hazza/DSpace
1
0
Fork 0
mirror of https://github.com/DSpace/DSpace.git synced 2025-10-07 10:04:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

[DS-707] Security fixes

Browse Source 
git-svn-id: http://scm.dspace.org/svn/repo/dspace/trunk@5625 9c30dcfa-912a-0410-8fc2-9e0234be79fd
This commit is contained in:
Graham Triggs
2010-10-24 23:21:21 +00:00
parent 7f5088d4df
commit e5cc6f3adc
18 changed files with 91 additions and 98 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
dspace-api/src/main/java/org/dspace/app/bulkedit/DSpaceCSVLine.java
View File

@@ -39,10 +39,11 @@
package org.dspace.app.bulkedit;
import java.util.ArrayList;
import java.util.Hashtable;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
/**
* Utility class to store a line from a CSV file
@@ -55,7 +56,7 @@ public class DSpaceCSVLine
private int id;
/** The elements in this line in a hashtable, keyed by the metadata type */
private Hashtable<String, ArrayList> items;
private Map<String, ArrayList> items;
/**
* Create a new CSV line
@@ -66,7 +67,7 @@ public class DSpaceCSVLine
{
// Store the ID + separator, and initialise the hashtable
this.id = id;
items = new Hashtable<String, ArrayList>();
items = new HashMap<String, ArrayList>();
}
/**
@@ -76,7 +77,7 @@ public class DSpaceCSVLine
{
// Set the ID to be -1, and initialise the hashtable
this.id = -1;
this.items = new Hashtable<String, ArrayList>();
this.items = new HashMap<String, ArrayList>();
}
/**
@@ -128,10 +129,10 @@ public class DSpaceCSVLine
*
* @return An enumeration of all the keys
*/
public Enumeration<String> keys()
public Set<String> keys()
{
// Return the keys
return items.keys();
return items.keySet();
}
/**

9
dspace-api/src/main/java/org/dspace/app/bulkedit/MetadataImport.java
View File

@@ -48,7 +48,6 @@ import org.dspace.eperson.EPerson;
import org.dspace.workflow.WorkflowManager;
import java.util.ArrayList;
import java.util.Enumeration;
import java.io.File;
import java.io.InputStreamReader;
import java.io.BufferedReader;
@@ -137,11 +136,9 @@ public class MetadataImport
}
// Iterate through each metadata element in the csv line
Enumeration<String> e = line.keys();
while (e.hasMoreElements())
for (String md : line.keys())
{
// Get the values we already have
String md = e.nextElement();
if (!"id".equals(md))
{
// Get the values from the CSV
@@ -169,12 +166,10 @@ public class MetadataImport
}
// Iterate through each metadata element in the csv line
Enumeration<String> e = line.keys();
BulkEditChange whatHasChanged = new BulkEditChange();
while (e.hasMoreElements())
for (String md : line.keys())
{
// Get the values we already have
String md = e.nextElement();
if (!"id".equals(md))
{
// Get the values from the CSV

4
dspace-api/src/main/java/org/dspace/app/statistics/HTMLReport.java
View File

@@ -210,7 +210,7 @@ public class HTMLReport implements Report
*/
public void setStartDate(Date start)
{
this.start = start;
this.start = start == null ? null : (Date)start.clone();
}
@@ -221,7 +221,7 @@ public class HTMLReport implements Report
*/
public void setEndDate(Date end)
{
this.end = end;
this.end = end == null ? null : (Date)end.clone();
}

12
dspace-api/src/main/java/org/dspace/checker/BitstreamInfo.java
View File

@@ -148,9 +148,9 @@ public final class BitstreamInfo
nm, "");
this.deleted = del;
this.processEndDate = procEndDate;
this.processEndDate = processEndDate == null ? null : (Date)procEndDate.clone();
this.toBeProcessed = toBeProc;
this.processStartDate = procStartDate;
this.processStartDate = processStartDate == null ? null : (Date)procStartDate.clone();
this.infoFound = true;
}
@@ -529,7 +529,7 @@ public final class BitstreamInfo
*/
public Date getProcessStartDate()
{
return this.processStartDate;
return this.processStartDate == null ? null : (Date)this.processStartDate.clone();
}
/**
@@ -540,7 +540,7 @@ public final class BitstreamInfo
*/
public void setProcessStartDate(Date startDate)
{
this.processStartDate = startDate;
this.processStartDate = startDate == null ? null : (Date)startDate.clone();
}
/**
@@ -550,7 +550,7 @@ public final class BitstreamInfo
*/
public Date getProcessEndDate()
{
return this.processEndDate;
return this.processEndDate == null ? null : (Date)this.processEndDate.clone();
}
/**
@@ -561,6 +561,6 @@ public final class BitstreamInfo
*/
public void setProcessEndDate(Date endDate)
{
this.processEndDate = endDate;
this.processEndDate = endDate == null ? null : (Date)endDate.clone();
}
}

4
dspace-api/src/main/java/org/dspace/checker/CheckerCommand.java
View File

@@ -423,7 +423,7 @@ public final class CheckerCommand
*/
public Date getProcessStartDate()
{
return processStartDate;
return processStartDate == null ? null : (Date)processStartDate.clone();
}
/**
@@ -434,7 +434,7 @@ public final class CheckerCommand
*/
public void setProcessStartDate(Date startDate)
{
processStartDate = startDate;
processStartDate = startDate == null ? null : (Date)startDate.clone();
}
/**

12
dspace-api/src/main/java/org/dspace/checker/ChecksumHistory.java
View File

@@ -99,8 +99,8 @@ public class ChecksumHistory
String checksumExpted, String checksumCalc, String inResult)
{
this.bitstreamId = bitstrmId;
this.processStartDate = startDate;
this.processEndDate = endDate;
this.processStartDate = startDate == null ? null : (Date)startDate.clone();
this.processEndDate = endDate == null ? null : (Date)endDate.clone();
this.checksumExpected = checksumExpted;
this.checksumCalculated = checksumCalc;
this.result = inResult;
@@ -161,7 +161,7 @@ public class ChecksumHistory
*/
public Date getProcessEndDate()
{
return processEndDate;
return processEndDate == null ? null : (Date)processEndDate.clone();
}
/**
@@ -172,7 +172,7 @@ public class ChecksumHistory
*/
public void setProcessEndDate(Date processEndDate)
{
this.processEndDate = processEndDate;
this.processEndDate = processEndDate == null ? null : (Date)processEndDate.clone();
}
/**
@@ -183,7 +183,7 @@ public class ChecksumHistory
*/
public Date getProcessStartDate()
{
return processStartDate;
return processStartDate == null ? null : (Date)processStartDate.clone();
}
/**
@@ -195,7 +195,7 @@ public class ChecksumHistory
*/
public void setProcessStartDate(Date processStartDate)
{
this.processStartDate = processStartDate;
this.processStartDate = processStartDate == null ? null : (Date)processStartDate.clone();
}
/**

5
dspace-api/src/main/java/org/dspace/checker/SimpleDispatcher.java
View File

@@ -69,11 +69,10 @@ public class SimpleDispatcher implements BitstreamDispatcher
* indicates whether checker should loop infinitely through
* most_recent_checksum table
*/
public SimpleDispatcher(BitstreamInfoDAO bitstreamInfoDAO, Date startTime,
boolean looping)
public SimpleDispatcher(BitstreamInfoDAO bitstreamInfoDAO, Date startTime, boolean looping)
{
this.bitstreamInfoDAO = bitstreamInfoDAO;
this.processStartTime = startTime;
this.processStartTime = startTime == null ? null : (Date)startTime.clone();
this.loopContinuously = looping;
}

9
dspace-api/src/main/java/org/dspace/core/Context.java
View File

@@ -610,5 +610,14 @@ public class Context
{
abort();
}
try
{
super.finalize();
}
catch (Throwable t)
{
log.error("Unable to finalize object", t);
}
}
}

12
dspace-api/src/main/java/org/dspace/storage/rdbms/TableRowIterator.java
View File

@@ -39,6 +39,8 @@
*/
package org.dspace.storage.rdbms;
import org.apache.log4j.Logger;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
@@ -53,6 +55,7 @@ import java.util.List;
*/
public class TableRowIterator
{
private final static Logger log = Logger.getLogger(TableRowIterator.class);
/**
* Results from a query
*/
@@ -111,6 +114,15 @@ public class TableRowIterator
protected void finalize()
{
close();
try
{
super.finalize();
}
catch (Throwable t)
{
log.error("Unable to finalize object", t);
}
}
/**

63
dspace-jspui/dspace-jspui-api/src/main/java/org/dspace/app/webui/jsptag/ControlledVocabularyTag.java
View File

@@ -35,9 +35,9 @@ package org.dspace.app.webui.jsptag;
import java.io.File;
import java.io.FilenameFilter;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.jsp.JspException;
@@ -73,7 +73,7 @@ public class ControlledVocabularyTag extends TagSupport
private String vocabulary;
// an hashtable containing all the loaded vocabularies
public Hashtable controlledVocabularies;
public Map<String, Document> controlledVocabularies;
/**
* Process tag
@@ -95,27 +95,23 @@ public class ControlledVocabularyTag extends TagSupport
+ "vocabulary2html.xsl";
// Load vocabularies on startup
controlledVocabularies = (Hashtable) pageContext.getServletContext()
.getAttribute("controlledvocabulary.controlledVocabularies");
controlledVocabularies = (Map<String, Document>) pageContext.getServletContext().getAttribute("controlledvocabulary.controlledVocabularies");
if (controlledVocabularies == null)
{
controlledVocabularies = loadControlledVocabularies(vocabulariesPath);
pageContext.getServletContext().setAttribute(
"controlledvocabulary.controlledVocabularies",
controlledVocabularies);
pageContext.getServletContext().setAttribute("controlledvocabulary.controlledVocabularies", controlledVocabularies);
}
try
{
Hashtable prunnedVocabularies = needsFiltering() ? filterVocabularies(
controlledVocabularies, vocabularyPrunningXSLT)
Map<String, Document> prunnedVocabularies = needsFiltering() ?
filterVocabularies(controlledVocabularies, vocabularyPrunningXSLT)
: controlledVocabularies;
String html = "";
if (vocabulary != null && !vocabulary.equals(""))
{
html = renderVocabularyAsHTML((Document) prunnedVocabularies
.get(vocabulary + ".xml"),
html = renderVocabularyAsHTML(prunnedVocabularies.get(vocabulary + ".xml"),
controlledVocabulary2HtmlXSLT,
isAllowMultipleSelection(), request.getContextPath());
}
@@ -171,14 +167,14 @@ public class ControlledVocabularyTag extends TagSupport
* The context path
* @return the HTML that represents the vocabularies
*/
private String renderVocabulariesAsHTML(Hashtable vocabularies,
private String renderVocabulariesAsHTML(Map<String, Document> vocabularies,
String xslt, boolean allowMultipleSelection, String contextPath)
{
StringBuilder result = new StringBuilder();
Iterator iter = vocabularies.values().iterator();
Iterator<Document> iter = vocabularies.values().iterator();
while (iter.hasNext())
{
Document controlledVocabularyXML = (Document) iter.next();
Document controlledVocabularyXML = iter.next();
result.append(renderVocabularyAsHTML(controlledVocabularyXML, xslt,
allowMultipleSelection, contextPath));
}
@@ -196,18 +192,12 @@ public class ControlledVocabularyTag extends TagSupport
* the filename of the stylesheet that trimms the taxonomies
* @return An hashtable with all the filtered vocabularies
*/
private Hashtable filterVocabularies(Hashtable vocabularies,
String vocabularyPrunningXSLT)
private Map<String, Document> filterVocabularies(Map<String, Document> vocabularies, String vocabularyPrunningXSLT)
{
Hashtable prunnedVocabularies = new Hashtable();
Enumeration enumeration = vocabularies.keys();
while (enumeration.hasMoreElements())
Map<String, Document> prunnedVocabularies = new HashMap<String, Document>();
for (Map.Entry<String, Document> entry : vocabularies.entrySet())
{
String controlledVocabularyKey = (String) enumeration.nextElement();
Document controlledVocabulary = (Document) vocabularies
.get(controlledVocabularyKey);
prunnedVocabularies.put(controlledVocabularyKey, filterVocabulary(
controlledVocabulary, vocabularyPrunningXSLT, getFilter()));
prunnedVocabularies.put(entry.getKey(), filterVocabulary(entry.getValue(), vocabularyPrunningXSLT, getFilter()));
}
return prunnedVocabularies;
}
@@ -239,12 +229,10 @@ public class ControlledVocabularyTag extends TagSupport
try
{
Hashtable parameters = new Hashtable();
parameters.put("allowMultipleSelection",
allowMultipleSelection ? "yes" : "no");
Map<String, String> parameters = new HashMap<String, String>();
parameters.put("allowMultipleSelection", allowMultipleSelection ? "yes" : "no");
parameters.put("contextPath", contextPath);
result = XMLUtil.transformDocumentAsString(vocabulary, parameters,
controlledVocabulary2HtmlXSLT);
result = XMLUtil.transformDocumentAsString(vocabulary, parameters, controlledVocabulary2HtmlXSLT);
}
catch (Exception e)
{
@@ -265,8 +253,7 @@ public class ControlledVocabularyTag extends TagSupport
* The filter to be applied
* @return The trimmed vocabulary.
*/
public Document filterVocabulary(Document vocabulary,
String vocabularyPrunningXSLT, String filter)
public Document filterVocabulary(Document vocabulary, String vocabularyPrunningXSLT, String filter)
{
if (vocabulary == null)
{
@@ -275,10 +262,9 @@ public class ControlledVocabularyTag extends TagSupport
try
{
Hashtable parameters = new Hashtable();
Map<String, String> parameters = new HashMap<String, String>();
parameters.put("filter", filter);
Document prunnedVocabulary = XMLUtil.transformDocument(vocabulary,
parameters, vocabularyPrunningXSLT);
Document prunnedVocabulary = XMLUtil.transformDocument(vocabulary, parameters, vocabularyPrunningXSLT);
return prunnedVocabulary;
}
catch (Exception e)
@@ -298,9 +284,9 @@ public class ControlledVocabularyTag extends TagSupport
* @return an hashtable with the filenames of the vocabularies as keys and
* the XML documents representing the vocabularies as values.
*/
private static Hashtable loadControlledVocabularies(String directory)
private static Map<String, Document> loadControlledVocabularies(String directory)
{
Hashtable controlledVocabularies = new Hashtable();
Map<String, Document> controlledVocabularies = new HashMap<String, Document>();
File dir = new File(directory);
FilenameFilter filter = new FilenameFilter()
@@ -320,8 +306,7 @@ public class ControlledVocabularyTag extends TagSupport
try
{
Document controlledVocabulary = XMLUtil.loadXML(directory
+ filename);
Document controlledVocabulary = XMLUtil.loadXML(directory + filename);
controlledVocabularies.put(filename, controlledVocabulary);
log.warn("Loaded vocabulary: " + filename);
}

3
dspace-jspui/dspace-jspui-api/src/main/java/org/dspace/app/webui/jsptag/SelectEPersonTag.java
View File

@@ -47,6 +47,7 @@ import javax.servlet.jsp.JspWriter;
import javax.servlet.jsp.jstl.fmt.LocaleSupport;
import javax.servlet.jsp.tagext.TagSupport;
import org.apache.commons.lang.ArrayUtils;
import org.dspace.eperson.EPerson;
/**
@@ -119,7 +120,7 @@ public class SelectEPersonTag extends TagSupport
}
else if (e instanceof EPerson[])
{
epeople = (EPerson[]) e;
epeople = (EPerson[])ArrayUtils.clone((EPerson[])e);
}
}

3
dspace-jspui/dspace-jspui-api/src/main/java/org/dspace/app/webui/jsptag/SelectGroupTag.java
View File

@@ -48,6 +48,7 @@ import javax.servlet.jsp.JspWriter;
import javax.servlet.jsp.jstl.fmt.LocaleSupport;
import javax.servlet.jsp.tagext.TagSupport;
import org.apache.commons.lang.ArrayUtils;
import org.dspace.eperson.Group;
/**
@@ -114,7 +115,7 @@ public class SelectGroupTag extends TagSupport
}
else if(g instanceof Group[])
{
groups = (Group[]) g;
groups = (Group[])ArrayUtils.clone((Group[]) g);
}
}

2
dspace-jspui/dspace-jspui-api/src/main/java/org/dspace/app/webui/servlet/EditProfileServlet.java
View File

@@ -88,7 +88,7 @@ public class EditProfileServlet extends DSpaceServlet
// Find out if they're trying to set a new password
boolean settingPassword = false;
if (eperson.getRequireCertificate() == false && !StringUtils.isEmpty(request.getParameter("password")))
if (!eperson.getRequireCertificate() && !StringUtils.isEmpty(request.getParameter("password")))
{
settingPassword = true;
}

1
dspace-jspui/dspace-jspui-api/src/main/java/org/dspace/app/webui/servlet/SimpleSearchServlet.java
View File

@@ -45,7 +45,6 @@ import java.net.URLEncoder;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;

22
dspace-jspui/dspace-jspui-api/src/main/java/org/dspace/app/webui/util/XMLUtil.java
View File

@@ -38,6 +38,7 @@ import java.io.IOException;
import java.io.StringWriter;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Map;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
@@ -109,8 +110,7 @@ public class XMLUtil
* @return the transformed xml document
* @throws Exception
*/
public static Document transformDocument(Document xmlDocument,
Hashtable parameters, String xsltFilename) throws Exception
public static Document transformDocument(Document xmlDocument, Map<String, String> parameters, String xsltFilename) throws Exception
{
// Generate a Transformer.
@@ -120,12 +120,9 @@ public class XMLUtil
// set transformation parameters
if (parameters != null)
{
Enumeration keys = parameters.keys();
while (keys.hasMoreElements())
for (Map.Entry<String, String> param : parameters.entrySet())
{
String key = (String) keys.nextElement();
String value = (String) parameters.get(key);
transformer.setParameter(key, value);
transformer.setParameter(param.getKey(), param.getValue());
}
}
@@ -158,8 +155,7 @@ public class XMLUtil
* @return the transformed xml document as a string
* @throws Exception
*/
public static String transformDocumentAsString(Document xmlDocument,
Hashtable parameters, String xsltFilename) throws Exception
public static String transformDocumentAsString(Document xmlDocument, Map<String, String> parameters, String xsltFilename) throws Exception
{
// Generate a Transformer.
@@ -169,14 +165,10 @@ public class XMLUtil
// set transformation parameters
if (parameters != null)
{
Enumeration keys = parameters.keys();
while (keys.hasMoreElements())
for (Map.Entry<String, String> param : parameters.entrySet())
{
String key = (String) keys.nextElement();
String value = (String) parameters.get(key);
transformer.setParameter(key, value);
transformer.setParameter(param.getKey(), param.getValue());
}
}
StringWriter stringWriter = new StringWriter();

8
dspace-stats/src/main/java/org/dspace/statistics/content/DatasetTimeGenerator.java
View File

@@ -134,19 +134,19 @@ public class DatasetTimeGenerator extends DatasetGenerator {
}
public Date getActualStartDate() {
return actualStartDate;
return actualStartDate == null ? null : (Date)actualStartDate.clone();
}
public void setActualStartDate(Date actualStartDate) {
this.actualStartDate = actualStartDate;
this.actualStartDate = actualStartDate == null ? null : (Date)actualStartDate.clone();
}
public Date getActualEndDate() {
return actualEndDate;
return actualEndDate == null ? null : (Date)actualEndDate.clone();
}
public void setActualEndDate(Date actualEndDate) {
this.actualEndDate = actualEndDate;
this.actualEndDate = actualEndDate == null ? null : (Date)actualEndDate.clone();
}
public void setDateType(String dateType) {

4
dspace-stats/src/main/java/org/dspace/statistics/content/filter/StatisticsSolrDateFilter.java
View File

@@ -47,14 +47,14 @@ public class StatisticsSolrDateFilter implements StatisticsFilter {
* Must be paired with {@link #setEndDate(Date)}.
*/
public void setStartDate(Date startDate) {
this.startDate = startDate;
this.startDate = startDate == null ? null : (Date)startDate.clone();
}
/** Set the end date as a Date object.
* Must be paired with {@link #setStartDate(Date)}.
*/
public void setEndDate(Date endDate) {
this.endDate = endDate;
this.endDate = endDate == null ? null : (Date)endDate.clone();
}
/** Convert the date range to a filter expression.

1
dspace-xmlui/dspace-xmlui-api/src/main/java/org/dspace/app/xmlui/aspect/submission/AbstractStep.java
View File

@@ -44,7 +44,6 @@ import java.io.IOException;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;