Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 573203 Details for
Bug 615978
Create bundle using 'Recipe' > 'Click to Upload A Recipe File' fails
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
Propsed patch to resolve this issue
BZ615978-Create_bundle_using_Recipe__Click_to_Upload_A_Recipe_File_fails.patch (text/plain), 10.53 KB, created by
Larry O'Leary
on 2012-03-28 02:05:53 UTC
(
hide
)
Description:
Propsed patch to resolve this issue
Filename:
MIME Type:
Creator:
Larry O'Leary
Created:
2012-03-28 02:05:53 UTC
Size:
10.53 KB
patch
obsolete
>diff --git a/modules/core/util/pom.xml b/modules/core/util/pom.xml >index 9c08830..458baf5 100644 >--- a/modules/core/util/pom.xml >+++ b/modules/core/util/pom.xml >@@ -42,6 +42,12 @@ > <scope>test</scope> > </dependency> > >+ <dependency> >+ <groupId>commons-lang</groupId> >+ <artifactId>commons-lang</artifactId> >+ <scope>provided</scope> >+ </dependency> >+ > </dependencies> > > <build> >diff --git a/modules/core/util/src/main/java/org/rhq/core/util/stream/StreamUtil.java b/modules/core/util/src/main/java/org/rhq/core/util/stream/StreamUtil.java >index 398918a..294aea4 100644 >--- a/modules/core/util/src/main/java/org/rhq/core/util/stream/StreamUtil.java >+++ b/modules/core/util/src/main/java/org/rhq/core/util/stream/StreamUtil.java >@@ -1,6 +1,6 @@ > /* > * RHQ Management Platform >- * Copyright (C) 2005-2008 Red Hat, Inc. >+ * Copyright (C) 2005-2012 Red Hat, Inc. > * All rights reserved. > * > * This program is free software; you can redistribute it and/or modify >@@ -36,6 +36,7 @@ import java.io.Serializable; > import java.io.StringWriter; > import java.io.Writer; > >+import org.apache.commons.lang.StringEscapeUtils; > import org.apache.commons.logging.Log; > import org.apache.commons.logging.LogFactory; > >@@ -93,7 +94,7 @@ public class StreamUtil { > copy(reader, wrt); > return wrt.toString(); > } >- >+ > /** > * Copies data from the input stream to the output stream. Upon completion or on an exception, the streams will be > * closed. >@@ -121,7 +122,7 @@ public class StreamUtil { > public static long copy(Reader rdr, Writer wrt) throws RuntimeException { > return copy(rdr, wrt, true); > } >- >+ > /** > * Copies data from the input stream to the output stream. Upon completion or on an exception, the streams will be > * closed but only if <code>closeStreams</code> is <code>true</code>. If <code>closeStreams</code> is <code> >@@ -136,6 +137,30 @@ public class StreamUtil { > * @throws RuntimeException if failed to read or write the data > */ > public static long copy(InputStream input, OutputStream output, boolean closeStreams) throws RuntimeException { >+ return copy(input, output, closeStreams, false); >+ } >+ >+ /** >+ * Copies data from the input stream to the output stream. Upon completion or on an exception, the streams will be >+ * closed but only if <code>closeStreams</code> is <code>true</code>. If <code>closeStreams</code> is <code> >+ * false</code>, the streams are left open; the caller has the reponsibility to close them. >+ * <p> >+ * If htmlEscape is <code>true</code> the input stream is read into a <code>String</code> and all HTML entities >+ * are escaped using {@link StringEscapeUtils#escapeHtml(String)} prior to being copied to output stream. >+ * >+ * @param input the originating stream that contains the data to be copied >+ * @param output the destination stream where the data should be copied to >+ * @param closeStreams if <code>true</code>, the streams will be closed before the method returns >+ * @param htmlEscape if <code>true</code>, the input stream will be HTML escaped before being written to output stream >+ * >+ * @return the number of bytes copied from the input to the output stream or the number of characters stored in output stream if htmlEscape is <code>true</code> >+ * >+ * @throws RuntimeException if failed to read or write the data >+ * >+ * @since 4.4 >+ */ >+ public static long copy(InputStream input, OutputStream output, boolean closeStreams, boolean htmlEscape) >+ throws RuntimeException { > if (input == null) { > throw new IllegalArgumentException("Input stream is null."); > } >@@ -153,7 +178,13 @@ public class StreamUtil { > byte[] buffer = new byte[bufferSize]; > > for (int bytesRead = input.read(buffer); bytesRead != -1; bytesRead = input.read(buffer)) { >- output.write(buffer, 0, bytesRead); >+ if (htmlEscape) { >+ String htmlEncodedStr = StringEscapeUtils.escapeHtml(new String(buffer)); >+ bytesRead = htmlEncodedStr.length(); >+ output.write(htmlEncodedStr.getBytes(), 0, bytesRead); >+ } else { >+ output.write(buffer, 0, bytesRead); >+ } > numBytesCopied += bytesRead; > } > >@@ -200,14 +231,14 @@ public class StreamUtil { > try { > long numCharsCopied = 0; > char[] buffer = new char[32768]; >- >+ > int cnt; >- while((cnt = rdr.read(buffer)) != -1) { >+ while ((cnt = rdr.read(buffer)) != -1) { > numCharsCopied += cnt; > wrt.write(buffer, 0, cnt); > } >- >- return numCharsCopied; >+ >+ return numCharsCopied; > } catch (IOException e) { > throw new RuntimeException("Reader could not have been copied to the writer.", e); > } finally { >@@ -217,16 +248,16 @@ public class StreamUtil { > } catch (IOException ioe) { > LOG.warn("Reader could not be closed.", ioe); > } >- >+ > try { >- wrt.close(); >+ wrt.close(); > } catch (IOException ioe) { > LOG.warn("Writer could not be closed.", ioe); > } > } > } > } >- >+ > /** > * Copies data from the input stream to the output stream. The caller has the responsibility to close them. This > * method allows you to copy a byte range from the input stream. The start byte is the index (where the first byte >@@ -344,7 +375,7 @@ public class StreamUtil { > > return retObject; > } >- >+ > /** > * Can be used to safely close a stream. No-op if the stream is null. > * >diff --git a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/bundle/create/BundleUploadDistroFileStep.java b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/bundle/create/BundleUploadDistroFileStep.java >index a70b907..a740e49 100644 >--- a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/bundle/create/BundleUploadDistroFileStep.java >+++ b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/bundle/create/BundleUploadDistroFileStep.java >@@ -1,6 +1,6 @@ > /* > * RHQ Management Platform >- * Copyright (C) 2005-2010 Red Hat, Inc. >+ * Copyright (C) 2005-2012 Red Hat, Inc. > * All rights reserved. > * > * This program is free software; you can redistribute it and/or modify >@@ -20,6 +20,8 @@ package org.rhq.enterprise.gui.coregui.client.bundle.create; > > import java.util.LinkedHashMap; > >+import com.google.gwt.dom.client.Document; >+import com.google.gwt.dom.client.Element; > import com.google.gwt.user.client.rpc.AsyncCallback; > import com.smartgwt.client.widgets.Canvas; > import com.smartgwt.client.widgets.form.DynamicForm; >@@ -195,9 +197,18 @@ public class BundleUploadDistroFileStep extends AbstractWizardStep { > recipe.setHeight(150); > > textFileRetrieverForm.addFormHandler(new DynamicFormHandler() { >+ /* >+ * Helper method to unescape a string which has been escaped for inclusion in HTML tags >+ */ >+ public String htmlUnescape(String escapedHtml) { >+ Element e = Document.get().createDivElement(); >+ e.setInnerHTML(escapedHtml); >+ return e.getInnerText(); >+ } >+ > public void onSubmitComplete(DynamicFormSubmitCompleteEvent event) { >- wizard.setRecipe(event.getResults()); >- recipe.setValue(event.getResults()); >+ wizard.setRecipe(htmlUnescape(event.getResults())); >+ recipe.setValue(htmlUnescape(event.getResults())); > textFileRetrieverForm.retrievalStatus(true); > showUpload.show(); > upload.hide(); >diff --git a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/server/gwt/FileUploadServlet.java b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/server/gwt/FileUploadServlet.java >index f97f5a9..081246b 100644 >--- a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/server/gwt/FileUploadServlet.java >+++ b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/server/gwt/FileUploadServlet.java >@@ -1,6 +1,6 @@ > /* > * RHQ Management Platform >- * Copyright (C) 2005-2010 Red Hat, Inc. >+ * Copyright (C) 2005-2012 Red Hat, Inc. > * All rights reserved. > * > * This program is free software; you can redistribute it and/or modify >@@ -116,13 +116,15 @@ public class FileUploadServlet extends HttpServlet { > > if (retrieve && actualFiles.size() == 1) { > // sending in "retrieve" form element with a single file means the client just wants the content echoed back >+ resp.setContentType("text/html"); > FileItem fileItem = actualFiles.get(0); > > ServletOutputStream outputStream = resp.getOutputStream(); > outputStream.print("<html>"); > InputStream inputStream = fileItem.getInputStream(); > try { >- StreamUtil.copy(inputStream, outputStream, false); >+ // we have to HTML escape inputStream before writing it to outputStream >+ StreamUtil.copy(inputStream, outputStream, false, true); > } finally { > inputStream.close(); > } >diff --git a/pom.xml b/pom.xml >index 2705417..a89364c 100644 >--- a/pom.xml >+++ b/pom.xml >@@ -74,6 +74,7 @@ > <!-- End: JBoss AS Dependency Versions --> > > <commons-logging.version>1.1.0.jboss</commons-logging.version> >+ <commons-lang.version>2.6</commons-lang.version> > <concurrent.version>1.3.4-jboss-update1</concurrent.version> <!-- oswego-concurrent compatible with 4.2.3.GA --> > <findbugs.version>2.3.2</findbugs.version> > <getopt.version>1.0.13</getopt.version> >@@ -305,6 +306,12 @@ > <version>${commons-logging.version}</version> > </dependency> > >+ <dependency> >+ <groupId>commons-lang</groupId> >+ <artifactId>commons-lang</artifactId> >+ <version>${commons-lang.version}</version> >+ </dependency> >+ > <!-- GNU GetOpt (any modules that need to do command-line argument parsing should use this) --> > <dependency> > <groupId>gnu-getopt</groupId>
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 615978
:
432847
|
432848
|
432849
|
433151
|
433152
|
573203
|
573808