001    /**
002     * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.kernel.sanitizer;
016    
017    import com.liferay.portal.kernel.security.pacl.permission.PortalRuntimePermission;
018    import com.liferay.portal.kernel.util.StreamUtil;
019    import com.liferay.registry.collections.ServiceTrackerCollections;
020    import com.liferay.registry.collections.ServiceTrackerList;
021    
022    import java.io.ByteArrayInputStream;
023    import java.io.ByteArrayOutputStream;
024    import java.io.IOException;
025    import java.io.InputStream;
026    import java.io.OutputStream;
027    
028    import java.util.Map;
029    
030    /**
031     * @author Zsolt Balogh
032     * @author Brian Wing Shun Chan
033     */
034    public class SanitizerUtil {
035    
036            /**
037             * @deprecated As of 7.0.0, with no direct replacement
038             */
039            @Deprecated
040            public static Sanitizer getSanitizer() {
041                    return null;
042            }
043    
044            /**
045             * @deprecated As of 7.0.0, replaced by {@link #sanitize(long, long, long,
046             *             String, long, String, String)}
047             */
048            @Deprecated
049            public static byte[] sanitize(
050                            long companyId, long groupId, long userId, String className,
051                            long classPK, String contentType, byte[] bytes)
052                    throws SanitizerException {
053    
054                    return sanitize(
055                            companyId, groupId, userId, className, classPK, contentType,
056                            Sanitizer.MODE_ALL, bytes, null);
057            }
058    
059            /**
060             * @deprecated As of 7.0.0, replaced by {@link #sanitize(long, long, long,
061             *             String, long, String, String)}
062             */
063            @Deprecated
064            public static void sanitize(
065                            long companyId, long groupId, long userId, String className,
066                            long classPK, String contentType, InputStream inputStream,
067                            OutputStream outputStream)
068                    throws SanitizerException {
069    
070                    sanitize(
071                            companyId, groupId, userId, className, classPK, contentType,
072                            Sanitizer.MODE_ALL, inputStream, outputStream, null);
073            }
074    
075            public static String sanitize(
076                            long companyId, long groupId, long userId, String className,
077                            long classPK, String contentType, String content)
078                    throws SanitizerException {
079    
080                    return sanitize(
081                            companyId, groupId, userId, className, classPK, contentType,
082                            Sanitizer.MODE_ALL, content, null);
083            }
084    
085            /**
086             * @deprecated As of 7.0.0, replaced by {@link #sanitize(long, long, long,
087             *             String, long, String, String, String, Map)}
088             */
089            @Deprecated
090            public static byte[] sanitize(
091                            long companyId, long groupId, long userId, String className,
092                            long classPK, String contentType, String mode, byte[] bytes,
093                            Map<String, Object> options)
094                    throws SanitizerException {
095    
096                    return sanitize(
097                            companyId, groupId, userId, className, classPK, contentType,
098                            new String[] {mode}, bytes, options);
099            }
100    
101            /**
102             * @deprecated As of 7.0.0, replaced by {@link #sanitize(long, long, long,
103             *             String, long, String, String, String, Map)}
104             */
105            @Deprecated
106            public static void sanitize(
107                            long companyId, long groupId, long userId, String className,
108                            long classPK, String contentType, String mode,
109                            InputStream inputStream, OutputStream outputStream,
110                            Map<String, Object> options)
111                    throws SanitizerException {
112    
113                    sanitize(
114                            companyId, groupId, userId, className, classPK, contentType,
115                            new String[] {mode}, inputStream, outputStream, options);
116            }
117    
118            public static String sanitize(
119                            long companyId, long groupId, long userId, String className,
120                            long classPK, String contentType, String mode, String s,
121                            Map<String, Object> options)
122                    throws SanitizerException {
123    
124                    return sanitize(
125                            companyId, groupId, userId, className, classPK, contentType,
126                            new String[] {mode}, s, options);
127            }
128    
129            /**
130             * @deprecated As of 7.0.0, replaced by {@link #sanitize(long, long, long,
131             *             String, long, String, String[], String, Map)}
132             */
133            @Deprecated
134            public static byte[] sanitize(
135                            long companyId, long groupId, long userId, String className,
136                            long classPK, String contentType, String[] modes, byte[] bytes,
137                            Map<String, Object> options)
138                    throws SanitizerException {
139    
140                    PortalRuntimePermission.checkGetBeanProperty(SanitizerUtil.class);
141    
142                    for (Sanitizer sanitizer : _sanitizers) {
143                            bytes = sanitizer.sanitize(
144                                    companyId, groupId, userId, className, classPK, contentType,
145                                    modes, bytes, options);
146                    }
147    
148                    return bytes;
149            }
150    
151            /**
152             * @deprecated As of 7.0.0, replaced by {@link #sanitize(long, long, long,
153             *             String, long, String, String[], String, Map)}
154             */
155            @Deprecated
156            public static void sanitize(
157                            long companyId, long groupId, long userId, String className,
158                            long classPK, String contentType, String[] modes,
159                            InputStream inputStream, OutputStream outputStream,
160                            Map<String, Object> options)
161                    throws SanitizerException {
162    
163                    PortalRuntimePermission.checkGetBeanProperty(SanitizerUtil.class);
164    
165                    ByteArrayOutputStream byteArrayOutputStream =
166                            new ByteArrayOutputStream();
167    
168                    for (Sanitizer sanitizer : _sanitizers) {
169                            sanitizer.sanitize(
170                                    companyId, groupId, userId, className, classPK, contentType,
171                                    modes, inputStream, byteArrayOutputStream, options);
172    
173                            inputStream = new ByteArrayInputStream(
174                                    byteArrayOutputStream.toByteArray());
175    
176                            byteArrayOutputStream.reset();
177                    }
178    
179                    try {
180                            StreamUtil.transfer(inputStream, outputStream);
181                    }
182                    catch (IOException ioe) {
183                            throw new SanitizerException(ioe);
184                    }
185            }
186    
187            public static String sanitize(
188                            long companyId, long groupId, long userId, String className,
189                            long classPK, String contentType, String[] modes, String content,
190                            Map<String, Object> options)
191                    throws SanitizerException {
192    
193                    PortalRuntimePermission.checkGetBeanProperty(SanitizerUtil.class);
194    
195                    for (Sanitizer sanitizer : _sanitizers) {
196                            content = sanitizer.sanitize(
197                                    companyId, groupId, userId, className, classPK, contentType,
198                                    modes, content, options);
199                    }
200    
201                    return content;
202            }
203    
204            /**
205             * @deprecated As of 7.0.0, with no direct replacement
206             */
207            @Deprecated
208            public void setSanitizer(Sanitizer sanitizer) {
209            }
210    
211            private static final ServiceTrackerList<Sanitizer> _sanitizers =
212                    ServiceTrackerCollections.openList(Sanitizer.class);
213    
214    }