Mercurial > dive4elements > river
changeset 8844:890f708b18d6
Encode print URL with GWT-means.
The homebrew encoding partly resulted in URLs not accepted by Tomcat 7
due to the fix for CVE-2016-6816.
author | Tom Gottfried <tom@intevation.de> |
---|---|
date | Fri, 12 Jan 2018 17:07:42 +0100 |
parents | 3ecf1f76b2b8 |
children | 89dcaae0801c |
files | gwt-client/src/main/java/org/dive4elements/river/client/client/ui/map/MapPrintPanel.java gwt-client/src/main/java/org/dive4elements/river/client/shared/MapUtils.java |
diffstat | 2 files changed, 5 insertions(+), 11 deletions(-) [+] |
line wrap: on
line diff
--- a/gwt-client/src/main/java/org/dive4elements/river/client/client/ui/map/MapPrintPanel.java Fri Jan 12 12:12:27 2018 +0100 +++ b/gwt-client/src/main/java/org/dive4elements/river/client/client/ui/map/MapPrintPanel.java Fri Jan 12 17:07:42 2018 +0100 @@ -22,9 +22,9 @@ import org.dive4elements.river.client.shared.model.Property; import org.dive4elements.river.client.shared.model.PropertySetting; import org.dive4elements.river.client.shared.model.Settings; -import org.dive4elements.river.client.shared.MapUtils; import com.google.gwt.core.client.GWT; +import com.google.gwt.http.client.URL; import com.google.gwt.user.client.Window; import com.google.gwt.user.client.rpc.AsyncCallback; import com.smartgwt.client.types.Alignment; @@ -258,7 +258,7 @@ appendPrintToUrl(collection, url); - return url.toString(); + return URL.encode(url.toString()); } private void appendPrintToUrl(Collection collection, StringBuilder url) { @@ -275,16 +275,15 @@ catch (MissingResourceException mre) { localized = props.getName(); } - url.append(MapUtils.toSaveHTMLJavaString(localized)); + url.append(localized); url.append("="); - url.append(MapUtils.toSaveHTMLJavaString((String)props.getValue())); + url.append((String)props.getValue()); } } // O.o String river = findRiver(((MapOutputTab)mapToolbar.getOutputTab() ).getCollectionView().getArtifact()); - url.append("&" + MapUtils.toSaveHTMLJavaString(MSG.getString(MAPFISH_RIVER)) + "=" + - MapUtils.toSaveHTMLJavaString(river)); + url.append("&" + MSG.getString(MAPFISH_RIVER) + "=" + river); } // Copy of DatacageWindow's findRiver with added state for map.river
--- a/gwt-client/src/main/java/org/dive4elements/river/client/shared/MapUtils.java Fri Jan 12 12:12:27 2018 +0100 +++ b/gwt-client/src/main/java/org/dive4elements/river/client/shared/MapUtils.java Fri Jan 12 17:07:42 2018 +0100 @@ -10,8 +10,6 @@ import java.util.Date; -import com.google.gwt.safehtml.shared.SafeHtmlUtils; - public class MapUtils { @@ -50,9 +48,6 @@ return url; } - public static String toSaveHTMLJavaString(String str) { - return str == null ? null : SafeHtmlUtils.htmlEscape(toJavaEncodedString(str)); - } public static String toJavaEncodedString(String str) { if (str == null) {