001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * The contents of this file are subject to the terms of the Liferay Enterprise
005     * Subscription License ("License"). You may not use this file except in
006     * compliance with the License. You can obtain a copy of the License by
007     * contacting Liferay, Inc. See the License for the specific language governing
008     * permissions and limitations under the License, including but not limited to
009     * distribution rights of the Software.
010     *
011     *
012     *
013     */
014    
015    package com.liferay.portlet.xslcontent.action;
016    
017    import com.liferay.portal.kernel.portlet.DefaultConfigurationAction;
018    import com.liferay.portal.kernel.servlet.SessionErrors;
019    import com.liferay.portal.kernel.util.ArrayUtil;
020    import com.liferay.portal.kernel.util.StringUtil;
021    import com.liferay.portal.kernel.util.WebKeys;
022    import com.liferay.portal.theme.ThemeDisplay;
023    
024    import java.net.MalformedURLException;
025    import java.net.URL;
026    
027    import javax.portlet.ActionRequest;
028    import javax.portlet.ActionResponse;
029    import javax.portlet.PortletConfig;
030    
031    /**
032     * @author Brian Wing Shun Chan
033     * @author Hugo Huijser
034     */
035    public class ConfigurationActionImpl extends DefaultConfigurationAction {
036    
037            @Override
038            public void processAction(
039                            PortletConfig portletConfig, ActionRequest actionRequest,
040                            ActionResponse actionResponse)
041                    throws Exception {
042    
043                    validateUrls(actionRequest);
044    
045                    super.processAction(portletConfig, actionRequest, actionResponse);
046            }
047    
048            protected boolean hasAllowedProtocol(String xmlURL) {
049                    try {
050                            URL url = new URL(xmlURL);
051    
052                            String protocol = url.getProtocol();
053    
054                            if (ArrayUtil.contains(_PROTOCOLS, protocol)) {
055                                    return true;
056                            }
057                    }
058                    catch (MalformedURLException murle) {
059                            return false;
060                    }
061    
062                    return false;
063            }
064    
065            protected void validateUrls(ActionRequest actionRequest) {
066                    ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
067                            WebKeys.THEME_DISPLAY);
068    
069                    String xmlUrl = getParameter(actionRequest, "xmlUrl");
070    
071                    xmlUrl = StringUtil.replace(
072                            xmlUrl, "@portal_url@", themeDisplay.getPortalURL());
073    
074                    if (!hasAllowedProtocol(xmlUrl)) {
075                            SessionErrors.add(actionRequest, "xmlUrl");
076                    }
077    
078                    String xslUrl = getParameter(actionRequest, "xslUrl");
079    
080                    xslUrl = StringUtil.replace(
081                            xslUrl, "@portal_url@", themeDisplay.getPortalURL());
082    
083                    if (!hasAllowedProtocol(xslUrl)) {
084                            SessionErrors.add(actionRequest, "xslUrl");
085                    }
086            }
087    
088            private static final String[] _PROTOCOLS = {"http", "https"};
089    
090    }