Mercurial > dive4elements > river
comparison flys-artifacts/src/main/java/de/intevation/flys/collections/FLYSArtifactCollection.java @ 3263:68320805566a
Removed dynamic XPaths to pervent potential XPath injections.
flys-artifacts/trunk@4902 c6561f87-3c4e-4783-a992-168aeb5c3f6f
author | Sascha L. Teichmann <sascha.teichmann@intevation.de> |
---|---|
date | Sun, 08 Jul 2012 16:14:17 +0000 |
parents | dd3ddc8ecb14 |
children | 4fc442f1b4f6 |
comparison
equal
deleted
inserted
replaced
3262:e01f74c3ec1e | 3263:68320805566a |
---|---|
427 String facet, | 427 String facet, |
428 Document attributes, | 428 Document attributes, |
429 CallContext context) | 429 CallContext context) |
430 throws IOException | 430 throws IOException |
431 { | 431 { |
432 log.info("FLYSArtifactCollection.doOut: " + outName); | 432 boolean debug = log.isDebugEnabled(); |
433 | |
434 if (debug) { | |
435 log.debug("FLYSArtifactCollection.doOut: " + outName); | |
436 } | |
433 | 437 |
434 ThemeList themeList = new ThemeList(attributes); | 438 ThemeList themeList = new ThemeList(attributes); |
435 | 439 |
436 int size = themeList.size(); | 440 int size = themeList.size(); |
437 log.debug("Output will contain " + size + " elements."); | 441 if (debug) { |
442 log.debug("Output will contain " + size + " elements."); | |
443 } | |
438 | 444 |
439 List<ArtifactAndFacet> dataProviders = | 445 List<ArtifactAndFacet> dataProviders = |
440 doBlackboardPass(themeList, context); | 446 doBlackboardPass(themeList, context); |
441 | 447 |
442 try { | 448 try { |
449 } | 455 } |
450 | 456 |
451 String art = theme.getArtifact(); | 457 String art = theme.getArtifact(); |
452 String facetName = theme.getName(); | 458 String facetName = theme.getName(); |
453 | 459 |
454 if (log.isDebugEnabled()) { | 460 if (debug) { |
455 log.debug("Do output for..."); | 461 log.debug("Do output for..."); |
456 log.debug("... artifact: " + art); | 462 log.debug("... artifact: " + art); |
457 log.debug("... facet: " + facetName); | 463 log.debug("... facet: " + facetName); |
458 } | 464 } |
459 | 465 |
622 String output) | 628 String output) |
623 throws ArtifactDatabaseException | 629 throws ArtifactDatabaseException |
624 { | 630 { |
625 Document attr = cAttr.toXML(); | 631 Document attr = cAttr.toXML(); |
626 | 632 |
633 Map<String, String> vars = new HashMap<String, String>(); | |
634 vars.put("output", output); | |
635 | |
627 Node out = (Node) XMLUtils.xpath( | 636 Node out = (Node) XMLUtils.xpath( |
628 attr, | 637 attr, |
629 "art:attribute/art:outputs/art:output[@name='" + output + "']", | 638 "art:attribute/art:outputs/art:output[@name=$output]", |
630 XPathConstants.NODE, | 639 XPathConstants.NODE, |
631 ArtifactNamespaceContext.INSTANCE); | 640 ArtifactNamespaceContext.INSTANCE, |
641 vars); | |
632 | 642 |
633 | 643 |
634 if (out != null) { | 644 if (out != null) { |
635 Document o = XMLUtils.newDocument(); | 645 Document o = XMLUtils.newDocument(); |
636 | 646 |
729 String pattern, | 739 String pattern, |
730 int index, | 740 int index, |
731 CallContext context) | 741 CallContext context) |
732 throws ArtifactDatabaseException | 742 throws ArtifactDatabaseException |
733 { | 743 { |
734 log.debug("FLYSArtifactCollection.getFacetThemeFromAttribute(facet=" + facet + ", index=" + index); | 744 boolean debug = log.isDebugEnabled(); |
745 | |
746 if (debug) { | |
747 log.debug( | |
748 "FLYSArtifactCollection.getFacetThemeFromAttribute(facet=" | |
749 + facet + ", index=" + index); | |
750 } | |
751 | |
735 | 752 |
736 ArtifactDatabase db = context.getDatabase(); | 753 ArtifactDatabase db = context.getDatabase(); |
737 CallMeta meta = context.getMeta(); | 754 CallMeta meta = context.getMeta(); |
738 | 755 |
739 FLYSContext flysContext = context instanceof FLYSContext | 756 FLYSContext flysContext = context instanceof FLYSContext |
748 if (attr == null) { | 765 if (attr == null) { |
749 return null; | 766 return null; |
750 } | 767 } |
751 } | 768 } |
752 | 769 |
753 log.debug("Search attribute of collection item: " + uuid); | 770 if (debug) { |
771 log.debug("Search attribute of collection item: " + uuid); | |
772 } | |
754 | 773 |
755 Node tmp = (Node) XMLUtils.xpath( | 774 Node tmp = (Node) XMLUtils.xpath( |
756 attr, | 775 attr, |
757 "/art:attribute", | 776 "/art:attribute", |
758 XPathConstants.NODE, | 777 XPathConstants.NODE, |
761 if (tmp == null) { | 780 if (tmp == null) { |
762 log.warn("No attribute found. Operation failed."); | 781 log.warn("No attribute found. Operation failed."); |
763 return null; | 782 return null; |
764 } | 783 } |
765 | 784 |
766 log.debug("Search theme for facet '" + facet + "' in attribute."); | 785 if (debug) { |
786 log.debug("Search theme for facet '" + facet + "' in attribute."); | |
787 } | |
788 | |
789 Map<String, String> vars = new HashMap<String, String>(); | |
790 vars.put("facet", facet); | |
791 vars.put("index", String.valueOf(index)); | |
767 | 792 |
768 Node theme = (Node) XMLUtils.xpath( | 793 Node theme = (Node) XMLUtils.xpath( |
769 tmp, | 794 tmp, |
770 "art:themes/theme[@facet='" + facet + | 795 "art:themes/theme[@facet=$facet and @index=$index]", |
771 "' and @index='" + String.valueOf(index) + "']", | |
772 XPathConstants.NODE, | 796 XPathConstants.NODE, |
773 ArtifactNamespaceContext.INSTANCE); | 797 ArtifactNamespaceContext.INSTANCE, |
798 vars); | |
774 | 799 |
775 if (theme == null) { | 800 if (theme == null) { |
776 log.warn("Could not find the theme in attribute of: " + facet + " " + uuid); | 801 log.warn("Could not find the theme in attribute of: " + facet + " " + uuid); |
777 | 802 |
778 Theme t = getThemeForFacet( | 803 Theme t = getThemeForFacet( |
844 | 869 |
845 themes.appendChild(attr.importNode(t.toXML().getFirstChild(), true)); | 870 themes.appendChild(attr.importNode(t.toXML().getFirstChild(), true)); |
846 | 871 |
847 try { | 872 try { |
848 setCollectionItemAttribute(uuid, attr, context); | 873 setCollectionItemAttribute(uuid, attr, context); |
849 | |
850 //log.debug("addThemeToAttribute: Successfully added theme to item attribute: " + XMLUtils.toString(attr)); | |
851 } | 874 } |
852 catch (ArtifactDatabaseException e) { | 875 catch (ArtifactDatabaseException e) { |
853 // do nothing | 876 // do nothing |
854 log.warn("Cannot set attribute of item: " + uuid); | 877 log.warn("Cannot set attribute of item: " + uuid); |
855 } | 878 } |
872 String pattern, | 895 String pattern, |
873 int index, | 896 int index, |
874 String outName, | 897 String outName, |
875 CallContext context) | 898 CallContext context) |
876 { | 899 { |
877 log.info("FLYSArtifactCollection.initItemAttribute"); | 900 boolean debug = log.isDebugEnabled(); |
901 | |
902 if (debug) { | |
903 log.debug("FLYSArtifactCollection.initItemAttribute"); | |
904 } | |
878 | 905 |
879 Theme t = getThemeForFacet(uuid, facet, pattern, index, outName, context); | 906 Theme t = getThemeForFacet(uuid, facet, pattern, index, outName, context); |
880 | 907 |
881 if (t == null) { | 908 if (t == null) { |
882 log.info("Could not find theme for facet. Cancel initialization."); | 909 log.info("Could not find theme for facet. Cancel initialization."); |
884 } | 911 } |
885 | 912 |
886 Document attr = XMLUtils.newDocument(); | 913 Document attr = XMLUtils.newDocument(); |
887 addThemeToAttribute(uuid, attr, t, context); | 914 addThemeToAttribute(uuid, attr, t, context); |
888 | 915 |
889 log.debug("initItemAttribute for facet " + facet + ": " + XMLUtils.toString(attr)); | 916 if (debug) { |
917 log.debug("initItemAttribute for facet " + facet + ": " | |
918 + XMLUtils.toString(attr)); | |
919 } | |
890 | 920 |
891 return attr; | 921 return attr; |
892 } | 922 } |
893 | 923 |
894 | 924 |