Commit ccb93d32 authored by Gaston Dombiak's avatar Gaston Dombiak Committed by gato

Fixed escaping/unescaping of spaces in usernames. JM-1180

git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@9446 b35dd754-fafc-0310-a699-88a17e54d16e
parent 76f6aa4a
...@@ -240,10 +240,9 @@ ...@@ -240,10 +240,9 @@
## Added key: 'user.roster.filter.noshared' ## Added key: 'user.roster.filter.noshared'
## Added key: 'user.roster.filter.onlyshared' ## Added key: 'user.roster.filter.onlyshared'
## Added key: 'setup.ldap.user.vcard.photo' ## Added key: 'setup.ldap.user.vcard.photo'
## Added key: 'httpbind.settings.script.label_enable' ##
## Added key: 'httpbind.settings.script.label_enable_info' ## 3.4.2
## Added key: 'httpbind.settings.script.label_disable' ## Updated key: 'group.edit.add_user'
## Added key: 'httpbind.settings.script.label_disable_info'
# Openfire # Openfire
...@@ -729,7 +728,7 @@ group.edit.edit_details=Edit Details ...@@ -729,7 +728,7 @@ group.edit.edit_details=Edit Details
group.edit.members=Members of This Group group.edit.members=Members of This Group
group.edit.members_description=Use the form below to add users to this group. Once added, you \ group.edit.members_description=Use the form below to add users to this group. Once added, you \
will be able to remove them, or give certain users administrative rights over the group. will be able to remove them, or give certain users administrative rights over the group.
group.edit.add_user=Add User(s): group.edit.add_user=Add User:
group.edit.username=Username group.edit.username=Username
group.edit.admin=Admin group.edit.admin=Admin
group.edit.remove=Remove group.edit.remove=Remove
...@@ -2332,10 +2331,6 @@ httpbind.settings.label_same_info=The HTTP bind service will use distinct ports ...@@ -2332,10 +2331,6 @@ httpbind.settings.label_same_info=The HTTP bind service will use distinct ports
httpbind.settings.secure_port=SSL Port: httpbind.settings.secure_port=SSL Port:
httpbind.settings.error.general=An error has occured, check the log file for details. httpbind.settings.error.general=An error has occured, check the log file for details.
httpbind.settings.error.port=An error has occured configuring the HTTP binding ports, check the error log for more details. httpbind.settings.error.port=An error has occured configuring the HTTP binding ports, check the error log for more details.
httpbind.settings.script.label_enable=Enabled
httpbind.settings.script.label_enable_info=Allows BOSH clients with limited access to connect to the server
httpbind.settings.script.label_disable=Disabled
httpbind.settings.script.label_disable_info=Does not allow clients with limited access to connect to the server
# Profile Settings # Profile Settings
......
...@@ -478,7 +478,7 @@ group.edit.edit_details=Edit Details ...@@ -478,7 +478,7 @@ group.edit.edit_details=Edit Details
group.edit.members=Members of This Group group.edit.members=Members of This Group
group.edit.members_description=Use the form below to add users to this group. Once added, you \ group.edit.members_description=Use the form below to add users to this group. Once added, you \
will be able to remove them, or give certain users administrative rights over the group. will be able to remove them, or give certain users administrative rights over the group.
group.edit.add_user=Agregar Usuario(s): group.edit.add_user=Agregar Usuario:
group.edit.username=Nombre group.edit.username=Nombre
group.edit.admin=Administrador group.edit.admin=Administrador
group.edit.remove=Borrar group.edit.remove=Borrar
......
...@@ -413,7 +413,7 @@ group.edit.delete = Delete Group ...@@ -413,7 +413,7 @@ group.edit.delete = Delete Group
group.edit.edit_details = Edit Details group.edit.edit_details = Edit Details
group.edit.members = Members of This Group group.edit.members = Members of This Group
group.edit.members_description = Use the form below to add users to this group. Once added, you will be able to remove them, or give certain users administrative rights over the group. group.edit.members_description = Use the form below to add users to this group. Once added, you will be able to remove them, or give certain users administrative rights over the group.
group.edit.add_user = Add User(s)\: group.edit.add_user = Add User:
group.edit.username = Username group.edit.username = Username
group.edit.admin = Admin group.edit.admin = Admin
group.edit.remove = Remove group.edit.remove = Remove
......
...@@ -38,7 +38,7 @@ ...@@ -38,7 +38,7 @@
boolean updateMember = request.getParameter("updateMember") != null; boolean updateMember = request.getParameter("updateMember") != null;
boolean update = request.getParameter("save") != null; boolean update = request.getParameter("save") != null;
boolean cancel = request.getParameter("cancel") != null; boolean cancel = request.getParameter("cancel") != null;
String users = ParamUtils.getParameter(request, "users"); String username = ParamUtils.getParameter(request, "username");
String [] adminIDs = ParamUtils.getParameters(request, "admin"); String [] adminIDs = ParamUtils.getParameters(request, "admin");
String [] deleteMembers = ParamUtils.getParameters(request, "delete"); String [] deleteMembers = ParamUtils.getParameters(request, "delete");
String groupName = ParamUtils.getParameter(request, "group"); String groupName = ParamUtils.getParameter(request, "group");
...@@ -130,11 +130,8 @@ ...@@ -130,11 +130,8 @@
response.sendRedirect("group-edit.jsp?group=" + URLEncoder.encode(groupName, "UTF-8") + "&updatesuccess=true"); response.sendRedirect("group-edit.jsp?group=" + URLEncoder.encode(groupName, "UTF-8") + "&updatesuccess=true");
return; return;
} }
else if (add && users != null) { else if (add && username != null) {
StringTokenizer tokenizer = new StringTokenizer(users, ", \t\n\r\f");
int count = 0; int count = 0;
while (tokenizer.hasMoreTokens()) {
String username = tokenizer.nextToken();
username = username.trim(); username = username.trim();
username = username.toLowerCase(); username = username.toLowerCase();
...@@ -154,6 +151,7 @@ ...@@ -154,6 +151,7 @@
boolean added; boolean added;
if (username.indexOf('@') == -1) { if (username.indexOf('@') == -1) {
// No @ was found so assume this is a JID of a local user // No @ was found so assume this is a JID of a local user
username = JID.escapeNode(username);
username = Stringprep.nodeprep(username); username = Stringprep.nodeprep(username);
UserManager.getInstance().getUser(username); UserManager.getInstance().getUser(username);
added = group.getMembers().add(webManager.getXMPPServer().createJID(username, null)); added = group.getMembers().add(webManager.getXMPPServer().createJID(username, null));
...@@ -177,7 +175,6 @@ ...@@ -177,7 +175,6 @@
errorBuf.append("<br>").append( errorBuf.append("<br>").append(
LocaleUtils.getLocalizedString("group.edit.inexistent_user", Arrays.asList(username))); LocaleUtils.getLocalizedString("group.edit.inexistent_user", Arrays.asList(username)));
} }
}
if (count > 0) { if (count > 0) {
response.sendRedirect("group-edit.jsp?group=" + response.sendRedirect("group-edit.jsp?group=" +
URLEncoder.encode(groupName, "UTF-8") + "&success=true"); URLEncoder.encode(groupName, "UTF-8") + "&success=true");
...@@ -189,7 +186,7 @@ ...@@ -189,7 +186,7 @@
} }
} }
else if(add && users == null){ else if(add && username == null){
add = false; add = false;
} }
else if (delete) { else if (delete) {
...@@ -456,7 +453,7 @@ ...@@ -456,7 +453,7 @@
<fmt:message key="group.edit.add_user" /> <fmt:message key="group.edit.add_user" />
</td> </td>
<td nowrap class="c1" align="left"> <td nowrap class="c1" align="left">
<input type="text" size="45" name="users"/> <input type="text" size="45" name="username"/>
&nbsp;<input type="submit" name="addbutton" value="<fmt:message key="global.add" />"> &nbsp;<input type="submit" name="addbutton" value="<fmt:message key="global.add" />">
</td> </td>
</tr> </tr>
......
...@@ -8,14 +8,20 @@ ...@@ -8,14 +8,20 @@
- Use is subject to license terms. - Use is subject to license terms.
--%> --%>
<%@ page import="org.jivesoftware.util.*, <%@ page import="org.dom4j.Element,
java.util.*, org.jivesoftware.openfire.muc.ConflictException,
org.jivesoftware.openfire.muc.*, org.jivesoftware.openfire.muc.MUCRoom,
org.xmpp.packet.IQ, org.jivesoftware.openfire.muc.NotAllowedException,
org.dom4j.Element, org.jivesoftware.util.ParamUtils,
java.net.URLEncoder" org.xmpp.packet.IQ"
errorPage="error.jsp" errorPage="error.jsp"
%> %>
<%@ page import="org.xmpp.packet.JID" %>
<%@ page import="java.net.URLEncoder" %>
<%@ page import="java.util.ArrayList" %>
<%@ page import="java.util.Collections" %>
<%@ page import="java.util.HashMap" %>
<%@ page import="java.util.Map" %>
<%@ taglib uri="http://java.sun.com/jstl/core_rt" prefix="c"%> <%@ taglib uri="http://java.sun.com/jstl/core_rt" prefix="c"%>
<%@ taglib uri="http://java.sun.com/jstl/fmt_rt" prefix="fmt" %> <%@ taglib uri="http://java.sun.com/jstl/fmt_rt" prefix="fmt" %>
...@@ -51,6 +57,10 @@ ...@@ -51,6 +57,10 @@
if (errors.size() == 0) { if (errors.size() == 0) {
try { try {
// Escape username
String username = JID.escapeNode(userJID.substring(0, userJID.indexOf('@')));
String rest = userJID.substring(userJID.indexOf('@'), userJID.length());
userJID = username + rest;
IQ iq = new IQ(IQ.Type.set); IQ iq = new IQ(IQ.Type.set);
if ("owner".equals(affiliation) || "admin".equals(affiliation)) { if ("owner".equals(affiliation) || "admin".equals(affiliation)) {
Element frag = iq.setChildElement("query", "http://jabber.org/protocol/muc#owner"); Element frag = iq.setChildElement("query", "http://jabber.org/protocol/muc#owner");
...@@ -207,11 +217,15 @@ ...@@ -207,11 +217,15 @@
ArrayList<String> owners = new ArrayList<String>(room.getOwners()); ArrayList<String> owners = new ArrayList<String>(room.getOwners());
Collections.sort(owners); Collections.sort(owners);
for (String user : owners) { for (String user : owners) {
String username = JID.unescapeNode(user.substring(0, user.indexOf('@')));
String rest = user.substring(user.indexOf('@'), user.length());
String userDisplay = username + rest;
%> %>
<tr> <tr>
<td>&nbsp;</td> <td>&nbsp;</td>
<td> <td>
<%= user %> <%= userDisplay %>
</td> </td>
<td width="1%" align="center"> <td width="1%" align="center">
<a href="muc-room-affiliations.jsp?roomName=<%= URLEncoder.encode(roomName, "UTF-8") %>&userJID=<%= user %>&delete=true&affiliation=owner" <a href="muc-room-affiliations.jsp?roomName=<%= URLEncoder.encode(roomName, "UTF-8") %>&userJID=<%= user %>&delete=true&affiliation=owner"
...@@ -237,11 +251,14 @@ ...@@ -237,11 +251,14 @@
ArrayList<String> admins = new ArrayList<String>(room.getAdmins()); ArrayList<String> admins = new ArrayList<String>(room.getAdmins());
Collections.sort(admins); Collections.sort(admins);
for (String user : admins) { for (String user : admins) {
String username = JID.unescapeNode(user.substring(0, user.indexOf('@')));
String rest = user.substring(user.indexOf('@'), user.length());
String userDisplay = username + rest;
%> %>
<tr> <tr>
<td>&nbsp;</td> <td>&nbsp;</td>
<td> <td>
<%= user %> <%= userDisplay %>
</td> </td>
<td width="1%" align="center"> <td width="1%" align="center">
<a href="muc-room-affiliations.jsp?roomName=<%= URLEncoder.encode(roomName, "UTF-8") %>&userJID=<%= user %>&delete=true&affiliation=admin" <a href="muc-room-affiliations.jsp?roomName=<%= URLEncoder.encode(roomName, "UTF-8") %>&userJID=<%= user %>&delete=true&affiliation=admin"
...@@ -267,13 +284,17 @@ ...@@ -267,13 +284,17 @@
ArrayList<String> members = new ArrayList<String>(room.getMembers()); ArrayList<String> members = new ArrayList<String>(room.getMembers());
Collections.sort(members); Collections.sort(members);
for (String user : members) { for (String user : members) {
String username = JID.unescapeNode(user.substring(0, user.indexOf('@')));
String rest = user.substring(user.indexOf('@'), user.length());
String userDisplay = username + rest;
String nickname = room.getReservedNickname(user); String nickname = room.getReservedNickname(user);
nickname = (nickname == null ? "" : " (" + nickname + ")"); nickname = (nickname == null ? "" : " (" + nickname + ")");
%> %>
<tr> <tr>
<td>&nbsp;</td> <td>&nbsp;</td>
<td> <td>
<%= user %><%= nickname %> <%= userDisplay %><%= nickname %>
</td> </td>
<td width="1%" align="center"> <td width="1%" align="center">
<a href="muc-room-affiliations.jsp?roomName=<%= URLEncoder.encode(roomName, "UTF-8") %>&userJID=<%= user %>&delete=true&affiliation=member" <a href="muc-room-affiliations.jsp?roomName=<%= URLEncoder.encode(roomName, "UTF-8") %>&userJID=<%= user %>&delete=true&affiliation=member"
...@@ -299,11 +320,14 @@ ...@@ -299,11 +320,14 @@
ArrayList<String> outcasts = new ArrayList<String>(room.getOutcasts()); ArrayList<String> outcasts = new ArrayList<String>(room.getOutcasts());
Collections.sort(outcasts); Collections.sort(outcasts);
for (String user : outcasts) { for (String user : outcasts) {
String username = JID.unescapeNode(user.substring(0, user.indexOf('@')));
String rest = user.substring(user.indexOf('@'), user.length());
String userDisplay = username + rest;
%> %>
<tr> <tr>
<td>&nbsp;</td> <td>&nbsp;</td>
<td> <td>
<%= user %> <%= userDisplay %>
</td> </td>
<td width="1%" align="center"> <td width="1%" align="center">
<a href="muc-room-affiliations.jsp?roomName=<%= URLEncoder.encode(roomName, "UTF-8") %>&userJID=<%= user %>&delete=true&affiliation=outcast" <a href="muc-room-affiliations.jsp?roomName=<%= URLEncoder.encode(roomName, "UTF-8") %>&userJID=<%= user %>&delete=true&affiliation=outcast"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment