Index: news-api/api/pom.xml
===================================================================
--- news-api/api/pom.xml (revision 128883)
+++ news-api/api/pom.xml (working copy)
@@ -4,7 +4,7 @@
web-base
org.sakaiproject
- 2.10-SNAPSHOT
+ 2.8-SNAPSHOT
../../pom.xml
sakai-news-api
@@ -34,7 +34,6 @@
commons-logging
commons-logging
- ${sakai.commons-logging.version}
Index: web-help/pom.xml
===================================================================
--- web-help/pom.xml (revision 128883)
+++ web-help/pom.xml (working copy)
@@ -4,7 +4,7 @@
web-base
org.sakaiproject
- 2.10-SNAPSHOT
+ 2.8-SNAPSHOT
../pom.xml
Sakai Web Help
Index: web-api/api/pom.xml
===================================================================
--- web-api/api/pom.xml (revision 128883)
+++ web-api/api/pom.xml (working copy)
@@ -4,7 +4,7 @@
web-base
org.sakaiproject
- 2.10-SNAPSHOT
+ 2.8-SNAPSHOT
../../pom.xml
sakai-web-api
@@ -29,8 +29,9 @@
sakai-component-manager
- org.sakaiproject.message
+ org.sakaiproject
sakai-message-api
+ 2.8-SNAPSHOT
Index: web-portlet/src/java/org/sakaiproject/portlets/PortletIFrame.java
===================================================================
--- web-portlet/src/java/org/sakaiproject/portlets/PortletIFrame.java (revision 128883)
+++ web-portlet/src/java/org/sakaiproject/portlets/PortletIFrame.java (working copy)
@@ -99,6 +99,8 @@
import org.sakaiproject.authz.api.Role;
import org.sakaiproject.authz.cover.AuthzGroupService;
+import org.apache.commons.validator.routines.UrlValidator;
+
// Velocity
import org.apache.velocity.VelocityContext;
import org.apache.velocity.context.Context;
@@ -109,6 +111,9 @@
*/
public class PortletIFrame extends GenericPortlet {
+ // Since the CSRF token is not in 2.8.x, we punt
+ private static final String SAKAI_CSRF_TOKEN_NOT_IN_28 = "9292838383822-hard-coded";
+
private static final Log M_log = LogFactory.getLog(PortletIFrame.class);
// This is old-style internationalization (i.e. not dynamic based
@@ -339,7 +344,7 @@
//System.out.println("special="+special+" source="+source+" pgc="+placement.getContext()+" macroExpansion="+macroExpansion+" passPid="+passPid+" PGID="+placement.getId()+" sakaiPropertiesUrlKey="+sakaiPropertiesUrlKey+" url="+url);
if ( url != null && url.trim().length() > 0 ) {
- if ( ! FormattedText.validateURL(url) ) {
+ if ( ! validateURL(url) ) {
M_log.warn("invalid URL suppressed placement="+placement.getId()+" site="+placement.getContext()+" url="+url);
url = "about:blank";
}
@@ -349,7 +354,7 @@
Context context = new VelocityContext();
Session session = SessionManager.getCurrentSession();
- String csrfToken = (String) session.getAttribute(UsageSessionService.SAKAI_CSRF_SESSION_ATTRIBUTE);
+ String csrfToken = SAKAI_CSRF_TOKEN_NOT_IN_28;
if ( csrfToken != null ) context.put("sakai_csrf_token", csrfToken);
context.put("tlang", rb);
context.put("validator", validator);
@@ -460,7 +465,7 @@
Context context = new VelocityContext();
Session session = SessionManager.getCurrentSession();
- String csrfToken = (String) session.getAttribute(UsageSessionService.SAKAI_CSRF_SESSION_ATTRIBUTE);
+ String csrfToken = SAKAI_CSRF_TOKEN_NOT_IN_28;
if ( csrfToken != null ) context.put("sakai_csrf_token", csrfToken);
context.put("tlang", rb);
context.put("validator", validator);
@@ -682,7 +687,7 @@
}
// If we have a URL from the user, lets validate it
- if ((!StringUtils.isBlank(source)) && (!FormattedText.validateURL(source)) ) {
+ if ((!StringUtils.isBlank(source)) && (!validateURL(source)) ) {
addAlert(request, rb.getString("gen.url.invalid"));
return;
}
@@ -700,7 +705,7 @@
}
// If we have an infourl from the user, lets validate it
- if ((!StringUtils.isBlank(infoUrl)) && (!FormattedText.validateURL(infoUrl)) ) {
+ if ((!StringUtils.isBlank(infoUrl)) && (!validateURL(infoUrl)) ) {
addAlert(request, rb.getString("gen.url.invalid"));
return;
}
@@ -1263,4 +1268,33 @@
super(text);
}
}
+
+ // Back port for 2.8
+ private static final String PROTOCOL_PREFIX = "http:";
+ private static final String HOST_PREFIX = "http://127.0.0.1";
+ private static final String ABOUT_BLANK = "about:blank";
+
+ public boolean validateURL(String urlToValidate) {
+ if (StringUtils.isBlank(urlToValidate)) return false;
+
+ if ( ABOUT_BLANK.equals(urlToValidate) ) return true;
+
+ // For a protocol-relative URL, we validate with protocol attached
+ // RFC 1808 Section 4
+ if ((urlToValidate.startsWith("//")) && (urlToValidate.indexOf("://") == -1))
+ {
+ urlToValidate = PROTOCOL_PREFIX + urlToValidate;
+ }
+
+ // For a site-relative URL, we validate with host name and protocol attached
+ // SAK-13787 SAK-23752
+ if ((urlToValidate.startsWith("/")) && (urlToValidate.indexOf("://") == -1))
+ {
+ urlToValidate = HOST_PREFIX + urlToValidate;
+ }
+
+ // Validate the url
+ UrlValidator urlValidator = new UrlValidator(UrlValidator.ALLOW_LOCAL_URLS);
+ return urlValidator.isValid(urlToValidate);
+ }
}
Index: web-portlet/pom.xml
===================================================================
--- web-portlet/pom.xml (revision 128883)
+++ web-portlet/pom.xml (working copy)
@@ -4,7 +4,7 @@
web-base
org.sakaiproject
- 2.10-SNAPSHOT
+ 2.8-SNAPSHOT
../pom.xml
sakai-web-portlet
Index: news-tool/tool/pom.xml
===================================================================
--- news-tool/tool/pom.xml (revision 128883)
+++ news-tool/tool/pom.xml (working copy)
@@ -4,7 +4,7 @@
web-base
org.sakaiproject
- 2.10-SNAPSHOT
+ 2.8-SNAPSHOT
../../pom.xml
sakai-news-tool
@@ -43,17 +43,18 @@
${sakai.entitybroker.version}
- org.sakaiproject.velocity
+ org.sakaiproject
sakai-velocity-tool-api
+ 2.8-SNAPSHOT
- org.sakaiproject.velocity
+ org.sakaiproject
sakai-velocity-tool
+ 2.8-SNAPSHOT
commons-logging
commons-logging
- ${sakai.commons-logging.version}
org.springframework
@@ -75,4 +76,4 @@
-
\ No newline at end of file
+
Index: web-tool/tool/pom.xml
===================================================================
--- web-tool/tool/pom.xml (revision 128883)
+++ web-tool/tool/pom.xml (working copy)
@@ -4,7 +4,7 @@
web-base
org.sakaiproject
- 2.10-SNAPSHOT
+ 2.8-SNAPSHOT
../../pom.xml
sakai-web-tool
@@ -45,7 +45,6 @@
commons-logging
commons-logging
- ${sakai.commons-logging.version}
commons-validator
@@ -53,12 +52,14 @@
1.3.1
- org.sakaiproject.velocity
+ org.sakaiproject
sakai-velocity-tool-api
+ 2.8-SNAPSHOT
- org.sakaiproject.velocity
+ org.sakaiproject
sakai-velocity-tool
+ 2.8-SNAPSHOT
org.springframework
Index: pom.xml
===================================================================
--- pom.xml (revision 128883)
+++ pom.xml (working copy)
@@ -4,13 +4,12 @@
base
org.sakaiproject
- 2.10-SNAPSHOT
+ 2.8-SNAPSHOT
../pom.xml
Sakai Web Project
org.sakaiproject
web-base
- 2.10-SNAPSHOT
pom
scm:svn:https://source.sakaiproject.org/svn/web/trunk
@@ -53,18 +52,13 @@
org.sakaiproject
sakai-news-impl
- 2.10-SNAPSHOT
+ 2.8-SNAPSHOT
org.sakaiproject
sakai-web-impl
- 2.10-SNAPSHOT
+ 2.8-SNAPSHOT
-
- org.sakaiproject.velocity
- sakai-velocity-tool
- ${sakai.velocity-tool.version}
-
Index: news-impl/impl/pom.xml
===================================================================
--- news-impl/impl/pom.xml (revision 128883)
+++ news-impl/impl/pom.xml (working copy)
@@ -4,7 +4,7 @@
web-base
org.sakaiproject
- 2.10-SNAPSHOT
+ 2.8-SNAPSHOT
../../pom.xml
sakai-news-impl
@@ -84,7 +84,6 @@
commons-logging
commons-logging
- ${sakai.commons-logging.version}
Index: news-impl/pack/pom.xml
===================================================================
--- news-impl/pack/pom.xml (revision 128883)
+++ news-impl/pack/pom.xml (working copy)
@@ -4,7 +4,7 @@
web-base
org.sakaiproject
- 2.10-SNAPSHOT
+ 2.8-SNAPSHOT
../../pom.xml
sakai-news-pack
Index: web-impl/impl/pom.xml
===================================================================
--- web-impl/impl/pom.xml (revision 128883)
+++ web-impl/impl/pom.xml (working copy)
@@ -4,7 +4,7 @@
web-base
org.sakaiproject
- 2.10-SNAPSHOT
+ 2.8-SNAPSHOT
../../pom.xml
sakai-web-impl
Index: web-impl/pack/pom.xml
===================================================================
--- web-impl/pack/pom.xml (revision 128883)
+++ web-impl/pack/pom.xml (working copy)
@@ -4,7 +4,7 @@
web-base
org.sakaiproject
- 2.10-SNAPSHOT
+ 2.8-SNAPSHOT
../../pom.xml
sakai-web-pack