1. Project Clover database Sat Feb 2 2019 06:45:20 CET
  2. Package com.xpn.xwiki.web

File CommentAddAction.java

 

Coverage histogram

../../../../img/srcFileCovDistChart5.png
76% of files have more coverage

Code metrics

16
42
3
1
150
87
13
0.31
14
3
4.33

Classes

Class Line # Actions
CommentAddAction 45 42 0% 13 34
0.4426229644.3%
 

Contributing tests

No tests hitting this source file were found.

Source view

1    /*
2    * See the NOTICE file distributed with this work for additional
3    * information regarding copyright ownership.
4    *
5    * This is free software; you can redistribute it and/or modify it
6    * under the terms of the GNU Lesser General Public License as
7    * published by the Free Software Foundation; either version 2.1 of
8    * the License, or (at your option) any later version.
9    *
10    * This software is distributed in the hope that it will be useful,
11    * but WITHOUT ANY WARRANTY; without even the implied warranty of
12    * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13    * Lesser General Public License for more details.
14    *
15    * You should have received a copy of the GNU Lesser General Public
16    * License along with this software; if not, write to the Free
17    * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
18    * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
19    */
20    package com.xpn.xwiki.web;
21   
22    import javax.script.ScriptContext;
23   
24    import org.apache.commons.lang3.StringUtils;
25    import org.slf4j.Logger;
26    import org.slf4j.LoggerFactory;
27    import org.xwiki.captcha.Captcha;
28    import org.xwiki.captcha.CaptchaConfiguration;
29   
30    import com.xpn.xwiki.XWiki;
31    import com.xpn.xwiki.XWikiContext;
32    import com.xpn.xwiki.XWikiException;
33    import com.xpn.xwiki.doc.XWikiDocument;
34    import com.xpn.xwiki.objects.BaseObject;
35    import com.xpn.xwiki.objects.BaseProperty;
36    import com.xpn.xwiki.objects.classes.BaseClass;
37    import com.xpn.xwiki.user.api.XWikiRightService;
38   
39    /**
40    * Action used to post a comment on a page, adds a comment object to the document and saves it, requires comment right
41    * but not edit right.
42    *
43    * @version $Id: 397d218e9fc2a450d7c0937a9fff4481d766e3f5 $
44    */
 
45    public class CommentAddAction extends XWikiAction
46    {
47    /** The name of the XWikiComments property identifying the author. */
48    private static final String AUTHOR_PROPERTY_NAME = "author";
49   
50    /** The name of the space where user profiles are kept. */
51    private static final String USER_SPACE_PREFIX = "XWiki.";
52   
53    private static final Logger LOGGER = LoggerFactory.getLogger(CommentAddAction.class);
54   
 
55  9 toggle @Override
56    public boolean action(XWikiContext context) throws XWikiException
57    {
58    // CSRF prevention
59  9 if (!csrfTokenCheck(context)) {
60  0 return false;
61    }
62   
63  9 XWiki xwiki = context.getWiki();
64  9 XWikiResponse response = context.getResponse();
65  9 XWikiDocument doc = context.getDoc();
66  9 ObjectAddForm oform = (ObjectAddForm) context.getForm();
67   
68    // Make sure this class exists
69  9 BaseClass baseclass = xwiki.getCommentsClass(context);
70  9 if (doc.isNew()) {
71  0 return true;
72  9 } else if (context.getUser().equals(XWikiRightService.GUEST_USER_FULLNAME) && !checkCaptcha(context)) {
73  0 getCurrentScriptContext().setAttribute("captchaAnswerWrong", Boolean.TRUE, ScriptContext.ENGINE_SCOPE);
74    } else {
75    // className = XWiki.XWikiComments
76  9 String className = baseclass.getName();
77    // Create a new comment object and mark the document as dirty.
78  9 BaseObject object = doc.newObject(className, context);
79    // TODO The map should be pre-filled with empty strings for all class properties, just like in
80    // ObjectAddAction, so that properties missing from the request are still added to the database.
81  9 baseclass.fromMap(oform.getObject(className), object);
82    // Comment author checks
83  9 if (XWikiRightService.GUEST_USER_FULLNAME.equals(context.getUser())) {
84    // Guests should not be allowed to enter names that look like real XWiki user names.
85  0 String author = ((BaseProperty) object.get(AUTHOR_PROPERTY_NAME)).getValue() + "";
86  0 author = StringUtils.remove(author, ':');
87  0 while (author.startsWith(USER_SPACE_PREFIX)) {
88  0 author = StringUtils.removeStart(author, USER_SPACE_PREFIX);
89    }
90    // We need to make sure the author will fit in a String property, this is mostly a protection against
91    // spammers who try to put large texts in this field
92  0 author = author.substring(0, Math.min(author.length(), 255));
93  0 object.set(AUTHOR_PROPERTY_NAME, author, context);
94    } else {
95    // A registered user must always post with his name.
96  9 object.set(AUTHOR_PROPERTY_NAME, context.getUser(), context);
97    }
98  9 doc.setAuthorReference(context.getUserReference());
99   
100    // Save the new comment.
101  9 xwiki.saveDocument(doc, localizePlainOrKey("core.comment.addComment"), true, context);
102    }
103    // If xpage is specified then allow the specified template to be parsed.
104  9 if (context.getRequest().get("xpage") != null) {
105  9 return true;
106    }
107    // forward to edit
108  0 String redirect = Utils.getRedirect("edit", context);
109  0 sendRedirect(response, redirect);
110  0 return false;
111    }
112   
 
113  10 toggle @Override
114    public String render(XWikiContext context) throws XWikiException
115    {
116  10 if (context.getDoc().isNew()) {
117  0 context.put("message", "nocommentwithnewdoc");
118  0 return "exception";
119    }
120  10 return "";
121    }
122   
123    /**
124    * Checks the request and validates the CAPTCHA answer, if needed, against the CAPTCHA module. This makes xwiki-core
125    * dependent on xwiki-captcha and should be removed as soon as possible.
126    *
127    * @param context The XWikiContext for getting the request and whether guest comment requires a CAPTCHA
128    * @return true if the CAPTCHA answer is correct or if CAPTCHA is not required
129    * @throws XWikiException if something goes wrong in the CAPTCHA module
130    * @since 2.3M1
131    */
 
132  0 toggle private boolean checkCaptcha(XWikiContext context) throws XWikiException
133    {
134  0 if (context.getWiki().getSpacePreferenceAsInt("guest_comment_requires_captcha", 0, context) == 1) {
135  0 CaptchaConfiguration captchaConfiguration =
136    Utils.getComponent(org.xwiki.captcha.CaptchaConfiguration.class);
137  0 String defaultCaptchaName = captchaConfiguration.getDefaultName();
138  0 try {
139  0 Captcha captcha = Utils.getComponent(org.xwiki.captcha.Captcha.class, defaultCaptchaName);
140   
141  0 return captcha.isValid();
142    } catch (Exception e) {
143  0 LOGGER.error("Failed to verify CAPTCHA of type [{}]. Assuming wrong answer.", defaultCaptchaName, e);
144  0 return false;
145    }
146    } else {
147  0 return true;
148    }
149    }
150    }