1. Project Clover database Sat Feb 2 2019 06:45:20 CET
  2. Package com.xpn.xwiki.web

File XWikiRequestProcessor.java

 

Coverage histogram

../../../../img/srcFileCovDistChart8.png
56% of files have more coverage

Code metrics

12
29
7
2
166
109
15
0.52
4.14
3.5
2.14

Classes

Class Line # Actions
XWikiRequestProcessor 51 16 0% 7 5
0.791666779.2%
XWikiRequestProcessor.RequestProcessorServletRequestWrapper 68 13 0% 8 8
0.666666766.7%
 

Contributing tests

No tests hitting this source file were found.

Source view

1    /*
2    * See the NOTICE file distributed with this work for additional
3    * information regarding copyright ownership.
4    *
5    * This is free software; you can redistribute it and/or modify it
6    * under the terms of the GNU Lesser General Public License as
7    * published by the Free Software Foundation; either version 2.1 of
8    * the License, or (at your option) any later version.
9    *
10    * This software is distributed in the hope that it will be useful,
11    * but WITHOUT ANY WARRANTY; without even the implied warranty of
12    * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13    * Lesser General Public License for more details.
14    *
15    * You should have received a copy of the GNU Lesser General Public
16    * License along with this software; if not, write to the Free
17    * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
18    * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
19    */
20    package com.xpn.xwiki.web;
21   
22    import java.io.IOException;
23    import java.net.URL;
24    import java.util.Collections;
25    import java.util.Enumeration;
26    import java.util.HashMap;
27    import java.util.Map;
28   
29    import javax.servlet.ServletException;
30    import javax.servlet.http.HttpServletRequest;
31    import javax.servlet.http.HttpServletRequestWrapper;
32    import javax.servlet.http.HttpServletResponse;
33   
34    import org.apache.commons.lang3.StringUtils;
35    import org.apache.struts.Globals;
36    import org.apache.struts.action.ActionForm;
37    import org.apache.struts.action.ActionMapping;
38    import org.apache.struts.util.RequestUtils;
39    import org.slf4j.Logger;
40    import org.slf4j.LoggerFactory;
41    import org.xwiki.component.util.DefaultParameterizedType;
42    import org.xwiki.resource.ResourceReferenceResolver;
43    import org.xwiki.resource.ResourceType;
44    import org.xwiki.resource.ResourceTypeResolver;
45    import org.xwiki.resource.entity.EntityResourceReference;
46    import org.xwiki.url.ExtendedURL;
47   
48    /**
49    * @version $Id: 5cca171ed4d89fa05abda93a21d3421ad6362230 $
50    */
 
51    public class XWikiRequestProcessor extends org.apache.struts.action.RequestProcessor
52    {
53    protected static final Logger LOGGER = LoggerFactory.getLogger(XWikiRequestProcessor.class);
54   
55    private ResourceTypeResolver<ExtendedURL> typeResolver =
56    Utils.getComponent(new DefaultParameterizedType(null, ResourceTypeResolver.class, ExtendedURL.class));
57   
58    private ResourceReferenceResolver<ExtendedURL> resolver =
59    Utils.getComponent(new DefaultParameterizedType(null, ResourceReferenceResolver.class, ExtendedURL.class));
60   
61    /**
62    * Remove request parameters containing special characters having a meaning for BeanUtils since otherwise BeanUtils
63    * throws an exception if they are not used properly (for example if there's an open {@code (} but without a closing
64    * {@code )} it'll report a "missing end delimiter" exception. FTR BeanUtils uses those to represent Nested
65    * properties, Indexed properties, Mapped properties and Combined properties, see
66    * http://commons.apache.org/proper/commons-beanutils/apidocs/org/apache/commons/beanutils/package-summary.html#standard
67    */
 
68    public class RequestProcessorServletRequestWrapper extends HttpServletRequestWrapper
69    {
70    private final char[] FORBIDDEN = new char[] {'(', ')', '[', ']', '.'};
71   
 
72  3175 toggle public RequestProcessorServletRequestWrapper(HttpServletRequest request)
73    {
74  3175 super(request);
75    }
76   
 
77  0 toggle @Override
78    public String getParameter(String name)
79    {
80  0 if (!StringUtils.containsAny(name, FORBIDDEN)) {
81  0 return super.getParameter(name);
82    } else {
83  0 return null;
84    }
85    }
86   
 
87  3174 toggle @Override
88    public Map<String, String[]> getParameterMap()
89    {
90    // Remove all forbidden names
91  3173 Map<String, String[]> newParameterMap = new HashMap<>();
92  3176 for (Map.Entry<String, String[]> entry : super.getParameterMap().entrySet()) {
93  12984 if (!StringUtils.containsAny(entry.getKey(), FORBIDDEN)) {
94  11085 newParameterMap.put(entry.getKey(), entry.getValue());
95    }
96    }
97  3176 return Collections.unmodifiableMap(newParameterMap);
98    }
99   
 
100  3174 toggle @Override
101    public Enumeration<String> getParameterNames()
102    {
103  3174 return Collections.enumeration(getParameterMap().keySet());
104    }
105   
 
106  11084 toggle @Override
107    public String[] getParameterValues(String name)
108    {
109  11084 if (!StringUtils.containsAny(name, FORBIDDEN)) {
110  11081 return super.getParameterValues(name);
111    } else {
112  0 return null;
113    }
114    }
115    }
116   
 
117  40553 toggle @Override
118    protected String processPath(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse)
119    throws IOException
120    {
121  40566 String url = httpServletRequest.getRequestURL().toString();
122   
123  40565 try {
124  40557 ExtendedURL extendedURL = new ExtendedURL(new URL(url), httpServletRequest.getContextPath());
125   
126  40573 ResourceType type = this.typeResolver.resolve(extendedURL, Collections.<String, Object>emptyMap());
127   
128  40563 EntityResourceReference entityResourceReference = (EntityResourceReference) this.resolver.resolve(
129    extendedURL, type, Collections.<String, Object>emptyMap());
130   
131  40559 return "/" + entityResourceReference.getAction().getActionName() + "/";
132    } catch (Exception e) {
133  0 throw new IOException(String.format("Failed to extract the Entity Action from URL [%s]", url), e);
134    }
135    }
136   
137    /**
138    * Override the implementation from Struts in order to remove request parameter keys using special BeanUtils syntax
139    * that we don't use and that can causes errors to be raised, see {@link RequestProcessorServletRequestWrapper}.
140    */
 
141  40565 toggle @Override
142    protected void processPopulate(HttpServletRequest request, HttpServletResponse response, ActionForm form,
143    ActionMapping mapping) throws ServletException
144    {
145  40572 if (form == null) {
146  37387 return;
147    }
148   
149  3175 form.setServlet(this.servlet);
150  3176 form.reset(mapping, request);
151   
152  3175 if (mapping.getMultipartClass() != null) {
153  0 request.setAttribute(Globals.MULTIPART_KEY,
154    mapping.getMultipartClass());
155    }
156   
157  3176 RequestUtils.populate(form, mapping.getPrefix(), mapping.getSuffix(),
158    new RequestProcessorServletRequestWrapper(request));
159   
160    // Set the cancellation request attribute if appropriate
161  3175 if ((request.getParameter(Globals.CANCEL_PROPERTY) != null)
162    || (request.getParameter(Globals.CANCEL_PROPERTY_X) != null)) {
163  0 request.setAttribute(Globals.CANCEL_KEY, Boolean.TRUE);
164    }
165    }
166    }