* appropriate media objects are set.
*
* @author mh
- * @version $Id: MediaRequest.java,v 1.5 2002/11/25 10:10:10 john Exp $
+ * @version $Id: MediaRequest.java,v 1.11 2002/12/23 03:38:32 mh Exp $
*
*/
contentType = "text/plain"; // rfc1867 says this is the default
}
//theLog.printInfo("CONTENT TYPE IS: "+contentType);
-
+
if (contentType.equals("text/plain") ||
contentType.equals("application/octet-stream")) {
_throwBadContentType(fileName, contentType);
}
+ // call the routines that escape html
+ for (Iterator i=mediaValues.keySet().iterator(); i.hasNext(); ){
+ String k=(String)i.next();
+ String v=(String)mediaValues.get(k);
+
+ if (k.equals("description")) {
+ String tmp = StringUtil.deleteForbiddenTags(v);
+ mediaValues.put(k,StringUtil.deleteHTMLTableTags(tmp));
+ } else {
+ //we don't want people fucking with the author/title, etc..
+ mediaValues.put(k,StringUtil.removeHTMLTags(v));
+ }
+
+ }
+
String mediaTitle = (String)mediaValues.get("media_title"+fileNum);
- if ( (mediaTitle == null) || (mediaTitle.length() == 0))
- // uncomment the next line and comment out the exception throw
- // if you'd rather just assign missing media titles automatically
+ if ( (mediaTitle == null) || (mediaTitle.length() == 0)) {
+ // uncomment the next line and comment out the exception throw
+ // if you'd rather just assign missing media titles automatically
// mediaTitle="media item "+fileNum;
- throw new FileHandlerUserException("Missing field: media title "+mediaTitle+fileNum);
+ throw new FileHandlerUserException("Missing field: media title "+mediaTitle+fileNum);
+ }
- // TODO: need to add all the extra fields that can be present in the
+ // TODO: need to add all the extra fields that can be present in the
// admin upload form. -mh
mediaValues.put("title", mediaTitle);
mediaValues.put("date", StringUtil.date2webdbDate(
new GregorianCalendar()));
mediaValues.put("to_publisher", _user);
//mediaValues.put("to_media_folder", "7"); // op media_folder
- mediaValues.put("is_produced", "0");
+ mediaValues.put("is_produced", "0");
// icky backwards compatibility code -mh
if (_publish == true) {
- mediaValues.put("is_published", "1");
+ mediaValues.put("is_published", "1");
} else {
if (!mediaValues.containsKey("is_published"))
mediaValues.put("is_published", "0");
Entity mediaType = null;
Entity mediaType2 = null;
-
+
// find out if we an exact content-type match if so take it.
// otherwise try to match majortype/*
// @todo this should probably be moved to DatabaseMediaType -mh
mediaHandler = MediaHelper.getHandler(mediaType);
mediaStorage = MediaHelper.getStorage(mediaType,
"mircoders.storage.Database");
- } catch (MirMediaException e) {
- throw new FileHandlerException (e.getMsg());
+ }
+ catch (MirMediaException e) {
+ throw new FileHandlerException (e.getMessage());
}
mediaValues.put("to_media_type",mediaTypeId);
} catch (Exception e) {
throw new FileHandlerException("Error in MediaRequest: "+e.toString());
}
-
+
mediaEnt.setStorage(mediaStorage);
mediaEnt.setValues(mediaValues);
mediaId = mediaEnt.insert();
- //try {
- // File f = null;
- // f = new File("/tmp/img.jpg");
- // File dir = new File(f.getParent());
- // dir.mkdirs();
-
- // FileOutputStream out = new FileOutputStream(f);
- // System.out.println("WRITE");
- // filePart.writeTo(out);
- // out.close();
- //} catch (Exception e) {System.out.println("EE "+e.toString());}
-
-
- //mir.misc.FileUtil.write("/tmp/img.jpg", filePart.getInputStream());
//save and store the media data/metadata
try {
mediaHandler.set(filePart.getInputStream(), mediaEnt, mediaType);
- } catch (MirMediaException e) {
- throw new FileHandlerException(e.getMsg());
+ }
+ catch (MirMediaException e) {
+ e.printStackTrace(System.out);
+ throw new FileHandlerException(e.getMessage());
}
try {
if (_produce == true )
}
_returnList.add(mediaEnt);
- } catch (StorageObjectException e) {
+ }
+ catch (StorageObjectException e) {
// first try to delete it.. don't catch exception as we've already..
try { mediaStorage.delete(mediaId); } catch (Exception e2) {}
throw new FileHandlerException("error in MediaRequest: "+e.toString());