public static void save(long id, String content) { try { Policy policy = Policy.getInstance( Play.applicationPath.getAbsolutePath() + "/conf/antisamy-myspace-1.3.xml"); AntiSamy as = new AntiSamy(); CleanResults cr = as.scan(content, policy); InsConfidential c = InsConfidential.findById(id); c.content = cr.getCleanHTML(); c.save(); PersonEvaluation.changeMessage(c); renderJSON("{\"result\":\"ok\"}"); } catch (ScanException ex) { Logger.error(InsConfidentials.class.getName() + " : " + ex); renderJSON("{\"result\":\"ko\"}"); } catch (PolicyException ex) { Logger.error(InsConfidentials.class.getName() + " : " + ex); renderJSON("{\"result\":\"ko\"}"); } }
public static void create(long personID, String content) { try { User user = User.loadFromSession(); Person person = Person.findById(personID); Policy policy = Policy.getInstance( Play.applicationPath.getAbsolutePath() + "/conf/antisamy-myspace-1.3.xml"); AntiSamy as = new AntiSamy(); CleanResults cr = as.scan(content, policy); InsConfidential c = new InsConfidential(); c.content = cr.getCleanHTML(); c.createAt = new GregorianCalendar(); c.employe = user.person; c.person = person; c.save(); flash.success("messageAdded"); InsConfidentials.show(personID); } catch (ScanException ex) { Logger.error(InsConfidentials.class.getName() + " : " + ex); } catch (PolicyException ex) { Logger.error(InsConfidentials.class.getName() + " : " + ex); } }
/** Filters input HTML using specified policy as white list of allowed tags. */ @SuppressWarnings("unchecked") private String filter(String inputHtml, String policyFileName) { String filteredHtml = ""; if (!StringUtils.isBlank(inputHtml)) { if (policyFileName == null) { LOG.warn("Provided policy file name is null."); policyFileName = DEFAULT_ANTISAMY_POLICY_FILE; } AntiSamy htmlScanner = getHtmlScannerByPolicyFileName(policyFileName); if (htmlScanner != null) { CleanResults scanResults; try { scanResults = htmlScanner.scan(inputHtml); filteredHtml = scanResults.getCleanHTML(); ArrayList<String> scannerErrors = scanResults.getErrorMessages(); if (!CollectionUtils.isNullOrEmpty(scannerErrors)) { LOG.trace("HTML input contains erorrs (" + scannerErrors.size() + "):"); int i = 1; for (String error : scannerErrors) { LOG.trace(" " + i + ") " + error); i++; } } } catch (ScanException ex) { throw new HtmlScannerException(ex); } catch (PolicyException ex) { throw new HtmlScannerException(ex); } } } return filteredHtml; }
public static void save(MJEvaluation evaluation, Long appraisers[]) throws Exception { Policy policy = Policy.getInstance( Play.applicationPath.getAbsolutePath() + "/conf/antisamy-myspace-1.3.xml"); AntiSamy as = new AntiSamy(); CleanResults cr = as.scan(evaluation.content, policy); User editor = User.loadFromSession(); evaluation.actif = false; evaluation.editor = editor.person; evaluation.evaluationDate = new GregorianCalendar(); List<Person> employes = new ArrayList<Person>(); for (Long id : appraisers) { employes.add((Person) Person.findById(id)); } evaluation.appraisers = employes; evaluation.save(); MJEvaluation newEvaluation = new MJEvaluation(); GregorianCalendar date = new GregorianCalendar(); date.setTimeInMillis(evaluation.evaluationDate.getTimeInMillis()); date.add(Calendar.MONTH, 6); evaluation.actif = true; newEvaluation.evaluationDate = date; newEvaluation.resident = evaluation.resident; newEvaluation.save(); flash.success("saved"); MJEvaluations.show(evaluation.resident.id); }
public static void saveOld(MJEvaluation evaluation) throws Exception { Policy policy = Policy.getInstance( Play.applicationPath.getAbsolutePath() + "/conf/antisamy-myspace-1.3.xml"); AntiSamy as = new AntiSamy(); evaluation.content = as.scan(evaluation.content, policy).getCleanHTML(); evaluation.save(); flash.success("saved"); MJEvaluations.show(evaluation.resident.id); }
public static String sanitize(String value) { try { cservice_ = WCMCoreUtils.getService(ConfigurationManager.class); InputStream in = cservice_.getInputStream(POLICY_FILE_LOCATION); Policy policy = Policy.getInstance(in); AntiSamy as = new AntiSamy(); CleanResults cr = as.scan(value, policy); value = cr.getCleanHTML(); return value; } catch (Exception ex) { return value; } }
@Secured({"ROLE_ADMIN", "ROLE_SURVEY_ADMIN"}) @RequestMapping(method = RequestMethod.PUT, produces = "text/html") public String update( @RequestParam(value = "_proceed", required = false) String proceed, @Valid Question question, BindingResult bindingResult, Principal principal, Model uiModel, HttpServletRequest httpServletRequest) { log.info("update(): handles PUT"); try { // User user = userService.user_findByLogin(principal.getName()); String login = principal.getName(); User user = userService.user_findByLogin(login); // SurveyDefinitionPage surveyDefinitionPage = // surveySettingsService.surveyDefinitionPage_findById(surveyDefinitionPageId); // surveySettingsService.question_findById(question.getId()).getPage().getSurveyDefinition().getId() // Check if the user is authorized if (!securityService.userIsAuthorizedToManageSurvey( question.getPage().getSurveyDefinition().getId(), user) && !securityService.userBelongsToDepartment( question.getPage().getSurveyDefinition().getDepartment().getId(), user)) { log.warn( "Unauthorized access to url path " + httpServletRequest.getPathInfo() + " attempted by user login:"******"from IP:" + httpServletRequest.getLocalAddr()); return "accessDenied"; } if (proceed != null) { if (bindingResult.hasErrors()) { populateEditForm(uiModel, question, user); log.info( "-------------------------------------------" + bindingResult.getFieldErrors().toString()); return "settings/questions/update"; } if (!surveySettingsService.question_ValidateDateRange(question)) { populateEditForm(uiModel, question, user); bindingResult.rejectValue("dateMinimum", "date_format_validation_range"); return "settings/questions/update"; } if (!surveySettingsService.question_ValidateMinMaxDoubleValues(question)) { populateEditForm(uiModel, question, user); bindingResult.rejectValue("decimalMinimum", "field_min_invalid"); return "settings/questions/update"; } if (!surveySettingsService.question_ValidateMinMaxValues(question)) { populateEditForm(uiModel, question, user); bindingResult.rejectValue("integerMinimum", "field_min_invalid"); return "settings/questions/update"; } if (question.getSuportsOptions()) { // If user wants to modify and existent question without // options to Rating type, then use the default values int NumberOfQuestionOptions = 0; Set<QuestionOption> qOpts = surveySettingsService.questionOption_findByQuestionId(question.getId()); for (QuestionOption q : qOpts) { NumberOfQuestionOptions++; } if ((question.getType().toString() == "SMILEY_FACES_RATING" || question.getType().toString() == "STAR_RATING") && NumberOfQuestionOptions != 5) { log.info( "Removing Question Options since the amount of Questions Options for Rating Type cannot be longer than 5 Qoptions"); surveySettingsService.questionOption_removeQuestionOptionsByQuestionId( question.getId()); SortedSet<QuestionOption> options = new TreeSet<QuestionOption>(); options.add( new QuestionOption( question, (short) 1, "1", messageSource.getMessage( EXTREMELY_UNSATISFIED_LABEL, null, LocaleContextHolder.getLocale()))); options.add( new QuestionOption( question, (short) 2, "2", messageSource.getMessage( UNSATISFIED_LABEL, null, LocaleContextHolder.getLocale()))); options.add( new QuestionOption( question, (short) 3, "3", messageSource.getMessage( NEUTRAL_LABEL, null, LocaleContextHolder.getLocale()))); options.add( new QuestionOption( question, (short) 4, "4", messageSource.getMessage( SATISFIED_LABEL, null, LocaleContextHolder.getLocale()))); options.add( new QuestionOption( question, (short) 5, "5", messageSource.getMessage( EXTREMELY_SATISFIED_LABEL, null, LocaleContextHolder.getLocale()))); // Adding default values to Rating Type Question log.info("Adding default values to Rating Type Question"); question = surveySettingsService.question_merge(question, options); uiModel.asMap().clear(); return "settings/questions/saved"; } else { Policy questionTextPolicy = Policy.getInstance(this.getClass().getResource(POLICY_FILE_LOCATION)); AntiSamy emailAs = new AntiSamy(); CleanResults crQuestionText = emailAs.scan(question.getQuestionText(), questionTextPolicy); question.setQuestionText(crQuestionText.getCleanHTML()); Policy questionTipPolicy = Policy.getInstance(this.getClass().getResource(POLICY_FILE_LOCATION)); AntiSamy completedSurveyAs = new AntiSamy(); CleanResults crQuestionTip = completedSurveyAs.scan(question.getTip(), questionTipPolicy); question.setTip(crQuestionTip.getCleanHTML()); question = surveySettingsService.question_merge(question); uiModel.asMap().clear(); return "settings/questions/saved"; } } question = surveySettingsService.question_merge(question); uiModel.asMap().clear(); return "settings/questions/saved"; } else { return "redirect:/settings/surveyDefinitions/" + encodeUrlPathSegment( question.getPage().getSurveyDefinition().getId().toString(), httpServletRequest); } } catch (Exception e) { log.error(e.getMessage(), e); throw (new RuntimeException(e)); } }
@Secured({"ROLE_ADMIN", "ROLE_SURVEY_ADMIN"}) @RequestMapping(method = RequestMethod.POST, produces = "text/html") public String create( @RequestParam(value = "_proceed", required = false) String proceed, @Valid Question question, BindingResult bindingResult, Principal principal, Model uiModel, HttpServletRequest httpServletRequest) { log.info("create(): handles " + RequestMethod.POST.toString()); try { String login = principal.getName(); User user = userService.user_findByLogin(login); // SurveyDefinitionPage surveyDefinitionPage = // surveySettingsService.surveyDefinitionPage_findById(surveyDefinitionPageId); // Check if the user is authorized if (!securityService.userIsAuthorizedToManageSurvey( question.getPage().getSurveyDefinition().getId(), user) && !securityService.userBelongsToDepartment( question.getPage().getSurveyDefinition().getDepartment().getId(), user)) { log.warn( "Unauthorized access to url path " + httpServletRequest.getPathInfo() + " attempted by user login:"******"from IP:" + httpServletRequest.getLocalAddr()); return "accessDenied"; } // User user = userService.user_findByLogin(principal.getName()); if (proceed != null) { if (bindingResult.hasErrors()) { populateEditForm(uiModel, question, user); return "settings/questions/create"; } if (!surveySettingsService.question_ValidateDateRange(question)) { populateEditForm(uiModel, question, user); bindingResult.rejectValue("dateMinimum", "date_format_validation_range"); return "settings/questions/create"; } // validate Double min max if (!surveySettingsService.question_ValidateMinMaxDoubleValues(question)) { populateEditForm(uiModel, question, user); bindingResult.rejectValue("decimalMinimum", "field_min_invalid"); return "settings/questions/create"; } // validate Integer min max if (!surveySettingsService.question_ValidateMinMaxValues(question)) { populateEditForm(uiModel, question, user); bindingResult.rejectValue("integerMinimum", "field_min_invalid"); return "settings/questions/create"; } if (question.getType().getIsRating()) { SortedSet<QuestionOption> options = new TreeSet<QuestionOption>(); options.add( new QuestionOption( question, (short) 1, "1", messageSource.getMessage( EXTREMELY_UNSATISFIED_LABEL, null, LocaleContextHolder.getLocale()))); options.add( new QuestionOption( question, (short) 2, "2", messageSource.getMessage( UNSATISFIED_LABEL, null, LocaleContextHolder.getLocale()))); options.add( new QuestionOption( question, (short) 3, "3", messageSource.getMessage(NEUTRAL_LABEL, null, LocaleContextHolder.getLocale()))); options.add( new QuestionOption( question, (short) 4, "4", messageSource.getMessage( SATISFIED_LABEL, null, LocaleContextHolder.getLocale()))); options.add( new QuestionOption( question, (short) 5, "5", messageSource.getMessage( EXTREMELY_SATISFIED_LABEL, null, LocaleContextHolder.getLocale()))); question = surveySettingsService.question_merge(question, options); } // if (question.getPublishToSocrata().equals(true)){ // bindingResult.rejectValue("socrataColumnName", // "field_min_invalid"); // return "settings/questions/create"; // } else { Policy questionTextPolicy = Policy.getInstance(this.getClass().getResource(POLICY_FILE_LOCATION)); AntiSamy emailAs = new AntiSamy(); CleanResults crQuestionText = emailAs.scan(question.getQuestionText(), questionTextPolicy); question.setQuestionText(crQuestionText.getCleanHTML()); Policy questionTipPolicy = Policy.getInstance(this.getClass().getResource(POLICY_FILE_LOCATION)); AntiSamy completedSurveyAs = new AntiSamy(); CleanResults crQuestionTip = completedSurveyAs.scan(question.getTip(), questionTipPolicy); question.setTip(crQuestionTip.getCleanHTML()); question = surveySettingsService.question_merge(question); } uiModel.asMap().clear(); return "settings/questions/saved"; } else { return "redirect:/settings/surveyDefinitions/" + encodeUrlPathSegment( question.getPage().getSurveyDefinition().getId().toString(), httpServletRequest); } } catch (Exception e) { log.error(e.getMessage(), e); throw (new RuntimeException(e)); } }