svn commit: r953352 - in /axis/axis2/java/core/trunk/modules: jaxws/src/org/apache/axis2/jaxws/message/impl/MessageFactoryImpl.java kernel/src/org/apache/axis2/util/WrappedDataHandler.java kernel/test
Author: scheu
Date: Thu Jun 10 15:33:03 2010
New Revision: 953352
URL: http://svn.apache.org/viewvc?rev=953352&view=rev
Log:
AXIS2-4733
Contributor: Phil Adams
Contributed WrappedDataHandler to allow Axis2 to set the appropriate
content-type on a DataHandler.
Also added a validation test.
Added:
axis/axis2/java/core/trunk/modules/kernel/src/org/apache/axis2/util/WrappedDataHandler.java
axis/axis2/java/core/trunk/modules/kernel/test/org/apache/axis2/util/WrappedDataHandlerTest.java
Modified:
axis/axis2/java/core/trunk/modules/jaxws/src/org/apache/axis2/jaxws/message/impl/MessageFactoryImpl.java
Modified:
axis/axis2/java/core/trunk/modules/jaxws/src/org/apache/axis2/jaxws/message/impl/MessageFactoryImpl.java
URL:
http://svn.apache.org/viewvc/axis/axis2/java/core/trunk/modules/jaxws/src/org/apache/axis2/jaxws/message/impl/MessageFactoryImpl.java?rev=953352&r1=953351&r2=953352&view=diff
==
---
axis/axis2/java/core/trunk/modules/jaxws/src/org/apache/axis2/jaxws/message/impl/MessageFactoryImpl.java
(original)
+++
axis/axis2/java/core/trunk/modules/jaxws/src/org/apache/axis2/jaxws/message/impl/MessageFactoryImpl.java
Thu Jun 10 15:33:03 2010
@@ -20,12 +20,7 @@
package org.apache.axis2.jaxws.message.impl;
import org.apache.axiom.om.OMElement;
-import org.apache.axiom.om.OMNamespace;
-import org.apache.axiom.om.OMFactory;
-import org.apache.axiom.om.OMAbstractFactory;
import org.apache.axiom.om.impl.builder.StAXOMBuilder;
-import org.apache.axiom.om.impl.OMNamespaceImpl;
-import org.apache.axiom.om.impl.llom.OMSourcedElementImpl;
import org.apache.axiom.soap.SOAPEnvelope;
import org.apache.axiom.soap.impl.builder.StAXSOAPModelBuilder;
import org.apache.axis2.jaxws.ExceptionFactory;
@@ -37,6 +32,7 @@ import org.apache.axis2.jaxws.message.da
import org.apache.axis2.jaxws.message.databinding.DataSourceBlock;
import org.apache.axis2.jaxws.message.factory.MessageFactory;
import org.apache.axis2.transport.http.HTTPConstants;
+import org.apache.axis2.util.WrappedDataHandler;
import javax.xml.soap.AttachmentPart;
import javax.xml.soap.MimeHeader;
@@ -118,7 +114,7 @@ public class MessageFactoryImpl implemen
m.setDoingSWA(true);
while (it.hasNext()) {
AttachmentPart ap = (AttachmentPart)it.next();
-m.addDataHandler(ap.getDataHandler(), ap.getContentId());
+m.addDataHandler(new
WrappedDataHandler(ap.getDataHandler(), ap.getContentType()),
ap.getContentId());
}
}
return m;
@@ -144,5 +140,4 @@ public class MessageFactoryImpl implemen
}
return createFrom(block.getXMLStreamReader(true), protocol);
}
-
}
Added:
axis/axis2/java/core/trunk/modules/kernel/src/org/apache/axis2/util/WrappedDataHandler.java
URL:
http://svn.apache.org/viewvc/axis/axis2/java/core/trunk/modules/kernel/src/org/apache/axis2/util/WrappedDataHandler.java?rev=953352&view=auto
==
---
axis/axis2/java/core/trunk/modules/kernel/src/org/apache/axis2/util/WrappedDataHandler.java
(added)
+++
axis/axis2/java/core/trunk/modules/kernel/src/org/apache/axis2/util/WrappedDataHandler.java
Thu Jun 10 15:33:03 2010
@@ -0,0 +1,214 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.axis2.util;
+
+import java.awt.datatransfer.DataFlavor;
+import java.awt.datatransfer.UnsupportedFlavorException;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+
+import javax.activation.CommandInfo;
+import javax.activation.CommandMap;
+import javax.activation.DataHandler;
+import javax.activation.DataSource;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+/**
+ * This class acts as a wrapper for the javax.activation.DataHandler class.
+ * It is used to store away a (potentially) user-defined content-type value
along with
+ * the DataHandler instance. We'll delegate all method calls except for
getContentType()
+ * to the real DataHandler instance.
+ */
+public class WrappedD
svn commit: r953369 - /axis/axis2/java/core/trunk/modules/kernel/src/org/apache/axis2/util/WrappedDataHandler.java
Author: scheu
Date: Thu Jun 10 16:15:09 2010
New Revision: 953369
URL: http://svn.apache.org/viewvc?rev=953369&view=rev
Log:
AXIS2-4733
Fixed @Override errors.
Modified:
axis/axis2/java/core/trunk/modules/kernel/src/org/apache/axis2/util/WrappedDataHandler.java
Modified:
axis/axis2/java/core/trunk/modules/kernel/src/org/apache/axis2/util/WrappedDataHandler.java
URL:
http://svn.apache.org/viewvc/axis/axis2/java/core/trunk/modules/kernel/src/org/apache/axis2/util/WrappedDataHandler.java?rev=953369&r1=953368&r2=953369&view=diff
==
---
axis/axis2/java/core/trunk/modules/kernel/src/org/apache/axis2/util/WrappedDataHandler.java
(original)
+++
axis/axis2/java/core/trunk/modules/kernel/src/org/apache/axis2/util/WrappedDataHandler.java
Thu Jun 10 16:15:09 2010
@@ -54,22 +54,22 @@ public class WrappedDataHandler extends
// be used, however. It's simply a placeholder.
private static class FakeDataSource implements DataSource {
-@Override
+
public String getContentType() {
return "application/octet-stream";
}
-@Override
+
public InputStream getInputStream() throws IOException {
throw new UnsupportedOperationException();
}
-@Override
+
public String getName() {
return "FakeDataSource";
}
-@Override
+
public OutputStream getOutputStream() throws IOException {
throw new UnsupportedOperationException();
}
svn commit: r953380 - in /axis/axis2/java/core/branches/java/1_5/modules: kernel/src/org/apache/axis2/util/ webapp/src/main/webapp/axis2-web/
Author: gdaniels
Date: Thu Jun 10 16:30:29 2010
New Revision: 953380
URL: http://svn.apache.org/viewvc?rev=953380&view=rev
Log:
Merge XSS fix (r935878) over for 1.5.2 release.
Modified:
axis/axis2/java/core/branches/java/1_5/modules/kernel/src/org/apache/axis2/util/Utils.java
axis/axis2/java/core/branches/java/1_5/modules/webapp/src/main/webapp/axis2-web/EngageToServiceGroup.jsp
axis/axis2/java/core/branches/java/1_5/modules/webapp/src/main/webapp/axis2-web/engagingglobally.jsp
axis/axis2/java/core/branches/java/1_5/modules/webapp/src/main/webapp/axis2-web/engagingtoanoperation.jsp
axis/axis2/java/core/branches/java/1_5/modules/webapp/src/main/webapp/axis2-web/engagingtoaservice.jsp
axis/axis2/java/core/branches/java/1_5/modules/webapp/src/main/webapp/axis2-web/listGroupService.jsp
Modified:
axis/axis2/java/core/branches/java/1_5/modules/kernel/src/org/apache/axis2/util/Utils.java
URL:
http://svn.apache.org/viewvc/axis/axis2/java/core/branches/java/1_5/modules/kernel/src/org/apache/axis2/util/Utils.java?rev=953380&r1=953379&r2=953380&view=diff
==
---
axis/axis2/java/core/branches/java/1_5/modules/kernel/src/org/apache/axis2/util/Utils.java
(original)
+++
axis/axis2/java/core/branches/java/1_5/modules/kernel/src/org/apache/axis2/util/Utils.java
Thu Jun 10 16:30:29 2010
@@ -296,6 +296,17 @@ public class Utils {
return moduleName;
}
+private static final String ILLEGAL_CHARACTERS = "/\n\r\t\0\f`?*\\<>|\":";
+public static boolean isValidModuleName(String moduleName) {
+for (int i = 0; i < moduleName.length(); i++) {
+char c = moduleName.charAt(i);
+if ((c > 127) || (ILLEGAL_CHARACTERS.indexOf(c) >= 0)) {
+return false;
+}
+}
+return true;
+}
+
/**
* - if he trying to engage the same module then method will returen false
* - else it will return true
@@ -553,4 +564,9 @@ public class Utils {
private static boolean isIP(String hostAddress) {
return hostAddress.split("[.]").length == 4;
}
+
+public static String sanitizeWebOutput(String text) {
+text = text.replaceAll("<", "<");
+return text;
+}
}
Modified:
axis/axis2/java/core/branches/java/1_5/modules/webapp/src/main/webapp/axis2-web/EngageToServiceGroup.jsp
URL:
http://svn.apache.org/viewvc/axis/axis2/java/core/branches/java/1_5/modules/webapp/src/main/webapp/axis2-web/EngageToServiceGroup.jsp?rev=953380&r1=953379&r2=953380&view=diff
==
---
axis/axis2/java/core/branches/java/1_5/modules/webapp/src/main/webapp/axis2-web/EngageToServiceGroup.jsp
(original)
+++
axis/axis2/java/core/branches/java/1_5/modules/webapp/src/main/webapp/axis2-web/EngageToServiceGroup.jsp
Thu Jun 10 16:30:29 2010
@@ -23,6 +23,7 @@
java.util.Collection" %>
<%@ page import="java.util.HashMap"%>
<%@ page import="java.util.Iterator"%>
+<%@ page import="org.apache.axis2.util.Utils" %>
<%
String status =
(String)request.getSession().getAttribute(Constants.ENGAGE_STATUS);
@@ -124,7 +125,7 @@
style="display:none"
<%
} %>
-><%=status%>
+><%=Utils.sanitizeWebOutput(status)%>
Modified:
axis/axis2/java/core/branches/java/1_5/modules/webapp/src/main/webapp/axis2-web/engagingglobally.jsp
URL:
http://svn.apache.org/viewvc/axis/axis2/java/core/branches/java/1_5/modules/webapp/src/main/webapp/axis2-web/engagingglobally.jsp?rev=953380&r1=953379&r2=953380&view=diff
==
---
axis/axis2/java/core/branches/java/1_5/modules/webapp/src/main/webapp/axis2-web/engagingglobally.jsp
(original)
+++
axis/axis2/java/core/branches/java/1_5/modules/webapp/src/main/webapp/axis2-web/engagingglobally.jsp
Thu Jun 10 16:30:29 2010
@@ -22,6 +22,7 @@
java.util.Collection,
java.util.HashMap,
java.util.Iterator" %>
+<%@ page import="org.apache.axis2.util.Utils" %>
<%
@@ -40,13 +41,15 @@
<%
-HashMap moduels = (HashMap)
request.getSession().getAttribute(Constants.MODULE_MAP);
+HashMap modules = (HashMap)
request.getSession().getAttribute(Constants.MODULE_MAP);
request.getSession().setAttribute(Constants.MODULE_MAP,null);
-Collection moduleCol = moduels.values();
+Collection moduleCol = modules.values();
for (Iterator iterator = moduleCol.iterator();
iterator.hasNext();) {
