1 |
|
|
2 |
|
|
3 |
|
|
4 |
|
|
5 |
|
|
6 |
|
|
7 |
|
|
8 |
|
|
9 |
|
|
10 |
|
|
11 |
|
|
12 |
|
|
13 |
|
|
14 |
|
|
15 |
|
|
16 |
|
|
17 |
|
|
18 |
|
|
19 |
|
|
20 |
|
package org.xwiki.resource.temporary.internal; |
21 |
|
|
22 |
|
import java.io.File; |
23 |
|
import java.io.FileOutputStream; |
24 |
|
import java.io.IOException; |
25 |
|
import java.io.InputStream; |
26 |
|
import java.io.UnsupportedEncodingException; |
27 |
|
import java.net.URLEncoder; |
28 |
|
import java.util.ArrayList; |
29 |
|
import java.util.List; |
30 |
|
|
31 |
|
import javax.inject.Inject; |
32 |
|
import javax.inject.Singleton; |
33 |
|
|
34 |
|
import org.apache.commons.io.IOUtils; |
35 |
|
import org.apache.commons.lang.StringUtils; |
36 |
|
import org.xwiki.component.annotation.Component; |
37 |
|
import org.xwiki.environment.Environment; |
38 |
|
import org.xwiki.model.reference.EntityReference; |
39 |
|
import org.xwiki.resource.temporary.TemporaryResourceReference; |
40 |
|
import org.xwiki.resource.temporary.TemporaryResourceStore; |
41 |
|
|
42 |
|
|
43 |
|
@link |
44 |
|
|
45 |
|
@version |
46 |
|
@since |
47 |
|
@since |
48 |
|
@since |
49 |
|
|
50 |
|
@Component |
51 |
|
@Singleton |
|
|
| 0% |
Uncovered Elements: 44 (44) |
Complexity: 7 |
Complexity Density: 0.2 |
|
52 |
|
public class DefaultTemporaryResourceStore implements TemporaryResourceStore |
53 |
|
{ |
54 |
|
@Inject |
55 |
|
private Environment environment; |
56 |
|
|
|
|
| 0% |
Uncovered Elements: 9 (9) |
Complexity: 1 |
Complexity Density: 0.11 |
|
57 |
0 |
@Override... |
58 |
|
public File createTemporaryFile(TemporaryResourceReference reference, InputStream content) throws IOException |
59 |
|
{ |
60 |
0 |
File temporaryFile = getTemporaryFile(reference); |
61 |
0 |
FileOutputStream fos = null; |
62 |
0 |
try { |
63 |
|
|
64 |
0 |
temporaryFile.getParentFile().mkdirs(); |
65 |
0 |
fos = new FileOutputStream(temporaryFile); |
66 |
0 |
temporaryFile.deleteOnExit(); |
67 |
0 |
IOUtils.copy(content, fos); |
68 |
|
} finally { |
69 |
0 |
IOUtils.closeQuietly(fos); |
70 |
|
} |
71 |
0 |
return temporaryFile; |
72 |
|
} |
73 |
|
|
|
|
| 0% |
Uncovered Elements: 27 (27) |
Complexity: 4 |
Complexity Density: 0.19 |
|
74 |
0 |
@Override... |
75 |
|
public File getTemporaryFile(TemporaryResourceReference reference) throws IOException |
76 |
|
{ |
77 |
0 |
List<String> segments = new ArrayList<String>(); |
78 |
0 |
segments.add("tmp"); |
79 |
0 |
segments.add(reference.getModuleId()); |
80 |
0 |
int safePathLength = 2; |
81 |
0 |
if (reference.getOwningEntityReference() != null) { |
82 |
0 |
for (EntityReference component : reference.getOwningEntityReference().getReversedReferenceChain()) { |
83 |
0 |
segments.add(component.getName()); |
84 |
0 |
safePathLength++; |
85 |
|
} |
86 |
|
} |
87 |
0 |
if (!reference.getParameters().isEmpty()) { |
88 |
0 |
segments.add(String.valueOf(reference.getParameters().hashCode())); |
89 |
0 |
safePathLength++; |
90 |
|
} |
91 |
0 |
segments.addAll(reference.getResourcePath()); |
92 |
0 |
String path = StringUtils.join(encode(segments), '/'); |
93 |
0 |
String safePath = StringUtils.join(encode(segments.subList(0, safePathLength)), '/'); |
94 |
0 |
File rootFolder = this.environment.getTemporaryDirectory(); |
95 |
0 |
File safeFolder = new File(rootFolder, safePath); |
96 |
0 |
File temporaryFile = new File(rootFolder, path); |
97 |
|
|
98 |
|
|
99 |
0 |
if (!temporaryFile.getAbsolutePath().startsWith(safeFolder.getAbsolutePath())) { |
100 |
0 |
String resourcePath = StringUtils.join(encode(segments.subList(safePathLength, segments.size())), '/'); |
101 |
0 |
throw new IOException(String.format("Invalid resource path [%s].", resourcePath)); |
102 |
|
} |
103 |
|
|
104 |
0 |
return temporaryFile; |
105 |
|
} |
106 |
|
|
|
|
| 0% |
Uncovered Elements: 5 (5) |
Complexity: 2 |
Complexity Density: 0.4 |
|
107 |
0 |
private List<String> encode(List<String> path)... |
108 |
|
{ |
109 |
0 |
List<String> encodedPath = new ArrayList<String>(path.size()); |
110 |
0 |
for (String segment : path) { |
111 |
0 |
try { |
112 |
0 |
encodedPath.add(URLEncoder.encode(segment, "UTF-8")); |
113 |
|
} catch (UnsupportedEncodingException e) { |
114 |
|
|
115 |
|
} |
116 |
|
} |
117 |
0 |
return encodedPath; |
118 |
|
} |
119 |
|
} |