- }
- catch (StorageObjectException e) {
- theLog.printError("servletmoduleopenindy could not be initialized");
- }
- }
-
-
- /**
- * Method for making a comment
- */
-
- public void addcomment(HttpServletRequest req, HttpServletResponse res) throws ServletModuleException
- {
- String aid = req.getParameter("aid"); // the article id the comment will belong to
- if (aid!=null && !aid.equals(""))
- {
- SimpleHash mergeData = new SimpleHash();
- // ok, article
- mergeData.put("aid", aid);
- deliver(req, res, mergeData, commentFormTemplate);
- }
- else throw new ServletModuleException("aid not set!");
- }
-
- /**
- * Method for inserting a comment into the Database and delivering
- * the commentDone Page
- */
-
- public void inscomment(HttpServletRequest req, HttpServletResponse res) throws ServletModuleException
- {
- String aid = req.getParameter("to_media"); // the article id the comment will belong to
- if (aid!=null && !aid.equals(""))
- {
- // ok, collecting data from form
- try {
- HashMap withValues = getIntersectingValues(req, DatabaseComment.getInstance());
- withValues.put("is_published","1");
-
- // inserting into database
- String id = mainModule.add(withValues);
-
- // producing new page
- new ProducerContent().handle(null, null, true, false, aid);
-
- // sync the server
- int exitValue = Helper.rsync();
-
- // redirecting to url
- // should implement back to article
- SimpleHash mergeData = new SimpleHash();
- deliver(req, res, mergeData, commentFormDoneTemplate);
- }
- catch (StorageObjectException e) { throw new ServletModuleException(e.toString());}
- catch (ModuleException e) { throw new ServletModuleException(e.toString());}
-
- }
- else throw new ServletModuleException("aid not set!");
-
- }
-
- /**
- * Method for delivering the form-Page for open posting
- */
-
- public void addposting(HttpServletRequest req, HttpServletResponse res) throws ServletModuleException
- {
- SimpleHash mergeData = new SimpleHash();
- /** @todo popups missing */
- deliver(req, res, mergeData, postingFormTemplate);
- }
-
- /**
- * Method for inserting an open posting into the Database and delivering
- * the postingDone Page
- */
-
- public void insposting(HttpServletRequest req, HttpServletResponse res)
- throws ServletModuleException
- {
- SimpleHash mergeData = new SimpleHash();
-
- try {
-
- WebdbMultipartRequest mp = new WebdbMultipartRequest(req);
- HashMap withValues = mp.getParameters();
- byte[] mediaData=mp.getMedia();
- String fileName=mp.getFilename();
-
- // if op contains imagedata
- String mediaId=null;
- if (mediaData!=null && fileName!=null) {
- HashMap mediaValues = new HashMap();
- mediaValues.put("date", StringUtil.date2webdbDate(new GregorianCalendar()));
- mediaValues.put("to_publisher", "1"); // op user
- mediaValues.put("to_media_folder", "7"); // op media_folder
- mediaValues.put("is_produced", "0");
- mediaValues.put("is_published","1");
-
- String mediaTitle=(String)withValues.get("media_title");
- if (mediaTitle==null)
- mediaTitle = (String)withValues.get("title");
- mediaValues.put("title",mediaTitle);
-
- if (fileName.toLowerCase().endsWith("rm")) {
- // this is video !!
- //theLog.printDebugInfo("--GOT VIDEO");
- EntityVideo entVideo = new EntityVideo(DatabaseVideos.getInstance());
- entVideo.setValues(mediaValues);
- mediaId = entVideo.insert();
- entVideo.setVideoData(mediaData);
- }
- else if (fileName.toLowerCase().endsWith(".jpg") || fileName.toLowerCase().endsWith(".gif")) {
- // this is image !!
- mediaId = imageModule.add(mediaValues);
- EntityImage entImage = (EntityImage)imageModule.getById(mediaId);
-
- int fileType = -1;
- if (fileName.toLowerCase().endsWith(".jpg")) fileType=0;
- if (fileName.toLowerCase().endsWith(".gif")) fileType=1;
- if (fileType>=0) {
- entImage.setImage(mediaData, fileType);
- withValues.put("to_media",mediaId);
- }
- else
- theLog.printDebugInfo("Wrong file uploaded!" + fileName);
- }
- }
-
- withValues.put("date", StringUtil.date2webdbDate(new GregorianCalendar()));
- withValues.put("publish_path", StringUtil.webdbDate2path((String)withValues.get("date")));
- withValues.put("is_produced", "0");
- // op-articles are immediatly published
- withValues.put("is_published","1");
- // owner is openposting user
- withValues.put("to_publisher","1");
- if (withValues.get("creator").toString().equals(""))
- withValues.put("creator","Anonym");
-
- // inserting content into database
- String id = contentModule.add(withValues);
-
-
- // producing new page
- if(mediaId!=null){
- new ProducerImages().handle(null, null, false, false, mediaId);
- }
- // producing openpostinglist
- new ProducerOpenPosting().handle(null,null,false,false);
- // producing new page
- new ProducerContent().handle(null, null, false, false,id);
-
- // sync the server
- int exitValue = Helper.rsync();
-
- }
- catch (IOException e) { throw new ServletModuleException(e.toString());}
- catch (StorageObjectException e) { throw new ServletModuleException(e.toString());}
- catch (ModuleException e) { throw new ServletModuleException(e.toString());}
-
- deliver(req, res, mergeData, postingFormDoneTemplate);
- }
+ }
+ catch (StorageObjectFailure e) {
+ logger.error("servletmoduleopenindy could not be initialized: " + e.getMessage());
+ }
+ }
+
+ /**
+ * Method to return an "apology" when open postings are disabled
+ *
+ * @param aRequest
+ * @param aResponse
+ * @throws ServletModuleExc
+ * @throws ServletModuleUserExc
+ * @throws ServletModuleFailure
+ */
+ public void openPostingDisabled(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc, ServletModuleUserExc, ServletModuleFailure {
+ deliver(aRequest, aResponse, (Map) null, null,
+ configuration.getString("ServletModule.OpenIndy.PostingDisabledTemplate"));
+ }
+
+ /**
+ * Method for making a comment
+ */
+
+ public void addcomment(HttpServletRequest req, HttpServletResponse res) throws ServletModuleExc, ServletModuleUserExc, ServletModuleFailure {
+ if (MirGlobal.abuse().getOpenPostingDisabled()) {
+ openPostingDisabled(req, res);
+
+ return;
+ }
+
+ String aid = req.getParameter("aid"); // the article id the comment will belong to
+
+ if (aid != null && !aid.equals("")) {
+ try {
+ Map mergeData = new HashMap();
+
+ // onetimepasswd
+ if (MirGlobal.abuse().getOpenPostingPassword()) {
+ String passwd = this.createOneTimePasswd();
+ HttpSession session = req.getSession(false);
+ session.setAttribute("passwd", passwd);
+ mergeData.put("passwd", passwd);
+ }
+ else {
+ mergeData.put("passwd", (String)null);
+ }
+ mergeData.put("aid", aid);
+
+ Map extraInfo = new HashMap();
+ extraInfo.put("languagePopUpData", DatabaseLanguage.getInstance().getPopupData());
+
+ deliver(req, res, mergeData, extraInfo, commentFormTemplate);
+ }
+ catch (Throwable t) {
+ throw new ServletModuleFailure("ServletModuleOpenIndy.addcomment: " + t.getMessage(), t);
+ }
+ }
+ else
+ throw new ServletModuleExc("aid not set!");
+ }
+
+ /**
+ * Method for inserting a comment into the Database and delivering
+ * the commentDone Page
+ */
+
+ public void inscomment(HttpServletRequest req, HttpServletResponse res) throws ServletModuleExc, ServletModuleUserExc, ServletModuleFailure {
+ if (MirGlobal.abuse().getOpenPostingDisabled()) {
+ openPostingDisabled(req, res);
+
+ return;
+ }
+
+ String aid = req.getParameter("to_media"); // the article id the comment will belong to
+ if (aid != null && !aid.equals("")) {
+ // ok, collecting data from form
+ try {
+ Map withValues = getIntersectingValues(req, DatabaseComment.getInstance());
+
+ //no html in comments(for now)
+ for (Iterator i = withValues.keySet().iterator(); i.hasNext(); ) {
+ String k = (String) i.next();
+ String v = (String) withValues.get(k);
+
+ withValues.put(k, StringUtil.removeHTMLTags(v));
+ }
+ withValues.put("is_published", "1");
+ withValues.put("to_comment_status", "1");
+ withValues.put("is_html", "0");
+
+ //checking the onetimepasswd
+ HttpSession session = req.getSession(false);
+ String sessionPasswd = (String) session.getAttribute("passwd");
+ if (sessionPasswd != null) {
+ String passwd = req.getParameter("passwd");
+ if (passwd == null || passwd.length() == 0) {
+ throw new ServletModuleUserExc("comment.error.missingpassword", new String[] {});
+ }
+ if (!sessionPasswd.equals(passwd)) {
+ throw new ServletModuleUserExc("comment.error.invalidpassword", new String[] {});
+ }
+ session.invalidate();
+ }
+
+ String id = mainModule.add(withValues);
+
+ SimpleResponse response = new SimpleResponse();
+ response.setResponseGenerator(commentFormDoneTemplate);
+
+ if (id == null) {
+ deliver(req, res, (Map)null, null, commentFormDupeTemplate);
+ }
+ else {
+ DatabaseContent.getInstance().setUnproduced("id=" + aid);
+
+ try {
+ EntityComment comment = (EntityComment) DatabaseComment.getInstance().selectById(id);
+ MirGlobal.localizer().openPostings().afterCommentPosting(comment);
+ MirGlobal.abuse().checkComment(
+ comment, new HTTPAdapters.HTTPRequestAdapter(req), res);
+ }
+ catch (Throwable t) {
+ throw new ServletModuleExc(t.getMessage());
+ }
+ }
+
+ // redirecting to url
+ // should implement back to article
+ deliver(req, res, response.getResponseValues(), null, response.getResponseGenerator());
+ }
+ catch (Throwable e) {
+ throw new ServletModuleFailure(e);
+ }
+ }
+ else
+ throw new ServletModuleExc("aid not set!");
+
+ }
+
+ /**
+ * Method for delivering the form-Page for open posting
+ */
+
+ public void addposting(HttpServletRequest req, HttpServletResponse res)
+ throws ServletModuleExc, ServletModuleUserExc, ServletModuleFailure
+ {
+ try {
+ if (MirGlobal.abuse().getOpenPostingDisabled()) {
+ openPostingDisabled(req, res);
+
+ return;
+ }
+
+ Map mergeData = new HashMap();
+
+ // onetimepasswd
+ if (MirGlobal.abuse().getOpenPostingPassword()) {
+ String passwd = generateOnetimePassword();
+ HttpSession session = req.getSession(false);
+ session.setAttribute("passwd", passwd);
+ mergeData.put("passwd", passwd);
+ }
+ else {
+ mergeData.put("passwd", (String)null);
+ }
+
+ String maxMedia = configuration.getString("ServletModule.OpenIndy.MaxMediaUploadItems");
+ String defaultMedia = configuration.getString("ServletModule.OpenIndy.DefaultMediaUploadItems");
+ String numOfMedia = req.getParameter("medianum");
+
+ if (numOfMedia == null || numOfMedia.equals("")) {
+ numOfMedia = defaultMedia;
+ }
+ else if (Integer.parseInt(numOfMedia) > Integer.parseInt(maxMedia)) {
+ numOfMedia = maxMedia;
+ }
+
+ int mediaNum = Integer.parseInt(numOfMedia);
+ List mediaFields = new Vector();
+ for (int i = 0; i < mediaNum; i++) {
+ Integer mNum = new Integer(i + 1);
+ mediaFields.add(mNum.toString());
+ }
+ mergeData.put("medianum", numOfMedia);
+ mergeData.put("mediafields", mediaFields);
+ mergeData.put("to_topic", null);
+
+ Map extraInfo = new HashMap();
+ extraInfo.put("languagePopUpData", DatabaseLanguage.getInstance().getPopupData());
+ extraInfo.put("themenPopupData", topicsModule.getTopicsAsSimpleList());
+
+ extraInfo.put("topics", topicsModule.getTopicsList());
+ deliver(req, res, mergeData, extraInfo, postingFormTemplate);
+ }
+ catch (Throwable t) {
+ throw new ServletModuleFailure(t);
+ }
+ }
+
+ /**
+ * Method for inserting an open posting into the Database and delivering
+ * the postingDone Page
+ */
+
+ public void insposting(HttpServletRequest aRequest, HttpServletResponse aResponse) throws
+ ServletModuleExc, ServletModuleUserExc, ServletModuleFailure {
+ if (MirGlobal.abuse().getOpenPostingDisabled()) {
+ openPostingDisabled(aRequest, aResponse);
+
+ return;
+ }
+
+ try {
+ HTTPParsedRequest parsedRequest = new HTTPParsedRequest(
+ aRequest,
+ configuration.getString("Mir.DefaultEncoding"),
+ configuration.getInt("MaxMediaUploadSize")*1024,
+ configuration.getString("TempDir"));
+
+ Map mergeData = new HashMap();
+
+ HttpSession session = aRequest.getSession(false);
+ String sessionPasswd = (String) session.getAttribute("passwd");
+ if (sessionPasswd != null) {
+ String passwd = (String) parsedRequest.getParameter("passwd");
+
+ if (passwd == null || passwd.length() == 0) {
+ throw new ServletModuleUserExc("posting.error.missingpassword", new String[] {});
+ }
+ if (!sessionPasswd.equals(passwd)) {
+ throw new ServletModuleUserExc("posting.error.invalidpassword", new String[] {});
+ }
+ session.invalidate();
+ }
+
+ if ((((String) parsedRequest.getParameter("title")).length() == 0) ||
+ (((String) parsedRequest.getParameter("description")).length() == 0) ||
+ (((String) parsedRequest.getParameter("content_data")).length() == 0))
+ throw new ServletModuleUserExc("posting.error.missingfield", new String[] {});
+
+ List mediaList = new Vector();
+ Iterator i = parsedRequest.getFiles().iterator();
+
+ while (i.hasNext()) {
+ UploadedFile file = new mir.session.CommonsUploadedFileAdapter((FileItem) i.next());
+ Map mediaValues = new HashMap();
+
+ String suffix = file.getFieldName().substring(5); // media${m}
+ logger.debug("media_title" + suffix);
+ String title = parsedRequest.getParameter("media_title" + suffix);
+
+ mediaValues.put("title", StringUtil.removeHTMLTags(title));
+ mediaValues.put("creator", StringUtil.removeHTMLTags(parsedRequest.getParameter("creator")));
+ mediaValues.put("to_publisher", "0");
+ mediaValues.put("is_published", "1");
+ mediaValues.put("to_media_folder", "7");
+
+ mediaList.add(MediaUploadProcessor.processMediaUpload(file, mediaValues));
+ }
+
+ Map withValues = new HashMap();
+ i = DatabaseContent.getInstance().getFields().iterator();
+ while (i.hasNext()) {
+ String field = (String) i.next();
+ String value = parsedRequest.getParameter(field);
+ if (value!=null)
+ withValues.put(field, value);
+ }
+
+
+ for (i = withValues.keySet().iterator(); i.hasNext(); ) {
+ String k = (String) i.next();
+ String v = (String) withValues.get(k);
+
+ if (k.equals("content_data")) {
+ //this doesn't quite work yet, so for now, all html goes
+ //withValues.put(k,StringUtil.approveHTMLTags(v));
+ withValues.put(k, StringUtil.deleteForbiddenTags(v));
+ }
+ else if (k.equals("description")) {
+ String tmp = StringUtil.deleteForbiddenTags(v);
+ withValues.put(k, StringUtil.deleteHTMLTableTags(tmp));
+ }
+ else {
+ withValues.put(k, StringUtil.removeHTMLTags(v));
+ }
+ }
+
+ withValues.put("date", StringUtil.date2webdbDate(new GregorianCalendar()));
+ withValues.put("publish_path",
+ StringUtil.webdbDate2path( (String) withValues.get("date")));
+ withValues.put("is_produced", "0");
+ withValues.put("is_published", "1");
+ if (directOp.equals("yes"))
+ withValues.put("to_article_type", "1");
+
+ withValues.put("to_publisher", "1");
+
+ // inserting content into database
+ String cid = contentModule.add(withValues);
+ logger.debug("id: " + cid);
+ //insert was not successfull
+ if (cid == null) {
+ deliver(aRequest, aResponse, mergeData, null, postingFormDupeTemplate);
+ return;
+ }
+
+ List topics = parsedRequest.getParameterList("to_topic");
+ if (topics.size() > 0) {
+ try {
+ DatabaseContentToTopics.getInstance().setTopics(cid, topics);
+ }
+ catch (Throwable e) {
+ logger.error("setting content_x_topic failed");
+ contentModule.deleteById(cid);
+ throw new ServletModuleFailure(
+ "smod - openindy :: insposting: setting content_x_topic failed: " +
+ e.toString(), e);
+ }
+ }
+
+ i = mediaList.iterator();
+ while (i.hasNext()) {
+ Entity mediaEnt = (Entity) i.next();
+ DatabaseContentToMedia.getInstance().addMedia(cid, mediaEnt.getId());
+ }
+
+ EntityContent article = (EntityContent) contentModule.getById(cid);
+ try {
+ MirGlobal.abuse().checkArticle(
+ article, new HTTPAdapters.HTTPRequestAdapter(aRequest), aResponse);
+ MirGlobal.localizer().openPostings().afterContentPosting(article);
+ }
+ catch (Throwable t) {
+ logger.error("Error while post-processing article: " + t.getMessage());
+ }
+ deliver(aRequest, aResponse, mergeData, null, postingFormDoneTemplate);
+ }
+ catch (Throwable e) {
+ e.printStackTrace(logger.asPrintWriter(LoggerWrapper.DEBUG_MESSAGE));
+ Throwable cause = ExceptionFunctions.traceCauseException(e);
+
+ if (cause instanceof ModuleMediaType.UnsupportedMimeTypeExc) {
+ throw new ServletModuleUserExc("media.unsupportedformat", new String[] {});
+ }
+ throw new ServletModuleFailure(e);
+ }
+ }
+
+ /**
+ * Due to a serious shortcoming of Tomcat 3.3, an extra sessionid parameter is
+ * generated into open session urls. Tomcat 3.3 makes it impossible to
+ * distinguish between sessions that are identified using a url and those
+ * that are identified using cookies: if both a sessionid cookie and a sessionid
+ * url are available, tomcat 3.3 pretends the url wasn't there...
+ */
+ private static final String SESSION_REQUEST_KEY="sessionid";
+
+ /**
+ * Dispatch method for open sessions: a flexible extensible and customizable way
+ * for open access. Can be used for postings, but also for lots of other stuff.
+ *
+ * @param aRequest
+ * @param aResponse
+ * @throws ServletModuleExc
+ * @throws ServletModuleUserExc
+ * @throws ServletModuleFailure
+ */
+
+ public void opensession(HttpServletRequest aRequest, HttpServletResponse aResponse)
+ throws ServletModuleExc, ServletModuleUserExc, ServletModuleFailure {
+
+ try {
+ Request request =
+ new HTTPAdapters.HTTPParsedRequestAdapter(new HTTPParsedRequest(aRequest,
+ configuration.getString("Mir.DefaultEncoding"),
+ configuration.getInt("MaxMediaUploadSize")*1024,
+ configuration.getString("TempDir")));
+
+ if (aRequest.isRequestedSessionIdValid() && !aRequest.isRequestedSessionIdFromURL() &&
+ !aRequest.getRequestedSessionId().equals(aRequest.getParameter(SESSION_REQUEST_KEY)))
+ aRequest.getSession().invalidate();
+
+ Session session = new HTTPAdapters.HTTPSessionAdapter(aRequest.getSession());
+
+ SimpleResponse response = new SimpleResponse(
+ ServletHelper.makeGenerationData(aResponse, new Locale[] {getLocale(aRequest), getFallbackLocale(aRequest)},
+ "bundles.open"));
+
+ response.setResponseValue("actionURL", aResponse.encodeURL(HttpUtils.getRequestURL(aRequest).toString())+"?"+SESSION_REQUEST_KEY+"="+aRequest.getSession().getId());
+
+ SessionHandler handler = MirGlobal.localizer().openPostings().getOpenSessionHandler(request, session);
+
+ handler.processRequest(request, session, response);
+ ServletHelper.generateOpenPostingResponse(aResponse.getWriter(), response.getResponseValues(), response.getResponseGenerator());
+ }
+ catch (Throwable t) {
+ logger.error(t.toString());
+ t.printStackTrace(logger.asPrintWriter(LoggerWrapper.DEBUG_MESSAGE));
+
+ throw new ServletModuleFailure(t);
+ }
+ }
+
+ /**
+ * Method for preparing and sending a content as an email message
+ */
+
+ public void mail(HttpServletRequest req, HttpServletResponse res)
+ throws ServletModuleExc, ServletModuleUserExc, ServletModuleFailure
+ {
+ String aid = req.getParameter("mail_aid");
+ if (aid == null){
+ throw new ServletModuleExc("An article id must be specified in requests to email an article. Something therefore went badly wrong....");
+ }
+
+ String to = req.getParameter("mail_to");
+ String from = req.getParameter("mail_from");
+ String from_name = req.getParameter("mail_from_name");
+ String from_ip = req.getRemoteAddr();
+ String comment = req.getParameter("mail_comment");
+ String mail_language = req.getParameter("mail_language");
+
+ Map mergeData = new HashMap();
+ mergeData.put("mail_to",to);
+ mergeData.put("mail_from",from);
+ mergeData.put("mail_from_name",from_name);
+ mergeData.put("mail_comment",comment);
+ mergeData.put("mail_aid",aid);
+ mergeData.put("mail_language",mail_language);
+
+
+ if (to == null || from == null || from_name == null|| to.equals("") || from.equals("") || from_name.equals("") || mail_language == null || mail_language.equals("")){
+ deliver(req, res, mergeData, null, prepareMailTemplate);
+ }
+ else {
+ //run checks on to and from and mail_language to make sure no monkey business occurring
+ if (mail_language.indexOf('.') != -1 || mail_language.indexOf('/') != -1 ) {
+ throw new ServletModuleExc("Invalid language");
+ }
+ if (to.indexOf('\n') != -1
+ || to.indexOf('\r') != -1
+ || to.indexOf(',') != -1) {
+ throw new ServletModuleUserExc("email.error.invalidtoaddress", new String[] {to});
+ }
+ if (from.indexOf('\n') != -1 || from.indexOf('\r') != -1 || from.indexOf(',') != -1 ) {
+ throw new ServletModuleUserExc("email.error.invalidfromaddress", new String[] {from});
+ }
+
+ CacheKey theCacheKey=new CacheKey("email",aid+mail_language);
+ String theEmailText;
+
+ if (MirGlobal.mruCache().hasObject(theCacheKey)){
+ logger.info("fetching email text for article "+aid+" from cache");
+ theEmailText = (String) MirGlobal.mruCache().getObject(theCacheKey);
+ }
+ else {
+ EntityContent contentEnt;
+ try {
+ contentEnt = (EntityContent) contentModule.getById(aid);
+ StringWriter theEMailTextWriter = new StringWriter();
+ PrintWriter dest = new PrintWriter(theEMailTextWriter);
+ Map articleData = new HashMap();
+ articleData.put("article", MirGlobal.localizer().dataModel().adapterModel().makeEntityAdapter("content", contentEnt));
+ articleData.put("languagecode", mail_language);
+ deliver(dest, req, res, articleData, null, emailAnArticleTemplate, mail_language);
+ theEmailText = theEMailTextWriter.toString();
+ MirGlobal.mruCache().storeObject(theCacheKey, theEmailText);
+ }
+ catch (Throwable e) {
+ throw new ServletModuleFailure("Couldn't get content for article " + aid + mail_language + ": " + e.getMessage(), e);
+ }
+ }
+
+ String content = theEmailText;