You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by jb...@apache.org on 2008/12/18 04:54:11 UTC
svn commit: r727631 - in /geronimo/server/trunk:
framework/modules/geronimo-kernel/src/main/java/org/apache/geronimo/kernel/repository/AbstractRepository.java
plugins/console/console-base-portlets/src/main/webapp/WEB-INF/view/repository/normal.jsp
Author: jbohn
Date: Wed Dec 17 19:54:10 2008
New Revision: 727631
URL: http://svn.apache.org/viewvc?rev=727631&view=rev
Log:
GERONIMO-4473 validate group, artifact, version and type when adding an archive to the repo
Modified:
geronimo/server/trunk/framework/modules/geronimo-kernel/src/main/java/org/apache/geronimo/kernel/repository/AbstractRepository.java
geronimo/server/trunk/plugins/console/console-base-portlets/src/main/webapp/WEB-INF/view/repository/normal.jsp
Modified: geronimo/server/trunk/framework/modules/geronimo-kernel/src/main/java/org/apache/geronimo/kernel/repository/AbstractRepository.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/framework/modules/geronimo-kernel/src/main/java/org/apache/geronimo/kernel/repository/AbstractRepository.java?rev=727631&r1=727630&r2=727631&view=diff
==============================================================================
--- geronimo/server/trunk/framework/modules/geronimo-kernel/src/main/java/org/apache/geronimo/kernel/repository/AbstractRepository.java (original)
+++ geronimo/server/trunk/framework/modules/geronimo-kernel/src/main/java/org/apache/geronimo/kernel/repository/AbstractRepository.java Wed Dec 17 19:54:10 2008
@@ -27,6 +27,8 @@
import java.util.HashMap;
import java.util.LinkedHashSet;
import java.util.Map;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
import java.util.zip.ZipEntry;
import java.util.zip.ZipException;
import java.util.zip.ZipFile;
@@ -50,6 +52,7 @@
public abstract class AbstractRepository implements WriteableRepository {
protected final Logger log = LoggerFactory.getLogger(getClass());
private final static ArtifactTypeHandler DEFAULT_TYPE_HANDLER = new CopyArtifactTypeHandler();
+ private final static Pattern ILLEGAL_CHARS = Pattern.compile("[\\.]{2}|[()<>,;:\\\\/\"\']");
protected final File rootFile;
private final Map<String, ArtifactTypeHandler> typeHandlers = new HashMap<String, ArtifactTypeHandler>();
@@ -153,6 +156,20 @@
}
public void copyToRepository(File source, Artifact destination, FileWriteMonitor monitor) throws IOException {
+
+ // ensure there are no illegal chars in destination elements
+ Matcher groupMatcher = ILLEGAL_CHARS.matcher(destination.getGroupId());
+ Matcher artifactMatcher = ILLEGAL_CHARS.matcher(destination.getArtifactId());
+ Matcher versionMatcher = ILLEGAL_CHARS.matcher(destination.getVersion().toString());
+ Matcher typeMatcher = ILLEGAL_CHARS.matcher(destination.getType());
+ if (groupMatcher.find() ||
+ artifactMatcher.find() ||
+ versionMatcher.find() ||
+ typeMatcher.find())
+ {
+ throw new IllegalArgumentException("Artifact "+destination+" contains illegal characters, .. ( ) < > , ; : / \\ \' \" ");
+ }
+
if(!destination.isResolved()) {
throw new IllegalArgumentException("Artifact "+destination+" is not fully resolved");
}
Modified: geronimo/server/trunk/plugins/console/console-base-portlets/src/main/webapp/WEB-INF/view/repository/normal.jsp
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/console/console-base-portlets/src/main/webapp/WEB-INF/view/repository/normal.jsp?rev=727631&r1=727630&r2=727631&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/console/console-base-portlets/src/main/webapp/WEB-INF/view/repository/normal.jsp (original)
+++ geronimo/server/trunk/plugins/console/console-base-portlets/src/main/webapp/WEB-INF/view/repository/normal.jsp Wed Dec 17 19:54:10 2008
@@ -37,7 +37,8 @@
</style>
<script language="JavaScript">
-function <portlet:namespace/>validate() {
+function <portlet:namespace/>validateForm() {
+ var illegalChars= /[\.]{2}|[()<>,;:\\/"']/ ;
if (! (document.<portlet:namespace/>fileSelect.local.value
&& document.<portlet:namespace/>fileSelect.group.value
&& document.<portlet:namespace/>fileSelect.artifact.value
@@ -46,6 +47,18 @@
{
alert("File, Group, Artifact, Version, and Type are all required fields");
return false;
+ } else if (document.<portlet:namespace/>fileSelect.group.value.match(illegalChars)) {
+ alert("Group contains invalid characters - must only contain letters, numbers, and underscores");
+ return false;
+ } else if (document.<portlet:namespace/>fileSelect.artifact.value.match(illegalChars)) {
+ alert("Artifact contains invalid characters - must only contain letters, numbers, and underscores");
+ return false;
+ } else if (document.<portlet:namespace/>fileSelect.version.value.match(illegalChars)) {
+ alert("Version contains invalid characters - must only contain letters, numbers, and underscores");
+ return false;
+ } else if (document.<portlet:namespace/>fileSelect.fileType.value.match(illegalChars)) {
+ alert("File type contains invalid characters - must only contain letters, numbers, and underscores");
+ return false;
}
}
@@ -94,7 +107,7 @@
<table width="100%">
<tr>
<td align="center">
- <form onsubmit="return <portlet:namespace/>validate();" enctype="multipart/form-data" name="<portlet:namespace/>fileSelect" method="POST" action="<portlet:actionURL><portlet:param name="action" value="deploy"/></portlet:actionURL>">
+ <form onsubmit="return <portlet:namespace/>validateForm();" enctype="multipart/form-data" name="<portlet:namespace/>fileSelect" method="POST" action="<portlet:actionURL><portlet:param name="action" value="deploy"/></portlet:actionURL>">
<table>
<tr>
<th colspan="2"><fmt:message key="repository.normal.addArchiveToRepository"/></th>