You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jspwiki.apache.org by aj...@apache.org on 2009/03/20 04:24:24 UTC

svn commit: r756320 - in /incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH: ./ src/com/ecyrd/jspwiki/ src/com/ecyrd/jspwiki/auth/user/ src/com/ecyrd/jspwiki/ui/ tests/com/ecyrd/jspwiki/auth/user/

Author: ajaquith
Date: Fri Mar 20 03:24:23 2009
New Revision: 756320

URL: http://svn.apache.org/viewvc?rev=756320&view=rev
Log:
Fixed bug in XMLUserDatabase that was preventing UIDs from being saved, which generated tons of NPEs afterwards. Added unit tests to check for correct saving of UIDs. Tightened input filtering on user profile fields to prohibit more characters. [Forward-ported to 3.0.0-build 86 also].

Modified:
    incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/ChangeLog
    incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/Release.java
    incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/auth/user/XMLUserDatabase.java
    incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/ui/InputValidator.java
    incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/tests/com/ecyrd/jspwiki/auth/user/JDBCUserDatabaseTest.java
    incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/tests/com/ecyrd/jspwiki/auth/user/XMLUserDatabaseTest.java

Modified: incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/ChangeLog
URL: http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/ChangeLog?rev=756320&r1=756319&r2=756320&view=diff
==============================================================================
--- incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/ChangeLog (original)
+++ incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/ChangeLog Fri Mar 20 03:24:23 2009
@@ -1,3 +1,12 @@
+2009-03-19  Andrew Jaquith <ajaquith AT apache DOT org>
+
+        * 2.8.2-svn-14
+
+        * Fixed bug in XMLUserDatabase that was preventing UIDs from being
+        saved, which generated tons of NPEs afterwards. Added unit tests
+        to check for correct saving of UIDs. Tightened input filtering on
+        user profile fields to prohibit more characters.
+        
 2008-02-15  Harry Metske <me...@apache.org>
 
         * 2.8.2-svn-13

Modified: incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/Release.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/Release.java?rev=756320&r1=756319&r2=756320&view=diff
==============================================================================
--- incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/Release.java (original)
+++ incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/Release.java Fri Mar 20 03:24:23 2009
@@ -77,7 +77,7 @@
      *  <p>
      *  If the build identifier is empty, it is not added.
      */
-    public static final String     BUILD         = "13";
+    public static final String     BUILD         = "14";
     
     /**
      *  This is the generic version string you should use

Modified: incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/auth/user/XMLUserDatabase.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/auth/user/XMLUserDatabase.java?rev=756320&r1=756319&r2=756320&view=diff
==============================================================================
--- incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/auth/user/XMLUserDatabase.java (original)
+++ incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/auth/user/XMLUserDatabase.java Fri Mar 20 03:24:23 2009
@@ -546,6 +546,7 @@
             }
         }
         
+        setAttribute( user, UID, profile.getUid() );
         setAttribute( user, LAST_MODIFIED, c_format.format( modDate ) );
         setAttribute( user, LOGIN_NAME, profile.getLoginName() );
         setAttribute( user, FULL_NAME, profile.getFullname() );
@@ -623,7 +624,7 @@
                 
                 // Parse basic attributes
                 profile.setUid( user.getAttribute( UID ) );
-                if ( profile.getUid() == null )
+                if ( profile.getUid() == null || profile.getUid().length() == 0 )
                 {
                     profile.setUid( generateUid( this ) );
                 }

Modified: incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/ui/InputValidator.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/ui/InputValidator.java?rev=756320&r1=756319&r2=756320&view=diff
==============================================================================
--- incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/ui/InputValidator.java (original)
+++ incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/ui/InputValidator.java Fri Mar 20 03:24:23 2009
@@ -51,7 +51,7 @@
 
     protected static final Pattern EMAIL_PATTERN  = Pattern.compile( "^[0-9a-zA-Z-_\\.\\+]+@([0-9a-zA-Z-_]+\\.)+[a-zA-Z]+$" );
 
-    protected static final Pattern UNSAFE_PATTERN = Pattern.compile( "[\\x00\\r\\n\\x0f\"':<>;&@\\xff{}\\$%\\\\]" );
+    protected static final Pattern UNSAFE_PATTERN = Pattern.compile( "[\\x00\\r\\n\\x0f\"':<>\\[\\];#&@\\xff{}\\$%\\\\]" );
 
     /** Used when checking against IDs such as a full name when saving groups.
      *  @since 2.4.82 */
@@ -146,7 +146,7 @@
             valid = !matcher.find();
             if ( !valid )
             {
-                Object[] args = { label, "&quot;&#39;&lt;&gt;;&amp;\\@{}%$" };
+                Object[] args = { label, "&quot;&#39;&lt;&gt;;&amp;[]#\\@{}%$" };
                 m_session.addMessage( m_form, MessageFormat.format( rb.getString("validate.unsafechars"),
                                                                     args ) );
             }

Modified: incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/tests/com/ecyrd/jspwiki/auth/user/JDBCUserDatabaseTest.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/tests/com/ecyrd/jspwiki/auth/user/JDBCUserDatabaseTest.java?rev=756320&r1=756319&r2=756320&view=diff
==============================================================================
--- incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/tests/com/ecyrd/jspwiki/auth/user/JDBCUserDatabaseTest.java (original)
+++ incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/tests/com/ecyrd/jspwiki/auth/user/JDBCUserDatabaseTest.java Fri Mar 20 03:24:23 2009
@@ -413,6 +413,11 @@
             assertNotNull( profile.getCreated() );
             assertNotNull( profile.getLastModified() );
             assertEquals( profile.getCreated(), profile.getLastModified() );
+            
+            // Make sure we can find it by uid
+            String uid = profile.getUid();
+            assertNotNull( m_db.findByUid( uid ) );
+
         }
         catch( NoSuchPrincipalException e )
         {

Modified: incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/tests/com/ecyrd/jspwiki/auth/user/XMLUserDatabaseTest.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/tests/com/ecyrd/jspwiki/auth/user/XMLUserDatabaseTest.java?rev=756320&r1=756319&r2=756320&view=diff
==============================================================================
--- incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/tests/com/ecyrd/jspwiki/auth/user/XMLUserDatabaseTest.java (original)
+++ incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/tests/com/ecyrd/jspwiki/auth/user/XMLUserDatabaseTest.java Fri Mar 20 03:24:23 2009
@@ -327,6 +327,10 @@
           profile = m_db.findByEmail("user@example.com");
           assertEquals("user@example.com", profile.getEmail());
           assertTrue( CryptoUtil.verifySaltedPassword( "password".getBytes(), profile.getPassword() ) );
+          
+          // Make sure we can find it by uid
+          String uid = profile.getUid();
+          assertNotNull( m_db.findByUid( uid ) );
       }
       catch (NoSuchPrincipalException e)
       {