import mir.util.IORoutines;
import mircoders.global.MirGlobal;
import mircoders.media.UnsupportedMediaTypeExc;
+import mircoders.localizer.MirOpenPostingLocalizer;
import java.io.*;
import java.util.*;
protected MirPropertiesConfiguration configuration = MirPropertiesConfiguration.instance();
/** Previously uploaded files */
- protected List attachments;
+ protected final List attachments = new ArrayList();
/** counter to generate unique field names for uploaded files */
protected int uploadedFileIndex = 0;
private boolean persistentUploadedFiles;
public MirBasicPostingSessionHandler(boolean aPersistentUploadedFiles) {
- attachments = new ArrayList();
persistentUploadedFiles = aPersistentUploadedFiles;
}
processAttachmentError(aRequest, aSession, attachment, t);
}
catch (Throwable u) {
+ logger.error("Error while processing attachment error", u);
}
logger.error("Error while processing attachment", t);
}
* when an older session gets re-initiated after a session timeout.
*/
protected void initializeSession(Request aRequest, Session aSession) throws SessionExc, SessionFailure {
- if (MirGlobal.abuse().getOpenPostingPassword()) {
- String password = (String) aSession.getAttribute("password");
- if (password==null) {
- password = generateOnetimePassword();
- aSession.setAttribute("password", password);
- }
- }
- else {
- aSession.deleteAttribute("password");
- }
-
aSession.setAttribute("referer", aRequest.getHeader("Referer"));
}
nrMediaItems = Math.min(configuration.getInt("ServletModule.OpenIndy.MaxMediaUploadItems"), Integer.parseInt(aRequest.getParameter("nrmediaitems")));
}
catch (Throwable t) {
+ logger.warn("Error while retrieving configuration setting " +
+ "ServletModule.OpenIndy.MaxMediaUploadItems", t);
}
aSession.setAttribute("nrmediaitems", new Integer(nrMediaItems));
aResponse.setResponseValue("nrmediaitems", new Integer(nrMediaItems));
aResponse.setResponseValue("mediaitems", mediaItems);
- aResponse.setResponseValue("password", aSession.getAttribute("password"));
+
+ if (MirGlobal.abuse().getRequireCaptcha()) {
+ aResponse.setResponseValue("password", Boolean.TRUE);
+ }
aResponse.setResponseValue("referer", aSession.getAttribute("referer"));
aResponse.setResponseValue("errors", null);
* store data, etc
*/
protected boolean shouldProcessRequest(Request aRequest, Session aSession, List aValidationErrors) throws SessionExc, SessionFailure {
- if (aRequest.getParameter("post")==null)
+ if (aRequest.getParameter("post")==null) {
return false;
- validate(aValidationErrors, aRequest, aSession);
- return (aValidationErrors == null || aValidationErrors.size() == 0);
+ }
+ validate(aValidationErrors, aRequest, aSession);
+
+ return (aValidationErrors == null || aValidationErrors.size() == 0);
}
/**
* <code>aResults</code> is empty.
*/
protected void validate(List aResults, Request aRequest, Session aSession) throws SessionExc, SessionFailure {
- String password = (String) aSession.getAttribute("password");
-
- if (password!=null) {
- String submittedPassword= aRequest.getParameter("password").trim();
+ if (MirGlobal.abuse().getRequireCaptcha()) {
+ String submittedPassword = aRequest.getParameter("password");
+ MirOpenPostingLocalizer.Captcha captcha = (MirOpenPostingLocalizer.Captcha) aSession.getAttribute("captcha");
- if (!password.equals(submittedPassword)) {
- aResults.add(new ValidationError("password", "passwordmismatch"));
+ if (captcha == null || !captcha.validateAnswer(submittedPassword)) {
+ aResults.add(new ValidationError("password", "validationerror.passwordmismatch"));
}
}
}
- /**
- * Method to generate a one-time password
- *
- * @return a password, to be used once
- */
- protected String generateOnetimePassword() {
- Random r = new Random();
- int random = r.nextInt();
-
- long l = System.currentTimeMillis();
-
- l = (l*l*l*l)/random;
- if (l<0)
- l = l * -1;
-
- String returnString = ""+l;
-
- return returnString.substring(5);
- }
/**
* Method to filter the attributes and their values of a request
* based on the fields of a database object.
*/
- protected static final Map getIntersectingValues(Request aRequest, Database aStorage) throws SessionFailure {
+ protected static Map getIntersectingValues(Request aRequest, Database aStorage) throws SessionFailure {
Map result = new HashMap();
Iterator i = aStorage.getFieldNames().iterator();