Commit 681d8788 authored by guus's avatar guus

OF-523: Apply defensive coding to the MUC implementation (mainly: use JIDs,...

OF-523: Apply defensive coding to the MUC implementation (mainly: use JIDs, not Strings - but includes some other fixes as well).

git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@12979 b35dd754-fafc-0310-a699-88a17e54d16e
parent cb0f7b56
...@@ -20,6 +20,7 @@ ...@@ -20,6 +20,7 @@
<%@ page import="org.jivesoftware.util.*, <%@ page import="org.jivesoftware.util.*,
java.util.*, java.util.*,
org.xmpp.packet.*,
org.jivesoftware.openfire.muc.MultiUserChatService" org.jivesoftware.openfire.muc.MultiUserChatService"
errorPage="error.jsp" errorPage="error.jsp"
%> %>
...@@ -55,12 +56,11 @@ ...@@ -55,12 +56,11 @@
if (save) { if (save) {
if (openPerms) { if (openPerms) {
// Remove all users who have the ability to create rooms // Remove all users who have the ability to create rooms
List<String> removeables = new ArrayList<String>(); List<JID> removeables = new ArrayList<JID>();
for (Object obj : mucService.getUsersAllowedToCreate()) { for (JID user : mucService.getUsersAllowedToCreate()) {
String user = (String)obj;
removeables.add(user); removeables.add(user);
} }
for (String user : removeables) { for (JID user : removeables) {
mucService.removeUserAllowedToCreate(user); mucService.removeUserAllowedToCreate(user);
} }
mucService.setRoomCreationRestricted(false); mucService.setRoomCreationRestricted(false);
...@@ -78,30 +78,34 @@ ...@@ -78,30 +78,34 @@
} }
} }
// Handle an add JID bareJID = null;
if (add) { try {
// do validation // do validation
if (userJID == null || userJID.indexOf('@') == -1) { bareJID = new JID(new JID(userJID).toBareJID());
errors.put("userJID","userJID"); } catch (java.lang.IllegalArgumentException ex) {
} errors.put("userJID","userJID");
if (errors.size() == 0) {
mucService.addUserAllowedToCreate(userJID);
// Log the event
webManager.logEvent("added MUC room creation permission to "+userJID+" for service "+mucname, null);
response.sendRedirect("muc-create-permission.jsp?addsuccess=true&mucname="+URLEncoder.encode(mucname, "UTF-8"));
return;
}
} }
if (delete) { if (errors.size() == 0) {
// Remove the user from the allowed list // Handle an add
mucService.removeUserAllowedToCreate(userJID); if (add) {
// Log the event mucService.addUserAllowedToCreate(bareJID);
webManager.logEvent("removed MUC room creation permission from "+userJID+" for service "+mucname, null); // Log the event
// done, return webManager.logEvent("added MUC room creation permission to "+userJID+" for service "+mucname, null);
response.sendRedirect("muc-create-permission.jsp?deletesuccess=true&mucname="+URLEncoder.encode(mucname, "UTF-8")); response.sendRedirect("muc-create-permission.jsp?addsuccess=true&mucname="+URLEncoder.encode(mucname, "UTF-8"));
return; return;
} }
if (delete) {
// Remove the user from the allowed list
mucService.removeUserAllowedToCreate(bareJID);
// Log the event
webManager.logEvent("removed MUC room creation permission from "+userJID+" for service "+mucname, null);
// done, return
response.sendRedirect("muc-create-permission.jsp?deletesuccess=true&mucname="+URLEncoder.encode(mucname, "UTF-8"));
return;
}
}
%> %>
<html> <html>
......
...@@ -241,19 +241,11 @@ ...@@ -241,19 +241,11 @@
</tr> </tr>
<% } <% }
else { else {
ArrayList<String> owners = new ArrayList<String>(room.getOwners()); ArrayList<JID> owners = new ArrayList<JID>(room.getOwners());
Collections.sort(owners); Collections.sort(owners);
for (String user : owners) { for (JID user : owners) {
String userDisplay; String username = JID.unescapeNode(user.getNode());
if (user.indexOf('@') > 0) { String userDisplay = username + '@' + user.getDomain();
String username = JID.unescapeNode(user.substring(0, user.indexOf('@')));
String rest = user.substring(user.indexOf('@'), user.length());
userDisplay = username + rest;
}
else {
userDisplay = user;
}
%> %>
<tr> <tr>
<td>&nbsp;</td> <td>&nbsp;</td>
...@@ -281,18 +273,11 @@ ...@@ -281,18 +273,11 @@
</tr> </tr>
<% } <% }
else { else {
ArrayList<String> admins = new ArrayList<String>(room.getAdmins()); ArrayList<JID> admins = new ArrayList<JID>(room.getAdmins());
Collections.sort(admins); Collections.sort(admins);
for (String user : admins) { for (JID user : admins) {
String userDisplay; String username = JID.unescapeNode(user.getNode());
if (user.indexOf('@') > 0) { String userDisplay = username + '@' + user.getDomain();
String username = JID.unescapeNode(user.substring(0, user.indexOf('@')));
String rest = user.substring(user.indexOf('@'), user.length());
userDisplay = username + rest;
}
else {
userDisplay = user;
}
%> %>
<tr> <tr>
<td>&nbsp;</td> <td>&nbsp;</td>
...@@ -320,19 +305,11 @@ ...@@ -320,19 +305,11 @@
</tr> </tr>
<% } <% }
else { else {
ArrayList<String> members = new ArrayList<String>(room.getMembers()); ArrayList<JID> members = new ArrayList<JID>(room.getMembers());
Collections.sort(members); Collections.sort(members);
for (String user : members) { for (JID user : members) {
String userDisplay; String username = JID.unescapeNode(user.getNode());
if (user.indexOf('@') > 0) { String userDisplay = username + '@' + user.getDomain();
String username = JID.unescapeNode(user.substring(0, user.indexOf('@')));
String rest = user.substring(user.indexOf('@'), user.length());
userDisplay = username + rest;
}
else {
userDisplay = user;
}
String nickname = room.getReservedNickname(user); String nickname = room.getReservedNickname(user);
nickname = (nickname == null ? "" : " (" + nickname + ")"); nickname = (nickname == null ? "" : " (" + nickname + ")");
%> %>
...@@ -362,18 +339,11 @@ ...@@ -362,18 +339,11 @@
</tr> </tr>
<% } <% }
else { else {
ArrayList<String> outcasts = new ArrayList<String>(room.getOutcasts()); ArrayList<JID> outcasts = new ArrayList<JID>(room.getOutcasts());
Collections.sort(outcasts); Collections.sort(outcasts);
for (String user : outcasts) { for (JID user : outcasts) {
String userDisplay; String username = JID.unescapeNode(user.getNode());
if (user.indexOf('@') > 0) { String userDisplay = username + '@' + user.getDomain();
String username = JID.unescapeNode(user.substring(0, user.indexOf('@')));
String rest = user.substring(user.indexOf('@'), user.length());
userDisplay = username + rest;
}
else {
userDisplay = user;
}
%> %>
<tr> <tr>
<td>&nbsp;</td> <td>&nbsp;</td>
......
...@@ -34,7 +34,13 @@ ...@@ -34,7 +34,13 @@
boolean cancel = request.getParameter("cancel") != null; boolean cancel = request.getParameter("cancel") != null;
boolean delete = request.getParameter("delete") != null; boolean delete = request.getParameter("delete") != null;
JID roomJID = new JID(ParamUtils.getParameter(request,"roomJID")); JID roomJID = new JID(ParamUtils.getParameter(request,"roomJID"));
String alternateJID = ParamUtils.getParameter(request,"alternateJID"); String alternateJIDString = ParamUtils.getParameter(request,"alternateJID");
JID alternateJID;
if (alternateJIDString != null && alternateJIDString.trim().length() > 0 ) {
alternateJID = new JID(alternateJIDString.trim());
} else {
alternateJID = null;
}
String reason = ParamUtils.getParameter(request,"reason"); String reason = ParamUtils.getParameter(request,"reason");
String roomName = roomJID.getNode(); String roomName = roomJID.getNode();
......
...@@ -248,15 +248,15 @@ ...@@ -248,15 +248,15 @@
// Keep the existing list of admins // Keep the existing list of admins
field = new XFormFieldImpl("muc#roomconfig_roomadmins"); field = new XFormFieldImpl("muc#roomconfig_roomadmins");
for (String jid : room.getAdmins()) { for (JID jid : room.getAdmins()) {
field.addValue(jid); field.addValue(jid.toString());
} }
dataForm.addField(field); dataForm.addField(field);
// Keep the existing list of owners // Keep the existing list of owners
field = new XFormFieldImpl("muc#roomconfig_roomowners"); field = new XFormFieldImpl("muc#roomconfig_roomowners");
for (String jid : room.getOwners()) { for (JID jid : room.getOwners()) {
field.addValue(jid); field.addValue(jid.toString());
} }
dataForm.addField(field); dataForm.addField(field);
......
...@@ -19,6 +19,7 @@ ...@@ -19,6 +19,7 @@
<%@ page import="org.jivesoftware.util.*, <%@ page import="org.jivesoftware.util.*,
java.util.*, java.util.*,
org.xmpp.packet.*,
org.jivesoftware.openfire.muc.MultiUserChatService" org.jivesoftware.openfire.muc.MultiUserChatService"
errorPage="error.jsp" errorPage="error.jsp"
%> %>
...@@ -47,28 +48,32 @@ ...@@ -47,28 +48,32 @@
// Handle a save // Handle a save
Map<String,String> errors = new HashMap<String,String>(); Map<String,String> errors = new HashMap<String,String>();
if (add) { JID bareJID = null;
try {
// do validation // do validation
if (userJID == null || userJID.indexOf('@') == -1) { bareJID = new JID(new JID(userJID).toBareJID());
errors.put("userJID","userJID"); } catch (IllegalArgumentException e) {
} errors.put("userJID","userJID");
if (errors.size() == 0) { }
mucService.addSysadmin(userJID);
if (errors.size() == 0) {
if (add) {
mucService.addSysadmin(bareJID);
// Log the event // Log the event
webManager.logEvent("added muc sysadmin "+userJID+" for service "+mucname, null); webManager.logEvent("added muc sysadmin "+userJID+" for service "+mucname, null);
response.sendRedirect("muc-sysadmins.jsp?addsuccess=true&mucname="+URLEncoder.encode(mucname, "UTF-8")); response.sendRedirect("muc-sysadmins.jsp?addsuccess=true&mucname="+URLEncoder.encode(mucname, "UTF-8"));
return; return;
} }
}
if (delete) { if (delete) {
// Remove the user from the list of system administrators // Remove the user from the list of system administrators
mucService.removeSysadmin(userJID); mucService.removeSysadmin(bareJID);
// Log the event // Log the event
webManager.logEvent("removed muc sysadmin "+userJID+" for service "+mucname, null); webManager.logEvent("removed muc sysadmin "+userJID+" for service "+mucname, null);
// done, return // done, return
response.sendRedirect("muc-sysadmins.jsp?deletesuccess=true&mucname="+URLEncoder.encode(mucname, "UTF-8")); response.sendRedirect("muc-sysadmins.jsp?deletesuccess=true&mucname="+URLEncoder.encode(mucname, "UTF-8"));
return; return;
}
} }
%> %>
...@@ -160,14 +165,16 @@ ...@@ -160,14 +165,16 @@
<% } %> <% } %>
<% for (String user : mucService.getSysadmins()) { %> <% for (JID user : mucService.getSysadmins()) {
String username = JID.unescapeNode(user.getNode());
String userDisplay = username + '@' + user.getDomain();
%>
<tr> <tr>
<td width="99%"> <td width="99%">
<%= user %> <%= userDisplay %>
</td> </td>
<td width="1%" align="center"> <td width="1%" align="center">
<a href="muc-sysadmins.jsp?userJID=<%= user %>&delete=true&mucname=<%= URLEncoder.encode(mucname, "UTF-8") %>" <a href="muc-sysadmins.jsp?userJID=<%= user.toString() %>&delete=true&mucname=<%= URLEncoder.encode(mucname, "UTF-8") %>"
title="<fmt:message key="groupchat.admins.dialog.title" />" title="<fmt:message key="groupchat.admins.dialog.title" />"
onclick="return confirm('<fmt:message key="groupchat.admins.dialog.text" />');" onclick="return confirm('<fmt:message key="groupchat.admins.dialog.text" />');"
><img src="images/delete-16x16.gif" width="16" height="16" border="0" alt=""></a> ><img src="images/delete-16x16.gif" width="16" height="16" border="0" alt=""></a>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment