* appropriate media objects are set.
*
* @author mh
- * @version $Id: MediaRequest.java,v 1.8 2002/11/29 06:38:27 mh Exp $
+ * @version $Id: MediaRequest.java,v 1.11 2002/12/23 03:38:32 mh Exp $
*
*/
contentType = "text/plain"; // rfc1867 says this is the default
}
//theLog.printInfo("CONTENT TYPE IS: "+contentType);
-
+
if (contentType.equals("text/plain") ||
contentType.equals("application/octet-stream")) {
_throwBadContentType(fileName, contentType);
}
+ // call the routines that escape html
+ for (Iterator i=mediaValues.keySet().iterator(); i.hasNext(); ){
+ String k=(String)i.next();
+ String v=(String)mediaValues.get(k);
+
+ if (k.equals("description")) {
+ String tmp = StringUtil.deleteForbiddenTags(v);
+ mediaValues.put(k,StringUtil.deleteHTMLTableTags(tmp));
+ } else {
+ //we don't want people fucking with the author/title, etc..
+ mediaValues.put(k,StringUtil.removeHTMLTags(v));
+ }
+
+ }
+
String mediaTitle = (String)mediaValues.get("media_title"+fileNum);
if ( (mediaTitle == null) || (mediaTitle.length() == 0)) {
// uncomment the next line and comment out the exception throw
throw new FileHandlerUserException("Missing field: media title "+mediaTitle+fileNum);
}
- // TODO: need to add all the extra fields that can be present in the
+ // TODO: need to add all the extra fields that can be present in the
// admin upload form. -mh
mediaValues.put("title", mediaTitle);
mediaValues.put("date", StringUtil.date2webdbDate(
new GregorianCalendar()));
mediaValues.put("to_publisher", _user);
//mediaValues.put("to_media_folder", "7"); // op media_folder
- mediaValues.put("is_produced", "0");
+ mediaValues.put("is_produced", "0");
// icky backwards compatibility code -mh
if (_publish == true) {
- mediaValues.put("is_published", "1");
+ mediaValues.put("is_published", "1");
} else {
if (!mediaValues.containsKey("is_published"))
mediaValues.put("is_published", "0");
Entity mediaType = null;
Entity mediaType2 = null;
-
+
// find out if we an exact content-type match if so take it.
// otherwise try to match majortype/*
// @todo this should probably be moved to DatabaseMediaType -mh
mediaHandler = MediaHelper.getHandler(mediaType);
mediaStorage = MediaHelper.getStorage(mediaType,
"mircoders.storage.Database");
- } catch (MirMediaException e) {
- throw new FileHandlerException (e.getMsg());
+ }
+ catch (MirMediaException e) {
+ throw new FileHandlerException (e.getMessage());
}
mediaValues.put("to_media_type",mediaTypeId);
} catch (Exception e) {
throw new FileHandlerException("Error in MediaRequest: "+e.toString());
}
-
+
mediaEnt.setStorage(mediaStorage);
mediaEnt.setValues(mediaValues);
mediaId = mediaEnt.insert();
//save and store the media data/metadata
try {
mediaHandler.set(filePart.getInputStream(), mediaEnt, mediaType);
- } catch (MirMediaException e) {
- throw new FileHandlerException(e.getMsg());
+ }
+ catch (MirMediaException e) {
+ e.printStackTrace(System.out);
+ throw new FileHandlerException(e.getMessage());
}
try {
if (_produce == true )
}
_returnList.add(mediaEnt);
- } catch (StorageObjectException e) {
+ }
+ catch (StorageObjectException e) {
// first try to delete it.. don't catch exception as we've already..
try { mediaStorage.delete(mediaId); } catch (Exception e2) {}
throw new FileHandlerException("error in MediaRequest: "+e.toString());