Author: rgielen
Date: Sun Feb 19 12:51:44 2012
New Revision: 1290994
URL: http://svn.apache.org/viewvc?rev=1290994&view=rev
Log:
WW-3757
Show how to produce sanitized output of user inputted data
Modified:
struts/struts2/trunk/apps/showcase/src/main/java/org/apache/struts2/showcase/source/ViewSourceAction.java
struts/struts2/trunk/apps/showcase/src/main/webapp/viewSource.jsp
Modified:
struts/struts2/trunk/apps/showcase/src/main/java/org/apache/struts2/showcase/source/ViewSourceAction.java
URL:
http://svn.apache.org/viewvc/struts/struts2/trunk/apps/showcase/src/main/java/org/apache/struts2/showcase/source/ViewSourceAction.java?rev=1290994&r1=1290993&r2=1290994&view=diff
==============================================================================
---
struts/struts2/trunk/apps/showcase/src/main/java/org/apache/struts2/showcase/source/ViewSourceAction.java
(original)
+++
struts/struts2/trunk/apps/showcase/src/main/java/org/apache/struts2/showcase/source/ViewSourceAction.java
Sun Feb 19 12:51:44 2012
@@ -59,7 +59,7 @@ public class ViewSourceAction extends Ac
public String execute() throws MalformedURLException, IOException {
- if (page != null && page.trim().length() > 0) {
+ if (page != null) {
InputStream in =
ClassLoaderUtil.getResourceAsStream(page.substring(page.indexOf("//")+1),
getClass());
page = page.replace("//", "/");
@@ -78,7 +78,7 @@ public class ViewSourceAction extends Ac
}
}
- if (className != null && className.trim().length() > 0) {
+ if (className != null) {
className = "/"+className.replace('.', '/') + ".java";
InputStream in = getClass().getResourceAsStream(className);
if (in == null) {
@@ -93,7 +93,7 @@ public class ViewSourceAction extends Ac
String rootPath =
ServletActionContext.getServletContext().getRealPath("/");
- if (config != null && config.trim().length() > 0 && (rootPath == null
|| config.startsWith(rootPath))) {
+ if (config != null && (rootPath == null ||
config.startsWith(rootPath))) {
int pos = config.lastIndexOf(':');
configLine = Integer.parseInt(config.substring(pos+1));
config = config.substring(0, pos).replace("//", "/");
@@ -107,21 +107,27 @@ public class ViewSourceAction extends Ac
* @param className the className to set
*/
public void setClassName(String className) {
- this.className = className;
+ if (className != null && className.trim().length()>0) {
+ this.className = className;
+ }
}
/**
* @param config the config to set
*/
public void setConfig(String config) {
- this.config = config;
+ if (config != null && config.trim().length()>0) {
+ this.config = config;
+ }
}
/**
* @param page the page to set
*/
public void setPage(String page) {
- this.page = page;
+ if (page != null && page.trim().length()>0) {
+ this.page = page;
+ }
}
/**
Modified: struts/struts2/trunk/apps/showcase/src/main/webapp/viewSource.jsp
URL:
http://svn.apache.org/viewvc/struts/struts2/trunk/apps/showcase/src/main/webapp/viewSource.jsp?rev=1290994&r1=1290993&r2=1290994&view=diff
==============================================================================
--- struts/struts2/trunk/apps/showcase/src/main/webapp/viewSource.jsp (original)
+++ struts/struts2/trunk/apps/showcase/src/main/webapp/viewSource.jsp Sun Feb
19 12:51:44 2012
@@ -11,14 +11,14 @@
<sx:tabbedpanel id="test">
<sx:div id="one" label="Page" >
- <h3>${empty page ? "Unknown page" : page}</h3>
+ <h3><s:property default="Unknown page" value="page"/></h3>
<pre>
<s:iterator value="pageLines" status="row">
${row.count}: <s:property/></s:iterator>
</pre>
</sx:div>
<sx:div id="two" label="Configuration" >
- <h3>${empty config ? "Unknown configuration" : config}</h3>
+ <h3><s:property default="Unknown configuration" value="config"/></h3>
<pre>
<s:iterator value="configLines" status="row"><s:if
test="%{(#row.count-1)==(configLines.size()/2)}">
@@ -27,7 +27,7 @@ ${configLine - padding + row.count - 1}:
</pre>
</sx:div>
<sx:div id="three" label="Java Action">
- <h3>${empty className ? "Unknown or unavailable Action class" :
className}</h3>
+ <h3><s:property default="Unknown or unavailable Action class"
value="className"/></h3>
<pre>
<s:iterator value="classLines" status="row">
${row.count}: <s:property/></s:iterator>
