Adding anti XSS NIHVIVO-3379
This commit is contained in:
briancaruso
parent
2700e0a638
commit
999cd8a9b6
11 changed files with 52 additions and 20 deletions
|
|
@ -48,6 +48,7 @@ import edu.cornell.mannlib.vitro.webapp.edit.n3editing.configuration.Field;
|
|||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.configuration.generators.AddAuthorsToInformationResourceGenerator.AuthorshipInfo;
|
||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.configuration.preprocessors.AddAssociatedConceptsPreprocessor;
|
||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.configuration.preprocessors.RoleToActivityPredicatePreprocessor;
|
||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.configuration.validators.AntiXssValidation;
|
||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.processEdit.RdfLiteralHash;
|
||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.EditN3GeneratorVTwo;
|
||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.SelectListGeneratorVTwo;
|
||||
|
|
@ -129,6 +130,9 @@ public class AddAssociatedConceptGenerator extends VivoBaseGenerator implements
|
|||
//Adding term should return to this same page, not the subject
|
||||
//Return takes the page back to the individual form
|
||||
editConfiguration.setUrlPatternToReturnTo(EditConfigurationUtils.getFormUrlWithoutContext(vreq));
|
||||
|
||||
editConfiguration.addValidator(new AntiXssValidation());
|
||||
|
||||
//prepare
|
||||
prepare(vreq, editConfiguration);
|
||||
return editConfiguration;
|
||||
|
|
|
|||
|
|
@ -24,6 +24,7 @@ import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.DateTimeIntervalVali
|
|||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.EditConfigurationUtils;
|
||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.EditConfigurationVTwo;
|
||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.FieldVTwo;
|
||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.configuration.validators.AntiXssValidation;
|
||||
|
||||
/**
|
||||
* This is a slightly unusual generator that is used by Manage Authors on
|
||||
|
|
@ -77,6 +78,8 @@ public class AddAuthorsToInformationResourceGenerator extends VivoBaseGenerator
|
|||
//Adding additional data, specifically edit mode
|
||||
addFormSpecificData(editConfiguration, vreq);
|
||||
|
||||
editConfiguration.addValidator(new AntiXssValidation());
|
||||
|
||||
//NOITCE this generator does not run prepare() since it
|
||||
//is never an update and has no SPARQL for existing
|
||||
|
||||
|
|
|
|||
|
|
@ -17,6 +17,7 @@ import edu.cornell.mannlib.vitro.webapp.dao.jena.QueryUtils;
|
|||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.EditConfigurationUtils;
|
||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.EditConfigurationVTwo;
|
||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.FieldVTwo;
|
||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.configuration.validators.AntiXssValidation;
|
||||
/**
|
||||
|
||||
Custom form for adding or editing a webpage associated with an individual. The primary page,
|
||||
|
|
@ -90,6 +91,8 @@ public class AddEditWebpageFormGenerator extends BaseEditConfigurationGenerator
|
|||
EditConfigurationUtils.getSubjectUri(vreq), vreq )
|
||||
+ 1 );
|
||||
|
||||
config.addValidator(new AntiXssValidation());
|
||||
|
||||
//might be null
|
||||
config.addFormSpecificData("subjectName", getName( config, vreq));
|
||||
prepare(vreq, config);
|
||||
|
|
|
|||
|
|
@ -30,6 +30,7 @@ import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.EditConfigurationUti
|
|||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.EditConfigurationVTwo;
|
||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.EditN3GeneratorVTwo;
|
||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.FieldVTwo;
|
||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.configuration.validators.AntiXssValidation;
|
||||
import edu.cornell.mannlib.vitro.webapp.utils.FrontEndEditingUtils;
|
||||
import edu.cornell.mannlib.vitro.webapp.utils.FrontEndEditingUtils.EditMode;
|
||||
import edu.cornell.mannlib.vitro.webapp.utils.generators.EditModeUtils;
|
||||
|
|
@ -104,8 +105,11 @@ public class AddGrantRoleToPersonGenerator implements EditConfigurationGenerator
|
|||
setTemplate(editConfiguration, vreq);
|
||||
//Set edit key
|
||||
setEditKey(editConfiguration, vreq);
|
||||
//Add validator
|
||||
editConfiguration.addValidator(new DateTimeIntervalValidationVTwo("startField","endField") );
|
||||
|
||||
//Add validators
|
||||
editConfiguration.addValidator(new DateTimeIntervalValidationVTwo("startField","endField") );
|
||||
editConfiguration.addValidator(new AntiXssValidation());
|
||||
|
||||
//no preprocessors required here
|
||||
//Adding additional data, specifically edit mode
|
||||
addFormSpecificData(editConfiguration, vreq);
|
||||
|
|
|
|||
|
|
@ -32,6 +32,7 @@ import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.EditConfigurationUti
|
|||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.EditConfigurationVTwo;
|
||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.FieldVTwo;
|
||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.configuration.preprocessors.RoleToActivityPredicatePreprocessor;
|
||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.configuration.validators.AntiXssValidation;
|
||||
import edu.cornell.mannlib.vitro.webapp.utils.FrontEndEditingUtils.EditMode;
|
||||
import edu.cornell.mannlib.vitro.webapp.utils.generators.EditModeUtils;
|
||||
/**
|
||||
|
|
@ -163,11 +164,14 @@ public abstract class AddRoleToPersonTwoStageGenerator extends BaseEditConfigura
|
|||
editConfiguration.setTemplate(getTemplate());
|
||||
|
||||
//Add validator
|
||||
editConfiguration.addValidator(new DateTimeIntervalValidationVTwo("startField","endField") );
|
||||
editConfiguration.addValidator(new DateTimeIntervalValidationVTwo("startField","endField") );
|
||||
editConfiguration.addValidator(new AntiXssValidation());
|
||||
|
||||
//Add preprocessors
|
||||
addPreprocessors(editConfiguration, vreq.getWebappDaoFactory());
|
||||
//Adding additional data, specifically edit mode
|
||||
addFormSpecificData(editConfiguration, vreq);
|
||||
|
||||
//prepare
|
||||
prepare(vreq, editConfiguration);
|
||||
return editConfiguration;
|
||||
|
|
|
|||
|
|
@ -42,6 +42,7 @@ import edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory;
|
|||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.EditConfigurationVTwo;
|
||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.configuration.Field;
|
||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.configuration.preprocessors.RoleToActivityPredicatePreprocessor;
|
||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.configuration.validators.AntiXssValidation;
|
||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.processEdit.RdfLiteralHash;
|
||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.EditN3GeneratorVTwo;
|
||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.SelectListGeneratorVTwo;
|
||||
|
|
@ -109,7 +110,9 @@ public class AddUserDefinedConceptGenerator extends VivoBaseGenerator implement
|
|||
|
||||
|
||||
setTemplate(editConfiguration, vreq);
|
||||
//No validators required here
|
||||
|
||||
editConfiguration.addValidator(new AntiXssValidation());
|
||||
|
||||
//Add preprocessors
|
||||
addPreprocessors(editConfiguration, vreq.getWebappDaoFactory());
|
||||
//Adding additional data, specifically edit mode
|
||||
|
|
|
|||
|
|
@ -35,41 +35,41 @@ public class ManageWebpagesForIndividualGenerator extends BaseEditConfigurationG
|
|||
|
||||
@Override
|
||||
public EditConfigurationVTwo getEditConfiguration(VitroRequest vreq, HttpSession session) {
|
||||
|
||||
|
||||
EditConfigurationVTwo config = new EditConfigurationVTwo();
|
||||
config.setTemplate("manageWebpagesForIndividual.ftl");
|
||||
|
||||
|
||||
initBasics(config, vreq);
|
||||
initPropertyParameters(vreq, session, config);
|
||||
initObjectPropForm(config, vreq);
|
||||
|
||||
|
||||
config.setSubjectUri(EditConfigurationUtils.getSubjectUri(vreq));
|
||||
config.setEntityToReturnTo( EditConfigurationUtils.getSubjectUri(vreq));
|
||||
|
||||
|
||||
List<Map<String,String>> webpages = getWebpages(config.getSubjectUri(), vreq);
|
||||
config.addFormSpecificData("webpages",webpages);
|
||||
|
||||
config.addFormSpecificData("rankPredicate", "http://vivoweb.org/ontology/core#rank" );
|
||||
config.addFormSpecificData("reorderUrl", "/edit/reorder" );
|
||||
config.addFormSpecificData("deleteWebpageUrl", "/edit/primitiveDelete");
|
||||
|
||||
ParamMap paramMap = new ParamMap();
|
||||
paramMap.put("subjectUri", config.getSubjectUri());
|
||||
paramMap.put("editForm", AddEditWebpageFormGenerator.class.getName());
|
||||
paramMap.put("view", "form");
|
||||
String path = UrlBuilder.getUrl( UrlBuilder.Route.EDIT_REQUEST_DISPATCH ,paramMap);
|
||||
|
||||
|
||||
ParamMap paramMap = new ParamMap();
|
||||
paramMap.put("subjectUri", config.getSubjectUri());
|
||||
paramMap.put("editForm", AddEditWebpageFormGenerator.class.getName());
|
||||
paramMap.put("view", "form");
|
||||
String path = UrlBuilder.getUrl( UrlBuilder.Route.EDIT_REQUEST_DISPATCH ,paramMap);
|
||||
|
||||
config.addFormSpecificData("baseEditWebpageUrl", path);
|
||||
|
||||
|
||||
paramMap = new ParamMap();
|
||||
paramMap.put("subjectUri", config.getSubjectUri());
|
||||
paramMap.put("predicateUri", config.getPredicateUri());
|
||||
paramMap.put("editForm" , AddEditWebpageFormGenerator.class.getName() );
|
||||
paramMap.put("cancelTo", "manage");
|
||||
path = UrlBuilder.getUrl( UrlBuilder.Route.EDIT_REQUEST_DISPATCH ,paramMap);
|
||||
|
||||
|
||||
config.addFormSpecificData("showAddFormUrl", path);
|
||||
|
||||
|
||||
Individual subject = vreq.getWebappDaoFactory().getIndividualDao().getIndividualByURI(config.getSubjectUri());
|
||||
if( subject != null && subject.getName() != null ){
|
||||
config.addFormSpecificData("subjectName", subject.getName());
|
||||
|
|
|
|||
|
|
@ -21,6 +21,7 @@ import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.EditConfigurationUti
|
|||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.EditConfigurationVTwo;
|
||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.FieldVTwo;
|
||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.configuration.preprocessors.FoafNameToRdfsLabelPreprocessor;
|
||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.configuration.validators.AntiXssValidation;
|
||||
|
||||
/**
|
||||
* Generates the edit configuration for a default property form.
|
||||
|
|
@ -69,6 +70,8 @@ public class NewIndividualFormGenerator extends BaseEditConfigurationGenerator i
|
|||
|
||||
addFormSpecificData(config, vreq);
|
||||
|
||||
config.addValidator(new AntiXssValidation());
|
||||
|
||||
//This combines the first and last name into the rdfs:label
|
||||
config.addModelChangePreprocessor(new FoafNameToRdfsLabelPreprocessor());
|
||||
|
||||
|
|
|
|||
|
|
@ -14,6 +14,7 @@ import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.DateTimeIntervalVali
|
|||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.DateTimeWithPrecisionVTwo;
|
||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.EditConfigurationVTwo;
|
||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.FieldVTwo;
|
||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.configuration.validators.AntiXssValidation;
|
||||
|
||||
public class OrganizationHasPositionHistoryGenerator extends VivoBaseGenerator
|
||||
implements EditConfigurationGenerator {
|
||||
|
|
@ -220,8 +221,10 @@ public class OrganizationHasPositionHistoryGenerator extends VivoBaseGenerator
|
|||
conf.addField(endField.setEditElement(new DateTimeWithPrecisionVTwo(
|
||||
endField, URI_PRECISION_YEAR, URI_PRECISION_NONE)));
|
||||
|
||||
conf.addValidator(new AntiXssValidation());
|
||||
conf.addValidator(new DateTimeIntervalValidationVTwo("startField",
|
||||
"endField"));
|
||||
|
||||
prepare(vreq, conf);
|
||||
return conf;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -17,6 +17,7 @@ import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.DateTimeIntervalVali
|
|||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.DateTimeWithPrecisionVTwo;
|
||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.EditConfigurationVTwo;
|
||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.FieldVTwo;
|
||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.configuration.validators.AntiXssValidation;
|
||||
import edu.cornell.mannlib.vitro.webapp.utils.FrontEndEditingUtils.EditMode;
|
||||
import edu.cornell.mannlib.vitro.webapp.utils.generators.EditModeUtils;
|
||||
|
||||
|
|
@ -177,7 +178,9 @@ public class PersonHasEducationalTraining extends VivoBaseGenerator implements
|
|||
VitroVocabulary.Precision.NONE.uri())));
|
||||
//Add validator
|
||||
conf.addValidator(new DateTimeIntervalValidationVTwo("startField","endField"));
|
||||
//Adding additional data, specifically edit mode
|
||||
conf.addValidator(new AntiXssValidation());
|
||||
|
||||
//Adding additional data, specifically edit mode
|
||||
addFormSpecificData(conf, vreq);
|
||||
prepare(vreq, conf);
|
||||
return conf;
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@ import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.DateTimeIntervalVali
|
|||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.DateTimeWithPrecisionVTwo;
|
||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.EditConfigurationVTwo;
|
||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.FieldVTwo;
|
||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.configuration.validators.AntiXssValidation;
|
||||
import edu.cornell.mannlib.vitro.webapp.utils.FrontEndEditingUtils.EditMode;
|
||||
import edu.cornell.mannlib.vitro.webapp.utils.generators.EditModeUtils;
|
||||
|
||||
|
|
@ -155,7 +156,8 @@ public class PersonHasPositionHistoryGenerator extends VivoBaseGenerator impleme
|
|||
);
|
||||
|
||||
conf.addValidator(new DateTimeIntervalValidationVTwo("startField","endField"));
|
||||
|
||||
conf.addValidator(new AntiXssValidation());
|
||||
|
||||
//Adding additional data, specifically edit mode
|
||||
addFormSpecificData(conf, vreq);
|
||||
prepare(vreq, conf);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue