You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@roller.apache.org by gh...@apache.org on 2014/06/16 09:35:05 UTC

svn commit: r1602813 - in /roller/trunk/app/src/main: java/org/apache/roller/weblogger/ui/rendering/servlets/CommentServlet.java resources/ApplicationResources.properties webapp/WEB-INF/velocity/weblog.vm

Author: ghuber
Date: Mon Jun 16 07:35:05 2014
New Revision: 1602813

URL: http://svn.apache.org/r1602813
Log:
ROL-2002

Modified:
    roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/rendering/servlets/CommentServlet.java
    roller/trunk/app/src/main/resources/ApplicationResources.properties
    roller/trunk/app/src/main/webapp/WEB-INF/velocity/weblog.vm

Modified: roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/rendering/servlets/CommentServlet.java
URL: http://svn.apache.org/viewvc/roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/rendering/servlets/CommentServlet.java?rev=1602813&r1=1602812&r2=1602813&view=diff
==============================================================================
--- roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/rendering/servlets/CommentServlet.java (original)
+++ roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/rendering/servlets/CommentServlet.java Mon Jun 16 07:35:05 2014
@@ -21,14 +21,17 @@ package org.apache.roller.weblogger.ui.r
 import java.io.IOException;
 import java.sql.Timestamp;
 import java.util.Iterator;
+
 import javax.servlet.RequestDispatcher;
 import javax.servlet.ServletConfig;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.apache.commons.validator.routines.UrlValidator;
 import org.apache.roller.util.RollerConstants;
 import org.apache.roller.weblogger.WebloggerException;
 import org.apache.roller.weblogger.config.WebloggerConfig;
@@ -276,6 +279,14 @@ public class CommentServlet extends Http
                     .getString("error.commentPostFailedEmailAddress");
             log.debug("Email Adddress is invalid : "
                     + commentRequest.getEmail());
+            // if there is an URL it must be valid
+        } else if (commentRequest.getUrl() != null) {
+            String[] customSchemes = { "http", "https" };
+            if (!new UrlValidator(customSchemes).isValid(commentRequest
+                    .getUrl())) {
+                error = messageUtils.getString("error.commentPostFailedURL");
+                log.debug("URL is invalid : " + commentRequest.getUrl());
+            }
             // if this is a real comment post then authenticate request
         } else if (!preview && !this.authenticator.authenticate(request)) {
             String[] msg = { request.getParameter("answer") };

Modified: roller/trunk/app/src/main/resources/ApplicationResources.properties
URL: http://svn.apache.org/viewvc/roller/trunk/app/src/main/resources/ApplicationResources.properties?rev=1602813&r1=1602812&r2=1602813&view=diff
==============================================================================
--- roller/trunk/app/src/main/resources/ApplicationResources.properties (original)
+++ roller/trunk/app/src/main/resources/ApplicationResources.properties Mon Jun 16 07:35:05 2014
@@ -235,6 +235,7 @@ comments.ldapAuthenticatorPassword=Pleas
 
 error.commentAuthFailed=The response {0} is not correct.  Please try again.
 error.commentPostFailedEmailAddress=The e-mail address is invalid.
+error.commentPostFailedURL=The URL is invalid.
 
 # -------------------------------------------------------- comment validators
 

Modified: roller/trunk/app/src/main/webapp/WEB-INF/velocity/weblog.vm
URL: http://svn.apache.org/viewvc/roller/trunk/app/src/main/webapp/WEB-INF/velocity/weblog.vm?rev=1602813&r1=1602812&r2=1602813&view=diff
==============================================================================
--- roller/trunk/app/src/main/webapp/WEB-INF/velocity/weblog.vm (original)
+++ roller/trunk/app/src/main/webapp/WEB-INF/velocity/weblog.vm Mon Jun 16 07:35:05 2014
@@ -373,7 +373,7 @@ Show comments form for weblog entry. 
         <span class="status">$cform.message</span>
     #end
 
-    <form method="post" action="$url.entry($entry.anchor)" focus="name" name="commentForm" onsubmit="fixURL(this); return validateComments(this)">
+    <form method="post" action="$url.entry($entry.anchor)" focus="name" name="commentForm" onsubmit="saveUserInformation(this); return validateComments(this)">
         <input type="hidden" name="method" value="post" />
 
         <ul>
@@ -449,14 +449,6 @@ Show comments form for weblog entry. 
         document.forms['commentForm'].rememberInfo.checked = true;
     }
 
-    function fixURL(theForm) {
-        if (theForm.url.value != "" &&
-            theForm.url.value.indexOf("http://") == -1) { //prepend http://
-            theForm.url.value = "http://"+theForm.url.value;
-        }
-        saveUserInformation(theForm);
-    }
-
     function saveUserInformation(theForm) {
         if (theForm.rememberInfo.checked) {
             rememberUser(theForm);