001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portlet.xslcontent.action;
016    
017    import com.liferay.portal.kernel.portlet.DefaultConfigurationAction;
018    import com.liferay.portal.kernel.servlet.SessionErrors;
019    import com.liferay.portal.kernel.util.PropsKeys;
020    import com.liferay.portal.kernel.util.StringUtil;
021    import com.liferay.portal.kernel.util.WebKeys;
022    import com.liferay.portal.theme.ThemeDisplay;
023    import com.liferay.portal.util.PropsUtil;
024    import com.liferay.portlet.xslcontent.util.XSLContentUtil;
025    
026    import javax.portlet.ActionRequest;
027    import javax.portlet.ActionResponse;
028    import javax.portlet.PortletConfig;
029    
030    /**
031     * @author Brian Wing Shun Chan
032     * @author Hugo Huijser
033     * @author Samuel Kong
034     */
035    public class ConfigurationActionImpl extends DefaultConfigurationAction {
036    
037            @Override
038            public void processAction(
039                            PortletConfig portletConfig, ActionRequest actionRequest,
040                            ActionResponse actionResponse)
041                    throws Exception {
042    
043                    validateUrls(actionRequest);
044    
045                    super.processAction(portletConfig, actionRequest, actionResponse);
046            }
047    
048            protected String[] getValidUrlPrefixes(ThemeDisplay themeDisplay) {
049                    String validUrlPrefixes = PropsUtil.get(
050                            PropsKeys.XSL_CONTENT_VALID_URL_PREFIXES);
051    
052                    validUrlPrefixes = XSLContentUtil.replaceUrlTokens(
053                            themeDisplay, validUrlPrefixes);
054    
055                    return StringUtil.split(validUrlPrefixes);
056            }
057    
058            protected boolean hasValidUrlPrefix(String[] validUrlPrefixes, String url) {
059                    if (validUrlPrefixes.length == 0) {
060                            return true;
061                    }
062    
063                    for (String validUrlPrefix : validUrlPrefixes) {
064                            if (StringUtil.startsWith(url, validUrlPrefix)) {
065                                    return true;
066                            }
067                    }
068    
069                    return false;
070            }
071    
072            protected void validateUrls(ActionRequest actionRequest) {
073                    ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
074                            WebKeys.THEME_DISPLAY);
075    
076                    String[] validUrlPrefixes = getValidUrlPrefixes(themeDisplay);
077    
078                    String xmlUrl = getParameter(actionRequest, "xmlUrl");
079    
080                    xmlUrl = XSLContentUtil.replaceUrlTokens(themeDisplay, xmlUrl);
081    
082                    if (!hasValidUrlPrefix(validUrlPrefixes, xmlUrl)) {
083                            SessionErrors.add(actionRequest, "xmlUrl");
084                    }
085    
086                    String xslUrl = getParameter(actionRequest, "xslUrl");
087    
088                    xslUrl = XSLContentUtil.replaceUrlTokens(themeDisplay, xslUrl);
089    
090                    if (!hasValidUrlPrefix(validUrlPrefixes, xslUrl)) {
091                            SessionErrors.add(actionRequest, "xslUrl");
092                    }
093            }
094    
095    }