changeset 8844:890f708b18d6

Encode print URL with GWT-means. The homebrew encoding partly resulted in URLs not accepted by Tomcat 7 due to the fix for CVE-2016-6816.
author Tom Gottfried <tom@intevation.de>
date Fri, 12 Jan 2018 17:07:42 +0100
parents 3ecf1f76b2b8
children 89dcaae0801c
files gwt-client/src/main/java/org/dive4elements/river/client/client/ui/map/MapPrintPanel.java gwt-client/src/main/java/org/dive4elements/river/client/shared/MapUtils.java
diffstat 2 files changed, 5 insertions(+), 11 deletions(-) [+]
line wrap: on
line diff
--- a/gwt-client/src/main/java/org/dive4elements/river/client/client/ui/map/MapPrintPanel.java	Fri Jan 12 12:12:27 2018 +0100
+++ b/gwt-client/src/main/java/org/dive4elements/river/client/client/ui/map/MapPrintPanel.java	Fri Jan 12 17:07:42 2018 +0100
@@ -22,9 +22,9 @@
 import org.dive4elements.river.client.shared.model.Property;
 import org.dive4elements.river.client.shared.model.PropertySetting;
 import org.dive4elements.river.client.shared.model.Settings;
-import org.dive4elements.river.client.shared.MapUtils;
 
 import com.google.gwt.core.client.GWT;
+import com.google.gwt.http.client.URL;
 import com.google.gwt.user.client.Window;
 import com.google.gwt.user.client.rpc.AsyncCallback;
 import com.smartgwt.client.types.Alignment;
@@ -258,7 +258,7 @@
 
         appendPrintToUrl(collection, url);
 
-        return url.toString();
+        return URL.encode(url.toString());
     }
 
     private void appendPrintToUrl(Collection collection, StringBuilder url) {
@@ -275,16 +275,15 @@
                 catch (MissingResourceException mre) {
                     localized = props.getName();
                 }
-                url.append(MapUtils.toSaveHTMLJavaString(localized));
+                url.append(localized);
                 url.append("=");
-                url.append(MapUtils.toSaveHTMLJavaString((String)props.getValue()));
+                url.append((String)props.getValue());
             }
         }
         // O.o
         String river = findRiver(((MapOutputTab)mapToolbar.getOutputTab()
                     ).getCollectionView().getArtifact());
-        url.append("&" + MapUtils.toSaveHTMLJavaString(MSG.getString(MAPFISH_RIVER)) + "=" +
-                MapUtils.toSaveHTMLJavaString(river));
+        url.append("&" + MSG.getString(MAPFISH_RIVER) + "=" + river);
     }
 
     // Copy of DatacageWindow's findRiver with added state for map.river
--- a/gwt-client/src/main/java/org/dive4elements/river/client/shared/MapUtils.java	Fri Jan 12 12:12:27 2018 +0100
+++ b/gwt-client/src/main/java/org/dive4elements/river/client/shared/MapUtils.java	Fri Jan 12 17:07:42 2018 +0100
@@ -10,8 +10,6 @@
 
 import java.util.Date;
 
-import com.google.gwt.safehtml.shared.SafeHtmlUtils;
-
 
 public class MapUtils {
 
@@ -50,9 +48,6 @@
         return url;
     }
 
-    public static String toSaveHTMLJavaString(String str) {
-        return str == null ? null : SafeHtmlUtils.htmlEscape(toJavaEncodedString(str));
-    }
 
     public static String toJavaEncodedString(String str) {
         if (str == null) {

http://dive4elements.wald.intevation.org