Commit 681d8788 authored by guus's avatar guus

OF-523: Apply defensive coding to the MUC implementation (mainly: use JIDs,...

OF-523: Apply defensive coding to the MUC implementation (mainly: use JIDs, not Strings - but includes some other fixes as well).

git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@12979 b35dd754-fafc-0310-a699-88a17e54d16e
parent cb0f7b56
......@@ -20,6 +20,7 @@
<%@ page import="org.jivesoftware.util.*,
java.util.*,
org.xmpp.packet.*,
org.jivesoftware.openfire.muc.MultiUserChatService"
errorPage="error.jsp"
%>
......@@ -55,12 +56,11 @@
if (save) {
if (openPerms) {
// Remove all users who have the ability to create rooms
List<String> removeables = new ArrayList<String>();
for (Object obj : mucService.getUsersAllowedToCreate()) {
String user = (String)obj;
List<JID> removeables = new ArrayList<JID>();
for (JID user : mucService.getUsersAllowedToCreate()) {
removeables.add(user);
}
for (String user : removeables) {
for (JID user : removeables) {
mucService.removeUserAllowedToCreate(user);
}
mucService.setRoomCreationRestricted(false);
......@@ -78,30 +78,34 @@
}
}
// Handle an add
if (add) {
JID bareJID = null;
try {
// do validation
if (userJID == null || userJID.indexOf('@') == -1) {
errors.put("userJID","userJID");
}
if (errors.size() == 0) {
mucService.addUserAllowedToCreate(userJID);
// Log the event
webManager.logEvent("added MUC room creation permission to "+userJID+" for service "+mucname, null);
response.sendRedirect("muc-create-permission.jsp?addsuccess=true&mucname="+URLEncoder.encode(mucname, "UTF-8"));
return;
}
bareJID = new JID(new JID(userJID).toBareJID());
} catch (java.lang.IllegalArgumentException ex) {
errors.put("userJID","userJID");
}
if (delete) {
// Remove the user from the allowed list
mucService.removeUserAllowedToCreate(userJID);
// Log the event
webManager.logEvent("removed MUC room creation permission from "+userJID+" for service "+mucname, null);
// done, return
response.sendRedirect("muc-create-permission.jsp?deletesuccess=true&mucname="+URLEncoder.encode(mucname, "UTF-8"));
return;
}
if (errors.size() == 0) {
// Handle an add
if (add) {
mucService.addUserAllowedToCreate(bareJID);
// Log the event
webManager.logEvent("added MUC room creation permission to "+userJID+" for service "+mucname, null);
response.sendRedirect("muc-create-permission.jsp?addsuccess=true&mucname="+URLEncoder.encode(mucname, "UTF-8"));
return;
}
if (delete) {
// Remove the user from the allowed list
mucService.removeUserAllowedToCreate(bareJID);
// Log the event
webManager.logEvent("removed MUC room creation permission from "+userJID+" for service "+mucname, null);
// done, return
response.sendRedirect("muc-create-permission.jsp?deletesuccess=true&mucname="+URLEncoder.encode(mucname, "UTF-8"));
return;
}
}
%>
<html>
......
......@@ -241,19 +241,11 @@
</tr>
<% }
else {
ArrayList<String> owners = new ArrayList<String>(room.getOwners());
ArrayList<JID> owners = new ArrayList<JID>(room.getOwners());
Collections.sort(owners);
for (String user : owners) {
String userDisplay;
if (user.indexOf('@') > 0) {
String username = JID.unescapeNode(user.substring(0, user.indexOf('@')));
String rest = user.substring(user.indexOf('@'), user.length());
userDisplay = username + rest;
}
else {
userDisplay = user;
}
for (JID user : owners) {
String username = JID.unescapeNode(user.getNode());
String userDisplay = username + '@' + user.getDomain();
%>
<tr>
<td>&nbsp;</td>
......@@ -281,18 +273,11 @@
</tr>
<% }
else {
ArrayList<String> admins = new ArrayList<String>(room.getAdmins());
ArrayList<JID> admins = new ArrayList<JID>(room.getAdmins());
Collections.sort(admins);
for (String user : admins) {
String userDisplay;
if (user.indexOf('@') > 0) {
String username = JID.unescapeNode(user.substring(0, user.indexOf('@')));
String rest = user.substring(user.indexOf('@'), user.length());
userDisplay = username + rest;
}
else {
userDisplay = user;
}
for (JID user : admins) {
String username = JID.unescapeNode(user.getNode());
String userDisplay = username + '@' + user.getDomain();
%>
<tr>
<td>&nbsp;</td>
......@@ -320,19 +305,11 @@
</tr>
<% }
else {
ArrayList<String> members = new ArrayList<String>(room.getMembers());
ArrayList<JID> members = new ArrayList<JID>(room.getMembers());
Collections.sort(members);
for (String user : members) {
String userDisplay;
if (user.indexOf('@') > 0) {
String username = JID.unescapeNode(user.substring(0, user.indexOf('@')));
String rest = user.substring(user.indexOf('@'), user.length());
userDisplay = username + rest;
}
else {
userDisplay = user;
}
for (JID user : members) {
String username = JID.unescapeNode(user.getNode());
String userDisplay = username + '@' + user.getDomain();
String nickname = room.getReservedNickname(user);
nickname = (nickname == null ? "" : " (" + nickname + ")");
%>
......@@ -362,18 +339,11 @@
</tr>
<% }
else {
ArrayList<String> outcasts = new ArrayList<String>(room.getOutcasts());
ArrayList<JID> outcasts = new ArrayList<JID>(room.getOutcasts());
Collections.sort(outcasts);
for (String user : outcasts) {
String userDisplay;
if (user.indexOf('@') > 0) {
String username = JID.unescapeNode(user.substring(0, user.indexOf('@')));
String rest = user.substring(user.indexOf('@'), user.length());
userDisplay = username + rest;
}
else {
userDisplay = user;
}
for (JID user : outcasts) {
String username = JID.unescapeNode(user.getNode());
String userDisplay = username + '@' + user.getDomain();
%>
<tr>
<td>&nbsp;</td>
......
......@@ -34,7 +34,13 @@
boolean cancel = request.getParameter("cancel") != null;
boolean delete = request.getParameter("delete") != null;
JID roomJID = new JID(ParamUtils.getParameter(request,"roomJID"));
String alternateJID = ParamUtils.getParameter(request,"alternateJID");
String alternateJIDString = ParamUtils.getParameter(request,"alternateJID");
JID alternateJID;
if (alternateJIDString != null && alternateJIDString.trim().length() > 0 ) {
alternateJID = new JID(alternateJIDString.trim());
} else {
alternateJID = null;
}
String reason = ParamUtils.getParameter(request,"reason");
String roomName = roomJID.getNode();
......
......@@ -248,15 +248,15 @@
// Keep the existing list of admins
field = new XFormFieldImpl("muc#roomconfig_roomadmins");
for (String jid : room.getAdmins()) {
field.addValue(jid);
for (JID jid : room.getAdmins()) {
field.addValue(jid.toString());
}
dataForm.addField(field);
// Keep the existing list of owners
field = new XFormFieldImpl("muc#roomconfig_roomowners");
for (String jid : room.getOwners()) {
field.addValue(jid);
for (JID jid : room.getOwners()) {
field.addValue(jid.toString());
}
dataForm.addField(field);
......
......@@ -19,6 +19,7 @@
<%@ page import="org.jivesoftware.util.*,
java.util.*,
org.xmpp.packet.*,
org.jivesoftware.openfire.muc.MultiUserChatService"
errorPage="error.jsp"
%>
......@@ -47,28 +48,32 @@
// Handle a save
Map<String,String> errors = new HashMap<String,String>();
if (add) {
JID bareJID = null;
try {
// do validation
if (userJID == null || userJID.indexOf('@') == -1) {
errors.put("userJID","userJID");
}
if (errors.size() == 0) {
mucService.addSysadmin(userJID);
bareJID = new JID(new JID(userJID).toBareJID());
} catch (IllegalArgumentException e) {
errors.put("userJID","userJID");
}
if (errors.size() == 0) {
if (add) {
mucService.addSysadmin(bareJID);
// Log the event
webManager.logEvent("added muc sysadmin "+userJID+" for service "+mucname, null);
response.sendRedirect("muc-sysadmins.jsp?addsuccess=true&mucname="+URLEncoder.encode(mucname, "UTF-8"));
return;
}
}
if (delete) {
// Remove the user from the list of system administrators
mucService.removeSysadmin(userJID);
// Log the event
webManager.logEvent("removed muc sysadmin "+userJID+" for service "+mucname, null);
// done, return
response.sendRedirect("muc-sysadmins.jsp?deletesuccess=true&mucname="+URLEncoder.encode(mucname, "UTF-8"));
return;
if (delete) {
// Remove the user from the list of system administrators
mucService.removeSysadmin(bareJID);
// Log the event
webManager.logEvent("removed muc sysadmin "+userJID+" for service "+mucname, null);
// done, return
response.sendRedirect("muc-sysadmins.jsp?deletesuccess=true&mucname="+URLEncoder.encode(mucname, "UTF-8"));
return;
}
}
%>
......@@ -160,14 +165,16 @@
<% } %>
<% for (String user : mucService.getSysadmins()) { %>
<% for (JID user : mucService.getSysadmins()) {
String username = JID.unescapeNode(user.getNode());
String userDisplay = username + '@' + user.getDomain();
%>
<tr>
<td width="99%">
<%= user %>
<%= userDisplay %>
</td>
<td width="1%" align="center">
<a href="muc-sysadmins.jsp?userJID=<%= user %>&delete=true&mucname=<%= URLEncoder.encode(mucname, "UTF-8") %>"
<a href="muc-sysadmins.jsp?userJID=<%= user.toString() %>&delete=true&mucname=<%= URLEncoder.encode(mucname, "UTF-8") %>"
title="<fmt:message key="groupchat.admins.dialog.title" />"
onclick="return confirm('<fmt:message key="groupchat.admins.dialog.text" />');"
><img src="images/delete-16x16.gif" width="16" height="16" border="0" alt=""></a>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment