You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by jl...@apache.org on 2009/02/15 11:53:17 UTC
svn commit: r744652 -
/ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilHttp.java
Author: jleroux
Date: Sun Feb 15 10:53:16 2009
New Revision: 744652
URL: http://svn.apache.org/viewvc?rev=744652&view=rev
Log:
This allows to use Windows paths from input fields (like from Entity import for instance)
Modified:
ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilHttp.java
Modified: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilHttp.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilHttp.java?rev=744652&r1=744651&r2=744652&view=diff
==============================================================================
--- ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilHttp.java (original)
+++ ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilHttp.java Sun Feb 15 10:53:16 2009
@@ -245,6 +245,9 @@
public static String canonicalizeParameter(String paramValue) {
try {
+ if (paramValue.contains(":\\")) {
+ paramValue = paramValue.replace("\\", "/");
+ }
String cannedStr = StringUtil.defaultWebEncoder.canonicalize(paramValue, StringUtil.esapiCanonicalizeStrict);
if (Debug.verboseOn()) Debug.logVerbose("Canonicalized parameter with " + (cannedStr.equals(paramValue) ? "no " : "") + "change: original [" + paramValue + "] canned [" + cannedStr + "]", module);
return cannedStr;
Re: svn commit: r744652 -/ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilHttp.java
Posted by Jacques Le Roux <ja...@les7arts.com>.
Hi Hans,
Thanks for the suggestion. I don't know how you envision to use this feature. I guess it could be used in the new version I commited
at r744657, like:
if (paramValue.startsWith(":\\", 1) && File.separatorChar.equal("\\"))) { // This allows to use Windows paths from input fields
But this will still be a non deterministic hack (I agree my current solution has failure probability).
Let me state this issue.
1) We should be able to input Windows style paths
2) It does not work because in UtilHttp.canonicalizeParameter <<StringUtil.defaultWebEncoder.canonicalize(paramValue,
StringUtil.esapiCanonicalizeStrict);>> does not encode correctly such paths.
3) I tried to lookup for a solution inside esapi javadoc http://owasp-esapi-java.googlecode.com/svn/trunk_doc/index.html
4) I then tried to use Encoder.encodeForOS combined with WindowsCodec but it did not work either (it add a ^ before \ don't kwno
why)
5) I also tried with UnixEncoder, no luck eihter
6) then I used this hack
A better bet would be to use a regexp like ^[a-zA-Z]:\\$ but it would still be a hack (non deterministic). So, if somebody has a
better solution I'm ready to change for it...
Jacques
From: "Hans Bakker" <ma...@antwebsystems.com>
> you may want to use what is described in:
> http://java.sun.com/j2se/1.4.2/docs/api/java/io/File.html#separatorChar
>
> On Sun, 2009-02-15 at 10:53 +0000, jleroux@apache.org wrote:
>> Author: jleroux
>> Date: Sun Feb 15 10:53:16 2009
>> New Revision: 744652
>>
>> URL: http://svn.apache.org/viewvc?rev=744652&view=rev
>> Log:
>> This allows to use Windows paths from input fields (like from Entity import for instance)
>>
>> Modified:
>> ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilHttp.java
>>
>> Modified: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilHttp.java
>> URL:
>> http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilHttp.java?rev=744652&r1=744651&r2=744652&view=diff
>> ==============================================================================
>> --- ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilHttp.java (original)
>> +++ ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilHttp.java Sun Feb 15 10:53:16 2009
>> @@ -245,6 +245,9 @@
>>
>> public static String canonicalizeParameter(String paramValue) {
>> try {
>> + if (paramValue.contains(":\\")) {
>> + paramValue = paramValue.replace("\\", "/");
>> + }
>> String cannedStr = StringUtil.defaultWebEncoder.canonicalize(paramValue, StringUtil.esapiCanonicalizeStrict);
>> if (Debug.verboseOn()) Debug.logVerbose("Canonicalized parameter with " + (cannedStr.equals(paramValue) ? "no " :
>> "") + "change: original [" + paramValue + "] canned [" + cannedStr + "]", module);
>> return cannedStr;
>>
>>
> --
> Antwebsystems.com: Quality OFBiz services for competitive prices
>
Re: svn commit: r744652 -
/ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilHttp.java
Posted by Hans Bakker <ma...@antwebsystems.com>.
you may want to use what is described in:
http://java.sun.com/j2se/1.4.2/docs/api/java/io/File.html#separatorChar
On Sun, 2009-02-15 at 10:53 +0000, jleroux@apache.org wrote:
> Author: jleroux
> Date: Sun Feb 15 10:53:16 2009
> New Revision: 744652
>
> URL: http://svn.apache.org/viewvc?rev=744652&view=rev
> Log:
> This allows to use Windows paths from input fields (like from Entity import for instance)
>
> Modified:
> ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilHttp.java
>
> Modified: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilHttp.java
> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilHttp.java?rev=744652&r1=744651&r2=744652&view=diff
> ==============================================================================
> --- ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilHttp.java (original)
> +++ ofbiz/trunk/framework/base/src/org/ofbiz/base/util/UtilHttp.java Sun Feb 15 10:53:16 2009
> @@ -245,6 +245,9 @@
>
> public static String canonicalizeParameter(String paramValue) {
> try {
> + if (paramValue.contains(":\\")) {
> + paramValue = paramValue.replace("\\", "/");
> + }
> String cannedStr = StringUtil.defaultWebEncoder.canonicalize(paramValue, StringUtil.esapiCanonicalizeStrict);
> if (Debug.verboseOn()) Debug.logVerbose("Canonicalized parameter with " + (cannedStr.equals(paramValue) ? "no " : "") + "change: original [" + paramValue + "] canned [" + cannedStr + "]", module);
> return cannedStr;
>
>
--
Antwebsystems.com: Quality OFBiz services for competitive prices