Search in sources :

Example 1 with SafeHtml

use of net.jforum.util.SafeHtml in project jforum2 by rafaelsteil.

the class AjaxAction method previewPost.

public void previewPost() {
    Post post = new Post();
    post.setText(this.request.getParameter("text"));
    post.setSubject(this.request.getParameter("subject"));
    post.setHtmlEnabled("true".equals(this.request.getParameter("html")));
    post.setBbCodeEnabled("true".equals(this.request.getParameter("bbcode")));
    post.setSmiliesEnabled("true".equals(this.request.getParameter("smilies")));
    if (post.isHtmlEnabled()) {
        post.setText(new SafeHtml().makeSafe(post.getText()));
    }
    post = PostCommon.preparePostForDisplay(post);
    post.setSubject(StringEscapeUtils.escapeJavaScript(post.getSubject()));
    post.setText(StringEscapeUtils.escapeJavaScript(post.getText()));
    this.setTemplateName(TemplateKeys.AJAX_PREVIEW_POST);
    this.context.put("post", post);
}
Also used : Post(net.jforum.entities.Post) SafeHtml(net.jforum.util.SafeHtml)

Example 2 with SafeHtml

use of net.jforum.util.SafeHtml in project jforum2 by rafaelsteil.

the class BookmarkAction method insertSave.

public void insertSave() {
    SafeHtml safeHtml = new SafeHtml();
    Bookmark b = new Bookmark();
    b.setDescription(safeHtml.makeSafe(this.request.getParameter("description")));
    b.setTitle(safeHtml.makeSafe(this.request.getParameter("title")));
    String publicVisible = this.request.getParameter("visible");
    b.setPublicVisible(publicVisible != null && publicVisible.length() > 0);
    b.setRelationId(this.request.getIntParameter("relation_id"));
    b.setRelationType(this.request.getIntParameter("relation_type"));
    b.setUserId(SessionFacade.getUserSession().getUserId());
    DataAccessDriver.getInstance().newBookmarkDAO().add(b);
    this.setTemplateName(TemplateKeys.BOOKMARKS_INSERT_SAVE);
}
Also used : Bookmark(net.jforum.entities.Bookmark) SafeHtml(net.jforum.util.SafeHtml)

Example 3 with SafeHtml

use of net.jforum.util.SafeHtml in project jforum2 by rafaelsteil.

the class PostCommon method fillPostFromRequest.

public static Post fillPostFromRequest(Post p, boolean isEdit) {
    RequestContext request = JForumExecutionContext.getRequest();
    p.setSubject(request.getParameter("subject"));
    p.setBbCodeEnabled(request.getParameter("disable_bbcode") == null);
    p.setSmiliesEnabled(request.getParameter("disable_smilies") == null);
    p.setSignatureEnabled(request.getParameter("attach_sig") != null);
    if (!isEdit) {
        p.setUserIp(request.getRemoteAddr());
        p.setUserId(SessionFacade.getUserSession().getUserId());
    }
    boolean htmlEnabled = SecurityRepository.canAccess(SecurityConstants.PERM_HTML_DISABLED, request.getParameter("forum_id"));
    p.setHtmlEnabled(htmlEnabled && request.getParameter("disable_html") == null);
    if (p.isHtmlEnabled()) {
        p.setText(new SafeHtml().makeSafe(request.getParameter("message")));
    } else {
        p.setText(request.getParameter("message"));
    }
    return p;
}
Also used : SafeHtml(net.jforum.util.SafeHtml) RequestContext(net.jforum.context.RequestContext)

Example 4 with SafeHtml

use of net.jforum.util.SafeHtml in project jforum2 by rafaelsteil.

the class UserCommon method saveUser.

/**
	 * Updates the user information
	 * 
	 * @param userId int The user id we are saving
     * @return List
	 */
public static List saveUser(int userId) {
    List errors = new ArrayList();
    UserDAO um = DataAccessDriver.getInstance().newUserDAO();
    User u = um.selectById(userId);
    RequestContext request = JForumExecutionContext.getRequest();
    boolean isAdmin = SessionFacade.getUserSession().isAdmin();
    if (isAdmin) {
        String username = request.getParameter("username");
        if (username != null) {
            u.setUsername(username.trim());
        }
        if (request.getParameter("rank_special") != null) {
            u.setRankId(request.getIntParameter("rank_special"));
        }
    }
    SafeHtml safeHtml = new SafeHtml();
    u.setId(userId);
    u.setIcq(safeHtml.makeSafe(request.getParameter("icq")));
    u.setAim(safeHtml.makeSafe(request.getParameter("aim")));
    u.setMsnm(safeHtml.makeSafe(request.getParameter("msn")));
    u.setYim(safeHtml.makeSafe(request.getParameter("yim")));
    u.setFrom(safeHtml.makeSafe(request.getParameter("location")));
    u.setOccupation(safeHtml.makeSafe(request.getParameter("occupation")));
    u.setInterests(safeHtml.makeSafe(request.getParameter("interests")));
    u.setBiography(safeHtml.makeSafe(request.getParameter("biography")));
    u.setSignature(safeHtml.makeSafe(request.getParameter("signature")));
    u.setViewEmailEnabled(request.getParameter("viewemail").equals("1"));
    u.setViewOnlineEnabled(request.getParameter("hideonline").equals("0"));
    u.setNotifyPrivateMessagesEnabled(request.getParameter("notifypm").equals("1"));
    u.setNotifyOnMessagesEnabled(request.getParameter("notifyreply").equals("1"));
    u.setAttachSignatureEnabled(request.getParameter("attachsig").equals("1"));
    u.setHtmlEnabled(request.getParameter("allowhtml").equals("1"));
    u.setLang(request.getParameter("language"));
    u.setBbCodeEnabled("1".equals(request.getParameter("allowbbcode")));
    u.setSmiliesEnabled("1".equals(request.getParameter("allowsmilies")));
    u.setNotifyAlways("1".equals(request.getParameter("notify_always")));
    u.setNotifyText("1".equals(request.getParameter("notify_text")));
    String website = safeHtml.makeSafe(request.getParameter("website"));
    if (!StringUtils.isEmpty(website) && !website.toLowerCase().startsWith("http://")) {
        website = "http://" + website;
    }
    u.setWebSite(website);
    String currentPassword = request.getParameter("current_password");
    boolean isCurrentPasswordEmpty = currentPassword == null || "".equals(currentPassword.trim());
    if (isAdmin || !isCurrentPasswordEmpty) {
        if (!isCurrentPasswordEmpty) {
            currentPassword = MD5.crypt(currentPassword);
        }
        if (isAdmin || u.getPassword().equals(currentPassword)) {
            u.setEmail(safeHtml.makeSafe(request.getParameter("email")));
            String newPassword = request.getParameter("new_password");
            if (newPassword != null && newPassword.length() > 0) {
                u.setPassword(MD5.crypt(newPassword));
            }
        } else {
            errors.add(I18n.getMessage("User.currentPasswordInvalid"));
        }
    }
    if (request.getParameter("avatardel") != null) {
        File avatarFile = new File(u.getAvatar());
        File fileToDelete = new File(SystemGlobals.getApplicationPath() + "/images/avatar/" + avatarFile.getName());
        if (fileToDelete.exists()) {
            fileToDelete.delete();
        }
        u.setAvatar(null);
    }
    if (request.getObjectParameter("avatar") != null) {
        try {
            UserCommon.handleAvatar(u);
        } catch (Exception e) {
            UserCommon.logger.warn("Problems while uploading the avatar: " + e);
            errors.add(I18n.getMessage("User.avatarUploadError"));
        }
    } else if (SystemGlobals.getBoolValue(ConfigKeys.AVATAR_ALLOW_EXTERNAL_URL)) {
        String avatarUrl = request.getParameter("avatarUrl");
        if (!StringUtils.isEmpty(avatarUrl)) {
            if (avatarUrl.toLowerCase().startsWith("http://")) {
                try {
                    Image image = ImageIO.read(new URL(avatarUrl));
                    if (image != null) {
                        if (image.getWidth(null) > SystemGlobals.getIntValue(ConfigKeys.AVATAR_MAX_WIDTH) || image.getHeight(null) > SystemGlobals.getIntValue(ConfigKeys.AVATAR_MAX_HEIGHT)) {
                            errors.add(I18n.getMessage("User.avatarTooBig"));
                        } else {
                            u.setAvatar(avatarUrl);
                        }
                    }
                } catch (Exception e) {
                    errors.add(I18n.getMessage("User.avatarUploadError"));
                }
            } else {
                errors.add(I18n.getMessage("User.avatarUrlShouldHaveHttp"));
            }
        }
    }
    if (errors.size() == 0) {
        um.update(u);
        if (SessionFacade.getUserSession().getUserId() == userId) {
            SessionFacade.getUserSession().setLang(u.getLang());
        }
    }
    return errors;
}
Also used : User(net.jforum.entities.User) UserDAO(net.jforum.dao.UserDAO) SafeHtml(net.jforum.util.SafeHtml) ArrayList(java.util.ArrayList) ArrayList(java.util.ArrayList) List(java.util.List) RequestContext(net.jforum.context.RequestContext) Image(java.awt.Image) BufferedImage(java.awt.image.BufferedImage) File(java.io.File) URL(java.net.URL)

Example 5 with SafeHtml

use of net.jforum.util.SafeHtml in project jforum2 by rafaelsteil.

the class PostCommon method preparePostForDisplay.

public static Post preparePostForDisplay(Post post) {
    if (post.getText() == null) {
        return post;
    }
    StringBuffer text = new StringBuffer(post.getText());
    if (!post.isHtmlEnabled()) {
        ViewCommon.replaceAll(text, "<", "&lt;");
        ViewCommon.replaceAll(text, ">", "&gt;");
    }
    // Do not remove the trailing blank space, as it would
    // cause some regular expressions to fail
    ViewCommon.replaceAll(text, "\n", "<br /> ");
    SafeHtml safeHtml = new SafeHtml();
    post.setText(text.toString());
    post.setText(safeHtml.makeSafe(post.getText()));
    processText(post);
    post.setText(safeHtml.ensureAllAttributesAreSafe(post.getText()));
    return post;
}
Also used : SafeHtml(net.jforum.util.SafeHtml)

Aggregations

SafeHtml (net.jforum.util.SafeHtml)5 RequestContext (net.jforum.context.RequestContext)2 Image (java.awt.Image)1 BufferedImage (java.awt.image.BufferedImage)1 File (java.io.File)1 URL (java.net.URL)1 ArrayList (java.util.ArrayList)1 List (java.util.List)1 UserDAO (net.jforum.dao.UserDAO)1 Bookmark (net.jforum.entities.Bookmark)1 Post (net.jforum.entities.Post)1 User (net.jforum.entities.User)1