roller-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From snoopd...@apache.org
Subject svn commit: r377804 - in /incubator/roller/trunk: README.txt src/org/roller/util/Utilities.java web/WEB-INF/classes/ApplicationResources.properties web/WEB-INF/classes/comments.vm
Date Tue, 14 Feb 2006 19:11:49 GMT
Author: snoopdave
Date: Tue Feb 14 11:11:47 2006
New Revision: 377804

URL: http://svn.apache.org/viewcvs?rev=377804&view=rev
Log:
ROL-995: limit comments to safe HTML subset

Modified:
    incubator/roller/trunk/README.txt
    incubator/roller/trunk/src/org/roller/util/Utilities.java
    incubator/roller/trunk/web/WEB-INF/classes/ApplicationResources.properties
    incubator/roller/trunk/web/WEB-INF/classes/comments.vm

Modified: incubator/roller/trunk/README.txt
URL: http://svn.apache.org/viewcvs/incubator/roller/trunk/README.txt?rev=377804&r1=377803&r2=377804&view=diff
==============================================================================
--- incubator/roller/trunk/README.txt (original)
+++ incubator/roller/trunk/README.txt Tue Feb 14 11:11:47 2006
@@ -36,14 +36,33 @@
 THIRD PARTY COMPONENTS
 
    * Roller includes software developed by the Apache Software Foundation
-     Copyright (c) The Apache Software Foundation. All rights reserved.
+        Copyright (c) The Apache Software Foundation. All rights reserved.
+
+   * Roller includes software developed by the ROME project, Apache license
+        Copyright (c) ROME development team. All rights reserved.
 
-   * Roller includes code from Blojsom, BSD License
-        Copyright (c) David A. Czarnecki & Mark Lussier. All rights reserved
-        
    * Roller includes JDOM, JDOM license (BSD style)
         Copyright (c) Brett McLaughlin & Jason Hunter. All rights reserved.
 
+   * Roller includes code from the Blojsom blog server, BSD License
+        Copyright (c) David A. Czarnecki & Mark Lussier. All rights reserved
+
+   * Roller includes code from the Pebble blog server, BSD license
+        Copyright (c) 2003-2005, Simon Brown, All rights reserved.
+        
+   * Roller includes Acegi Security, ASL 2.0 License:
+         "This product includes software developed by the Acegi Security
+         System for Spring Project (http://acegisecurity.org)."
+
+   * Roller includes Jython, Copyright (c) Jython Developers
+        Combined license { Jython Software License (BSD style)
+        Apache Software License JPython 1.1 License }
+
+   * Roller include icons by Mark James (http://www.famfamfam.com/lab/icons)
+         License is http://creativecommons.org/licenses/by/2.5/
+
+THIRD PARTY LGPL COMPONENTS
+
    * Roller includes the Hibernate persistence library, LGPL license
 
    * Roller includes the Ekit HTML editor by Howard Kistler, LGPL license
@@ -54,14 +73,3 @@
 
    * Roller includes the Radeox Wiki Engine, LGPL license
 
-   * Roller includes Jython, Copyright (c) Jython Developers
-            Combined license { Jython Software License (BSD style)
-                               Apache Software License
-                               JPython 1.1 License }
-
-   * Roller include icons by Mark James (http://www.famfamfam.com/lab/icons)
-         License is http://creativecommons.org/licenses/by/2.5/
-
-   * Roller includes Acegi Security, ASL 2.0 License:
-     "This product includes software developed by the Acegi Security
-      System for Spring Project (http://acegisecurity.org)."

Modified: incubator/roller/trunk/src/org/roller/util/Utilities.java
URL: http://svn.apache.org/viewcvs/incubator/roller/trunk/src/org/roller/util/Utilities.java?rev=377804&r1=377803&r2=377804&view=diff
==============================================================================
--- incubator/roller/trunk/src/org/roller/util/Utilities.java (original)
+++ incubator/roller/trunk/src/org/roller/util/Utilities.java Tue Feb 14 11:11:47 2006
@@ -23,81 +23,96 @@
 import org.apache.commons.logging.LogFactory;
 
 /**
- * General purpose utilities. 
- * 
+ * General purpose utilities.
+ *
  * <pre>
- * Includes TextToHTML methods dondated by Erik Thauvin - "Donated to the 
- * Roller Weblogger project for publication under the terms of the Roller 
- * Software License. 
+ * Includes TextToHTML methods donated by Erik Thauvin
  * Copyright (C) 2002-2003 by Erik C. Thauvin (erik@thauvin.net).
  * All rights reserved.
  * </pre>
  * 
+ * <pre>
+ * Also includes addNoFollow() and transformToHTMLSubset() from Simon
+ * Brown's Pebble blog server.
+ * Copyright (c) 2003-2005, Simon Brown
+ * All rights reserved.
+ * </pre>
+ *
  * @author David M Johnson
  * @author Lance Lavandowska
  * @author Matt Raible (added encryption methods)
  */
-public class Utilities
-{
+public class Utilities {
     /** The <code>Log</code> instance for this class. */
     private static Log mLogger = LogFactory.getLog(Utilities.class);
     
     /** Pattern for matching HTML links */
-    private static Pattern mLinkPattern = 
-        Pattern.compile("<a href=.*?>", Pattern.CASE_INSENSITIVE);
-
+    private static Pattern mLinkPattern =
+            Pattern.compile("<a href=.*?>", Pattern.CASE_INSENSITIVE);
+    
+    private static final Pattern OPENING_B_TAG_PATTERN = Pattern.compile("&lt;b&gt;", Pattern.CASE_INSENSITIVE);
+    private static final Pattern CLOSING_B_TAG_PATTERN = Pattern.compile("&lt;/b&gt;", Pattern.CASE_INSENSITIVE);
+    private static final Pattern OPENING_I_TAG_PATTERN = Pattern.compile("&lt;i&gt;", Pattern.CASE_INSENSITIVE);
+    private static final Pattern CLOSING_I_TAG_PATTERN = Pattern.compile("&lt;/i&gt;", Pattern.CASE_INSENSITIVE);
+    private static final Pattern OPENING_BLOCKQUOTE_TAG_PATTERN = Pattern.compile("&lt;blockquote&gt;", Pattern.CASE_INSENSITIVE);
+    private static final Pattern CLOSING_BLOCKQUOTE_TAG_PATTERN = Pattern.compile("&lt;/blockquote&gt;", Pattern.CASE_INSENSITIVE);
+    private static final Pattern BR_TAG_PATTERN = Pattern.compile("&lt;br */*&gt;", Pattern.CASE_INSENSITIVE);
+    private static final Pattern OPENING_P_TAG_PATTERN = Pattern.compile("&lt;p&gt;", Pattern.CASE_INSENSITIVE);
+    private static final Pattern CLOSING_P_TAG_PATTERN = Pattern.compile("&lt;/p&gt;", Pattern.CASE_INSENSITIVE);
+    private static final Pattern OPENING_PRE_TAG_PATTERN = Pattern.compile("&lt;pre&gt;", Pattern.CASE_INSENSITIVE);
+    private static final Pattern CLOSING_PRE_TAG_PATTERN = Pattern.compile("&lt;/pre&gt;", Pattern.CASE_INSENSITIVE);
+    private static final Pattern OPENING_UL_TAG_PATTERN = Pattern.compile("&lt;ul&gt;", Pattern.CASE_INSENSITIVE);
+    private static final Pattern CLOSING_UL_TAG_PATTERN = Pattern.compile("&lt;/ul&gt;", Pattern.CASE_INSENSITIVE);
+    private static final Pattern OPENING_OL_TAG_PATTERN = Pattern.compile("&lt;ol&gt;", Pattern.CASE_INSENSITIVE);
+    private static final Pattern CLOSING_OL_TAG_PATTERN = Pattern.compile("&lt;/ol&gt;", Pattern.CASE_INSENSITIVE);
+    private static final Pattern OPENING_LI_TAG_PATTERN = Pattern.compile("&lt;li&gt;", Pattern.CASE_INSENSITIVE);
+    private static final Pattern CLOSING_LI_TAG_PATTERN = Pattern.compile("&lt;/li&gt;", Pattern.CASE_INSENSITIVE);
+    private static final Pattern CLOSING_A_TAG_PATTERN = Pattern.compile("&lt;/a&gt;", Pattern.CASE_INSENSITIVE);
+    private static final Pattern OPENING_A_TAG_PATTERN = Pattern.compile("&lt;a href=.*?&gt;", Pattern.CASE_INSENSITIVE);
+  
     /**
-     * Utility methods for calling StringUtils since it cannot be 
+     * Utility methods for calling StringUtils since it cannot be
      * instantiated and Utilties can.
      */
-    public static boolean isNotEmpty(String str)
-    {
+    public static boolean isNotEmpty(String str) {
         return StringUtils.isNotEmpty(str);
     }
     
     //------------------------------------------------------------------------
     /** Strip jsessionid off of a URL */
-    public static String stripJsessionId( String url )
-    {
+    public static String stripJsessionId( String url ) {
         // Strip off jsessionid found in referer URL
         int startPos = url.indexOf(";jsessionid=");
-        if ( startPos != -1 )
-        {
+        if ( startPos != -1 ) {
             int endPos = url.indexOf("?",startPos);
-            if ( endPos == -1 )
-            {
-                url = url.substring(0,startPos);   
-            }
-            else
-            {
+            if ( endPos == -1 ) {
+                url = url.substring(0,startPos);
+            } else {
                 url = url.substring(0,startPos)
-                    + url.substring(endPos,url.length());   
+                + url.substring(endPos,url.length());
             }
         }
         return url;
     }
-
+    
     //------------------------------------------------------------------------
     /**
      * Escape, but do not replace HTML.
      * The default behaviour is to escape ampersands.
      */
-    public static String escapeHTML(String s)
-    {
+    public static String escapeHTML(String s) {
         return escapeHTML(s, true);
     }
-
+    
     //------------------------------------------------------------------------
     /**
      * Escape, but do not replace HTML.
      * @param escapseAmpersand Optionally escape
      * ampersands (&amp;).
      */
-    public static String escapeHTML(String s, boolean escapeAmpersand)
-    {
+    public static String escapeHTML(String s, boolean escapeAmpersand) {
         // got to do amp's first so we don't double escape
-        if (escapeAmpersand)
-        {
+        if (escapeAmpersand) {
             s = stringReplace(s, "&", "&amp;");
         }
         s = stringReplace(s, "&nbsp;", " ");
@@ -106,29 +121,31 @@
         s = stringReplace(s, ">", "&gt;");
         return s;
     }
-
+     
+    public static String unescapeHTML(String str) {
+        return StringEscapeUtils.unescapeHtml(str);
+    }
+    
     //------------------------------------------------------------------------
     /**
      * Remove occurences of html, defined as any text
      * between the characters "&lt;" and "&gt;".  Replace
      * any HTML tags with a space.
      */
-    public static String removeHTML(String str)
-    {
+    public static String removeHTML(String str) {
         return removeHTML(str, true);
     }
     
     /**
      * Remove occurences of html, defined as any text
-     * between the characters "&lt;" and "&gt;". 
+     * between the characters "&lt;" and "&gt;".
      * Optionally replace HTML tags with a space.
-     * 
+     *
      * @param str
      * @param addSpace
      * @return
      */
-    public static String removeHTML(String str, boolean addSpace)
-    {
+    public static String removeHTML(String str, boolean addSpace) {
         if (str == null) return "";
         StringBuffer ret = new StringBuffer(str.length());
         int start = 0;
@@ -136,11 +153,9 @@
         int endTag = 0;
         if (beginTag == -1)
             return str;
-
-        while (beginTag >= start)
-        {
-            if (beginTag > 0)
-            {
+        
+        while (beginTag >= start) {
+            if (beginTag > 0) {
                 ret.append(str.substring(start, beginTag));
                 
                 // replace each tag with a space (looks better)
@@ -149,43 +164,38 @@
             endTag = str.indexOf(">", beginTag);
             
             // if endTag found move "cursor" forward
-            if (endTag > -1)
-            {
+            if (endTag > -1) {
                 start = endTag + 1;
                 beginTag = str.indexOf("<", start);
             }
             // if no endTag found, get rest of str and break
-            else
-            {
+            else {
                 ret.append(str.substring(beginTag));
                 break;
             }
         }
         // append everything after the last endTag
-        if (endTag > -1 && endTag + 1 < str.length())
-        {
+        if (endTag > -1 && endTag + 1 < str.length()) {
             ret.append(str.substring(endTag + 1));
         }
         return ret.toString().trim();
     }
-
+    
     //------------------------------------------------------------------------
     /** Run both removeHTML and escapeHTML on a string.
      * @param s String to be run through removeHTML and escapeHTML.
      * @return String with HTML removed and HTML special characters escaped.
      */
-    public static String removeAndEscapeHTML( String s )
-    {
+    public static String removeAndEscapeHTML( String s ) {
         if ( s==null ) return "";
         else return Utilities.escapeHTML( Utilities.removeHTML(s) );
     }
-
+    
     //------------------------------------------------------------------------
     /**
      * Autoformat.
      */
-    public static String autoformat(String s)
-    {
+    public static String autoformat(String s) {
         String ret = StringUtils.replace(s, "\n", "<br />");
         return ret;
     }
@@ -194,100 +204,85 @@
     /**
      * Format date in ISO-8601 format.
      */
-    public static String formatIso8601Date(Date d)
-    {
+    public static String formatIso8601Date(Date d) {
         return DateUtil.formatIso8601(d);
     }
-
+    
     //------------------------------------------------------------------------
     /**
      * Format date in ISO-8601 format.
      */
-    public static String formatIso8601Day(Date d)
-    {
+    public static String formatIso8601Day(Date d) {
         return DateUtil.formatIso8601Day(d);
     }
-
+    
     //------------------------------------------------------------------------
     /**
      * Return a date in RFC-822 format.
      */
-    public static String formatRfc822Date(Date date) 
-    {
+    public static String formatRfc822Date(Date date) {
         return DateUtil.formatRfc822(date);
     }
-
+    
     //------------------------------------------------------------------------
     /**
      * Return a date in RFC-822 format.
      */
-    public static String format8charsDate(Date date) 
-    {
+    public static String format8charsDate(Date date) {
         return DateUtil.format8chars(date);
     }
-
-	//------------------------------------------------------------------------
-	/**
-	 * Replaces occurences of non-alphanumeric characters with an underscore.
-	 */
-	public static String replaceNonAlphanumeric(String str)
-	{
-		return replaceNonAlphanumeric(str, '_');
-	}
-
-	//------------------------------------------------------------------------
-	/**
-	 * Replaces occurences of non-alphanumeric characters with a
-	 * supplied char.
-	 */
-	public static String replaceNonAlphanumeric(String str, char subst)
-	{
-		StringBuffer ret = new StringBuffer(str.length());
-		char[] testChars = str.toCharArray();
-		for (int i = 0; i < testChars.length; i++)
-		{
-			if (Character.isLetterOrDigit(testChars[i]))
-			{
-				ret.append(testChars[i]);
-			}
-			else
-			{
-				ret.append( subst );
-			}
-		}
-		return ret.toString();
-	}
-
+    
+    //------------------------------------------------------------------------
+    /**
+     * Replaces occurences of non-alphanumeric characters with an underscore.
+     */
+    public static String replaceNonAlphanumeric(String str) {
+        return replaceNonAlphanumeric(str, '_');
+    }
+    
+    //------------------------------------------------------------------------
+    /**
+     * Replaces occurences of non-alphanumeric characters with a
+     * supplied char.
+     */
+    public static String replaceNonAlphanumeric(String str, char subst) {
+        StringBuffer ret = new StringBuffer(str.length());
+        char[] testChars = str.toCharArray();
+        for (int i = 0; i < testChars.length; i++) {
+            if (Character.isLetterOrDigit(testChars[i])) {
+                ret.append(testChars[i]);
+            } else {
+                ret.append( subst );
+            }
+        }
+        return ret.toString();
+    }
+    
     //------------------------------------------------------------------------
     /**
      * Remove occurences of non-alphanumeric characters.
      */
-    public static String removeNonAlphanumeric(String str)
-    {
+    public static String removeNonAlphanumeric(String str) {
         StringBuffer ret = new StringBuffer(str.length());
         char[] testChars = str.toCharArray();
-        for (int i = 0; i < testChars.length; i++)
-        {
+        for (int i = 0; i < testChars.length; i++) {
             // MR: Allow periods in page links
             if (Character.isLetterOrDigit(testChars[i]) ||
-                testChars[i] == '.')
-            {
+                    testChars[i] == '.') {
                 ret.append(testChars[i]);
             }
         }
         return ret.toString();
     }
-
+    
     //------------------------------------------------------------------------
     /**
      * @param pathArray
      * @return
      */
-    public static String stringArrayToString(String[] stringArray, String delim)
-    {
+    public static String stringArrayToString(String[] stringArray, String delim) {
         String ret = "";
-        for (int i = 0; i < stringArray.length; i++)
-        {
+        for (int i = 0; i < stringArray.length; i++) {
             if (ret.length() > 0)
                 ret = ret + delim + stringArray[i];
             else
@@ -298,73 +293,65 @@
     
     //------------------------------------------------------------------------
     /**
-     * Replace occurrences of str1 in string str with str2 
+     * Replace occurrences of str1 in string str with str2
      */
-    public static String stringReplace(String str, String str1, String str2)
-    {
+    public static String stringReplace(String str, String str1, String str2) {
         String ret = StringUtils.replace(str,str1,str2);
         return ret;
     }
-
+    
     //------------------------------------------------------------------------
     /**
      * Replace occurrences of str1 in string str with str2
-     * @param str String to operate on 
+     * @param str String to operate on
      * @param str1 String to be replaced
      * @param str2 String to be used as replacement
      * @param maxCount Number of times to replace, 0 for all
      */
     public static String stringReplace(
-        String str,
-        String str1,
-        String str2,
-        int maxCount)
-    {
+            String str,
+            String str1,
+            String str2,
+            int maxCount) {
         String ret = StringUtils.replace(str,str1,str2,maxCount);
         return ret;
     }
-
+    
     //--------------------------------------------------------------------------
     /** Convert string to string array. */
     public static String[] stringToStringArray(String instr, String delim)
-        throws NoSuchElementException, NumberFormatException
-    {
+    throws NoSuchElementException, NumberFormatException {
         StringTokenizer toker = new StringTokenizer(instr, delim);
         String stringArray[] = new String[toker.countTokens()];
         int i = 0;
-
-        while (toker.hasMoreTokens())
-        {
+        
+        while (toker.hasMoreTokens()) {
             stringArray[i++] = toker.nextToken();
         }
         return stringArray;
     }
-
+    
     //--------------------------------------------------------------------------
     /** Convert string to integer array. */
     public static int[] stringToIntArray(String instr, String delim)
-        throws NoSuchElementException, NumberFormatException
-    {
+    throws NoSuchElementException, NumberFormatException {
         StringTokenizer toker = new StringTokenizer(instr, delim);
         int intArray[] = new int[toker.countTokens()];
         int i = 0;
-
-        while (toker.hasMoreTokens())
-        {
+        
+        while (toker.hasMoreTokens()) {
             String sInt = toker.nextToken();
             int nInt = Integer.parseInt(sInt);
             intArray[i++] = new Integer(nInt).intValue();
         }
         return intArray;
     }
-
+    
     //-------------------------------------------------------------------
     /** Convert integer array to a string. */
-    public static String intArrayToString(int[] intArray)
-    {
+    public static String intArrayToString(int[] intArray) {
         String ret = "";
-        for (int i = 0; i < intArray.length; i++)
-        {
+        for (int i = 0; i < intArray.length; i++) {
             if (ret.length() > 0)
                 ret = ret + "," + Integer.toString(intArray[i]);
             else
@@ -372,149 +359,117 @@
         }
         return ret;
     }
-
+    
     //------------------------------------------------------------------------
-    public static void copyFile(File from, File to) throws IOException
-    {
+    public static void copyFile(File from, File to) throws IOException {
         InputStream in = null;
         OutputStream out = null;
-
-        try
-        {
+        
+        try {
             in = new FileInputStream(from);
-        }
-        catch (IOException ex)
-        {
+        } catch (IOException ex) {
             throw new IOException(
-                "Utilities.copyFile: opening input stream '"
+                    "Utilities.copyFile: opening input stream '"
                     + from.getPath()
                     + "', "
                     + ex.getMessage());
         }
-
-        try
-        {
+        
+        try {
             out = new FileOutputStream(to);
-        }
-        catch (Exception ex)
-        {
-            try
-            {
+        } catch (Exception ex) {
+            try {
                 in.close();
-            }
-            catch (IOException ex1)
-            {
+            } catch (IOException ex1) {
             }
             throw new IOException(
-                "Utilities.copyFile: opening output stream '"
+                    "Utilities.copyFile: opening output stream '"
                     + to.getPath()
                     + "', "
                     + ex.getMessage());
         }
-
+        
         copyInputToOutput(in, out, from.length());
     }
-
+    
     //------------------------------------------------------------------------
     /**
      * Utility method to copy an input stream to an output stream.
      * Wraps both streams in buffers. Ensures right numbers of bytes copied.
      */
     public static void copyInputToOutput(
-        InputStream input,
-        OutputStream output,
-        long byteCount)
-        throws IOException
-    {
+            InputStream input,
+            OutputStream output,
+            long byteCount)
+            throws IOException {
         int bytes;
         long length;
-
+        
         BufferedInputStream in = new BufferedInputStream(input);
         BufferedOutputStream out = new BufferedOutputStream(output);
-
+        
         byte[] buffer;
         buffer = new byte[8192];
-
-        for (length = byteCount; length > 0;)
-        {
+        
+        for (length = byteCount; length > 0;) {
             bytes = (int) (length > 8192 ? 8192 : length);
-
-            try
-            {
+            
+            try {
                 bytes = in.read(buffer, 0, bytes);
-            }
-            catch (IOException ex)
-            {
-                try
-                {
+            } catch (IOException ex) {
+                try {
                     in.close();
                     out.close();
-                }
-                catch (IOException ex1)
-                {
+                } catch (IOException ex1) {
                 }
                 throw new IOException(
-                    "Reading input stream, " + ex.getMessage());
+                        "Reading input stream, " + ex.getMessage());
             }
-
+            
             if (bytes < 0)
                 break;
-
+            
             length -= bytes;
-
-            try
-            {
+            
+            try {
                 out.write(buffer, 0, bytes);
-            }
-            catch (IOException ex)
-            {
-                try
-                {
+            } catch (IOException ex) {
+                try {
                     in.close();
                     out.close();
-                }
-                catch (IOException ex1)
-                {
+                } catch (IOException ex1) {
                 }
                 throw new IOException(
-                    "Writing output stream, " + ex.getMessage());
+                        "Writing output stream, " + ex.getMessage());
             }
         }
-
-        try
-        {
+        
+        try {
             in.close();
             out.close();
-        }
-        catch (IOException ex)
-        {
+        } catch (IOException ex) {
             throw new IOException("Closing file streams, " + ex.getMessage());
         }
     }
-
+    
     //------------------------------------------------------------------------
     public static void copyInputToOutput(
-        InputStream input,
-        OutputStream output)
-        throws IOException
-    {
+            InputStream input,
+            OutputStream output)
+            throws IOException {
         BufferedInputStream in = new BufferedInputStream(input);
         BufferedOutputStream out = new BufferedOutputStream(output);
         byte buffer[] = new byte[8192];
-        for (int count = 0; count != -1;)
-        {
+        for (int count = 0; count != -1;) {
             count = in.read(buffer, 0, 8192);
             if (count != -1)
                 out.write(buffer, 0, count);
         }
-
-        try
-        {
+        
+        try {
             in.close();
             out.close();
-        }
-        catch (IOException ex)
-        {
+        } catch (IOException ex) {
             throw new IOException("Closing file streams, " + ex.getMessage());
         }
     }
@@ -530,47 +485,41 @@
      *
      * @return encypted password based on the algorithm.
      */
-    public static String encodePassword(String password, String algorithm) 
-    {
+    public static String encodePassword(String password, String algorithm) {
         byte[] unencodedPassword = password.getBytes();
-
+        
         MessageDigest md = null;
-
-        try 
-        {
+        
+        try {
             // first create an instance, given the provider
             md = MessageDigest.getInstance(algorithm);
-        } 
-        catch (Exception e) 
-        {
+        } catch (Exception e) {
             mLogger.error("Exception: " + e);
             return password;
         }
-
+        
         md.reset();
-
+        
         // call the update method one or more times
         // (useful when you don't know the size of your data, eg. stream)
         md.update(unencodedPassword);
-
+        
         // now calculate the hash
         byte[] encodedPassword = md.digest();
-
+        
         StringBuffer buf = new StringBuffer();
-
-        for (int i = 0; i < encodedPassword.length; i++) 
-        {
-            if ((encodedPassword[i] & 0xff) < 0x10) 
-            {
+        
+        for (int i = 0; i < encodedPassword.length; i++) {
+            if ((encodedPassword[i] & 0xff) < 0x10) {
                 buf.append("0");
             }
-
+            
             buf.append(Long.toString(encodedPassword[i] & 0xff, 16));
         }
-
+        
         return buf.toString();
     }
-
+    
     /**
      * Encode a string using Base64 encoding. Used when storing passwords
      * as cookies.
@@ -582,14 +531,13 @@
      * @return String
      * @throws IOException
      */
-    public static String encodeString(String str) throws IOException 
-    {
+    public static String encodeString(String str) throws IOException {
         sun.misc.BASE64Encoder encoder = new sun.misc.BASE64Encoder();
         String encodedStr = encoder.encodeBuffer(str.getBytes());
-
+        
         return (encodedStr.trim());
     }
-
+    
     /**
      * Decode a string using Base64 encoding.
      *
@@ -597,11 +545,10 @@
      * @return String
      * @throws IOException
      */
-    public static String decodeString(String str) throws IOException 
-    {
+    public static String decodeString(String str) throws IOException {
         sun.misc.BASE64Decoder dec = new sun.misc.BASE64Decoder();
         String value = new String(dec.decodeBuffer(str));
-
+        
         return (value);
     }
     
@@ -609,41 +556,35 @@
      * Strips HTML and truncates.
      */
     public static String truncate(
-            String str, int lower, int upper, String appendToEnd)
-    {
+            String str, int lower, int upper, String appendToEnd) {
         // strip markup from the string
         String str2 = removeHTML(str, false);
         
         // quickly adjust the upper if it is set lower than 'lower'
-        if (upper < lower) 
-        {
+        if (upper < lower) {
             upper = lower;
-        }       
+        }
         
         // now determine if the string fits within the upper limit
         // if it does, go straight to return, do not pass 'go' and collect $200
-        if(str2.length() > upper) 
-        {
+        if(str2.length() > upper) {
             // the magic location int
             int loc;
-        
+            
             // first we determine where the next space appears after lower
             loc = str2.lastIndexOf(' ', upper);
             
             // now we'll see if the location is greater than the lower limit
-            if(loc >= lower) 
-            {
+            if(loc >= lower) {
                 // yes it was, so we'll cut it off here
                 str2 = str2.substring(0, loc);
-            } 
-            else 
-            {
+            } else {
                 // no it wasnt, so we'll cut it off at the upper limit
                 str2 = str2.substring(0, upper);
                 loc = upper;
             }
-           
-            // the string was truncated, so we append the appendToEnd String                
+            
+            // the string was truncated, so we append the appendToEnd String
             str2 = str2 + appendToEnd;
         }
         
@@ -655,15 +596,14 @@
      * http://cvs.apache.org/viewcvs/jakarta-taglibs/string/src/org/apache/taglibs/string/util/StringW.java?rev=1.16&content-type=text/vnd.viewcvs-markup
      * Copyright (c) 1999 The Apache Software Foundation.
      * Author: Henri Yandell bayard@generationjava.com
-     * 
+     *
      * @param str
      * @param lower
      * @param upper
      * @param appendToEnd
      * @return
      */
-    public static String truncateNicely(String str, int lower, int upper, String appendToEnd)
-    {
+    public static String truncateNicely(String str, int lower, int upper, String appendToEnd) {
         // strip markup from the string
         String str2 = removeHTML(str, false);
         boolean diff = (str2.length() < str.length());
@@ -671,14 +611,14 @@
         // quickly adjust the upper if it is set lower than 'lower'
         if(upper < lower) {
             upper = lower;
-        }       
+        }
         
         // now determine if the string fits within the upper limit
         // if it does, go straight to return, do not pass 'go' and collect $200
         if(str2.length() > upper) {
             // the magic location int
             int loc;
-        
+            
             // first we determine where the next space appears after lower
             loc = str2.lastIndexOf(' ', upper);
             
@@ -693,8 +633,7 @@
             }
             
             // HTML was removed from original str
-            if (diff)
-            {
+            if (diff) {
                 
                 // location of last space in truncated string
                 loc = str2.lastIndexOf(' ', loc);
@@ -718,20 +657,17 @@
                 // append the appendToEnd String and
                 // add extracted HTML back onto truncated string
                 str = str2 + appendToEnd + str3;
-            }
-            else
-            {
-                // the string was truncated, so we append the appendToEnd String                
+            } else {
+                // the string was truncated, so we append the appendToEnd String
                 str = str2 + appendToEnd;
             }
-    
+            
         }
         
         return str;
     }
     
-    public static String truncateText(String str, int lower, int upper, String appendToEnd)
-    {
+    public static String truncateText(String str, int lower, int upper, String appendToEnd) {
         // strip markup from the string
         String str2 = removeHTML(str, false);
         boolean diff = (str2.length() < str.length());
@@ -739,14 +675,14 @@
         // quickly adjust the upper if it is set lower than 'lower'
         if(upper < lower) {
             upper = lower;
-        }       
+        }
         
         // now determine if the string fits within the upper limit
         // if it does, go straight to return, do not pass 'go' and collect $200
         if(str2.length() > upper) {
             // the magic location int
             int loc;
-        
+            
             // first we determine where the next space appears after lower
             loc = str2.lastIndexOf(' ', upper);
             
@@ -758,49 +694,47 @@
                 // no it wasnt, so we'll cut it off at the upper limit
                 str2 = str2.substring(0, upper);
                 loc = upper;
-            }            
-            // the string was truncated, so we append the appendToEnd String                
+            }
+            // the string was truncated, so we append the appendToEnd String
             str = str2 + appendToEnd;
-        }        
+        }
         return str;
     }
     
     /**
-	 * @param str
-	 * @return
-	 */
-	private static String stripLineBreaks(String str)
-	{
+     * @param str
+     * @return
+     */
+    private static String stripLineBreaks(String str) {
         // TODO: use a string buffer, ignore case !
-		str = str.replaceAll("<br>", "");
+        str = str.replaceAll("<br>", "");
         str = str.replaceAll("<br/>", "");
         str = str.replaceAll("<br />", "");
         str = str.replaceAll("<p></p>", "");
         str = str.replaceAll("<p/>","");
         str = str.replaceAll("<p />","");
         return str;
-	}
-	
+    }
+    
     /**
-     * Need need to get rid of any user-visible HTML tags once all text has been 
-     * removed such as &lt;BR&gt;. This sounds like a better approach than removing 
+     * Need need to get rid of any user-visible HTML tags once all text has been
+     * removed such as &lt;BR&gt;. This sounds like a better approach than removing
      * all HTML tags and taking the chance to leave some tags un-closed.
-     * 
+     *
      * WARNING: this method has serious performance problems a
-     * 
+     *
      * @author Alexis Moussine-Pouchkine <alexis.moussine-pouchkine@france.sun.com>
      * @author Lance Lavandowska
      * @param str the String object to modify
      * @return the new String object without the HTML "visible" tags
      */
-    private static String removeVisibleHTMLTags(String str) 
-    {
+    private static String removeVisibleHTMLTags(String str) {
         str = stripLineBreaks(str);
         StringBuffer result = new StringBuffer(str);
         StringBuffer lcresult = new StringBuffer(str.toLowerCase());
-
+        
         // <img should take care of smileys
-        String[] visibleTags = {"<img"}; // are there others to add?        
+        String[] visibleTags = {"<img"}; // are there others to add?
         int stringIndex;
         for ( int j = 0 ;  j < visibleTags.length ; j++ ) {
             while ( (stringIndex = lcresult.indexOf(visibleTags[j])) != -1 ) {
@@ -819,17 +753,15 @@
                 }
             }
         }
-
+        
         // TODO:  This code is buggy by nature.  It doesn't deal with nesting of tags properly.
         // remove certain elements with open & close tags
         String[] openCloseTags = {"li", "a", "div", "h1", "h2", "h3", "h4"}; // more ?
-        for (int j = 0; j < openCloseTags.length; j++)
-        {
+        for (int j = 0; j < openCloseTags.length; j++) {
             // could this be better done with a regular expression?
             String closeTag = "</"+openCloseTags[j]+">";
             int lastStringIndex = 0;
-            while ( (stringIndex = lcresult.indexOf( "<"+openCloseTags[j], lastStringIndex)) > -1)
-            {
+            while ( (stringIndex = lcresult.indexOf( "<"+openCloseTags[j], lastStringIndex)) > -1) {
                 lastStringIndex = stringIndex;
                 // Try to find the matching closing tag  (ignores possible nesting!)
                 int endIndex = lcresult.indexOf(closeTag, stringIndex);
@@ -845,7 +777,7 @@
                         // Looks like it, so remove it.
                         result.delete(stringIndex, endIndex + 1);
                         lcresult.delete(stringIndex, endIndex + 1);
-
+                        
                     }
                 }
             }
@@ -853,14 +785,13 @@
         
         return result.toString();
     }
-
-	/**
+    
+    /**
      * Extract (keep) JUST the HTML from the String.
      * @param str
      * @return
      */
-    public static String extractHTML(String str)
-    {
+    public static String extractHTML(String str) {
         if (str == null) return "";
         StringBuffer ret = new StringBuffer(str.length());
         int start = 0;
@@ -868,14 +799,12 @@
         int endTag = 0;
         if (beginTag == -1)
             return str;
-
-        while (beginTag >= start)
-        {
+        
+        while (beginTag >= start) {
             endTag = str.indexOf(">", beginTag);
             
             // if endTag found, keep tag
-            if (endTag > -1)
-            {
+            if (endTag > -1) {
                 ret.append( str.substring(beginTag, endTag+1) );
                 
                 // move start forward and find another tag
@@ -883,27 +812,24 @@
                 beginTag = str.indexOf("<", start);
             }
             // if no endTag found, break
-            else
-            {
+            else {
                 break;
             }
         }
         return ret.toString();
     }
-
     
-    public static String hexEncode(String str)
-    {
+    
+    public static String hexEncode(String str) {
         if (StringUtils.isEmpty(str)) return str;
         
         return RegexUtil.encode(str);
     }
     
-    public static String encodeEmail(String str)
-    {
+    public static String encodeEmail(String str) {
         return str!=null ? RegexUtil.encodeEmail(str) : null;
     }
-
+    
     /**
      * Converts a character to HTML or XML entity.
      *
@@ -913,56 +839,49 @@
      *
      * @return The converted string.
      */
-    public static final String charToHTML(char ch, boolean xml)
-    {
+    public static final String charToHTML(char ch, boolean xml) {
         int c;
-
+        
         // Convert left bracket
-        if (ch == '<')
-        {
+        if (ch == '<') {
             return ("&lt;");
         }
-
+        
         // Convert left bracket
-        else if (ch == '>')
-        {
+        else if (ch == '>') {
             return ("&gt;");
         }
-
+        
         // Convert ampersand
-        else if (ch == '&')
-        {
+        else if (ch == '&') {
             return ("&amp;");
         }
-
+        
         // Commented out to eliminate redundant numeric character codes (ROL-507)
         // High-ASCII character
         //else if (ch >= 128)
         //{
-            //c = ch;
-            //return ("&#" + c + ';');
+        //c = ch;
+        //return ("&#" + c + ';');
         //}
-
+        
         // Convert double quote
-        else if (xml && (ch == '"'))
-        {
+        else if (xml && (ch == '"')) {
             return ("&quot;");
         }
-
+        
         // Convert single quote
-        else if (xml && (ch == '\''))
-        {
+        else if (xml && (ch == '\'')) {
             return ("&#39;");
         }
-
+        
         // No conversion
-        else
-        {
+        else {
             // Return character as string
             return (String.valueOf(ch));
         }
     }
-
+    
     /**
      * Converts a text string to HTML or XML entities.
      *
@@ -972,22 +891,20 @@
      *
      * @return The converted string.
      */
-    public static final String textToHTML(String text, boolean xml)
-    {
+    public static final String textToHTML(String text, boolean xml) {
         if (text == null) return "null";
         final StringBuffer html = new StringBuffer();
-
+        
         // Loop thru each characters of the text
-        for (int i = 0; i < text.length(); i++)
-        {
+        for (int i = 0; i < text.length(); i++) {
             // Convert character to HTML/XML
             html.append(charToHTML(text.charAt(i), xml));
         }
-
+        
         // Return HTML/XML string
         return html.toString();
     }
-
+    
     /**
      * Converts a text string to HTML or XML entities.
      *
@@ -995,11 +912,10 @@
      * @author Erik C. Thauvin
      * @return The converted string.
      */
-    public static final String textToHTML(String text)
-    {
+    public static final String textToHTML(String text) {
         return textToHTML(text, false);
     }
-
+    
     /**
      * Converts a text string to XML entities.
      *
@@ -1007,114 +923,94 @@
      * @author Erik C. Thauvin
      * @return The converted string.
      */
-    public static final String textToXML(String text)
-    {
+    public static final String textToXML(String text) {
         return textToHTML(text, true);
     }
-
+    
     /**
      * Converts a text string to HTML or XML entities.
      * @param text The string to convert.
      * @return The converted string.
      */
-    public static final String textToCDATA(String text)
-    {
+    public static final String textToCDATA(String text) {
         if (text == null) return "null";
         final StringBuffer html = new StringBuffer();
-
+        
         // Loop thru each characters of the text
-        for (int i = 0; i < text.length(); i++)
-        {
+        for (int i = 0; i < text.length(); i++) {
             // Convert character to HTML/XML
             html.append(charToCDATA(text.charAt(i)));
         }
-
+        
         // Return HTML/XML string
         return html.toString();
     }
-
+    
     /**
      * Converts a character to CDATA character.
      * @param ch The character to convert.
      * @return The converted string.
      */
-    public static final String charToCDATA(char ch)
-    {
+    public static final String charToCDATA(char ch) {
         int c;
-
-        if (ch >= 128)
-        {
+        
+        if (ch >= 128) {
             c = ch;
-
+            
             return ("&#" + c + ';');
         }
-
+        
         // No conversion
-        else
-        {
+        else {
             // Return character as string
             return (String.valueOf(ch));
         }
     }
     
-    public static final String encode(String s)
-    {
-       try
-       {
-           if (s != null)
-               return URLEncoder.encode(s, "utf-8");
-           else
-               return s;
-       }
-       catch (UnsupportedEncodingException e)
-       {
-           return s;
-       }
-   }
-
+    public static final String encode(String s) {
+        try {
+            if (s != null)
+                return URLEncoder.encode(s, "utf-8");
+            else
+                return s;
+        } catch (UnsupportedEncodingException e) {
+            return s;
+        }
+    }
+    
     /**
      * @param string
      * @return
      */
-    public static int stringToInt(String string)
-    {
-        try
-        {
+    public static int stringToInt(String string) {
+        try {
             return Integer.valueOf(string).intValue();
-        }
-        catch (NumberFormatException e)
-        {
+        } catch (NumberFormatException e) {
             mLogger.debug("Invalid Integer:" + string);
         }
         return 0;
     }
     
-    /** 
+    /**
      * Code (stolen from Pebble) to add rel="nofollow" string to all links in HTML.
      */
-    public static String addNofollow(String html) 
-    {
-        if (html == null || html.length() == 0) 
-        {
+    public static String addNofollow(String html) {
+        if (html == null || html.length() == 0) {
             return html;
         }
         Matcher m = mLinkPattern.matcher(html);
         StringBuffer buf = new StringBuffer();
-        while (m.find()) 
-        {
+        while (m.find()) {
             int start = m.start();
             int end = m.end();
             String link = html.substring(start, end);
             buf.append(html.substring(0, start));
-            if (link.indexOf("rel=\"nofollow\"") == -1) 
-            {
+            if (link.indexOf("rel=\"nofollow\"") == -1) {
                 buf.append(
-                    link.substring(0, link.length() - 1) + " rel=\"nofollow\">");
-            } 
-            else 
-            {
+                        link.substring(0, link.length() - 1) + " rel=\"nofollow\">");
+            } else {
                 buf.append(link);
-            }            
+            }
             html = html.substring(end, html.length());
             m = mLinkPattern.matcher(html);
         }
@@ -1122,19 +1018,70 @@
         return buf.toString();
     }
     
-    public static String unescapeHTML(String str) 
-    {
-        return StringEscapeUtils.unescapeHtml(str);
+    /**
+     * Transforms the given String into a subset of HTML displayable on a web
+     * page. The subset includes &lt;b&gt;, &lt;i&gt;, &lt;p&gt;, &lt;br&gt;,
+     * &lt;pre&gt; and &lt;a href&gt; (and their corresponding end tags).
+     *
+     * @param s   the String to transform
+     * @return    the transformed String
+     */
+    public static String transformToHTMLSubset(String s) {
+        
+        if (s == null) {
+            return null;
+        }
+        
+        s = replace(s, OPENING_B_TAG_PATTERN, "<b>");
+        s = replace(s, CLOSING_B_TAG_PATTERN, "</b>");
+        s = replace(s, OPENING_I_TAG_PATTERN, "<i>");
+        s = replace(s, CLOSING_I_TAG_PATTERN, "</i>");
+        s = replace(s, OPENING_BLOCKQUOTE_TAG_PATTERN, "<blockquote>");
+        s = replace(s, CLOSING_BLOCKQUOTE_TAG_PATTERN, "</blockquote>");
+        s = replace(s, BR_TAG_PATTERN, "<br />");
+        s = replace(s, OPENING_P_TAG_PATTERN, "<p>");
+        s = replace(s, CLOSING_P_TAG_PATTERN, "</p>");
+        s = replace(s, OPENING_PRE_TAG_PATTERN, "<pre>");
+        s = replace(s, CLOSING_PRE_TAG_PATTERN, "</pre>");
+        s = replace(s, OPENING_UL_TAG_PATTERN, "<ul>");
+        s = replace(s, CLOSING_UL_TAG_PATTERN, "</ul>");
+        s = replace(s, OPENING_OL_TAG_PATTERN, "<ol>");
+        s = replace(s, CLOSING_OL_TAG_PATTERN, "</ol>");
+        s = replace(s, OPENING_LI_TAG_PATTERN, "<li>");
+        s = replace(s, CLOSING_LI_TAG_PATTERN, "</li>");
+        
+        // HTTP links
+        s = replace(s, CLOSING_A_TAG_PATTERN, "</a>");
+        Matcher m = OPENING_A_TAG_PATTERN.matcher(s);
+        while (m.find()) {
+            int start = m.start();
+            int end = m.end();
+            String link = s.substring(start, end);
+            link = "<" + link.substring(4, link.length() - 4) + ">";
+            s = s.substring(0, start) + link + s.substring(end, s.length());
+            m = OPENING_A_TAG_PATTERN.matcher(s);
+        }
+        
+        // escaped angle brackets
+        s = s.replaceAll("&amp;lt;", "&lt;");
+        s = s.replaceAll("&amp;gt;", "&gt;");
+        s = s.replaceAll("&amp;#", "&#");
+        
+        return s;
     }
     
-    
+    private static String replace(String string, Pattern pattern, String replacement) {
+        Matcher m = pattern.matcher(string);
+        return m.replaceAll(replacement);
+    }
+        
     /**
      * Convert a byte array into a Base64 string (as used in mime formats)
      */
     public static String toBase64(byte[] aValue) {
         
         final String m_strBase64Chars =
-            "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+                "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
         
         int byte1;
         int byte2;

Modified: incubator/roller/trunk/web/WEB-INF/classes/ApplicationResources.properties
URL: http://svn.apache.org/viewcvs/incubator/roller/trunk/web/WEB-INF/classes/ApplicationResources.properties?rev=377804&r1=377803&r2=377804&view=diff
==============================================================================
--- incubator/roller/trunk/web/WEB-INF/classes/ApplicationResources.properties (original)
+++ incubator/roller/trunk/web/WEB-INF/classes/ApplicationResources.properties Tue Feb 14 11:11:47 2006
@@ -148,8 +148,8 @@
 comments.rememberInfo=Remember Information?
 comments.header2=Comments:
 comments.htmlsyntax=HTML Syntax:
-comments.htmldisabled=On
-comments.htmlenabled=Off
+comments.htmldisabled=NOT allowed
+comments.htmlenabled=Allowed
 comments.preview=PREVIEW
 comments.post=POST
 comments.cancel=CANCEL
@@ -618,8 +618,8 @@
 macro.weblog.rememberinfo=Remember Information?
 macro.weblog.yourcomment=Your Comment:
 macro.weblog.htmlsyntax=HTML Syntax:
-macro.weblog.htmldisabled=On
-macro.weblog.htmlenabled=Off
+macro.weblog.htmldisabled=NOT allowed
+macro.weblog.htmlenabled=Allowed
 macro.weblog.commentwarning=Please enter a comment.
 macro.weblog.postcommentHeader=Post a Comment:
 macro.weblog.postcomment=Post Comment

Modified: incubator/roller/trunk/web/WEB-INF/classes/comments.vm
URL: http://svn.apache.org/viewcvs/incubator/roller/trunk/web/WEB-INF/classes/comments.vm?rev=377804&r1=377803&r2=377804&view=diff
==============================================================================
--- incubator/roller/trunk/web/WEB-INF/classes/comments.vm (original)
+++ incubator/roller/trunk/web/WEB-INF/classes/comments.vm Tue Feb 14 11:11:47 2006
@@ -106,6 +106,8 @@
             #set($content = $utilities.encodeEmail($comment.content))
             #if($escapeHtml)
                 #set($content = $utilities.escapeHTML($content))
+            #else 
+                #set($content = $utilities.transformToHTMLSubset($utilities.escapeHTML($content)))
             #end
             #if($autoformat)
                 #set($content = $utilities.autoformat($content))



Mime
View raw message