You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jspwiki.apache.org by ju...@apache.org on 2021/10/28 09:39:04 UTC
[jspwiki] 05/06: leftovers from #141
This is an automated email from the ASF dual-hosted git repository.
juanpablo pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/jspwiki.git
commit d4e7a1bb0c98751871b6eb7568fd22135ec29092
Author: Juan Pablo Santos RodrÃguez <ju...@gmail.com>
AuthorDate: Thu Oct 28 11:38:20 2021 +0200
leftovers from #141
---
.../src/main/java/org/apache/wiki/WikiSession.java | 10 +++---
.../org/apache/wiki/ui/DefaultCommandResolver.java | 2 +-
.../java/org/apache/wiki/plugin/DenounceTest.java | 40 ++++++++++++++++++++++
3 files changed, 46 insertions(+), 6 deletions(-)
diff --git a/jspwiki-main/src/main/java/org/apache/wiki/WikiSession.java b/jspwiki-main/src/main/java/org/apache/wiki/WikiSession.java
index b59445e..424f2b2 100644
--- a/jspwiki-main/src/main/java/org/apache/wiki/WikiSession.java
+++ b/jspwiki-main/src/main/java/org/apache/wiki/WikiSession.java
@@ -220,10 +220,10 @@ public class WikiSession implements Session {
public Principal[] getRoles() {
final Set< Principal > roles = new HashSet<>();
- // Add all of the Roles possessed by the Subject directly
+ // Add all the Roles possessed by the Subject directly
roles.addAll( m_subject.getPrincipals( Role.class ) );
- // Add all of the GroupPrincipals possessed by the Subject directly
+ // Add all the GroupPrincipals possessed by the Subject directly
roles.addAll( m_subject.getPrincipals( GroupPrincipal.class ) );
// Return a defensive copy
@@ -388,7 +388,7 @@ public class WikiSession implements Session {
* This method should generally be called after a user's {@link org.apache.wiki.auth.user.UserProfile} is saved. If the wiki session
* is null, or there is no matching user profile, the method returns silently.
*/
- void injectGroupPrincipals() {
+ protected void injectGroupPrincipals() {
// Flush the existing GroupPrincipals
m_subject.getPrincipals().removeAll( m_subject.getPrincipals(GroupPrincipal.class) );
@@ -406,7 +406,7 @@ public class WikiSession implements Session {
* and login name. These Principals will be WikiPrincipals, and they will replace all other WikiPrincipals in the Subject. <em>Note:
* this method is never called during anonymous or asserted sessions.</em>
*/
- void injectUserProfilePrincipals() {
+ protected void injectUserProfilePrincipals() {
// Search for the user profile
final String searchId = m_loginPrincipal.getName();
if ( searchId == null ) {
@@ -460,7 +460,7 @@ public class WikiSession implements Session {
* logout process.
*
* @param engine the wiki engine
- * @param request the users's HTTP request
+ * @param request the user's HTTP request
*/
public static void removeWikiSession( final Engine engine, final HttpServletRequest request ) {
if ( engine == null || request == null ) {
diff --git a/jspwiki-main/src/main/java/org/apache/wiki/ui/DefaultCommandResolver.java b/jspwiki-main/src/main/java/org/apache/wiki/ui/DefaultCommandResolver.java
index 57a5ad9..71dda83 100644
--- a/jspwiki-main/src/main/java/org/apache/wiki/ui/DefaultCommandResolver.java
+++ b/jspwiki-main/src/main/java/org/apache/wiki/ui/DefaultCommandResolver.java
@@ -325,7 +325,7 @@ public class DefaultCommandResolver implements CommandResolver {
* @throws ProviderException if the underlyng page provider that locates pages
* throws an exception
*/
- boolean simplePageExists( final String page ) throws ProviderException {
+ protected boolean simplePageExists( final String page ) throws ProviderException {
if ( m_specialPages.containsKey( page ) ) {
return true;
}
diff --git a/jspwiki-main/src/test/java/org/apache/wiki/plugin/DenounceTest.java b/jspwiki-main/src/test/java/org/apache/wiki/plugin/DenounceTest.java
new file mode 100755
index 0000000..4d2c41b
--- /dev/null
+++ b/jspwiki-main/src/test/java/org/apache/wiki/plugin/DenounceTest.java
@@ -0,0 +1,40 @@
+/*
+ Copyright (C) 2003 Janne Jalkanen (Janne.Jalkanen@iki.fi)
+
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+ */
+package org.apache.wiki.plugin;
+
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.Test;
+
+public class DenounceTest {
+
+ @Test
+ void shouldCheckLinkIsValid() {
+ final Denounce d = new Denounce();
+ Assertions.assertFalse( d.isLinkValid( "javascript:alert( 'boohoo' )" ) );
+ Assertions.assertFalse( d.isLinkValid( "http://" ) );
+ Assertions.assertTrue( d.isLinkValid( "https://www.google.com" ) );
+ Assertions.assertFalse( d.isLinkValid( ":/www.google.com" ) );
+ Assertions.assertFalse( d.isLinkValid( "htptp://www.google.com" ) );
+ //Assertions.assertFalse( d.isLinkValid( "mailto:server" ) );
+ Assertions.assertFalse( d.isLinkValid( "http://www.google.com:asd" ) );
+ }
+
+}