You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@roller.apache.org by sn...@apache.org on 2006/11/21 16:52:00 UTC
svn commit: r477713 - in /incubator/roller/trunk: src/org/apache/roller/ui/authoring/struts/actions/BookmarkSaveAction.java web/WEB-INF/classes/ApplicationResources.properties

Author: snoopdave
Date: Tue Nov 21 07:51:59 2006
New Revision: 477713

URL: http://svn.apache.org/viewvc?view=rev&rev=477713
Log:
ROL-1279: Bookmark form should check for valid URLs

Modified:
    incubator/roller/trunk/src/org/apache/roller/ui/authoring/struts/actions/BookmarkSaveAction.java
    incubator/roller/trunk/web/WEB-INF/classes/ApplicationResources.properties

Modified: incubator/roller/trunk/src/org/apache/roller/ui/authoring/struts/actions/BookmarkSaveAction.java
URL: http://svn.apache.org/viewvc/incubator/roller/trunk/src/org/apache/roller/ui/authoring/struts/actions/BookmarkSaveAction.java?view=diff&rev=477713&r1=477712&r2=477713
==============================================================================
--- incubator/roller/trunk/src/org/apache/roller/ui/authoring/struts/actions/BookmarkSaveAction.java (original)
+++ incubator/roller/trunk/src/org/apache/roller/ui/authoring/struts/actions/BookmarkSaveAction.java Tue Nov 21 07:51:59 2006
@@ -20,8 +20,11 @@
  */
 package org.apache.roller.ui.authoring.struts.actions;
 
+import java.net.MalformedURLException;
+import java.net.URL;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.lang.StringUtils;
 
 import org.apache.struts.action.Action;
 import org.apache.struts.action.ActionError;
@@ -44,6 +47,7 @@
  * @struts.action path="/roller-ui/authoring/bookmarkSave" name="bookmarkFormEx"
  *    validate="true" input="/roller-ui/authoring/bookmarkEdit.do"
  * @struts.action-forward name="Bookmarks" path="/roller-ui/authoring/bookmarks.do?method=selectFolder"
+ * @struts.action-forward name="BookmarkForm" path=".BookmarkForm"
  * 
  * @author Dave Johnson
  */
@@ -60,7 +64,7 @@
         BookmarkFormEx form = (BookmarkFormEx)actionForm;
         RollerRequest rreq = RollerRequest.getRollerRequest(request);
         BookmarkManager bmgr = RollerFactory.getRoller().getBookmarkManager();
-
+        
         BookmarkData bd = null;
         if (null != form.getId() && !form.getId().trim().equals("")) 
         {
@@ -73,6 +77,14 @@
                 request.getParameter(RequestConstants.FOLDER_ID));
             bd.setFolder(fd);
         }
+
+        // Fix for ROL-1279, check for valid bookmark URLs
+        ActionErrors errors = validateBookmark(null, form);
+        if (errors.size() > 0) {
+            saveErrors(request, errors);
+            return mapping.findForward("BookmarkForm");
+        }
+
         RollerSession rses = RollerSession.getRollerSession(request);
         if (bd.getFolder().getWebsite().hasUserPermissions(
                 rses.getAuthenticatedUser(), PermissionsData.AUTHOR))
@@ -88,13 +100,35 @@
         }
         else 
         {
-            ActionErrors errors = new ActionErrors();
             errors.add(null, new ActionError("error.permissions.deniedSave"));
             saveErrors(request, errors);
             forward = mapping.findForward("access-denied");
         }
         return forward;
         
+    }
+    
+    public ActionErrors validateBookmark(ActionErrors errors, BookmarkFormEx form) {
+        if (errors == null) errors = new ActionErrors();
+        if (StringUtils.isNotEmpty(form.getUrl()) && !validURL(form.getUrl())) {
+            errors.add("url", new ActionError("bookmarkForm.error.invalidURL", form.getUrl()));
+        }
+        if (StringUtils.isNotEmpty(form.getFeedUrl()) && !validURL(form.getFeedUrl())) {
+            errors.add("feedUrl", new ActionError("bookmarkForm.error.invalidURL", form.getFeedUrl()));
+        }
+        if (StringUtils.isNotEmpty(form.getImage()) && !validURL(form.getImage())) {
+            errors.add("image", new ActionError("bookmarkForm.error.invalidURL", form.getImage()));
+        }
+        return errors;
+    }
+    
+    public boolean validURL(String url) {
+        boolean valid = false;
+        try {
+            URL test = new URL(url);
+            valid = true;
+        } catch (MalformedURLException intentionallyIgnored) {}
+        return valid;
     }
 
 }

Modified: incubator/roller/trunk/web/WEB-INF/classes/ApplicationResources.properties
URL: http://svn.apache.org/viewvc/incubator/roller/trunk/web/WEB-INF/classes/ApplicationResources.properties?view=diff&rev=477713&r1=477712&r2=477713
==============================================================================
--- incubator/roller/trunk/web/WEB-INF/classes/ApplicationResources.properties (original)
+++ incubator/roller/trunk/web/WEB-INF/classes/ApplicationResources.properties Tue Nov 21 07:51:59 2006
@@ -45,6 +45,8 @@
 bookmarkForm.url=Bookmark URL
 bookmarkForm.weight=Display Weight
 
+bookmarkForm.error.invalidURL=Invalid URL: {0}
+
 # ----------------------------------------------------------- BookmarksForm.jsp
 
 bookmarksForm.root=root
@@ -493,6 +495,7 @@
 correct username.
 error.permissionDenied.reason3=Your blog server's database connection is \
 misconfigured. To resolve this problem, see your system administrator.
+
 
 #-------------------------------------------------------------- Struts Validator