You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by lu...@apache.org on 2012/02/02 21:00:44 UTC
svn commit: r1239799 [7/9] - in
/myfaces/shared/trunk_4.0.x/core/src/main/java/org/apache/myfaces/shared:
application/ config/ context/flash/ renderkit/ renderkit/html/
renderkit/html/util/ resource/ util/ util/io/ util/xml/
Modified: myfaces/shared/trunk_4.0.x/core/src/main/java/org/apache/myfaces/shared/resource/ResourceValidationUtils.java
URL: http://svn.apache.org/viewvc/myfaces/shared/trunk_4.0.x/core/src/main/java/org/apache/myfaces/shared/resource/ResourceValidationUtils.java?rev=1239799&r1=1239798&r2=1239799&view=diff
==============================================================================
--- myfaces/shared/trunk_4.0.x/core/src/main/java/org/apache/myfaces/shared/resource/ResourceValidationUtils.java (original)
+++ myfaces/shared/trunk_4.0.x/core/src/main/java/org/apache/myfaces/shared/resource/ResourceValidationUtils.java Thu Feb 2 20:00:42 2012
@@ -1,114 +1,199 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.myfaces.shared.resource;
-
-public class ResourceValidationUtils
-{
- public static boolean isValidResourceName(String resourceName)
- {
- return validate(resourceName, true);
- }
-
- public static boolean isValidLibraryName(String libraryName)
- {
- return validate(libraryName, false);
- }
-
- public static boolean isValidLocalePrefix(String localePrefix)
- {
- for (int i = 0; i < localePrefix.length(); i++)
- {
- char c = localePrefix.charAt(i);
- if ( (c >='A' && c <='Z') || c == '_' || (c >='a' && c <='z') || (c >='0' && c <='9') )
- {
- continue;
- }
- else
- {
- return false;
- }
- }
- return true;
- }
-
- private static boolean validate(String expression, boolean allowSlash)
- {
- if (expression.length() == 2 &&
- expression.charAt(0) == '.' &&
- expression.charAt(1) == '.')
- {
- return false;
- }
- for (int i = 0; i < expression.length(); i++)
- {
- char c = expression.charAt(i);
-
- // Enforce NameChar convention as specified
- // http://www.w3.org/TR/REC-xml/#NT-NameChar
- // Valid characters for NameChar
- // ":" | [A-Z] | "_" | [a-z] | [#xC0-#xD6] | [#xD8-#xF6] |
- // [#xF8-#x2FF] | [#x370-#x37D] | [#x37F-#x1FFF] | [#x200C-#x200D] |
- // [#x2070-#x218F] | [#x2C00-#x2FEF] | [#x3001-#xD7FF] | [#xF900-#xFDCF]
- // | [#xFDF0-#xFFFD] | [#x10000-#xEFFFF]
- // "-" | "." | [0-9] | #xB7 | [#x0300-#x036F] | [#x203F-#x2040]
- // Excluding ":"
- if ( (c >='A' && c <='Z') || c == '_' || (c >='a' && c <='z') ||
- (c >=0xC0 && c <=0xD6) || (c >=0xD8 && c <=0xF6) ||
- (c >=0xF8 && c <=0x2FF) || (c >=0x370 && c <=0x37D) ||
- (c >=0x37F && c <=0x1FFF) || (c >=0x200C && c <=0x200D) ||
- (c >=0x2070 && c <=0x218F) || (c >=0x2C00 && c <=0x2FEF) ||
- (c >=0x3001 && c <=0xD7FF) || (c >=0xF900 && c <=0xFDCF) ||
- (c >=0xFDF0 && c <=0xFFFD) || (c >=0x10000 && c <=0xEFFFF) ||
- c == '-' || (c >='0' && c <='9') || c == 0xB7 || (c >=0x300 && c <=0x36F) ||
- (c >=0x203F && c <=0x2040) || (allowSlash && c == '/')
- )
- {
- continue;
- }
- else if (c == '.')
- {
- if (i+2 < expression.length())
- {
- char c1 = expression.charAt(i+1);
- char c2 = expression.charAt(i+2);
- if (c == c1 && (c2 == '/' || c2 == '\\' ) )
- {
- return false;
- }
- }
- continue;
- }
- else
- {
- return false;
- }
- }
- if (expression.length() >= 3)
- {
- int length = expression.length();
- if ( (expression.charAt(length-3) == '/' || expression.charAt(length-3) == '\\' ) &&
- expression.charAt(length-2) == '.' &&
- expression.charAt(length-1) == '.' )
- {
- return false;
- }
- }
- return true;
- }
-}
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.myfaces.shared.resource;
+
+public class ResourceValidationUtils
+{
+ public static boolean isValidResourceName(String resourceName)
+ {
+ return validateResourceName(resourceName, true);
+ }
+
+ public static boolean isValidLibraryName(String libraryName)
+ {
+ return validate(libraryName, false);
+ }
+
+ public static boolean isValidLibraryName(String libraryName, boolean allowSlash)
+ {
+ return validate(libraryName, allowSlash);
+ }
+
+ public static boolean isValidLocalePrefix(String localePrefix)
+ {
+ for (int i = 0; i < localePrefix.length(); i++)
+ {
+ char c = localePrefix.charAt(i);
+ if ( (c >='A' && c <='Z') || c == '_' || (c >='a' && c <='z') || (c >='0' && c <='9') )
+ {
+ continue;
+ }
+ else
+ {
+ return false;
+ }
+ }
+ return true;
+ }
+
+ private static boolean validate(String expression, boolean allowSlash)
+ {
+ if (expression.length() == 2 &&
+ expression.charAt(0) == '.' &&
+ expression.charAt(1) == '.')
+ {
+ return false;
+ }
+ for (int i = 0; i < expression.length(); i++)
+ {
+ char c = expression.charAt(i);
+
+ // Enforce NameChar convention as specified
+ // http://www.w3.org/TR/REC-xml/#NT-NameChar
+ // Valid characters for NameChar
+ // ":" | [A-Z] | "_" | [a-z] | [#xC0-#xD6] | [#xD8-#xF6] |
+ // [#xF8-#x2FF] | [#x370-#x37D] | [#x37F-#x1FFF] | [#x200C-#x200D] |
+ // [#x2070-#x218F] | [#x2C00-#x2FEF] | [#x3001-#xD7FF] | [#xF900-#xFDCF]
+ // | [#xFDF0-#xFFFD] | [#x10000-#xEFFFF]
+ // "-" | "." | [0-9] | #xB7 | [#x0300-#x036F] | [#x203F-#x2040]
+ // Excluding ":"
+ if ( (c >='A' && c <='Z') || c == '_' || (c >='a' && c <='z') ||
+ (c >=0xC0 && c <=0xD6) || (c >=0xD8 && c <=0xF6) ||
+ (c >=0xF8 && c <=0x2FF) || (c >=0x370 && c <=0x37D) ||
+ (c >=0x37F && c <=0x1FFF) || (c >=0x200C && c <=0x200D) ||
+ (c >=0x2070 && c <=0x218F) || (c >=0x2C00 && c <=0x2FEF) ||
+ (c >=0x3001 && c <=0xD7FF) || (c >=0xF900 && c <=0xFDCF) ||
+ (c >=0xFDF0 && c <=0xFFFD) || (c >=0x10000 && c <=0xEFFFF) ||
+ c == '-' || (c >='0' && c <='9') || c == 0xB7 || (c >=0x300 && c <=0x36F) ||
+ (c >=0x203F && c <=0x2040) || (allowSlash && c == '/')
+ )
+ {
+ continue;
+ }
+ else if (c == '.')
+ {
+ if (i+2 < expression.length())
+ {
+ char c1 = expression.charAt(i+1);
+ char c2 = expression.charAt(i+2);
+ if (c == c1 && (c2 == '/' || c2 == '\\' ) )
+ {
+ return false;
+ }
+ }
+ continue;
+ }
+ else
+ {
+ return false;
+ }
+ }
+ if (expression.length() >= 3)
+ {
+ int length = expression.length();
+ if ( (expression.charAt(length-3) == '/' || expression.charAt(length-3) == '\\' ) &&
+ expression.charAt(length-2) == '.' &&
+ expression.charAt(length-1) == '.' )
+ {
+ return false;
+ }
+ }
+ return true;
+ }
+
+ private static boolean validateResourceName(String expression, boolean allowSlash)
+ {
+ if (expression.length() == 2 &&
+ expression.charAt(0) == '.' &&
+ expression.charAt(1) == '.')
+ {
+ return false;
+ }
+ for (int i = 0; i < expression.length(); i++)
+ {
+ char c = expression.charAt(i);
+
+ // Enforce NameChar convention as specified
+ // http://www.w3.org/TR/REC-xml/#NT-NameChar
+ // Valid characters for NameChar
+ // ":" | [A-Z] | "_" | [a-z] | [#xC0-#xD6] | [#xD8-#xF6] |
+ // [#xF8-#x2FF] | [#x370-#x37D] | [#x37F-#x1FFF] | [#x200C-#x200D] |
+ // [#x2070-#x218F] | [#x2C00-#x2FEF] | [#x3001-#xD7FF] | [#xF900-#xFDCF]
+ // | [#xFDF0-#xFFFD] | [#x10000-#xEFFFF]
+ // "-" | "." | [0-9] | #xB7 | [#x0300-#x036F] | [#x203F-#x2040]
+ // Excluding ":"
+
+ // Forbidden chars by win
+ // < (less than)
+ // > (greater than)
+ // : (colon)
+ // " (double quote)
+ // / (forward slash)
+ // \ (backslash)
+ // | (vertical bar or pipe)
+ // ? (question mark)
+ // * (asterisk)
+ // Do not use chars in UNIX because they have special meaning
+ // *&%$|^/\~
+ if ( (c >='A' && c <='Z') || c == '_' || (c >='a' && c <='z') ||
+ (c >=0xC0 && c <=0xD6) || (c >=0xD8 && c <=0xF6) ||
+ (c >=0xF8 && c <=0x2FF) || (c >=0x370 && c <=0x37D) ||
+ (c >=0x37F && c <=0x1FFF) || (c >=0x200C && c <=0x200D) ||
+ (c >=0x2070 && c <=0x218F) || (c >=0x2C00 && c <=0x2FEF) ||
+ (c >=0x3001 && c <=0xD7FF) || (c >=0xF900 && c <=0xFDCF) ||
+ (c >=0xFDF0 && c <=0xFFFD) || (c >=0x10000 && c <=0xEFFFF) ||
+ (c == '-') || (c >='0' && c <='9') || c == 0xB7 || (c >=0x300 && c <=0x36F) ||
+ (c >=0x203F && c <=0x2040) || (allowSlash && c == '/') ||
+ (c == '!') || (c == '#') || (c == '\'') || (c == '(') || (c == ')') ||
+ (c == '+') || (c == ',') || (c == ';' ) || (c == '=') ||
+ (c == '@') || (c == '[') || (c == ']' ) || (c == '{') || (c == '}'))
+ {
+ continue;
+ }
+ else if (c == '.')
+ {
+ if (i+2 < expression.length())
+ {
+ char c1 = expression.charAt(i+1);
+ char c2 = expression.charAt(i+2);
+ if (c == c1 && (c2 == '/' || c2 == '\\' ) )
+ {
+ return false;
+ }
+ }
+ continue;
+ }
+ else
+ {
+ return false;
+ }
+ }
+ if (expression.length() >= 3)
+ {
+ int length = expression.length();
+ if ( (expression.charAt(length-3) == '/' || expression.charAt(length-3) == '\\' ) &&
+ expression.charAt(length-2) == '.' &&
+ expression.charAt(length-1) == '.' )
+ {
+ return false;
+ }
+ }
+ return true;
+ }
+}
Modified: myfaces/shared/trunk_4.0.x/core/src/main/java/org/apache/myfaces/shared/resource/ValueExpressionFilterInputStream.java
URL: http://svn.apache.org/viewvc/myfaces/shared/trunk_4.0.x/core/src/main/java/org/apache/myfaces/shared/resource/ValueExpressionFilterInputStream.java?rev=1239799&r1=1239798&r2=1239799&view=diff
==============================================================================
--- myfaces/shared/trunk_4.0.x/core/src/main/java/org/apache/myfaces/shared/resource/ValueExpressionFilterInputStream.java (original)
+++ myfaces/shared/trunk_4.0.x/core/src/main/java/org/apache/myfaces/shared/resource/ValueExpressionFilterInputStream.java Thu Feb 2 20:00:42 2012
@@ -1,162 +1,168 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.myfaces.shared.resource;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.PushbackInputStream;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.logging.Level;
-import java.util.logging.Logger;
-
-import javax.el.ELContext;
-import javax.el.ELException;
-import javax.el.ValueExpression;
-import javax.faces.context.FacesContext;
-import javax.faces.event.ExceptionQueuedEvent;
-import javax.faces.event.ExceptionQueuedEventContext;
-
-import org.apache.myfaces.shared.util.io.DynamicPushbackInputStream;
-
-public class ValueExpressionFilterInputStream extends InputStream
-{
- private PushbackInputStream delegate;
- private String libraryName;
- private String resourceName;
-
- public ValueExpressionFilterInputStream(InputStream in, String libraryName, String resourceName)
- {
- super();
- delegate = new DynamicPushbackInputStream(in,300);
- }
-
- @Override
- public int read() throws IOException
- {
- int c1 = delegate.read();
-
- if (c1 == -1)
- {
- return -1;
- }
-
- if ( ((char)c1) == '#')
- {
- int c2 = delegate.read();
- if (c2 == -1)
- {
- return -1;
- }
- if (((char)c2) == '{')
- {
- //It is a value expression. We need
- //to look for a occurrence of } to
- //extract the expression and evaluate it,
- //the result should be unread.
- List<Integer> expressionList = new ArrayList<Integer>();
- int c3 = delegate.read();
- while ( c3 != -1 && ((char)c3) != '}' )
- {
- expressionList.add(c3);
- c3 = delegate.read();
- }
-
- if (c3 == -1)
- {
- //get back the data, because we can't
- //extract any value expression
- for (int i = 0; i < expressionList.size(); i++)
- {
- delegate.unread(expressionList.get(i));
- }
- delegate.unread(c2);
- return c1;
- }
- else
- {
- //EL expression found. Evaluate it and pushback
- //the result into the stream
- FacesContext context = FacesContext.getCurrentInstance();
- ELContext elContext = context.getELContext();
- try
- {
- ValueExpression ve = context.getApplication().
- getExpressionFactory().createValueExpression(
- elContext,
- "#{"+convertToExpression(expressionList)+"}",
- String.class);
- String value = (String) ve.getValue(elContext);
-
- for (int i = value.length()-1; i >= 0 ; i--)
- {
- delegate.unread((int) value.charAt(i));
- }
- }
- catch(ELException e)
- {
- ExceptionQueuedEventContext equecontext = new ExceptionQueuedEventContext (
- context, e, null);
- context.getApplication().publishEvent (context, ExceptionQueuedEvent.class, equecontext);
-
- Logger log = Logger.getLogger(ResourceImpl.class.getName());
- if (log.isLoggable(Level.SEVERE))
- {
- log.severe("Cannot evaluate EL expression " + convertToExpression(expressionList)
- + " in resource " + (libraryName == null?"":libraryName) + ":" +
- (resourceName == null?"":resourceName));
- }
-
- delegate.unread(c3);
- for (int i = expressionList.size()-1; i >= 0; i--)
- {
- delegate.unread(expressionList.get(i));
- }
- delegate.unread(c2);
- return c1;
- }
-
- //read again
- return delegate.read();
- }
- }
- else
- {
- delegate.unread(c2);
- return c1;
- }
- }
- else
- {
- //just continue
- return c1;
- }
- }
-
- private String convertToExpression(List<Integer> expressionList)
- {
- char[] exprArray = new char[expressionList.size()];
-
- for (int i = 0; i < expressionList.size(); i++)
- {
- exprArray[i] = (char) expressionList.get(i).intValue();
- }
- return String.valueOf(exprArray);
- }
-}
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.myfaces.shared.resource;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.PushbackInputStream;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import javax.el.ELContext;
+import javax.el.ELException;
+import javax.el.ValueExpression;
+import javax.faces.context.FacesContext;
+import javax.faces.event.ExceptionQueuedEvent;
+import javax.faces.event.ExceptionQueuedEventContext;
+
+import org.apache.myfaces.shared.util.io.DynamicPushbackInputStream;
+
+public class ValueExpressionFilterInputStream extends InputStream
+{
+ private PushbackInputStream delegate;
+ private String libraryName;
+ private String resourceName;
+
+ public ValueExpressionFilterInputStream(InputStream in, String libraryName, String resourceName)
+ {
+ super();
+ delegate = new DynamicPushbackInputStream(in,300);
+ }
+
+ @Override
+ public int read() throws IOException
+ {
+ int c1 = delegate.read();
+
+ if (c1 == -1)
+ {
+ return -1;
+ }
+
+ if ( ((char)c1) == '#')
+ {
+ int c2 = delegate.read();
+ if (c2 == -1)
+ {
+ return -1;
+ }
+ if (((char)c2) == '{')
+ {
+ //It is a value expression. We need
+ //to look for a occurrence of } to
+ //extract the expression and evaluate it,
+ //the result should be unread.
+ List<Integer> expressionList = new ArrayList<Integer>();
+ int c3 = delegate.read();
+ while ( c3 != -1 && ((char)c3) != '}' )
+ {
+ expressionList.add(c3);
+ c3 = delegate.read();
+ }
+
+ if (c3 == -1)
+ {
+ //get back the data, because we can't
+ //extract any value expression
+ for (int i = 0; i < expressionList.size(); i++)
+ {
+ delegate.unread(expressionList.get(i));
+ }
+ delegate.unread(c2);
+ return c1;
+ }
+ else
+ {
+ //EL expression found. Evaluate it and pushback
+ //the result into the stream
+ FacesContext context = FacesContext.getCurrentInstance();
+ ELContext elContext = context.getELContext();
+ try
+ {
+ ValueExpression ve = context.getApplication().
+ getExpressionFactory().createValueExpression(
+ elContext,
+ "#{"+convertToExpression(expressionList)+"}",
+ String.class);
+ String value = (String) ve.getValue(elContext);
+
+ for (int i = value.length()-1; i >= 0 ; i--)
+ {
+ delegate.unread((int) value.charAt(i));
+ }
+ }
+ catch(ELException e)
+ {
+ ExceptionQueuedEventContext equecontext = new ExceptionQueuedEventContext (
+ context, e, null);
+ context.getApplication().publishEvent (context, ExceptionQueuedEvent.class, equecontext);
+
+ Logger log = Logger.getLogger(ResourceImpl.class.getName());
+ if (log.isLoggable(Level.SEVERE))
+ {
+ log.severe("Cannot evaluate EL expression " + convertToExpression(expressionList)
+ + " in resource " + (libraryName == null?"":libraryName) + ":" +
+ (resourceName == null?"":resourceName));
+ }
+
+ delegate.unread(c3);
+ for (int i = expressionList.size()-1; i >= 0; i--)
+ {
+ delegate.unread(expressionList.get(i));
+ }
+ delegate.unread(c2);
+ return c1;
+ }
+
+ //read again
+ return delegate.read();
+ }
+ }
+ else
+ {
+ delegate.unread(c2);
+ return c1;
+ }
+ }
+ else
+ {
+ //just continue
+ return c1;
+ }
+ }
+
+ private String convertToExpression(List<Integer> expressionList)
+ {
+ char[] exprArray = new char[expressionList.size()];
+
+ for (int i = 0; i < expressionList.size(); i++)
+ {
+ exprArray[i] = (char) expressionList.get(i).intValue();
+ }
+ return String.valueOf(exprArray);
+ }
+
+ @Override
+ public void close() throws IOException
+ {
+ delegate.close();
+ }
+}