Commit ccb93d32 authored by Gaston Dombiak's avatar Gaston Dombiak Committed by gato

Fixed escaping/unescaping of spaces in usernames. JM-1180

git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@9446 b35dd754-fafc-0310-a699-88a17e54d16e
parent 76f6aa4a
......@@ -240,11 +240,10 @@
## Added key: 'user.roster.filter.noshared'
## Added key: 'user.roster.filter.onlyshared'
## Added key: 'setup.ldap.user.vcard.photo'
## Added key: 'httpbind.settings.script.label_enable'
## Added key: 'httpbind.settings.script.label_enable_info'
## Added key: 'httpbind.settings.script.label_disable'
## Added key: 'httpbind.settings.script.label_disable_info'
##
## 3.4.2
## Updated key: 'group.edit.add_user'
# Openfire
short.title = Openfire
......@@ -729,7 +728,7 @@ group.edit.edit_details=Edit Details
group.edit.members=Members of This Group
group.edit.members_description=Use the form below to add users to this group. Once added, you \
will be able to remove them, or give certain users administrative rights over the group.
group.edit.add_user=Add User(s):
group.edit.add_user=Add User:
group.edit.username=Username
group.edit.admin=Admin
group.edit.remove=Remove
......@@ -2332,10 +2331,6 @@ httpbind.settings.label_same_info=The HTTP bind service will use distinct ports
httpbind.settings.secure_port=SSL Port:
httpbind.settings.error.general=An error has occured, check the log file for details.
httpbind.settings.error.port=An error has occured configuring the HTTP binding ports, check the error log for more details.
httpbind.settings.script.label_enable=Enabled
httpbind.settings.script.label_enable_info=Allows BOSH clients with limited access to connect to the server
httpbind.settings.script.label_disable=Disabled
httpbind.settings.script.label_disable_info=Does not allow clients with limited access to connect to the server
# Profile Settings
......
......@@ -478,7 +478,7 @@ group.edit.edit_details=Edit Details
group.edit.members=Members of This Group
group.edit.members_description=Use the form below to add users to this group. Once added, you \
will be able to remove them, or give certain users administrative rights over the group.
group.edit.add_user=Agregar Usuario(s):
group.edit.add_user=Agregar Usuario:
group.edit.username=Nombre
group.edit.admin=Administrador
group.edit.remove=Borrar
......
......@@ -413,7 +413,7 @@ group.edit.delete = Delete Group
group.edit.edit_details = Edit Details
group.edit.members = Members of This Group
group.edit.members_description = Use the form below to add users to this group. Once added, you will be able to remove them, or give certain users administrative rights over the group.
group.edit.add_user = Add User(s)\:
group.edit.add_user = Add User:
group.edit.username = Username
group.edit.admin = Admin
group.edit.remove = Remove
......
......@@ -38,7 +38,7 @@
boolean updateMember = request.getParameter("updateMember") != null;
boolean update = request.getParameter("save") != null;
boolean cancel = request.getParameter("cancel") != null;
String users = ParamUtils.getParameter(request, "users");
String username = ParamUtils.getParameter(request, "username");
String [] adminIDs = ParamUtils.getParameters(request, "admin");
String [] deleteMembers = ParamUtils.getParameters(request, "delete");
String groupName = ParamUtils.getParameter(request, "group");
......@@ -130,53 +130,50 @@
response.sendRedirect("group-edit.jsp?group=" + URLEncoder.encode(groupName, "UTF-8") + "&updatesuccess=true");
return;
}
else if (add && users != null) {
StringTokenizer tokenizer = new StringTokenizer(users, ", \t\n\r\f");
else if (add && username != null) {
int count = 0;
while (tokenizer.hasMoreTokens()) {
String username = tokenizer.nextToken();
username = username.trim();
username = username.toLowerCase();
if(username.indexOf('@') != -1){
try {
UserManager.getInstance().getUser(JID.escapeNode(username));
// That means that this user has an email address as their node.
username = JID.escapeNode(username);
}
catch (UserNotFoundException e) {
username = username.trim();
username = username.toLowerCase();
}
if(username.indexOf('@') != -1){
try {
UserManager.getInstance().getUser(JID.escapeNode(username));
// That means that this user has an email address as their node.
username = JID.escapeNode(username);
}
catch (UserNotFoundException e) {
// Add to group as member by default.
try {
boolean added;
if (username.indexOf('@') == -1) {
// No @ was found so assume this is a JID of a local user
username = Stringprep.nodeprep(username);
UserManager.getInstance().getUser(username);
added = group.getMembers().add(webManager.getXMPPServer().createJID(username, null));
}
else {
// Admin entered a JID. Add the JID directly to the list of group members
added = group.getMembers().add(new JID(username));
}
}
}
if (added) {
count++;
}
else {
errorBuf.append("<br>").append(
LocaleUtils.getLocalizedString("group.edit.already_user", Arrays.asList(username)));
}
// Add to group as member by default.
try {
boolean added;
if (username.indexOf('@') == -1) {
// No @ was found so assume this is a JID of a local user
username = JID.escapeNode(username);
username = Stringprep.nodeprep(username);
UserManager.getInstance().getUser(username);
added = group.getMembers().add(webManager.getXMPPServer().createJID(username, null));
}
else {
// Admin entered a JID. Add the JID directly to the list of group members
added = group.getMembers().add(new JID(username));
}
if (added) {
count++;
}
catch (Exception e) {
Log.warn("Problem adding new user to existing group", e);
else {
errorBuf.append("<br>").append(
LocaleUtils.getLocalizedString("group.edit.inexistent_user", Arrays.asList(username)));
LocaleUtils.getLocalizedString("group.edit.already_user", Arrays.asList(username)));
}
}
catch (Exception e) {
Log.warn("Problem adding new user to existing group", e);
errorBuf.append("<br>").append(
LocaleUtils.getLocalizedString("group.edit.inexistent_user", Arrays.asList(username)));
}
if (count > 0) {
response.sendRedirect("group-edit.jsp?group=" +
......@@ -189,7 +186,7 @@
}
}
else if(add && users == null){
else if(add && username == null){
add = false;
}
else if (delete) {
......@@ -456,7 +453,7 @@
<fmt:message key="group.edit.add_user" />
</td>
<td nowrap class="c1" align="left">
<input type="text" size="45" name="users"/>
<input type="text" size="45" name="username"/>
&nbsp;<input type="submit" name="addbutton" value="<fmt:message key="global.add" />">
</td>
</tr>
......
......@@ -8,14 +8,20 @@
- Use is subject to license terms.
--%>
<%@ page import="org.jivesoftware.util.*,
java.util.*,
org.jivesoftware.openfire.muc.*,
org.xmpp.packet.IQ,
org.dom4j.Element,
java.net.URLEncoder"
<%@ page import="org.dom4j.Element,
org.jivesoftware.openfire.muc.ConflictException,
org.jivesoftware.openfire.muc.MUCRoom,
org.jivesoftware.openfire.muc.NotAllowedException,
org.jivesoftware.util.ParamUtils,
org.xmpp.packet.IQ"
errorPage="error.jsp"
%>
<%@ page import="org.xmpp.packet.JID" %>
<%@ page import="java.net.URLEncoder" %>
<%@ page import="java.util.ArrayList" %>
<%@ page import="java.util.Collections" %>
<%@ page import="java.util.HashMap" %>
<%@ page import="java.util.Map" %>
<%@ taglib uri="http://java.sun.com/jstl/core_rt" prefix="c"%>
<%@ taglib uri="http://java.sun.com/jstl/fmt_rt" prefix="fmt" %>
......@@ -51,6 +57,10 @@
if (errors.size() == 0) {
try {
// Escape username
String username = JID.escapeNode(userJID.substring(0, userJID.indexOf('@')));
String rest = userJID.substring(userJID.indexOf('@'), userJID.length());
userJID = username + rest;
IQ iq = new IQ(IQ.Type.set);
if ("owner".equals(affiliation) || "admin".equals(affiliation)) {
Element frag = iq.setChildElement("query", "http://jabber.org/protocol/muc#owner");
......@@ -207,11 +217,15 @@
ArrayList<String> owners = new ArrayList<String>(room.getOwners());
Collections.sort(owners);
for (String user : owners) {
String username = JID.unescapeNode(user.substring(0, user.indexOf('@')));
String rest = user.substring(user.indexOf('@'), user.length());
String userDisplay = username + rest;
%>
<tr>
<td>&nbsp;</td>
<td>
<%= user %>
<%= userDisplay %>
</td>
<td width="1%" align="center">
<a href="muc-room-affiliations.jsp?roomName=<%= URLEncoder.encode(roomName, "UTF-8") %>&userJID=<%= user %>&delete=true&affiliation=owner"
......@@ -237,11 +251,14 @@
ArrayList<String> admins = new ArrayList<String>(room.getAdmins());
Collections.sort(admins);
for (String user : admins) {
String username = JID.unescapeNode(user.substring(0, user.indexOf('@')));
String rest = user.substring(user.indexOf('@'), user.length());
String userDisplay = username + rest;
%>
<tr>
<td>&nbsp;</td>
<td>
<%= user %>
<%= userDisplay %>
</td>
<td width="1%" align="center">
<a href="muc-room-affiliations.jsp?roomName=<%= URLEncoder.encode(roomName, "UTF-8") %>&userJID=<%= user %>&delete=true&affiliation=admin"
......@@ -267,13 +284,17 @@
ArrayList<String> members = new ArrayList<String>(room.getMembers());
Collections.sort(members);
for (String user : members) {
String username = JID.unescapeNode(user.substring(0, user.indexOf('@')));
String rest = user.substring(user.indexOf('@'), user.length());
String userDisplay = username + rest;
String nickname = room.getReservedNickname(user);
nickname = (nickname == null ? "" : " (" + nickname + ")");
%>
<tr>
<td>&nbsp;</td>
<td>
<%= user %><%= nickname %>
<%= userDisplay %><%= nickname %>
</td>
<td width="1%" align="center">
<a href="muc-room-affiliations.jsp?roomName=<%= URLEncoder.encode(roomName, "UTF-8") %>&userJID=<%= user %>&delete=true&affiliation=member"
......@@ -299,11 +320,14 @@
ArrayList<String> outcasts = new ArrayList<String>(room.getOutcasts());
Collections.sort(outcasts);
for (String user : outcasts) {
String username = JID.unescapeNode(user.substring(0, user.indexOf('@')));
String rest = user.substring(user.indexOf('@'), user.length());
String userDisplay = username + rest;
%>
<tr>
<td>&nbsp;</td>
<td>
<%= user %>
<%= userDisplay %>
</td>
<td width="1%" align="center">
<a href="muc-room-affiliations.jsp?roomName=<%= URLEncoder.encode(roomName, "UTF-8") %>&userJID=<%= user %>&delete=true&affiliation=outcast"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment