You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jspwiki.apache.org by ju...@apache.org on 2022/07/12 21:03:48 UTC
[jspwiki] 15/25: new wiki:CsrfProtection custom tag
This is an automated email from the ASF dual-hosted git repository.
juanpablo pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/jspwiki.git
commit cdfb63d26e595fbddab92971bdafce23cd78c665
Author: Juan Pablo Santos RodrÃguez <ju...@gmail.com>
AuthorDate: Tue Jul 12 22:56:16 2022 +0200
new wiki:CsrfProtection custom tag
---
.../org/apache/wiki/tags/CsrfProtectionTag.java | 53 ++++++++++++++++++++++
.../src/main/resources/META-INF/jspwiki.tld | 9 ++++
2 files changed, 62 insertions(+)
diff --git a/jspwiki-main/src/main/java/org/apache/wiki/tags/CsrfProtectionTag.java b/jspwiki-main/src/main/java/org/apache/wiki/tags/CsrfProtectionTag.java
new file mode 100644
index 000000000..43a613aad
--- /dev/null
+++ b/jspwiki-main/src/main/java/org/apache/wiki/tags/CsrfProtectionTag.java
@@ -0,0 +1,53 @@
+/*
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+ */
+package org.apache.wiki.tags;
+
+import org.apache.wiki.api.core.Session;
+import org.apache.wiki.http.filter.CsrfProtectionFilter;
+
+/**
+ * Outputs the hidden {@link CsrfProtectionFilter#ANTICSRF_PARAM}.
+ */
+public class CsrfProtectionTag extends WikiTagBase {
+
+ private boolean meta;
+
+ public void setFormat( final String format ) {
+ meta = "meta".equalsIgnoreCase( format );
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public int doWikiStartTag() throws Exception {
+ final Session session = m_wikiContext.getWikiSession();
+ final String csrfProtectionHidden;
+ if( meta ) {
+ csrfProtectionHidden = "<meta name=\"wikiCsrfProtection\" content='" + session.antiCsrfToken() + "'/>";
+ } else {
+ csrfProtectionHidden = "<input type=\"hidden\" name=\"" + CsrfProtectionFilter.ANTICSRF_PARAM + "\" " +
+ "id=\"" + CsrfProtectionFilter.ANTICSRF_PARAM + "\" " +
+ "value=\"" + session.antiCsrfToken() + "\"/>";
+ }
+ pageContext.getOut().print( csrfProtectionHidden );
+ return SKIP_BODY;
+ }
+
+}
diff --git a/jspwiki-main/src/main/resources/META-INF/jspwiki.tld b/jspwiki-main/src/main/resources/META-INF/jspwiki.tld
index 64d72b504..90ae4dbfe 100644
--- a/jspwiki-main/src/main/resources/META-INF/jspwiki.tld
+++ b/jspwiki-main/src/main/resources/META-INF/jspwiki.tld
@@ -196,6 +196,15 @@
<body-content>empty</body-content>
</tag>
+ <tag>
+ <name>CsrfProtection</name>
+ <tag-class>org.apache.wiki.tags.CsrfProtectionTag</tag-class>
+ <body-content>empty</body-content>
+ <attribute>
+ <name>format</name>
+ </attribute>
+ </tag>
+
<tag>
<name>DiffLink</name>
<tag-class>org.apache.wiki.tags.DiffLinkTag</tag-class>