001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * The contents of this file are subject to the terms of the Liferay Enterprise
005     * Subscription License ("License"). You may not use this file except in
006     * compliance with the License. You can obtain a copy of the License by
007     * contacting Liferay, Inc. See the License for the specific language governing
008     * permissions and limitations under the License, including but not limited to
009     * distribution rights of the Software.
010     *
011     *
012     *
013     */
014    
015    package com.liferay.portlet.xslcontent.action;
016    
017    import com.liferay.portal.kernel.portlet.DefaultConfigurationAction;
018    import com.liferay.portal.kernel.servlet.SessionErrors;
019    import com.liferay.portal.kernel.util.PropsKeys;
020    import com.liferay.portal.kernel.util.StringUtil;
021    import com.liferay.portal.kernel.util.WebKeys;
022    import com.liferay.portal.theme.ThemeDisplay;
023    import com.liferay.portal.util.PropsUtil;
024    import com.liferay.portlet.xslcontent.util.XSLContentUtil;
025    
026    import javax.portlet.ActionRequest;
027    import javax.portlet.ActionResponse;
028    import javax.portlet.PortletConfig;
029    
030    /**
031     * @author Brian Wing Shun Chan
032     * @author Hugo Huijser
033     * @author Samuel Kong
034     */
035    public class ConfigurationActionImpl extends DefaultConfigurationAction {
036    
037            @Override
038            public void processAction(
039                            PortletConfig portletConfig, ActionRequest actionRequest,
040                            ActionResponse actionResponse)
041                    throws Exception {
042    
043                    validateUrls(actionRequest);
044    
045                    super.processAction(portletConfig, actionRequest, actionResponse);
046            }
047    
048            protected String[] getValidUrlPrefixes(ThemeDisplay themeDisplay) {
049                    String validUrlPrefixes = PropsUtil.get(
050                            PropsKeys.XSL_CONTENT_VALID_URL_PREFIXES);
051    
052                    validUrlPrefixes = XSLContentUtil.replaceUrlTokens(
053                            themeDisplay, validUrlPrefixes);
054    
055                    return StringUtil.split(validUrlPrefixes);
056            }
057    
058            protected boolean hasValidUrlPrefix(String[] validUrlPrefixes, String url) {
059                    if (validUrlPrefixes.length == 0) {
060                            return true;
061                    }
062    
063                    for (String validUrlPrefix : validUrlPrefixes) {
064                            if (StringUtil.startsWith(url, validUrlPrefix)) {
065                                    return true;
066                            }
067                    }
068    
069                    return false;
070            }
071    
072            protected void validateUrls(ActionRequest actionRequest) {
073                    ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
074                            WebKeys.THEME_DISPLAY);
075    
076                    String[] validUrlPrefixes = getValidUrlPrefixes(themeDisplay);
077    
078                    String xmlUrl = getParameter(actionRequest, "xmlUrl");
079    
080                    xmlUrl = XSLContentUtil.replaceUrlTokens(themeDisplay, xmlUrl);
081    
082                    if (!hasValidUrlPrefix(validUrlPrefixes, xmlUrl)) {
083                            SessionErrors.add(actionRequest, "xmlUrl");
084                    }
085    
086                    String xslUrl = getParameter(actionRequest, "xslUrl");
087    
088                    xslUrl = XSLContentUtil.replaceUrlTokens(themeDisplay, xslUrl);
089    
090                    if (!hasValidUrlPrefix(validUrlPrefixes, xslUrl)) {
091                            SessionErrors.add(actionRequest, "xslUrl");
092                    }
093            }
094    
095    }