public static void create(long personID, String content) {
    try {
      User user = User.loadFromSession();
      Person person = Person.findById(personID);

      Policy policy =
          Policy.getInstance(
              Play.applicationPath.getAbsolutePath() + "/conf/antisamy-myspace-1.3.xml");
      AntiSamy as = new AntiSamy();
      CleanResults cr = as.scan(content, policy);

      InsConfidential c = new InsConfidential();
      c.content = cr.getCleanHTML();
      c.createAt = new GregorianCalendar();
      c.employe = user.person;
      c.person = person;
      c.save();

      flash.success("messageAdded");

      InsConfidentials.show(personID);
    } catch (ScanException ex) {
      Logger.error(InsConfidentials.class.getName() + " : " + ex);
    } catch (PolicyException ex) {
      Logger.error(InsConfidentials.class.getName() + " : " + ex);
    }
  }
  public static void save(long id, String content) {
    try {

      Policy policy =
          Policy.getInstance(
              Play.applicationPath.getAbsolutePath() + "/conf/antisamy-myspace-1.3.xml");
      AntiSamy as = new AntiSamy();
      CleanResults cr = as.scan(content, policy);

      InsConfidential c = InsConfidential.findById(id);
      c.content = cr.getCleanHTML();
      c.save();

      PersonEvaluation.changeMessage(c);

      renderJSON("{\"result\":\"ok\"}");

    } catch (ScanException ex) {

      Logger.error(InsConfidentials.class.getName() + " : " + ex);
      renderJSON("{\"result\":\"ko\"}");
    } catch (PolicyException ex) {

      Logger.error(InsConfidentials.class.getName() + " : " + ex);
      renderJSON("{\"result\":\"ko\"}");
    }
  }
Exemple #3
0
  /** Filters input HTML using specified policy as white list of allowed tags. */
  @SuppressWarnings("unchecked")
  private String filter(String inputHtml, String policyFileName) {
    String filteredHtml = "";
    if (!StringUtils.isBlank(inputHtml)) {
      if (policyFileName == null) {
        LOG.warn("Provided policy file name is null.");
        policyFileName = DEFAULT_ANTISAMY_POLICY_FILE;
      }

      AntiSamy htmlScanner = getHtmlScannerByPolicyFileName(policyFileName);
      if (htmlScanner != null) {
        CleanResults scanResults;
        try {
          scanResults = htmlScanner.scan(inputHtml);
          filteredHtml = scanResults.getCleanHTML();
          ArrayList<String> scannerErrors = scanResults.getErrorMessages();
          if (!CollectionUtils.isNullOrEmpty(scannerErrors)) {
            LOG.trace("HTML input contains erorrs (" + scannerErrors.size() + "):");
            int i = 1;
            for (String error : scannerErrors) {
              LOG.trace("    " + i + ") " + error);
              i++;
            }
          }
        } catch (ScanException ex) {
          throw new HtmlScannerException(ex);
        } catch (PolicyException ex) {
          throw new HtmlScannerException(ex);
        }
      }
    }

    return filteredHtml;
  }
Exemple #4
0
 public static String sanitize(String value) {
   try {
     cservice_ = WCMCoreUtils.getService(ConfigurationManager.class);
     InputStream in = cservice_.getInputStream(POLICY_FILE_LOCATION);
     Policy policy = Policy.getInstance(in);
     AntiSamy as = new AntiSamy();
     CleanResults cr = as.scan(value, policy);
     value = cr.getCleanHTML();
     return value;
   } catch (Exception ex) {
     return value;
   }
 }
  @Secured({"ROLE_ADMIN", "ROLE_SURVEY_ADMIN"})
  @RequestMapping(method = RequestMethod.PUT, produces = "text/html")
  public String update(
      @RequestParam(value = "_proceed", required = false) String proceed,
      @Valid Question question,
      BindingResult bindingResult,
      Principal principal,
      Model uiModel,
      HttpServletRequest httpServletRequest) {
    log.info("update(): handles PUT");
    try {
      // User user = userService.user_findByLogin(principal.getName());
      String login = principal.getName();
      User user = userService.user_findByLogin(login);

      // SurveyDefinitionPage surveyDefinitionPage =
      // surveySettingsService.surveyDefinitionPage_findById(surveyDefinitionPageId);
      // surveySettingsService.question_findById(question.getId()).getPage().getSurveyDefinition().getId()
      // Check if the user is authorized
      if (!securityService.userIsAuthorizedToManageSurvey(
              question.getPage().getSurveyDefinition().getId(), user)
          && !securityService.userBelongsToDepartment(
              question.getPage().getSurveyDefinition().getDepartment().getId(), user)) {
        log.warn(
            "Unauthorized access to url path "
                + httpServletRequest.getPathInfo()
                + " attempted by user login:"******"from IP:"
                + httpServletRequest.getLocalAddr());
        return "accessDenied";
      }
      if (proceed != null) {
        if (bindingResult.hasErrors()) {
          populateEditForm(uiModel, question, user);
          log.info(
              "-------------------------------------------"
                  + bindingResult.getFieldErrors().toString());
          return "settings/questions/update";
        }
        if (!surveySettingsService.question_ValidateDateRange(question)) {
          populateEditForm(uiModel, question, user);
          bindingResult.rejectValue("dateMinimum", "date_format_validation_range");
          return "settings/questions/update";
        }
        if (!surveySettingsService.question_ValidateMinMaxDoubleValues(question)) {
          populateEditForm(uiModel, question, user);
          bindingResult.rejectValue("decimalMinimum", "field_min_invalid");
          return "settings/questions/update";
        }
        if (!surveySettingsService.question_ValidateMinMaxValues(question)) {
          populateEditForm(uiModel, question, user);
          bindingResult.rejectValue("integerMinimum", "field_min_invalid");
          return "settings/questions/update";
        }
        if (question.getSuportsOptions()) {
          // If user wants to modify and existent question without
          // options to Rating type, then use the default values
          int NumberOfQuestionOptions = 0;
          Set<QuestionOption> qOpts =
              surveySettingsService.questionOption_findByQuestionId(question.getId());
          for (QuestionOption q : qOpts) {
            NumberOfQuestionOptions++;
          }
          if ((question.getType().toString() == "SMILEY_FACES_RATING"
                  || question.getType().toString() == "STAR_RATING")
              && NumberOfQuestionOptions != 5) {
            log.info(
                "Removing Question Options since the amount of Questions Options for Rating Type cannot be longer than 5 Qoptions");
            surveySettingsService.questionOption_removeQuestionOptionsByQuestionId(
                question.getId());
            SortedSet<QuestionOption> options = new TreeSet<QuestionOption>();
            options.add(
                new QuestionOption(
                    question,
                    (short) 1,
                    "1",
                    messageSource.getMessage(
                        EXTREMELY_UNSATISFIED_LABEL, null, LocaleContextHolder.getLocale())));
            options.add(
                new QuestionOption(
                    question,
                    (short) 2,
                    "2",
                    messageSource.getMessage(
                        UNSATISFIED_LABEL, null, LocaleContextHolder.getLocale())));
            options.add(
                new QuestionOption(
                    question,
                    (short) 3,
                    "3",
                    messageSource.getMessage(
                        NEUTRAL_LABEL, null, LocaleContextHolder.getLocale())));
            options.add(
                new QuestionOption(
                    question,
                    (short) 4,
                    "4",
                    messageSource.getMessage(
                        SATISFIED_LABEL, null, LocaleContextHolder.getLocale())));
            options.add(
                new QuestionOption(
                    question,
                    (short) 5,
                    "5",
                    messageSource.getMessage(
                        EXTREMELY_SATISFIED_LABEL, null, LocaleContextHolder.getLocale())));
            // Adding default values to Rating Type Question
            log.info("Adding default values to Rating Type Question");
            question = surveySettingsService.question_merge(question, options);
            uiModel.asMap().clear();
            return "settings/questions/saved";
          } else {
            Policy questionTextPolicy =
                Policy.getInstance(this.getClass().getResource(POLICY_FILE_LOCATION));
            AntiSamy emailAs = new AntiSamy();
            CleanResults crQuestionText =
                emailAs.scan(question.getQuestionText(), questionTextPolicy);
            question.setQuestionText(crQuestionText.getCleanHTML());

            Policy questionTipPolicy =
                Policy.getInstance(this.getClass().getResource(POLICY_FILE_LOCATION));
            AntiSamy completedSurveyAs = new AntiSamy();
            CleanResults crQuestionTip =
                completedSurveyAs.scan(question.getTip(), questionTipPolicy);
            question.setTip(crQuestionTip.getCleanHTML());

            question = surveySettingsService.question_merge(question);
            uiModel.asMap().clear();
            return "settings/questions/saved";
          }
        }

        question = surveySettingsService.question_merge(question);
        uiModel.asMap().clear();
        return "settings/questions/saved";

      } else {
        return "redirect:/settings/surveyDefinitions/"
            + encodeUrlPathSegment(
                question.getPage().getSurveyDefinition().getId().toString(), httpServletRequest);
      }
    } catch (Exception e) {
      log.error(e.getMessage(), e);
      throw (new RuntimeException(e));
    }
  }
  @Secured({"ROLE_ADMIN", "ROLE_SURVEY_ADMIN"})
  @RequestMapping(method = RequestMethod.POST, produces = "text/html")
  public String create(
      @RequestParam(value = "_proceed", required = false) String proceed,
      @Valid Question question,
      BindingResult bindingResult,
      Principal principal,
      Model uiModel,
      HttpServletRequest httpServletRequest) {
    log.info("create(): handles " + RequestMethod.POST.toString());

    try {
      String login = principal.getName();
      User user = userService.user_findByLogin(login);
      // SurveyDefinitionPage surveyDefinitionPage =
      // surveySettingsService.surveyDefinitionPage_findById(surveyDefinitionPageId);
      // Check if the user is authorized

      if (!securityService.userIsAuthorizedToManageSurvey(
              question.getPage().getSurveyDefinition().getId(), user)
          && !securityService.userBelongsToDepartment(
              question.getPage().getSurveyDefinition().getDepartment().getId(), user)) {
        log.warn(
            "Unauthorized access to url path "
                + httpServletRequest.getPathInfo()
                + " attempted by user login:"******"from IP:"
                + httpServletRequest.getLocalAddr());
        return "accessDenied";
      }
      // User user = userService.user_findByLogin(principal.getName());
      if (proceed != null) {
        if (bindingResult.hasErrors()) {
          populateEditForm(uiModel, question, user);
          return "settings/questions/create";
        }

        if (!surveySettingsService.question_ValidateDateRange(question)) {
          populateEditForm(uiModel, question, user);
          bindingResult.rejectValue("dateMinimum", "date_format_validation_range");
          return "settings/questions/create";
        }
        // validate Double min max
        if (!surveySettingsService.question_ValidateMinMaxDoubleValues(question)) {
          populateEditForm(uiModel, question, user);
          bindingResult.rejectValue("decimalMinimum", "field_min_invalid");
          return "settings/questions/create";
        }
        // validate Integer min max
        if (!surveySettingsService.question_ValidateMinMaxValues(question)) {
          populateEditForm(uiModel, question, user);
          bindingResult.rejectValue("integerMinimum", "field_min_invalid");
          return "settings/questions/create";
        }
        if (question.getType().getIsRating()) {
          SortedSet<QuestionOption> options = new TreeSet<QuestionOption>();
          options.add(
              new QuestionOption(
                  question,
                  (short) 1,
                  "1",
                  messageSource.getMessage(
                      EXTREMELY_UNSATISFIED_LABEL, null, LocaleContextHolder.getLocale())));
          options.add(
              new QuestionOption(
                  question,
                  (short) 2,
                  "2",
                  messageSource.getMessage(
                      UNSATISFIED_LABEL, null, LocaleContextHolder.getLocale())));
          options.add(
              new QuestionOption(
                  question,
                  (short) 3,
                  "3",
                  messageSource.getMessage(NEUTRAL_LABEL, null, LocaleContextHolder.getLocale())));
          options.add(
              new QuestionOption(
                  question,
                  (short) 4,
                  "4",
                  messageSource.getMessage(
                      SATISFIED_LABEL, null, LocaleContextHolder.getLocale())));
          options.add(
              new QuestionOption(
                  question,
                  (short) 5,
                  "5",
                  messageSource.getMessage(
                      EXTREMELY_SATISFIED_LABEL, null, LocaleContextHolder.getLocale())));
          question = surveySettingsService.question_merge(question, options);
        }

        // if (question.getPublishToSocrata().equals(true)){
        // bindingResult.rejectValue("socrataColumnName",
        // "field_min_invalid");
        // return "settings/questions/create";
        // }

        else {

          Policy questionTextPolicy =
              Policy.getInstance(this.getClass().getResource(POLICY_FILE_LOCATION));
          AntiSamy emailAs = new AntiSamy();
          CleanResults crQuestionText =
              emailAs.scan(question.getQuestionText(), questionTextPolicy);
          question.setQuestionText(crQuestionText.getCleanHTML());

          Policy questionTipPolicy =
              Policy.getInstance(this.getClass().getResource(POLICY_FILE_LOCATION));
          AntiSamy completedSurveyAs = new AntiSamy();
          CleanResults crQuestionTip = completedSurveyAs.scan(question.getTip(), questionTipPolicy);
          question.setTip(crQuestionTip.getCleanHTML());

          question = surveySettingsService.question_merge(question);
        }
        uiModel.asMap().clear();
        return "settings/questions/saved";
      } else {
        return "redirect:/settings/surveyDefinitions/"
            + encodeUrlPathSegment(
                question.getPage().getSurveyDefinition().getId().toString(), httpServletRequest);
      }
    } catch (Exception e) {
      log.error(e.getMessage(), e);
      throw (new RuntimeException(e));
    }
  }