1 |
|
|
2 |
|
|
3 |
|
|
4 |
|
|
5 |
|
|
6 |
|
|
7 |
|
|
8 |
|
|
9 |
|
|
10 |
|
|
11 |
|
|
12 |
|
|
13 |
|
|
14 |
|
|
15 |
|
|
16 |
|
|
17 |
|
|
18 |
|
|
19 |
|
|
20 |
|
package com.xpn.xwiki.web; |
21 |
|
|
22 |
|
import java.io.IOException; |
23 |
|
import java.net.URL; |
24 |
|
import java.util.Collections; |
25 |
|
import java.util.Enumeration; |
26 |
|
import java.util.HashMap; |
27 |
|
import java.util.Map; |
28 |
|
|
29 |
|
import javax.servlet.ServletException; |
30 |
|
import javax.servlet.http.HttpServletRequest; |
31 |
|
import javax.servlet.http.HttpServletRequestWrapper; |
32 |
|
import javax.servlet.http.HttpServletResponse; |
33 |
|
|
34 |
|
import org.apache.commons.lang3.StringUtils; |
35 |
|
import org.apache.struts.Globals; |
36 |
|
import org.apache.struts.action.ActionForm; |
37 |
|
import org.apache.struts.action.ActionMapping; |
38 |
|
import org.apache.struts.util.RequestUtils; |
39 |
|
import org.slf4j.Logger; |
40 |
|
import org.slf4j.LoggerFactory; |
41 |
|
import org.xwiki.component.util.DefaultParameterizedType; |
42 |
|
import org.xwiki.resource.ResourceReferenceResolver; |
43 |
|
import org.xwiki.resource.ResourceType; |
44 |
|
import org.xwiki.resource.ResourceTypeResolver; |
45 |
|
import org.xwiki.resource.entity.EntityResourceReference; |
46 |
|
import org.xwiki.url.ExtendedURL; |
47 |
|
|
48 |
|
|
49 |
|
@version |
50 |
|
|
|
|
| 79.2% |
Uncovered Elements: 5 (24) |
Complexity: 7 |
Complexity Density: 0.44 |
|
51 |
|
public class XWikiRequestProcessor extends org.apache.struts.action.RequestProcessor |
52 |
|
{ |
53 |
|
protected static final Logger LOGGER = LoggerFactory.getLogger(XWikiRequestProcessor.class); |
54 |
|
|
55 |
|
private ResourceTypeResolver<ExtendedURL> typeResolver = |
56 |
|
Utils.getComponent(new DefaultParameterizedType(null, ResourceTypeResolver.class, ExtendedURL.class)); |
57 |
|
|
58 |
|
private ResourceReferenceResolver<ExtendedURL> resolver = |
59 |
|
Utils.getComponent(new DefaultParameterizedType(null, ResourceReferenceResolver.class, ExtendedURL.class)); |
60 |
|
|
61 |
|
|
62 |
|
|
63 |
|
|
64 |
|
|
65 |
|
|
66 |
|
|
67 |
|
|
|
|
| 66.7% |
Uncovered Elements: 8 (24) |
Complexity: 8 |
Complexity Density: 0.62 |
|
68 |
|
public class RequestProcessorServletRequestWrapper extends HttpServletRequestWrapper |
69 |
|
{ |
70 |
|
private final char[] FORBIDDEN = new char[] {'(', ')', '[', ']', '.'}; |
71 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (1) |
Complexity: 1 |
Complexity Density: 1 |
|
72 |
945 |
public RequestProcessorServletRequestWrapper(HttpServletRequest request)... |
73 |
|
{ |
74 |
945 |
super(request); |
75 |
|
} |
76 |
|
|
|
|
| 0% |
Uncovered Elements: 5 (5) |
Complexity: 2 |
Complexity Density: 0.67 |
|
77 |
0 |
@Override... |
78 |
|
public String getParameter(String name) |
79 |
|
{ |
80 |
0 |
if (!StringUtils.containsAny(name, FORBIDDEN)) { |
81 |
0 |
return super.getParameter(name); |
82 |
|
} else { |
83 |
0 |
return null; |
84 |
|
} |
85 |
|
} |
86 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (7) |
Complexity: 2 |
Complexity Density: 0.4 |
|
87 |
943 |
@Override... |
88 |
|
public Map<String, String[]> getParameterMap() |
89 |
|
{ |
90 |
|
|
91 |
944 |
Map<String, String[]> newParameterMap = new HashMap<>(); |
92 |
944 |
for (Map.Entry<String, String[]> entry : super.getParameterMap().entrySet()) { |
93 |
3140 |
if (!StringUtils.containsAny(entry.getKey(), FORBIDDEN)) { |
94 |
2663 |
newParameterMap.put(entry.getKey(), entry.getValue()); |
95 |
|
} |
96 |
|
} |
97 |
945 |
return Collections.unmodifiableMap(newParameterMap); |
98 |
|
} |
99 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (1) |
Complexity: 1 |
Complexity Density: 1 |
|
100 |
945 |
@Override... |
101 |
|
public Enumeration<String> getParameterNames() |
102 |
|
{ |
103 |
945 |
return Collections.enumeration(getParameterMap().keySet()); |
104 |
|
} |
105 |
|
|
|
|
| 60% |
Uncovered Elements: 2 (5) |
Complexity: 2 |
Complexity Density: 0.67 |
|
106 |
2662 |
@Override... |
107 |
|
public String[] getParameterValues(String name) |
108 |
|
{ |
109 |
2663 |
if (!StringUtils.containsAny(name, FORBIDDEN)) { |
110 |
2662 |
return super.getParameterValues(name); |
111 |
|
} else { |
112 |
0 |
return null; |
113 |
|
} |
114 |
|
} |
115 |
|
} |
116 |
|
|
|
|
| 85.7% |
Uncovered Elements: 1 (7) |
Complexity: 2 |
Complexity Density: 0.29 |
|
117 |
9652 |
@Override... |
118 |
|
protected String processPath(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) |
119 |
|
throws IOException |
120 |
|
{ |
121 |
9649 |
String url = httpServletRequest.getRequestURL().toString(); |
122 |
|
|
123 |
9642 |
try { |
124 |
9648 |
ExtendedURL extendedURL = new ExtendedURL(new URL(url), httpServletRequest.getContextPath()); |
125 |
|
|
126 |
9651 |
ResourceType type = this.typeResolver.resolve(extendedURL, Collections.<String, Object>emptyMap()); |
127 |
|
|
128 |
9653 |
EntityResourceReference entityResourceReference = (EntityResourceReference) this.resolver.resolve( |
129 |
|
extendedURL, type, Collections.<String, Object>emptyMap()); |
130 |
|
|
131 |
9641 |
return "/" + entityResourceReference.getAction().getActionName() + "/"; |
132 |
|
} catch (Exception e) { |
133 |
0 |
throw new IOException(String.format("Failed to extract the Entity Action from URL [%s]", url), e); |
134 |
|
} |
135 |
|
} |
136 |
|
|
137 |
|
|
138 |
|
|
139 |
|
@link |
140 |
|
|
|
|
| 73.3% |
Uncovered Elements: 4 (15) |
Complexity: 5 |
Complexity Density: 0.56 |
|
141 |
9634 |
@Override... |
142 |
|
protected void processPopulate(HttpServletRequest request, HttpServletResponse response, ActionForm form, |
143 |
|
ActionMapping mapping) throws ServletException |
144 |
|
{ |
145 |
9611 |
if (form == null) { |
146 |
8669 |
return; |
147 |
|
} |
148 |
|
|
149 |
945 |
form.setServlet(this.servlet); |
150 |
945 |
form.reset(mapping, request); |
151 |
|
|
152 |
944 |
if (mapping.getMultipartClass() != null) { |
153 |
0 |
request.setAttribute(Globals.MULTIPART_KEY, |
154 |
|
mapping.getMultipartClass()); |
155 |
|
} |
156 |
|
|
157 |
945 |
RequestUtils.populate(form, mapping.getPrefix(), mapping.getSuffix(), |
158 |
|
new RequestProcessorServletRequestWrapper(request)); |
159 |
|
|
160 |
|
|
161 |
945 |
if ((request.getParameter(Globals.CANCEL_PROPERTY) != null) |
162 |
|
|| (request.getParameter(Globals.CANCEL_PROPERTY_X) != null)) { |
163 |
0 |
request.setAttribute(Globals.CANCEL_KEY, Boolean.TRUE); |
164 |
|
} |
165 |
|
} |
166 |
|
} |