would write a custom input module that can be called safely like this:
> "{translate:-: :{1}}"
> It can be implemented using basic java.lang.String methods.
>
> I think your solution doesn't quote the argument correctly and is
> susceptible to "JX code injection" or other problems.
> For example the user might go to:
> http://localhost:8080/b/hello',nasty.java.call(),'world
> If I'm not mistaken, the ' after hello would close the Jx string and
> damage would ensue.
It's JXPath, not JXTemplate. Does it evaluate Java calls at all?
If your example really works, http://localhost:8080/b/nasty.java.call()
will as well.
Joerg
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org
Re: Doing string operations over sitemap values
Posted by Andy Stevens <in...@googlemail.com>.
On 15/02/2008, listas@carmenynacho.com <li...@carmenynacho.com> wrote:
>
> As a policy for this website we are trying avoid doing any custom java
> programming, only little tiny features added here and there to cocoon
> itself, and clearing some minor gotchas i've found in my way but apart from
> that, adding a custom java inputModule is not an option, until discovered
> the jxpath way i did a draft input module to do the translate, but finally
> no needed to break the no custom java code policy of this site..
You could always upload a patch to Cocoon's JIRA for an input module
that does what you need and ask nicely on the dev list to get it
applied. That way there's no custom code needed as it's part of the
standard distribution :-)
Andy.
--
http://pseudoq.sourceforge.net/ Open source java Sudoku solver
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org
RE: Doing string operations over sitemap values
Posted by li...@carmenynacho.com.
> From: Tobia Conforto [mailto:tobia.conforto@linux.it]
> Sent: Thursday, February 14, 2008 1:43 PM
Hola Tobia:
> I would write a custom input module that can be called safely
> like this:
> "{translate:-: :{1}}"
> It can be implemented using basic java.lang.String methods.
>
As a policy for this website we are trying avoid doing any custom java
programming, only little tiny features added here and there to cocoon
itself, and clearing some minor gotchas i've found in my way but apart from
that, adding a custom java inputModule is not an option, until discovered
the jxpath way i did a draft input module to do the translate, but finally
no needed to break the no custom java code policy of this site..
> I think your solution doesn't quote the argument correctly
> and is susceptible to "JX code injection" or other problems.
> For example the user might go to:
> http://localhost:8080/b/hello',nasty.java.call(),'world
> If I'm not mistaken, the ' after hello would close the Jx
> string and damage would ensue.
After Joerg comments, JXPath itself doesnt have access to arbitrary Classes,
and i'm only declaring String i fail to view a bad use where one can use
this tiny traslation to break the site.. I'm converting - to spaces and
reverse..
Saludos,
Ignacio J. Ortega
> -----Original Message-----
> To: users@cocoon.apache.org
> Subject: Re: Doing string operations over sitemap values
>
> Nacho (Derecho.com) wrote:
> > * I have this URL "http://localhost:8080/b/menores-de-edad"
> > * In sitemap i have a match like "b/**"
> > * I need to do replace "-" in {1} to spaces
> > * I do this using an input module inheriting from
> > AbstractJXPathModule, and using a xpath like expression,
> > "{request:translate('{1}','-','')}"
>
>
>
> Tobia
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
> For additional commands, e-mail: users-help@cocoon.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org
Re: Doing string operations over sitemap values
Posted by Tobia Conforto <to...@linux.it>.
Nacho (Derecho.com) wrote:
> * I have this URL "http://localhost:8080/b/menores-de-edad"
> * In sitemap i have a match like "b/**"
> * I need to do replace "-" in {1} to spaces
> * I do this using an input module inheriting from
> AbstractJXPathModule, and using a xpath like expression,
> "{request:translate('{1}','-','')}"
I would write a custom input module that can be called safely like this:
"{translate:-: :{1}}"
It can be implemented using basic java.lang.String methods.
I think your solution doesn't quote the argument correctly and is
susceptible to "JX code injection" or other problems.
For example the user might go to: http://localhost:8080/b/hello',nasty.java.call(),'world
If I'm not mistaken, the ' after hello would close the Jx string and
damage would ensue.
Tobia
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org