1. Project Clover database Tue Dec 20 2016 21:24:09 CET
  2. Package com.xpn.xwiki.web

File CommentAddAction.java

 

Coverage histogram

../../../../img/srcFileCovDistChart5.png
74% of files have more coverage

Code metrics

16
40
3
1
142
81
14
0.35
13.33
3
4.67

Classes

Class Line # Actions
CommentAddAction 41 40 0% 14 32
0.4576271245.8%
 

Contributing tests

No tests hitting this source file were found.

Source view

1    /*
2    * See the NOTICE file distributed with this work for additional
3    * information regarding copyright ownership.
4    *
5    * This is free software; you can redistribute it and/or modify it
6    * under the terms of the GNU Lesser General Public License as
7    * published by the Free Software Foundation; either version 2.1 of
8    * the License, or (at your option) any later version.
9    *
10    * This software is distributed in the hope that it will be useful,
11    * but WITHOUT ANY WARRANTY; without even the implied warranty of
12    * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13    * Lesser General Public License for more details.
14    *
15    * You should have received a copy of the GNU Lesser General Public
16    * License along with this software; if not, write to the Free
17    * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
18    * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
19    */
20    package com.xpn.xwiki.web;
21   
22    import javax.script.ScriptContext;
23   
24    import org.apache.commons.lang3.StringUtils;
25   
26    import com.xpn.xwiki.XWiki;
27    import com.xpn.xwiki.XWikiContext;
28    import com.xpn.xwiki.XWikiException;
29    import com.xpn.xwiki.doc.XWikiDocument;
30    import com.xpn.xwiki.objects.BaseObject;
31    import com.xpn.xwiki.objects.BaseProperty;
32    import com.xpn.xwiki.objects.classes.BaseClass;
33    import com.xpn.xwiki.user.api.XWikiRightService;
34   
35    /**
36    * Action used to post a comment on a page, adds a comment object to the document and saves it, requires comment right
37    * but not edit right.
38    *
39    * @version $Id: 19fd604bd667c32a0285dd6d42d770f4b36d67a1 $
40    */
 
41    public class CommentAddAction extends XWikiAction
42    {
43    /** The name of the XWikiComments property identifying the author. */
44    private static final String AUTHOR_PROPERTY_NAME = "author";
45   
46    /** The name of the space where user profiles are kept. */
47    private static final String USER_SPACE_PREFIX = "XWiki.";
48   
 
49  1 toggle @Override
50    public boolean action(XWikiContext context) throws XWikiException
51    {
52    // CSRF prevention
53  1 if (!csrfTokenCheck(context)) {
54  0 return false;
55    }
56   
57  1 XWiki xwiki = context.getWiki();
58  1 XWikiResponse response = context.getResponse();
59  1 XWikiDocument doc = context.getDoc();
60  1 ObjectAddForm oform = (ObjectAddForm) context.getForm();
61   
62    // Make sure this class exists
63  1 BaseClass baseclass = xwiki.getCommentsClass(context);
64  1 if (doc.isNew()) {
65  0 return true;
66  1 } else if (context.getUser().equals(XWikiRightService.GUEST_USER_FULLNAME) && !checkCaptcha(context)) {
67  0 getCurrentScriptContext().setAttribute("captchaAnswerWrong", Boolean.TRUE, ScriptContext.ENGINE_SCOPE);
68    } else {
69    // className = XWiki.XWikiComments
70  1 String className = baseclass.getName();
71    // Create a new comment object and mark the document as dirty.
72  1 BaseObject object = doc.newObject(className, context);
73    // TODO The map should be pre-filled with empty strings for all class properties, just like in
74    // ObjectAddAction, so that properties missing from the request are still added to the database.
75  1 baseclass.fromMap(oform.getObject(className), object);
76    // Comment author checks
77  1 if (XWikiRightService.GUEST_USER_FULLNAME.equals(context.getUser())) {
78    // Guests should not be allowed to enter names that look like real XWiki user names.
79  0 String author = ((BaseProperty) object.get(AUTHOR_PROPERTY_NAME)).getValue() + "";
80  0 author = StringUtils.remove(author, ':');
81  0 while (author.startsWith(USER_SPACE_PREFIX)) {
82  0 author = StringUtils.removeStart(author, USER_SPACE_PREFIX);
83    }
84    // We need to make sure the author will fit in a String property, this is mostly a protection against
85    // spammers who try to put large texts in this field
86  0 author = author.substring(0, Math.min(author.length(), 255));
87  0 object.set(AUTHOR_PROPERTY_NAME, author, context);
88    } else {
89    // A registered user must always post with his name.
90  1 object.set(AUTHOR_PROPERTY_NAME, context.getUser(), context);
91    }
92  1 doc.setAuthorReference(context.getUserReference());
93   
94    // Save the new comment.
95  1 xwiki.saveDocument(doc, localizePlainOrKey("core.comment.addComment"), true, context);
96    }
97    // If xpage is specified then allow the specified template to be parsed.
98  1 if (context.getRequest().get("xpage") != null) {
99  1 return true;
100    }
101    // forward to edit
102  0 String redirect = Utils.getRedirect("edit", context);
103  0 sendRedirect(response, redirect);
104  0 return false;
105    }
106   
 
107  1 toggle @Override
108    public String render(XWikiContext context) throws XWikiException
109    {
110  1 if (context.getDoc().isNew()) {
111  0 context.put("message", "nocommentwithnewdoc");
112  0 return "exception";
113    }
114  1 return "";
115    }
116   
117    /**
118    * Checks the request parameter captcha_answer against the captcha module. This makes xwiki-core dependant on
119    * xwiki-captcha and should be removed as soon as possible.
120    *
121    * @param context The XWikiContext for getting the request and whether guest comment requires a captcha.
122    * @return true if the captcha answer is correct or if no captcha answer and captcha is not required.
123    * @throws XWikiException if something goes wrong in the captcha module.
124    * @since 2.3M1
125    */
 
126  0 toggle private boolean checkCaptcha(XWikiContext context) throws XWikiException
127    {
128  0 String answer = context.getRequest().get("captcha_answer");
129  0 if (answer != null && answer.length() > 0) {
130  0 org.xwiki.captcha.CaptchaVerifier cv =
131    Utils.getComponent(org.xwiki.captcha.CaptchaVerifier.class, context.getRequest().get("captcha_type"));
132  0 try {
133  0 return cv.isAnswerCorrect(cv.getUserId(context.getRequest()), answer);
134    } catch (Exception e) {
135  0 throw new XWikiException(XWikiException.MODULE_XWIKI, XWikiException.ERROR_XWIKI_UNKNOWN,
136    "Exception while attempting to verify captcha", e);
137    }
138    } else {
139  0 return (context.getWiki().getSpacePreferenceAsInt("guest_comment_requires_captcha", 0, context) != 1);
140    }
141    }
142    }