[myfaces-tobago] branch master updated: TOBAGO-1891 Allow only numbers and alphabetic characters for markups

[hn...@apache.org]

This is an automated email from the ASF dual-hosted git repository.

hnoeth pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/myfaces-tobago.git


The following commit(s) were added to refs/heads/master by this push:
     new 45bc077  TOBAGO-1891 Allow only numbers and alphabetic characters for markups
45bc077 is described below

commit 45bc077be87110f1add118185ba9f2545d311484
Author: Henning Noeth <hn...@apache.org>
AuthorDate: Thu Apr 19 12:10:03 2018 +0200

    TOBAGO-1891 Allow only numbers and alphabetic characters for markups
    
    * markups can now only have numeric and alphabetic characters
    * if a special character is detected a warning is logged
    * added some markup unit test
---
 .../org/apache/myfaces/tobago/context/Markup.java  | 44 +++++++++++++++++++---
 .../myfaces/tobago/context/MarkupUnitTest.java     |  6 +++
 2 files changed, 44 insertions(+), 6 deletions(-)

diff --git a/tobago-core/src/main/java/org/apache/myfaces/tobago/context/Markup.java b/tobago-core/src/main/java/org/apache/myfaces/tobago/context/Markup.java
index 5b4b5d3..0f05db0 100644
--- a/tobago-core/src/main/java/org/apache/myfaces/tobago/context/Markup.java
+++ b/tobago-core/src/main/java/org/apache/myfaces/tobago/context/Markup.java
@@ -21,6 +21,8 @@ package org.apache.myfaces.tobago.context;
 
 import org.apache.myfaces.tobago.internal.util.ArrayUtils;
 import org.apache.myfaces.tobago.internal.util.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import java.io.Serializable;
 import java.util.ArrayList;
@@ -54,6 +56,8 @@ import java.util.List;
  */
 public final class Markup implements Serializable, Iterable<String> {
 
+  private static final Logger LOG = LoggerFactory.getLogger(Markup.class);
+
   public static final Markup NULL = new Markup((String) null);
 
   public static final Markup ASCENDING = valueOf("ascending");
@@ -222,13 +226,41 @@ public final class Markup implements Serializable, Iterable<String> {
   private final String value;
 
   private Markup(final String[] values) {
-    this.values = values;
+    this.values = values != null ? filterSpecialChars(values) : null;
     this.value = null;
   }
 
   private Markup(final String value) {
     this.values = null;
-    this.value = value;
+    this.value = value != null ? filterSpecialChars(value) : null;
+  }
+
+  private String[] filterSpecialChars(final String[] values) {
+    for (int i = 0; i < values.length; i++) {
+      values[i] = filterSpecialChars(values[i]);
+    }
+    return values;
+  }
+
+  private String filterSpecialChars(String value) {
+    StringBuilder stringBuilder = new StringBuilder(value.length());
+    boolean forbiddenCharFound = false;
+    for (int i = 0; i < value.length(); i++) {
+      final char c = value.charAt(i);
+      if (('0' <= c && c <= '9') || ('A' <= c && c <= 'Z') || ('a' <= c && c <= 'z')) {
+        stringBuilder.append(c);
+      } else {
+        forbiddenCharFound = true;
+      }
+    }
+    if (forbiddenCharFound) {
+      final String newValue = stringBuilder.toString();
+      LOG.warn("Only numeric and alphabetic characters are allowed for markups: '{}' converted to '{}'.", value,
+          newValue);
+      return newValue;
+    } else {
+      return value;
+    }
   }
 
   public static Markup valueOf(final String[] values) {
@@ -237,11 +269,11 @@ public final class Markup implements Serializable, Iterable<String> {
     } else if (values.length == 1) {
       return valueOf(values[0]);
     } else {
-      final Markup markup = new Markup(values.clone());
-      for (int i = 0; i < markup.values.length; i++) {
-        markup.values[i] = markup.values[i].trim();
+      final String[] clonedValues = values.clone();
+      for (int i = 0; i < clonedValues.length; i++) {
+        clonedValues[i] = clonedValues[i].trim();
       }
-      return markup;
+      return new Markup(clonedValues);
     }
   }
 
diff --git a/tobago-core/src/test/java/org/apache/myfaces/tobago/context/MarkupUnitTest.java b/tobago-core/src/test/java/org/apache/myfaces/tobago/context/MarkupUnitTest.java
index a78a413..38519bd 100644
--- a/tobago-core/src/test/java/org/apache/myfaces/tobago/context/MarkupUnitTest.java
+++ b/tobago-core/src/test/java/org/apache/myfaces/tobago/context/MarkupUnitTest.java
@@ -36,6 +36,10 @@ public class MarkupUnitTest {
   public void testString() {
     Assert.assertNull(Markup.valueOf((String) null));
 
+    Assert.assertEquals("foobar", Markup.valueOf("foo$bar").toString());
+
+    Assert.assertEquals("fooBar", Markup.valueOf("fooBar").toString());
+
     Assert.assertArrayEquals(new String[]{"accent"}, toArray(Markup.valueOf("accent").iterator()));
 
     Assert.assertArrayEquals(AB, toArray(Markup.valueOf("a,b").iterator()));
@@ -45,6 +49,8 @@ public class MarkupUnitTest {
     Assert.assertArrayEquals(AB, toArray(Markup.valueOf("a b").iterator()));
 
     Assert.assertArrayEquals(AB, toArray(Markup.valueOf(", \ta , ,\n b ,").iterator()));
+
+    Assert.assertArrayEquals(AB, toArray(Markup.valueOf(", \ta\" , ,\n b ,").iterator()));
   }
 
   @Test

-- 
To stop receiving notification emails like this one, please contact
hnoeth@apache.org.