1 2 package org.roller.presentation.website.actions; 3 4 import java.io.IOException ; 5 import java.io.InputStream ; 6 import java.util.Iterator ; 7 8 import javax.servlet.ServletContext ; 9 import javax.servlet.ServletException ; 10 import javax.servlet.http.HttpServletRequest ; 11 import javax.servlet.http.HttpServletResponse ; 12 13 import org.apache.commons.logging.Log; 14 import org.apache.commons.logging.LogFactory; 15 import org.apache.struts.action.ActionError; 16 import org.apache.struts.action.ActionErrors; 17 import org.apache.struts.action.ActionForm; 18 import org.apache.struts.action.ActionForward; 19 import org.apache.struts.action.ActionMapping; 20 import org.apache.struts.actions.DispatchAction; 21 import org.apache.struts.upload.FormFile; 22 import org.roller.RollerException; 23 import org.roller.config.RollerRuntimeConfig; 24 import org.roller.model.FileManager; 25 import org.roller.pojos.UserData; 26 import org.roller.pojos.WebsiteData; 27 import org.roller.presentation.RollerRequest; 28 import org.roller.presentation.website.formbeans.UploadFileForm; 29 import org.roller.util.RollerMessages; 30 31 32 39 public final class UploadFileFormAction extends DispatchAction 40 { 41 private static Log mLogger = 42 LogFactory.getFactory().getInstance(UploadFileFormAction.class); 43 44 47 public ActionForward upload( 48 ActionMapping mapping, 49 ActionForm actionForm, 50 HttpServletRequest request, 51 HttpServletResponse response) 52 throws IOException , ServletException 53 { 54 RollerRequest rreq = null; 55 ActionForward fwd = mapping.findForward("uploadFiles.page"); 56 UserData user = null; 57 WebsiteData website = null; 58 RollerMessages msgs = new RollerMessages(); 59 try 60 { 61 rreq = RollerRequest.getRollerRequest(request); 62 if ( !rreq.isUserAuthorizedToEdit() ) 63 { 64 return mapping.findForward("access-denied"); 65 } 66 website = rreq.getWebsite(); 67 user = website.getUser(); 68 } 69 catch (Exception e) 70 { 71 mLogger.warn("Unable to find user."); 72 return fwd; 73 } 74 75 ActionErrors errors = new ActionErrors(); 76 UploadFileForm theForm = (UploadFileForm)actionForm; 77 if ( theForm.getUploadedFile() != null ) 78 { 79 ServletContext app = servlet.getServletConfig().getServletContext(); 80 81 boolean uploadEnabled = 82 RollerRuntimeConfig.getBooleanProperty("uploads.enabled"); 83 84 if ( !uploadEnabled ) 85 { 86 errors.add(ActionErrors.GLOBAL_ERROR, 87 new ActionError("error.upload.disabled", "")); 88 saveErrors(request, errors); 89 return fwd; 90 } 91 92 String encoding = request.getCharacterEncoding(); 95 if ((encoding != null) && (encoding.equalsIgnoreCase("utf-8"))) 96 { 97 response.setContentType("text/html; charset=utf-8"); 98 } 99 100 FormFile[] files = new FormFile[]{theForm.getUploadedFile()}; 103 int fileSize = 0; 104 try 105 { 106 for (int i=0; i<files.length; i++) 107 { 108 if (files[i] == null) continue; 109 110 String fileName= files[i].getFileName(); 112 int terminated = fileName.indexOf("\000"); 113 if (terminated != -1) 114 { 115 fileName = fileName.substring(0, terminated).trim(); 117 } 118 119 fileSize = files[i].getFileSize(); 120 121 FileManager fmgr = rreq.getRoller().getFileManager(); 123 if (fmgr.canSave(website, fileName, fileSize, msgs)) 124 { 125 InputStream stream = files[i].getInputStream(); 126 fmgr.saveFile(website, fileName, fileSize, stream); 127 } 128 129 files[i].destroy(); 131 } 132 } 133 catch (Exception e) 134 { 135 errors.add(ActionErrors.GLOBAL_ERROR, 136 new ActionError("error.upload.file",e.toString())); 137 } 138 } 139 Iterator iter = msgs.getErrors(); 140 while (iter.hasNext()) 141 { 142 RollerMessages.RollerMessage error = 143 (RollerMessages.RollerMessage) iter.next(); 144 errors.add(ActionErrors.GLOBAL_ERROR, 145 new ActionError(error.getKey(), error.getArgs())); 146 } 147 saveErrors(request, errors); 148 return fwd; 149 } 150 151 154 public ActionForward delete( 155 ActionMapping mapping, 156 ActionForm actionForm, 157 HttpServletRequest request, 158 HttpServletResponse response) 159 throws IOException , ServletException 160 { 161 ActionErrors errors = new ActionErrors(); 162 UploadFileForm theForm = (UploadFileForm)actionForm; 163 ActionForward fwd = mapping.findForward("uploadFiles.page"); 164 RollerRequest rreq = RollerRequest.getRollerRequest(request); 165 try 166 { 167 FileManager fmgr = rreq.getRoller().getFileManager(); 168 WebsiteData website = rreq.getWebsite(); 169 String [] deleteFiles = theForm.getDeleteFiles(); 170 for (int i=0; i<deleteFiles.length; i++) 171 { 172 if ( deleteFiles[i].trim().startsWith("/") 173 || deleteFiles[i].trim().startsWith("\\") 174 || deleteFiles[i].indexOf("..") != -1) 175 { 176 } 178 else 179 { 180 fmgr.deleteFile(website, deleteFiles[i]); 181 } 182 } 183 } 184 catch (Exception e) 185 { 186 errors.add(ActionErrors.GLOBAL_ERROR, 187 new ActionError("error.upload.file",e.toString())); 188 saveErrors(request,errors); 189 } 190 return fwd; 191 } 192 193 194 197 public ActionForward unspecified( 198 ActionMapping mapping, 199 ActionForm actionForm, 200 HttpServletRequest request, 201 HttpServletResponse response) 202 throws IOException , ServletException 203 { 204 try 205 { 206 RollerRequest rreq = RollerRequest.getRollerRequest(request); 207 if ( !rreq.isUserAuthorizedToEdit() ) 208 { 209 return mapping.findForward("access-denied"); 210 } 211 } 212 catch (RollerException re) 213 { 214 mLogger.error("Unexpected exception",re.getRootCause()); 215 throw new ServletException (re); 216 } 217 return mapping.findForward("uploadFiles.page"); 218 } 219 220 } 221 222 | Popular Tags |