1 64 65 package com.jcorporate.expresso.core.security.filters; 66 67 import com.jcorporate.expresso.core.controller.ControllerRequest; 68 import com.jcorporate.expresso.core.controller.ServletControllerRequest; 69 import com.jcorporate.expresso.core.db.DBConnection; 70 import com.jcorporate.expresso.core.misc.StringUtil; 71 import com.jcorporate.expresso.services.dbobj.Setup; 72 73 import javax.servlet.http.HttpServletRequest ; 74 75 82 public class HtmlPlusURLFilter 83 extends HtmlFilter { 84 85 public static final String [] URL_TYPES = { 87 "http://", "https://", "ftp://", "mailto:", "news:" 88 }; 89 90 public static final String [] URL_INFORMAL_PREFIXES = { 92 "www.", "www2." 93 }; 94 95 98 public static final String MAX_CHARS_IN_URL_LABEL = "MaxCharsURL_Label"; 99 100 101 104 public HtmlPlusURLFilter() 105 throws IllegalArgumentException { 106 } 107 108 114 public HtmlPlusURLFilter(String [] specialStringList, String [] replaceList) 115 throws IllegalArgumentException { 116 super(specialStringList, replaceList); 117 } 118 119 129 public String standardFilter(String data) { 130 String result = super.standardFilter(data); 131 132 return insertHrefTags(result); 133 } 134 135 136 145 public static String addHttpPrefixIfNeeded(String url) { 146 if (StringUtil.isBlankOrNull(url)) { 147 return url; 148 } 149 String validUrl = url; 150 if (!hasValidUrlPrefix(url)) { 151 validUrl = "http://" + url; 152 } 153 return validUrl; 154 } 155 156 162 public static boolean hasValidUrlPrefix(String url) { 163 boolean valid = false; 164 for (int i = 0; i < URL_TYPES.length; i++) { 165 if (url.startsWith(URL_TYPES[i])) { 166 valid = true; 167 } 168 } 169 return valid; 170 } 171 172 181 public static boolean isValidUrl(String url) { 182 if (StringUtil.isBlankOrNull(url)) { 183 return false; 184 } 185 if (!hasValidUrlPrefix(url)) { 186 return false; 187 } 188 int dotIndex = url.indexOf("."); 190 if (dotIndex < 0) { 191 return false; 192 } 193 String domain = url.substring(dotIndex); 194 if (domain.length() < 2) { 195 return false; 196 } 197 return true; 198 } 199 200 201 206 public static String getWebHostPort(ControllerRequest request) { 207 ServletControllerRequest sreq = (ServletControllerRequest) request; 208 HttpServletRequest hreq = (HttpServletRequest ) sreq.getServletRequest(); 209 String serverDomainName = hreq.getServerName(); 210 int serverPort = hreq.getServerPort(); 211 212 if (serverPort != 80) { 213 serverDomainName = serverDomainName + ":" + serverPort; 214 } 215 return serverDomainName; 216 } 217 218 224 public static String insertHrefTags(String s) { 225 boolean appendHttp = false; 226 String result = s; 227 228 int hIndex = -1; 229 for (int i = 0; i < URL_TYPES.length; i++) { 230 String urlType = URL_TYPES[i]; 231 hIndex = s.indexOf(urlType); 232 if (hIndex != -1) { 233 break; 234 } 235 } 236 237 if (hIndex == -1) { 238 for (int i = 0; i < URL_INFORMAL_PREFIXES.length; i++) { 239 String urlType = URL_INFORMAL_PREFIXES[i]; 240 hIndex = s.indexOf(urlType); 241 if (hIndex != -1) { 242 appendHttp = true; 243 break; 244 } 245 246 hIndex = s.indexOf(urlType.toUpperCase()); 247 if (hIndex != -1) { 248 appendHttp = true; 249 break; 250 } 251 } 252 253 } 254 255 if (hIndex >= 0) { 256 int endIndex = findEndOfHref(s, hIndex); 257 String href = s.substring(hIndex, endIndex); 258 259 href = StringUtil.replaceAll(href, "<", ""); 264 href = StringUtil.replaceAll(href, "<", ""); 265 href = StringUtil.replaceAll(href, "&lT;", ""); 266 href = StringUtil.replaceAll(href, "≪", ""); 267 href = StringUtil.replaceAll(href, "%3c", ""); 268 href = StringUtil.replaceAll(href, "%3C", ""); 269 270 StringBuffer link = new StringBuffer (); 271 link.append(" <a HREF=\""); 272 if (appendHttp) { 273 link.append("http://"); 274 } 275 link.append(href); 276 link.append("\" target=\"_blank\">"); 277 278 String max = Setup.getValueUnrequired(DBConnection.DEFAULT_DB_CONTEXT_NAME, MAX_CHARS_IN_URL_LABEL); 281 if (max != null) { 282 try { 283 int maxchars = Integer.parseInt(max); 284 if (href.length() > maxchars) { 285 link.append(href.substring(0, maxchars)); 286 link.append("…"); } else { 288 link.append(href); 289 } 290 } catch (Exception e) { 291 e.printStackTrace(); 292 } 293 } else { 294 link.append(href); 295 } 296 link.append("</a>"); 297 298 String linksBefore = ""; 299 String linksAfter = ""; 300 301 if (hIndex > 5) { 303 linksBefore = insertHrefTags(s.substring(0, hIndex)); 304 } 305 if (endIndex != s.length()) { 306 linksAfter = insertHrefTags(s.substring(endIndex)); 307 } 308 309 310 return linksBefore + link.toString() + linksAfter; 311 312 } else { 313 return result; 314 } 315 } 316 317 323 public static int findEndOfHref(String s, int start) { 324 char[] chars = s.toCharArray(); 325 int end = s.length(); 326 327 for (int i = start; i < end; i++) { 328 char c = chars[i]; 329 330 if (Character.isLetterOrDigit(c)) { 331 continue; 332 } 333 334 341 switch (c) { case '.': 343 case ',': 344 case ')': 345 case '(': 346 case '@': 347 case '?': 348 case '&': 349 case '=': 350 case '-': 351 case '_': 352 case '/': 353 case '#': 354 case ':': 355 case '~': 356 case '+': 357 case ';': 358 case '!': 359 case '*': 360 case '\'': 361 case '$': 362 continue; 364 case '%': 365 if ((i < (end - 2)) && (isSafeURLEncoding(chars[i + 1], chars[i + 2]))) { 369 continue; 370 } else { 371 return i; } 373 374 default: 375 return i; } 377 } 378 return end; 379 } 380 381 406 private static boolean isSafeURLEncoding(char c1, char c2) { 407 String [] allowedEncodings = {"20", "21", "22", "23", "24", "25", 408 "26", "2A", "2B", "2C", "2D", "2E", "2F", 409 "3A", "3B", "3D", "3F", "40", "7C", 410 "5C", "7E"}; 411 412 String encodedCharStr = String.valueOf(c1) + String.valueOf(c2); 413 414 for (int i = 0; i < allowedEncodings.length; i++) { 416 if (encodedCharStr.startsWith(allowedEncodings[i])) { 417 return true; 418 } 419 } 420 return false; 422 } 423 } | Popular Tags |