Index: lams_central/conf/security/Owasp.CsrfGuard.properties
===================================================================
diff -u -r2eb3170d6501ff5206577dcaa8881209033c1f49 -r1beaa4cc5e224dd433297d543c5511234c0bfc10
--- lams_central/conf/security/Owasp.CsrfGuard.properties (.../Owasp.CsrfGuard.properties) (revision 2eb3170d6501ff5206577dcaa8881209033c1f49)
+++ lams_central/conf/security/Owasp.CsrfGuard.properties (.../Owasp.CsrfGuard.properties) (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -7,8 +7,23 @@
# Each key goes into a separate line prefixed with org.owasp.csrfguard.protected.
# A key suffix must not contain a dot "." character
org.owasp.csrfguard.protected.centralSaveUserProfile=/lams/saveprofile.do
+
+org.owasp.csrfguard.protected.assessmentSubmissionDeadline=/lams/tool/laasse10/monitoring/setSubmissionDeadline.do
+org.owasp.csrfguard.protected.chatSubmissionDeadline=/lams/tool/lachat11/monitoring/setSubmissionDeadline.do
org.owasp.csrfguard.protected.forumAuthoringSave=/lams/tool/lafrum11/authoring/update.do
+org.owasp.csrfguard.protected.forumSubmissionDeadline=/lams/tool/lafrum11/monitoring/setSubmissionDeadline.do
+org.owasp.csrfguard.protected.lamcSubmissionDeadline=/lams/tool/lamc11/monitoring/setSubmissionDeadline.do
+org.owasp.csrfguard.protected.laqaSubmissionDeadline=/lams/tool/laqa11/monitoring/setSubmissionDeadline.do
+org.owasp.csrfguard.protected.mindmapSubmissionDeadline=/lams/tool/lamind10/monitoring/setSubmissionDeadline.do
+org.owasp.csrfguard.protected.notebookSubmissionDeadline=/lams/tool/lantbk11/monitoring/setSubmissionDeadline.do
+org.owasp.csrfguard.protected.sbmtSubmissionDeadline=/lams/tool/lasbmt11/monitoring/setSubmissionDeadline.do
+org.owasp.csrfguard.protected.scratchieSubmissionDeadline=/lams/tool/lascrt11/monitoring/setSubmissionDeadline.do
+org.owasp.csrfguard.protected.surveySubmissionDeadline=/lams/tool/lasurv11/monitoring/setSubmissionDeadline.do
+org.owasp.csrfguard.protected.taskSubmissionDeadline=/lams/tool/latask10/monitoring/setSubmissionDeadline.do
+org.owasp.csrfguard.protected.voteSubmissionDeadline=/lams/tool/lavote11/monitoring/setSubmissionDeadline.do
+org.owasp.csrfguard.protected.wikiSubmissionDeadline=/lams/tool/lawiki10/monitoring/setSubmissionDeadline.do
+
# Actions to take when a CSRF attack is attempted
org.owasp.csrfguard.action.Log=org.owasp.csrfguard.action.Log
org.owasp.csrfguard.action.Log.Message=CSRF attack (user: %user%, ip: %remote_ip%, uri:%request_uri%, error: %exception_message%)
\ No newline at end of file
Index: lams_central/web/includes/javascript/monitorToolSummaryAdvanced.js
===================================================================
diff -u -r7475d08afc280b5e2e5ddf04e8bf35e3166aaf80 -r1beaa4cc5e224dd433297d543c5511234c0bfc10
--- lams_central/web/includes/javascript/monitorToolSummaryAdvanced.js (.../monitorToolSummaryAdvanced.js) (revision 7475d08afc280b5e2e5ddf04e8bf35e3166aaf80)
+++ lams_central/web/includes/javascript/monitorToolSummaryAdvanced.js (.../monitorToolSummaryAdvanced.js) (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -1,8 +1,6 @@
-
// Toggles whether to display advanced options in monitor summary for tools
// TODO remove method once bootstrapping is completed
-function toggleAdvancedOptionsVisibility(div, img, imageUrl)
-{
+function toggleAdvancedOptionsVisibility(div, img, imageUrl) {
var treeClosedIcon = imageUrl + "/images/tree_closed.gif"; //
var treeOpenIcon = imageUrl + "/images/tree_open.gif";
@@ -62,14 +60,15 @@
if (date == null) {
return;
}
-
- var reqIDVar = new Date();
- var parameterDelimiter = (submissionDeadlineSettings.setSubmissionDeadlineUrl.indexOf("?") == -1) ? "?" : "&";
- var url = submissionDeadlineSettings.setSubmissionDeadlineUrl + parameterDelimiter + "toolContentID=" + submissionDeadlineSettings.toolContentID + "&submissionDeadline=" +
- + date.getTime() + "&reqID=" + reqIDVar.getTime();
$.ajax({
- url : url,
+ url : submissionDeadlineSettings.setSubmissionDeadlineUrl,
+ method: "POST",
+ data: {
+ toolContentID: submissionDeadlineSettings.toolContentID,
+ submissionDeadline: date.getTime(),
+ reqID: (new Date()).getTime()
+ },
success : function(data) {
$.growlUI(submissionDeadlineSettings.messageNotification, submissionDeadlineSettings.messageRestrictionSet);
$("#datetimeDiv").hide();
@@ -83,14 +82,14 @@
});
}
function removeSubmissionDeadline() {
- var reqIDVar = new Date();
- var parameterDelimiter = (submissionDeadlineSettings.setSubmissionDeadlineUrl.indexOf("?") == -1) ? "?" : "&";
-
- var url = submissionDeadlineSettings.setSubmissionDeadlineUrl + parameterDelimiter + "toolContentID=" + submissionDeadlineSettings.toolContentID + "&submissionDeadline=" +
- "&reqID=" + reqIDVar.getTime();
-
$.ajax({
- url : url,
+ url : submissionDeadlineSettings.setSubmissionDeadlineUrl,
+ method: "POST",
+ data: {
+ toolContentID: submissionDeadlineSettings.toolContentID,
+ submissionDeadline: '',
+ reqID: (new Date()).getTime()
+ },
success : function() {
$.growlUI(submissionDeadlineSettings.messageNotification, submissionDeadlineSettings.messageRestrictionRemoved);
$("#dateInfoDiv").hide();
Index: lams_tool_assessment/src/java/org/lamsfoundation/lams/tool/assessment/web/controller/MonitoringController.java
===================================================================
diff -u -r757ceb570a6d7b9ac11df60ef4de581848c79ba0 -r1beaa4cc5e224dd433297d543c5511234c0bfc10
--- lams_tool_assessment/src/java/org/lamsfoundation/lams/tool/assessment/web/controller/MonitoringController.java (.../MonitoringController.java) (revision 757ceb570a6d7b9ac11df60ef4de581848c79ba0)
+++ lams_tool_assessment/src/java/org/lamsfoundation/lams/tool/assessment/web/controller/MonitoringController.java (.../MonitoringController.java) (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -69,8 +69,10 @@
import org.lamsfoundation.lams.web.util.SessionMap;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.http.MediaType;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.util.HtmlUtils;
@@ -209,10 +211,9 @@
/**
* Set Submission Deadline
*/
- @RequestMapping("/setSubmissionDeadline")
+ @RequestMapping(path = "/setSubmissionDeadline", method = RequestMethod.POST, produces = MediaType.TEXT_PLAIN_VALUE)
@ResponseBody
- public String setSubmissionDeadline(HttpServletRequest request, HttpServletResponse response) throws IOException {
-
+ public String setSubmissionDeadline(HttpServletRequest request) {
Long contentID = WebUtil.readLongParam(request, AttributeNames.PARAM_TOOL_CONTENT_ID);
Assessment assessment = service.getAssessmentByContentId(contentID);
@@ -231,9 +232,7 @@
assessment.setSubmissionDeadline(tzSubmissionDeadline);
service.saveOrUpdateAssessment(assessment);
- response.setContentType("text/plain;charset=utf-8");
- response.getWriter().print(formattedDate);
- return null;
+ return formattedDate;
}
/**
Index: lams_tool_assessment/web/WEB-INF/tlds/security/csrfguard.tld
===================================================================
diff -u
--- lams_tool_assessment/web/WEB-INF/tlds/security/csrfguard.tld (revision 0)
+++ lams_tool_assessment/web/WEB-INF/tlds/security/csrfguard.tld (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -0,0 +1,70 @@
+
+
+
+ 1.2
+ 2.0
+ Owasp CsrfGuard Tag Library
+ http://www.owasp.org/index.php/Category:OWASP_CSRFGuard_Project/Owasp.CsrfGuard.tld
+
+ token
+ org.owasp.csrfguard.tag.TokenTag
+ empty
+
+ uri
+ false
+ true
+
+
+
+ tokenname
+ org.owasp.csrfguard.tag.TokenNameTag
+ empty
+
+
+ tokenvalue
+ org.owasp.csrfguard.tag.TokenValueTag
+ empty
+
+ uri
+ false
+ true
+
+
+
+ a
+ org.owasp.csrfguard.tag.ATag
+ true
+
+
+ form
+ org.owasp.csrfguard.tag.FormTag
+ true
+
+
Index: lams_tool_assessment/web/WEB-INF/web.xml
===================================================================
diff -u -rb935721d25817b83c29d3166a7fa9b4b9b7d3785 -r1beaa4cc5e224dd433297d543c5511234c0bfc10
--- lams_tool_assessment/web/WEB-INF/web.xml (.../web.xml) (revision b935721d25817b83c29d3166a7fa9b4b9b7d3785)
+++ lams_tool_assessment/web/WEB-INF/web.xml (.../web.xml) (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -58,6 +58,10 @@
UTF-8
+
+ CSRFGuard
+ org.owasp.csrfguard.CsrfGuardFilter
+
hibernateFilter
@@ -71,6 +75,10 @@
LocaleFilter
/*
+
+ CSRFGuard
+ *.do
+
spring
@@ -149,6 +157,13 @@
tags-lams
/WEB-INF/tlds/lams/lams.tld
+
+
+
+
+ csrfguard
+ /WEB-INF/tlds/security/csrfguard.tld
+
Index: lams_tool_assessment/web/common/taglibs.jsp
===================================================================
diff -u -r4353f26f9509808acdf41d0deef6cf5fd458a2b7 -r1beaa4cc5e224dd433297d543c5511234c0bfc10
--- lams_tool_assessment/web/common/taglibs.jsp (.../taglibs.jsp) (revision 4353f26f9509808acdf41d0deef6cf5fd458a2b7)
+++ lams_tool_assessment/web/common/taglibs.jsp (.../taglibs.jsp) (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -1,4 +1,5 @@
<%@ page language="java" errorPage="/error.jsp" pageEncoding="UTF-8" contentType="text/html;charset=utf-8" %>
+<%@ taglib uri="csrfguard" prefix="csrf" %>
<%@ taglib uri="tags-function" prefix="fn" %>
<%@ taglib uri="tags-core" prefix="c" %>
<%@ taglib uri="tags-fmt" prefix="fmt" %>
Index: lams_tool_assessment/web/pages/monitoring/monitoring.jsp
===================================================================
diff -u -rb745384874257ea8327d82156fec0455e4232ad6 -r1beaa4cc5e224dd433297d543c5511234c0bfc10
--- lams_tool_assessment/web/pages/monitoring/monitoring.jsp (.../monitoring.jsp) (revision b745384874257ea8327d82156fec0455e4232ad6)
+++ lams_tool_assessment/web/pages/monitoring/monitoring.jsp (.../monitoring.jsp) (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -26,7 +26,7 @@
lams: '',
submissionDeadline: '${submissionDeadline}',
submissionDateString: '${submissionDateString}',
- setSubmissionDeadlineUrl: '',
+ setSubmissionDeadlineUrl: '?',
toolContentID: '${param.toolContentID}',
messageNotification: '',
messageRestrictionSet: '',
Index: lams_tool_chat/src/java/org/lamsfoundation/lams/tool/chat/web/controller/MonitoringController.java
===================================================================
diff -u -rf2ad75cef0c507a64877942631fee13efbc6ed50 -r1beaa4cc5e224dd433297d543c5511234c0bfc10
--- lams_tool_chat/src/java/org/lamsfoundation/lams/tool/chat/web/controller/MonitoringController.java (.../MonitoringController.java) (revision f2ad75cef0c507a64877942631fee13efbc6ed50)
+++ lams_tool_chat/src/java/org/lamsfoundation/lams/tool/chat/web/controller/MonitoringController.java (.../MonitoringController.java) (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -59,6 +59,7 @@
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.context.WebApplicationContext;
@@ -193,7 +194,6 @@
@RequestMapping("/editMessage")
public String editMessage(@ModelAttribute MonitoringForm monitoringForm, HttpServletRequest request,
HttpServletResponse response) {
-
ChatMessage chatMessage = chatService.getMessageByUID(monitoringForm.getMessageUID());
boolean hasChanged = false;
@@ -218,10 +218,9 @@
/**
* Set Submission Deadline
*/
- @RequestMapping(path = "/setSubmissionDeadline", produces = MediaType.TEXT_PLAIN_VALUE)
+ @RequestMapping(path = "/setSubmissionDeadline", method = RequestMethod.POST, produces = MediaType.TEXT_PLAIN_VALUE)
@ResponseBody
- public String setSubmissionDeadline(HttpServletRequest request, HttpServletResponse response) throws IOException {
-
+ public String setSubmissionDeadline(HttpServletRequest request) {
Long contentID = WebUtil.readLongParam(request, AttributeNames.PARAM_TOOL_CONTENT_ID);
Chat chat = chatService.getChatByContentId(contentID);
@@ -241,21 +240,4 @@
return formattedDate;
}
-
- /* Private Methods */
-
- private ChatUser getCurrentUser(Long toolSessionId) {
- UserDTO user = (UserDTO) SessionManager.getSession().getAttribute(AttributeNames.USER);
-
- // attempt to retrieve user using userId and toolSessionId
- ChatUser chatUser = chatService.getUserByUserIdAndSessionId(new Long(user.getUserID().intValue()),
- toolSessionId);
-
- if (chatUser == null) {
- ChatSession chatSession = chatService.getSessionBySessionId(toolSessionId);
- chatUser = chatService.createChatUser(user, chatSession);
- }
-
- return chatUser;
- }
}
Index: lams_tool_chat/web/WEB-INF/tlds/security/csrfguard.tld
===================================================================
diff -u
--- lams_tool_chat/web/WEB-INF/tlds/security/csrfguard.tld (revision 0)
+++ lams_tool_chat/web/WEB-INF/tlds/security/csrfguard.tld (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -0,0 +1,70 @@
+
+
+
+ 1.2
+ 2.0
+ Owasp CsrfGuard Tag Library
+ http://www.owasp.org/index.php/Category:OWASP_CSRFGuard_Project/Owasp.CsrfGuard.tld
+
+ token
+ org.owasp.csrfguard.tag.TokenTag
+ empty
+
+ uri
+ false
+ true
+
+
+
+ tokenname
+ org.owasp.csrfguard.tag.TokenNameTag
+ empty
+
+
+ tokenvalue
+ org.owasp.csrfguard.tag.TokenValueTag
+ empty
+
+ uri
+ false
+ true
+
+
+
+ a
+ org.owasp.csrfguard.tag.ATag
+ true
+
+
+ form
+ org.owasp.csrfguard.tag.FormTag
+ true
+
+
Index: lams_tool_chat/web/WEB-INF/web.xml
===================================================================
diff -u -rb935721d25817b83c29d3166a7fa9b4b9b7d3785 -r1beaa4cc5e224dd433297d543c5511234c0bfc10
--- lams_tool_chat/web/WEB-INF/web.xml (.../web.xml) (revision b935721d25817b83c29d3166a7fa9b4b9b7d3785)
+++ lams_tool_chat/web/WEB-INF/web.xml (.../web.xml) (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -43,6 +43,10 @@
org.lamsfoundation.lams.web.filter.LocaleFilter
+
+ CSRFGuard
+ org.owasp.csrfguard.CsrfGuardFilter
+
SystemSessionFilter
@@ -56,6 +60,10 @@
LocaleFilter
/*
+
+ CSRFGuard
+ *.do
+
@@ -170,6 +178,13 @@
tags-lams
/WEB-INF/tlds/lams/lams.tld
+
+
+
+
+ csrfguard
+ /WEB-INF/tlds/security/csrfguard.tld
+
Index: lams_tool_chat/web/common/taglibs.jsp
===================================================================
diff -u -r482ac413c5586cbe25227f942d7d0e67d2fa19f4 -r1beaa4cc5e224dd433297d543c5511234c0bfc10
--- lams_tool_chat/web/common/taglibs.jsp (.../taglibs.jsp) (revision 482ac413c5586cbe25227f942d7d0e67d2fa19f4)
+++ lams_tool_chat/web/common/taglibs.jsp (.../taglibs.jsp) (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -1,8 +1,8 @@
<%@ page language="java" pageEncoding="UTF-8" contentType="text/html;charset=utf-8"%>
-
+<%@ taglib uri="csrfguard" prefix="csrf" %>
<%@ taglib uri="tags-core" prefix="c"%>
<%@ taglib uri="tags-function" prefix="fn" %>
<%@ taglib uri="tags-fmt" prefix="fmt"%>
<%@ taglib uri="tags-lams" prefix="lams"%>
- <%@ taglib uri="http://www.springframework.org/tags/form" prefix="form" %>
+<%@ taglib uri="http://www.springframework.org/tags/form" prefix="form" %>
\ No newline at end of file
Index: lams_tool_chat/web/pages/monitoring/summary.jsp
===================================================================
diff -u -r5a0c67fe7b338c1f3ad27b7e309d993feb90a0b5 -r1beaa4cc5e224dd433297d543c5511234c0bfc10
--- lams_tool_chat/web/pages/monitoring/summary.jsp (.../summary.jsp) (revision 5a0c67fe7b338c1f3ad27b7e309d993feb90a0b5)
+++ lams_tool_chat/web/pages/monitoring/summary.jsp (.../summary.jsp) (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -13,7 +13,7 @@
lams: '${lams}',
submissionDeadline: '${submissionDeadline}',
submissionDateString: '${submissionDateString}',
- setSubmissionDeadlineUrl: '',
+ setSubmissionDeadlineUrl: '?',
toolContentID: '${param.toolContentID}',
messageNotification: '',
messageRestrictionSet: '',
Index: lams_tool_forum/src/java/org/lamsfoundation/lams/tool/forum/web/controller/MonitoringController.java
===================================================================
diff -u -rb71c9cb2f96eb891545d32aaca8904051d1e00d5 -r1beaa4cc5e224dd433297d543c5511234c0bfc10
--- lams_tool_forum/src/java/org/lamsfoundation/lams/tool/forum/web/controller/MonitoringController.java (.../MonitoringController.java) (revision b71c9cb2f96eb891545d32aaca8904051d1e00d5)
+++ lams_tool_forum/src/java/org/lamsfoundation/lams/tool/forum/web/controller/MonitoringController.java (.../MonitoringController.java) (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -80,6 +80,7 @@
import org.springframework.util.MultiValueMap;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.util.HtmlUtils;
@@ -700,10 +701,9 @@
/**
* Set Submission Deadline
*/
- @RequestMapping(path = "/setSubmissionDeadline", produces = MediaType.TEXT_PLAIN_VALUE)
+ @RequestMapping(path = "/setSubmissionDeadline", method = RequestMethod.POST, produces = MediaType.TEXT_PLAIN_VALUE)
@ResponseBody
- public String setSubmissionDeadline(HttpServletRequest request) throws IOException {
-
+ public String setSubmissionDeadline(HttpServletRequest request) {
Long contentID = WebUtil.readLongParam(request, AttributeNames.PARAM_TOOL_CONTENT_ID);
Forum forum = forumService.getForumByContentId(contentID);
Index: lams_tool_forum/web/jsps/monitoring/summary.jsp
===================================================================
diff -u -r5a0c67fe7b338c1f3ad27b7e309d993feb90a0b5 -r1beaa4cc5e224dd433297d543c5511234c0bfc10
--- lams_tool_forum/web/jsps/monitoring/summary.jsp (.../summary.jsp) (revision 5a0c67fe7b338c1f3ad27b7e309d993feb90a0b5)
+++ lams_tool_forum/web/jsps/monitoring/summary.jsp (.../summary.jsp) (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -26,7 +26,7 @@
lams: '${lams}',
submissionDeadline: '${sessionMap.submissionDeadline}',
submissionDateString: '${submissionDateString}',
- setSubmissionDeadlineUrl: '',
+ setSubmissionDeadlineUrl: '?',
toolContentID: '${param.toolContentID}',
messageNotification: '',
messageRestrictionSet: '',
Index: lams_tool_lamc/src/java/org/lamsfoundation/lams/tool/mc/web/controller/McMonitoringController.java
===================================================================
diff -u -r190c89f5332a6fa6da4d16fd4e0eb668a6d930f7 -r1beaa4cc5e224dd433297d543c5511234c0bfc10
--- lams_tool_lamc/src/java/org/lamsfoundation/lams/tool/mc/web/controller/McMonitoringController.java (.../McMonitoringController.java) (revision 190c89f5332a6fa6da4d16fd4e0eb668a6d930f7)
+++ lams_tool_lamc/src/java/org/lamsfoundation/lams/tool/mc/web/controller/McMonitoringController.java (.../McMonitoringController.java) (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -70,6 +70,7 @@
import org.springframework.http.MediaType;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.util.HtmlUtils;
@@ -310,10 +311,9 @@
/**
* Set Submission Deadline
*/
- @RequestMapping(path = "/setSubmissionDeadline", produces = MediaType.TEXT_PLAIN_VALUE)
+ @RequestMapping(path = "/setSubmissionDeadline", method = RequestMethod.POST, produces = MediaType.TEXT_PLAIN_VALUE)
@ResponseBody
public String setSubmissionDeadline(HttpServletRequest request) {
-
Long contentID = WebUtil.readLongParam(request, AttributeNames.PARAM_TOOL_CONTENT_ID);
McContent mcContent = mcService.getMcContent(contentID);
@@ -331,6 +331,7 @@
}
mcContent.setSubmissionDeadline(tzSubmissionDeadline);
mcService.updateMc(mcContent);
+
return formattedDate;
}
Index: lams_tool_lamc/web/WEB-INF/tlds/security/csrfguard.tld
===================================================================
diff -u
--- lams_tool_lamc/web/WEB-INF/tlds/security/csrfguard.tld (revision 0)
+++ lams_tool_lamc/web/WEB-INF/tlds/security/csrfguard.tld (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -0,0 +1,70 @@
+
+
+
+ 1.2
+ 2.0
+ Owasp CsrfGuard Tag Library
+ http://www.owasp.org/index.php/Category:OWASP_CSRFGuard_Project/Owasp.CsrfGuard.tld
+
+ token
+ org.owasp.csrfguard.tag.TokenTag
+ empty
+
+ uri
+ false
+ true
+
+
+
+ tokenname
+ org.owasp.csrfguard.tag.TokenNameTag
+ empty
+
+
+ tokenvalue
+ org.owasp.csrfguard.tag.TokenValueTag
+ empty
+
+ uri
+ false
+ true
+
+
+
+ a
+ org.owasp.csrfguard.tag.ATag
+ true
+
+
+ form
+ org.owasp.csrfguard.tag.FormTag
+ true
+
+
Index: lams_tool_lamc/web/WEB-INF/web.xml
===================================================================
diff -u -rb935721d25817b83c29d3166a7fa9b4b9b7d3785 -r1beaa4cc5e224dd433297d543c5511234c0bfc10
--- lams_tool_lamc/web/WEB-INF/web.xml (.../web.xml) (revision b935721d25817b83c29d3166a7fa9b4b9b7d3785)
+++ lams_tool_lamc/web/WEB-INF/web.xml (.../web.xml) (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -45,6 +45,10 @@
org.lamsfoundation.lams.web.filter.LocaleFilter
+
+ CSRFGuard
+ org.owasp.csrfguard.CsrfGuardFilter
+
SystemSessionFilter
@@ -60,6 +64,10 @@
LocaleFilter
/*
+
+ CSRFGuard
+ *.do
+
spring
@@ -174,15 +182,20 @@
tags-scriptfree
/WEB-INF/tlds/jstl/scriptfree.tld
-
-
tags-lams
/WEB-INF/tlds/lams/lams.tld
+
+
+
+
+ csrfguard
+ /WEB-INF/tlds/security/csrfguard.tld
+
Index: lams_tool_lamc/web/common/taglibs.jsp
===================================================================
diff -u -re1e8890bd7a972827bd9449eeb7f76a9b42c5913 -r1beaa4cc5e224dd433297d543c5511234c0bfc10
--- lams_tool_lamc/web/common/taglibs.jsp (.../taglibs.jsp) (revision e1e8890bd7a972827bd9449eeb7f76a9b42c5913)
+++ lams_tool_lamc/web/common/taglibs.jsp (.../taglibs.jsp) (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -1,4 +1,5 @@
<%@ page language="java" pageEncoding="UTF-8" contentType="text/html;charset=utf-8" %>
+<%@ taglib uri="csrfguard" prefix="csrf" %>
<%@ taglib uri="tags-function" prefix="fn" %>
<%@ taglib uri="tags-core" prefix="c" %>
<%@ taglib uri="tags-fmt" prefix="fmt" %>
Index: lams_tool_lamc/web/monitoring/SummaryContent.jsp
===================================================================
diff -u -r1ba75f43a383fb925aae69975d748d0a8dfdf9a5 -r1beaa4cc5e224dd433297d543c5511234c0bfc10
--- lams_tool_lamc/web/monitoring/SummaryContent.jsp (.../SummaryContent.jsp) (revision 1ba75f43a383fb925aae69975d748d0a8dfdf9a5)
+++ lams_tool_lamc/web/monitoring/SummaryContent.jsp (.../SummaryContent.jsp) (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -12,7 +12,7 @@
lams: '${lams}',
submissionDeadline: '${submissionDeadline}',
submissionDateString: '${submissionDateString}',
- setSubmissionDeadlineUrl: '',
+ setSubmissionDeadlineUrl: '?',
toolContentID: '${toolContentID}',
messageNotification: '',
messageRestrictionSet: '',
Index: lams_tool_laqa/src/java/org/lamsfoundation/lams/tool/qa/web/controller/QaMonitoringController.java
===================================================================
diff -u -r69092337b728f903f824a74377bd0ebf9391120c -r1beaa4cc5e224dd433297d543c5511234c0bfc10
--- lams_tool_laqa/src/java/org/lamsfoundation/lams/tool/qa/web/controller/QaMonitoringController.java (.../QaMonitoringController.java) (revision 69092337b728f903f824a74377bd0ebf9391120c)
+++ lams_tool_laqa/src/java/org/lamsfoundation/lams/tool/qa/web/controller/QaMonitoringController.java (.../QaMonitoringController.java) (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -63,9 +63,11 @@
import org.lamsfoundation.lams.web.session.SessionManager;
import org.lamsfoundation.lams.web.util.AttributeNames;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.MediaType;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.util.HtmlUtils;
@@ -240,17 +242,10 @@
/**
* Set Submission Deadline
- *
- * @param mapping
- * @param form
- * @param request
- * @param response
- * @return
- * @throws IOException
*/
- @RequestMapping("/setSubmissionDeadline")
- public String setSubmissionDeadline(HttpServletRequest request, HttpServletResponse response) throws IOException {
-
+ @RequestMapping(path = "/setSubmissionDeadline", method = RequestMethod.POST, produces = MediaType.TEXT_PLAIN_VALUE)
+ @ResponseBody
+ public String setSubmissionDeadline(HttpServletRequest request) {
Long contentID = WebUtil.readLongParam(request, AttributeNames.PARAM_TOOL_CONTENT_ID);
QaContent content = qaService.getQaContent(contentID);
@@ -271,9 +266,7 @@
content.setSubmissionDeadline(tzSubmissionDeadline);
qaService.saveOrUpdateQaContent(content);
- response.setContentType("text/plain;charset=utf-8");
- response.getWriter().print(formattedDate);
- return null;
+ return formattedDate;
}
/**
Index: lams_tool_laqa/web/WEB-INF/tlds/security/csrfguard.tld
===================================================================
diff -u
--- lams_tool_laqa/web/WEB-INF/tlds/security/csrfguard.tld (revision 0)
+++ lams_tool_laqa/web/WEB-INF/tlds/security/csrfguard.tld (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -0,0 +1,70 @@
+
+
+
+ 1.2
+ 2.0
+ Owasp CsrfGuard Tag Library
+ http://www.owasp.org/index.php/Category:OWASP_CSRFGuard_Project/Owasp.CsrfGuard.tld
+
+ token
+ org.owasp.csrfguard.tag.TokenTag
+ empty
+
+ uri
+ false
+ true
+
+
+
+ tokenname
+ org.owasp.csrfguard.tag.TokenNameTag
+ empty
+
+
+ tokenvalue
+ org.owasp.csrfguard.tag.TokenValueTag
+ empty
+
+ uri
+ false
+ true
+
+
+
+ a
+ org.owasp.csrfguard.tag.ATag
+ true
+
+
+ form
+ org.owasp.csrfguard.tag.FormTag
+ true
+
+
Index: lams_tool_laqa/web/WEB-INF/web.xml
===================================================================
diff -u -rb935721d25817b83c29d3166a7fa9b4b9b7d3785 -r1beaa4cc5e224dd433297d543c5511234c0bfc10
--- lams_tool_laqa/web/WEB-INF/web.xml (.../web.xml) (revision b935721d25817b83c29d3166a7fa9b4b9b7d3785)
+++ lams_tool_laqa/web/WEB-INF/web.xml (.../web.xml) (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -46,6 +46,10 @@
org.lamsfoundation.lams.web.filter.LocaleFilter
+
+ CSRFGuard
+ org.owasp.csrfguard.CsrfGuardFilter
+
SystemSessionFilter
@@ -61,6 +65,10 @@
LocaleFilter
/*
+
+ CSRFGuard
+ *.do
+
@@ -177,15 +185,20 @@
tags-scriptfree
/WEB-INF/tlds/jstl/scriptfree.tld
-
-
tags-lams
/WEB-INF/tlds/lams/lams.tld
+
+
+
+
+ csrfguard
+ /WEB-INF/tlds/security/csrfguard.tld
+
Index: lams_tool_laqa/web/common/taglibs.jsp
===================================================================
diff -u -r7475d08afc280b5e2e5ddf04e8bf35e3166aaf80 -r1beaa4cc5e224dd433297d543c5511234c0bfc10
--- lams_tool_laqa/web/common/taglibs.jsp (.../taglibs.jsp) (revision 7475d08afc280b5e2e5ddf04e8bf35e3166aaf80)
+++ lams_tool_laqa/web/common/taglibs.jsp (.../taglibs.jsp) (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -1,4 +1,5 @@
<%@ page language="java" pageEncoding="UTF-8" contentType="text/html;charset=utf-8" %>
+<%@ taglib uri="csrfguard" prefix="csrf" %>
<%@ taglib uri="tags-function" prefix="fn" %>
<%@ taglib uri="tags-core" prefix="c" %>
<%@ taglib uri="tags-fmt" prefix="fmt" %>
Index: lams_tool_laqa/web/monitoring/MonitoringMaincontent.jsp
===================================================================
diff -u -r5a0c67fe7b338c1f3ad27b7e309d993feb90a0b5 -r1beaa4cc5e224dd433297d543c5511234c0bfc10
--- lams_tool_laqa/web/monitoring/MonitoringMaincontent.jsp (.../MonitoringMaincontent.jsp) (revision 5a0c67fe7b338c1f3ad27b7e309d993feb90a0b5)
+++ lams_tool_laqa/web/monitoring/MonitoringMaincontent.jsp (.../MonitoringMaincontent.jsp) (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -48,7 +48,7 @@
lams: '${lams}',
submissionDeadline: '${submissionDeadline}',
submissionDateString: '${submissionDateString}',
- setSubmissionDeadlineUrl: '',
+ setSubmissionDeadlineUrl: '?',
toolContentID: '${content.qaContentId}',
messageNotification: '',
messageRestrictionSet: '',
Index: lams_tool_mindmap/src/java/org/lamsfoundation/lams/tool/mindmap/web/controller/MonitoringController.java
===================================================================
diff -u -r0ac951a5cbd9d468de8081247c169a6f92123126 -r1beaa4cc5e224dd433297d543c5511234c0bfc10
--- lams_tool_mindmap/src/java/org/lamsfoundation/lams/tool/mindmap/web/controller/MonitoringController.java (.../MonitoringController.java) (revision 0ac951a5cbd9d468de8081247c169a6f92123126)
+++ lams_tool_mindmap/src/java/org/lamsfoundation/lams/tool/mindmap/web/controller/MonitoringController.java (.../MonitoringController.java) (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -49,6 +49,7 @@
import org.springframework.http.MediaType;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
/**
@@ -153,10 +154,9 @@
/**
* Set Submission Deadline
*/
- @RequestMapping(path = "/setSubmissionDeadline", produces = MediaType.TEXT_PLAIN_VALUE)
+ @RequestMapping(path = "/setSubmissionDeadline", method = RequestMethod.POST, produces = MediaType.TEXT_PLAIN_VALUE)
@ResponseBody
- public String setSubmissionDeadline(HttpServletRequest request, HttpServletResponse response) throws IOException {
-
+ public String setSubmissionDeadline(HttpServletRequest request) {
Long contentID = WebUtil.readLongParam(request, AttributeNames.PARAM_TOOL_CONTENT_ID);
Mindmap mindmap = mindmapService.getMindmapByContentId(contentID);
@@ -173,6 +173,7 @@
}
mindmap.setSubmissionDeadline(tzSubmissionDeadline);
mindmapService.saveOrUpdateMindmap(mindmap);
+
return formattedDate;
}
Index: lams_tool_mindmap/web/WEB-INF/tlds/security/csrfguard.tld
===================================================================
diff -u
--- lams_tool_mindmap/web/WEB-INF/tlds/security/csrfguard.tld (revision 0)
+++ lams_tool_mindmap/web/WEB-INF/tlds/security/csrfguard.tld (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -0,0 +1,70 @@
+
+
+
+ 1.2
+ 2.0
+ Owasp CsrfGuard Tag Library
+ http://www.owasp.org/index.php/Category:OWASP_CSRFGuard_Project/Owasp.CsrfGuard.tld
+
+ token
+ org.owasp.csrfguard.tag.TokenTag
+ empty
+
+ uri
+ false
+ true
+
+
+
+ tokenname
+ org.owasp.csrfguard.tag.TokenNameTag
+ empty
+
+
+ tokenvalue
+ org.owasp.csrfguard.tag.TokenValueTag
+ empty
+
+ uri
+ false
+ true
+
+
+
+ a
+ org.owasp.csrfguard.tag.ATag
+ true
+
+
+ form
+ org.owasp.csrfguard.tag.FormTag
+ true
+
+
Index: lams_tool_mindmap/web/WEB-INF/web.xml
===================================================================
diff -u -rb935721d25817b83c29d3166a7fa9b4b9b7d3785 -r1beaa4cc5e224dd433297d543c5511234c0bfc10
--- lams_tool_mindmap/web/WEB-INF/web.xml (.../web.xml) (revision b935721d25817b83c29d3166a7fa9b4b9b7d3785)
+++ lams_tool_mindmap/web/WEB-INF/web.xml (.../web.xml) (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -55,6 +55,10 @@
SystemSessionFilter
/*
+
+ CSRFGuard
+ org.owasp.csrfguard.CsrfGuardFilter
+
hibernateFilter
@@ -65,6 +69,10 @@
LocaleFilter
/*
+
+ CSRFGuard
+ *.do
+
spring
@@ -177,6 +185,13 @@
tags-lams
/WEB-INF/tlds/lams/lams.tld
+
+
+
+
+ csrfguard
+ /WEB-INF/tlds/security/csrfguard.tld
+
Index: lams_tool_mindmap/web/common/taglibs.jsp
===================================================================
diff -u -rebe9a494826fab1aebb345e6801ad512abb52416 -r1beaa4cc5e224dd433297d543c5511234c0bfc10
--- lams_tool_mindmap/web/common/taglibs.jsp (.../taglibs.jsp) (revision ebe9a494826fab1aebb345e6801ad512abb52416)
+++ lams_tool_mindmap/web/common/taglibs.jsp (.../taglibs.jsp) (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -1,5 +1,5 @@
<%@ page language="java" pageEncoding="UTF-8" contentType="text/html;charset=utf-8"%>
-
+<%@ taglib uri="csrfguard" prefix="csrf" %>
<%@ taglib uri="tags-function" prefix="fn" %>
<%@ taglib uri="tags-core" prefix="c"%>
<%@ taglib uri="tags-fmt" prefix="fmt"%>
Index: lams_tool_mindmap/web/pages/monitoring/summary.jsp
===================================================================
diff -u -r5a0c67fe7b338c1f3ad27b7e309d993feb90a0b5 -r1beaa4cc5e224dd433297d543c5511234c0bfc10
--- lams_tool_mindmap/web/pages/monitoring/summary.jsp (.../summary.jsp) (revision 5a0c67fe7b338c1f3ad27b7e309d993feb90a0b5)
+++ lams_tool_mindmap/web/pages/monitoring/summary.jsp (.../summary.jsp) (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -12,7 +12,7 @@
lams: '${lams}',
submissionDeadline: '${submissionDeadline}',
submissionDateString: '${submissionDateString}',
- setSubmissionDeadlineUrl: '',
+ setSubmissionDeadlineUrl: '?',
toolContentID: '${param.toolContentID}',
messageNotification: '',
messageRestrictionSet: '',
Index: lams_tool_notebook/src/java/org/lamsfoundation/lams/tool/notebook/web/controller/MonitoringController.java
===================================================================
diff -u -rceb74e3b4097cf6461280448f904fa21a176aaa4 -r1beaa4cc5e224dd433297d543c5511234c0bfc10
--- lams_tool_notebook/src/java/org/lamsfoundation/lams/tool/notebook/web/controller/MonitoringController.java (.../MonitoringController.java) (revision ceb74e3b4097cf6461280448f904fa21a176aaa4)
+++ lams_tool_notebook/src/java/org/lamsfoundation/lams/tool/notebook/web/controller/MonitoringController.java (.../MonitoringController.java) (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -46,9 +46,11 @@
import org.lamsfoundation.lams.web.util.AttributeNames;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.http.MediaType;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.util.HtmlUtils;
import com.fasterxml.jackson.databind.node.ArrayNode;
@@ -216,20 +218,11 @@
/**
* Set Submission Deadline
- *
- * @param mapping
- * @param form
- * @param request
- * @param response
- * @return
- * @throws IOException
*/
-
- @RequestMapping(value = "/setSubmissionDeadline")
- public String setSubmissionDeadline(HttpServletRequest request, HttpServletResponse response) throws IOException {
-
+ @RequestMapping(path = "/setSubmissionDeadline", method = RequestMethod.POST, produces = MediaType.TEXT_PLAIN_VALUE)
+ @ResponseBody
+ public String setSubmissionDeadline(HttpServletRequest request) {
Long contentID = WebUtil.readLongParam(request, AttributeNames.PARAM_TOOL_CONTENT_ID);
-
Notebook notebook = notebookService.getNotebookByContentId(contentID);
Long dateParameter = WebUtil.readLongParam(request, NotebookConstants.ATTR_SUBMISSION_DEADLINE, true);
@@ -246,9 +239,8 @@
}
notebook.setSubmissionDeadline(tzSubmissionDeadline);
notebookService.saveOrUpdateNotebook(notebook);
- response.setContentType("text/plain;charset=utf-8");
- response.getWriter().print(formattedDate);
- return null;
+
+ return formattedDate;
}
/** Get the statistics for monitoring */
Index: lams_tool_notebook/web/WEB-INF/tlds/security/csrfguard.tld
===================================================================
diff -u
--- lams_tool_notebook/web/WEB-INF/tlds/security/csrfguard.tld (revision 0)
+++ lams_tool_notebook/web/WEB-INF/tlds/security/csrfguard.tld (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -0,0 +1,70 @@
+
+
+
+ 1.2
+ 2.0
+ Owasp CsrfGuard Tag Library
+ http://www.owasp.org/index.php/Category:OWASP_CSRFGuard_Project/Owasp.CsrfGuard.tld
+
+ token
+ org.owasp.csrfguard.tag.TokenTag
+ empty
+
+ uri
+ false
+ true
+
+
+
+ tokenname
+ org.owasp.csrfguard.tag.TokenNameTag
+ empty
+
+
+ tokenvalue
+ org.owasp.csrfguard.tag.TokenValueTag
+ empty
+
+ uri
+ false
+ true
+
+
+
+ a
+ org.owasp.csrfguard.tag.ATag
+ true
+
+
+ form
+ org.owasp.csrfguard.tag.FormTag
+ true
+
+
Index: lams_tool_notebook/web/WEB-INF/web.xml
===================================================================
diff -u -rb935721d25817b83c29d3166a7fa9b4b9b7d3785 -r1beaa4cc5e224dd433297d543c5511234c0bfc10
--- lams_tool_notebook/web/WEB-INF/web.xml (.../web.xml) (revision b935721d25817b83c29d3166a7fa9b4b9b7d3785)
+++ lams_tool_notebook/web/WEB-INF/web.xml (.../web.xml) (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -45,6 +45,10 @@
org.lamsfoundation.lams.web.filter.LocaleFilter
+
+ CSRFGuard
+ org.owasp.csrfguard.CsrfGuardFilter
+
SystemSessionFilter
@@ -58,6 +62,10 @@
LocaleFilter
/*
+
+ CSRFGuard
+ *.do
+
@@ -170,6 +178,13 @@
tags-lams
/WEB-INF/tlds/lams/lams.tld
+
+
+
+
+ csrfguard
+ /WEB-INF/tlds/security/csrfguard.tld
+
Index: lams_tool_notebook/web/common/taglibs.jsp
===================================================================
diff -u -r7475d08afc280b5e2e5ddf04e8bf35e3166aaf80 -r1beaa4cc5e224dd433297d543c5511234c0bfc10
--- lams_tool_notebook/web/common/taglibs.jsp (.../taglibs.jsp) (revision 7475d08afc280b5e2e5ddf04e8bf35e3166aaf80)
+++ lams_tool_notebook/web/common/taglibs.jsp (.../taglibs.jsp) (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -1,4 +1,5 @@
<%@ page language="java" pageEncoding="UTF-8" contentType="text/html;charset=utf-8"%>
+<%@ taglib uri="csrfguard" prefix="csrf" %>
<%@ taglib uri="tags-function" prefix="fn" %>
<%@ taglib uri="tags-core" prefix="c"%>
<%@ taglib uri="tags-fmt" prefix="fmt"%>
Index: lams_tool_notebook/web/pages/monitoring/summary.jsp
===================================================================
diff -u -r1ba75f43a383fb925aae69975d748d0a8dfdf9a5 -r1beaa4cc5e224dd433297d543c5511234c0bfc10
--- lams_tool_notebook/web/pages/monitoring/summary.jsp (.../summary.jsp) (revision 1ba75f43a383fb925aae69975d748d0a8dfdf9a5)
+++ lams_tool_notebook/web/pages/monitoring/summary.jsp (.../summary.jsp) (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -21,7 +21,7 @@
lams: '${lams}',
submissionDeadline: '${submissionDeadline}',
submissionDateString: '${submissionDateString}',
- setSubmissionDeadlineUrl: '',
+ setSubmissionDeadlineUrl: '?',
toolContentID: '${param.toolContentID}',
messageNotification: '',
messageRestrictionSet: '',
Index: lams_tool_sbmt/src/java/org/lamsfoundation/lams/tool/sbmt/web/controller/MonitoringController.java
===================================================================
diff -u -re34c7b767eb34caebbfa0c9bdfb50d771d3b9d95 -r1beaa4cc5e224dd433297d543c5511234c0bfc10
--- lams_tool_sbmt/src/java/org/lamsfoundation/lams/tool/sbmt/web/controller/MonitoringController.java (.../MonitoringController.java) (revision e34c7b767eb34caebbfa0c9bdfb50d771d3b9d95)
+++ lams_tool_sbmt/src/java/org/lamsfoundation/lams/tool/sbmt/web/controller/MonitoringController.java (.../MonitoringController.java) (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -68,6 +68,7 @@
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.MultiValueMap;
import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.util.HtmlUtils;
@@ -381,10 +382,9 @@
/**
* Set Submission Deadline
*/
- @RequestMapping(path = "/setSubmissionDeadline", produces = MediaType.TEXT_PLAIN_VALUE)
+ @RequestMapping(path = "/setSubmissionDeadline", method = RequestMethod.POST, produces = MediaType.TEXT_PLAIN_VALUE)
@ResponseBody
- public String setSubmissionDeadline(HttpServletRequest request, HttpServletResponse response) throws IOException {
-
+ public String setSubmissionDeadline(HttpServletRequest request) {
Long contentID = WebUtil.readLongParam(request, AttributeNames.PARAM_TOOL_CONTENT_ID);
SubmitFilesContent content = submitFilesService.getSubmitFilesContent(contentID);
@@ -402,7 +402,6 @@
content.setSubmissionDeadline(tzSubmissionDeadline);
submitFilesService.saveOrUpdateContent(content);
- response.setContentType("text/plain;charset=utf-8");
return formattedDate;
}
Index: lams_tool_sbmt/web/WEB-INF/tlds/security/csrfguard.tld
===================================================================
diff -u
--- lams_tool_sbmt/web/WEB-INF/tlds/security/csrfguard.tld (revision 0)
+++ lams_tool_sbmt/web/WEB-INF/tlds/security/csrfguard.tld (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -0,0 +1,70 @@
+
+
+
+ 1.2
+ 2.0
+ Owasp CsrfGuard Tag Library
+ http://www.owasp.org/index.php/Category:OWASP_CSRFGuard_Project/Owasp.CsrfGuard.tld
+
+ token
+ org.owasp.csrfguard.tag.TokenTag
+ empty
+
+ uri
+ false
+ true
+
+
+
+ tokenname
+ org.owasp.csrfguard.tag.TokenNameTag
+ empty
+
+
+ tokenvalue
+ org.owasp.csrfguard.tag.TokenValueTag
+ empty
+
+ uri
+ false
+ true
+
+
+
+ a
+ org.owasp.csrfguard.tag.ATag
+ true
+
+
+ form
+ org.owasp.csrfguard.tag.FormTag
+ true
+
+
Index: lams_tool_sbmt/web/WEB-INF/web.xml
===================================================================
diff -u -rb935721d25817b83c29d3166a7fa9b4b9b7d3785 -r1beaa4cc5e224dd433297d543c5511234c0bfc10
--- lams_tool_sbmt/web/WEB-INF/web.xml (.../web.xml) (revision b935721d25817b83c29d3166a7fa9b4b9b7d3785)
+++ lams_tool_sbmt/web/WEB-INF/web.xml (.../web.xml) (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -50,6 +50,10 @@
UTF-8
+
+ CSRFGuard
+ org.owasp.csrfguard.CsrfGuardFilter
+
hibernateFilter
@@ -63,6 +67,10 @@
LocaleFilter
/*
+
+ CSRFGuard
+ *.do
+
spring
@@ -172,6 +180,13 @@
tags-lams
/WEB-INF/tlds/lams/lams.tld
+
+
+
+
+ csrfguard
+ /WEB-INF/tlds/security/csrfguard.tld
+
Index: lams_tool_sbmt/web/common/taglibs.jsp
===================================================================
diff -u -r7475d08afc280b5e2e5ddf04e8bf35e3166aaf80 -r1beaa4cc5e224dd433297d543c5511234c0bfc10
--- lams_tool_sbmt/web/common/taglibs.jsp (.../taglibs.jsp) (revision 7475d08afc280b5e2e5ddf04e8bf35e3166aaf80)
+++ lams_tool_sbmt/web/common/taglibs.jsp (.../taglibs.jsp) (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -1,5 +1,5 @@
<%@ page language="java" pageEncoding="UTF-8" contentType="text/html;charset=utf-8" %>
-
+<%@ taglib uri="csrfguard" prefix="csrf" %>
<%@ taglib uri="tags-function" prefix="fn" %>
<%@ taglib uri="tags-core" prefix="c" %>
<%@ taglib uri="tags-fmt" prefix="fmt" %>
Index: lams_tool_sbmt/web/monitoring/parts/summary.jsp
===================================================================
diff -u -re34c7b767eb34caebbfa0c9bdfb50d771d3b9d95 -r1beaa4cc5e224dd433297d543c5511234c0bfc10
--- lams_tool_sbmt/web/monitoring/parts/summary.jsp (.../summary.jsp) (revision e34c7b767eb34caebbfa0c9bdfb50d771d3b9d95)
+++ lams_tool_sbmt/web/monitoring/parts/summary.jsp (.../summary.jsp) (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -17,7 +17,7 @@
lams: '${lams}',
submissionDeadline: '${submissionDeadline}',
submissionDateString: '${submissionDateString}',
- setSubmissionDeadlineUrl: '',
+ setSubmissionDeadlineUrl: '?',
toolContentID: '${param.toolContentID}',
messageNotification: '',
messageRestrictionSet: '',
Index: lams_tool_scratchie/src/java/org/lamsfoundation/lams/tool/scratchie/web/controller/MonitoringController.java
===================================================================
diff -u -rcbf95a868252401757c61327b3d9a383119ff9b5 -r1beaa4cc5e224dd433297d543c5511234c0bfc10
--- lams_tool_scratchie/src/java/org/lamsfoundation/lams/tool/scratchie/web/controller/MonitoringController.java (.../MonitoringController.java) (revision cbf95a868252401757c61327b3d9a383119ff9b5)
+++ lams_tool_scratchie/src/java/org/lamsfoundation/lams/tool/scratchie/web/controller/MonitoringController.java (.../MonitoringController.java) (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -63,8 +63,11 @@
import org.lamsfoundation.lams.web.util.SessionMap;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
+import org.springframework.http.MediaType;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.ResponseStatus;
import com.fasterxml.jackson.databind.node.JsonNodeFactory;
@@ -180,17 +183,10 @@
/**
* Set Submission Deadline
- *
- * @param mapping
- * @param form
- * @param request
- * @param response
- * @return
- * @throws IOException
*/
- @RequestMapping("/setSubmissionDeadline")
- private String setSubmissionDeadline(HttpServletRequest request, HttpServletResponse response) throws IOException {
-
+ @RequestMapping(path = "/setSubmissionDeadline", method = RequestMethod.POST, produces = MediaType.TEXT_PLAIN_VALUE)
+ @ResponseBody
+ private String setSubmissionDeadline(HttpServletRequest request) {
Long contentID = WebUtil.readLongParam(request, AttributeNames.PARAM_TOOL_CONTENT_ID);
Scratchie scratchie = scratchieService.getScratchieByContentId(contentID);
@@ -208,9 +204,7 @@
scratchie.setSubmissionDeadline(tzSubmissionDeadline);
scratchieService.saveOrUpdateScratchie(scratchie);
- response.setContentType("text/plain;charset=utf-8");
- response.getWriter().print(formattedDate);
- return null;
+ return formattedDate;
}
/**
@@ -221,7 +215,6 @@
@RequestMapping("/exportExcel")
@ResponseStatus(HttpStatus.OK)
private void exportExcel(HttpServletRequest request, HttpServletResponse response) throws IOException {
-
String sessionMapID = request.getParameter(ScratchieConstants.ATTR_SESSION_MAP_ID);
SessionMap sessionMap = (SessionMap) request.getSession()
.getAttribute(sessionMapID);
Index: lams_tool_scratchie/web/WEB-INF/tlds/security/csrfguard.tld
===================================================================
diff -u
--- lams_tool_scratchie/web/WEB-INF/tlds/security/csrfguard.tld (revision 0)
+++ lams_tool_scratchie/web/WEB-INF/tlds/security/csrfguard.tld (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -0,0 +1,70 @@
+
+
+
+ 1.2
+ 2.0
+ Owasp CsrfGuard Tag Library
+ http://www.owasp.org/index.php/Category:OWASP_CSRFGuard_Project/Owasp.CsrfGuard.tld
+
+ token
+ org.owasp.csrfguard.tag.TokenTag
+ empty
+
+ uri
+ false
+ true
+
+
+
+ tokenname
+ org.owasp.csrfguard.tag.TokenNameTag
+ empty
+
+
+ tokenvalue
+ org.owasp.csrfguard.tag.TokenValueTag
+ empty
+
+ uri
+ false
+ true
+
+
+
+ a
+ org.owasp.csrfguard.tag.ATag
+ true
+
+
+ form
+ org.owasp.csrfguard.tag.FormTag
+ true
+
+
Index: lams_tool_scratchie/web/WEB-INF/web.xml
===================================================================
diff -u -rb935721d25817b83c29d3166a7fa9b4b9b7d3785 -r1beaa4cc5e224dd433297d543c5511234c0bfc10
--- lams_tool_scratchie/web/WEB-INF/web.xml (.../web.xml) (revision b935721d25817b83c29d3166a7fa9b4b9b7d3785)
+++ lams_tool_scratchie/web/WEB-INF/web.xml (.../web.xml) (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -58,6 +58,10 @@
UTF-8
+
+ CSRFGuard
+ org.owasp.csrfguard.CsrfGuardFilter
+
hibernateFilter
@@ -71,6 +75,10 @@
LocaleFilter
/*
+
+ CSRFGuard
+ *.do
+
@@ -165,6 +173,13 @@
tags-lams
/WEB-INF/tlds/lams/lams.tld
+
+
+
+
+ csrfguard
+ /WEB-INF/tlds/security/csrfguard.tld
+
Index: lams_tool_scratchie/web/common/taglibs.jsp
===================================================================
diff -u -r22cca1a815f7aee530e14ab87b7744f381d03ac1 -r1beaa4cc5e224dd433297d543c5511234c0bfc10
--- lams_tool_scratchie/web/common/taglibs.jsp (.../taglibs.jsp) (revision 22cca1a815f7aee530e14ab87b7744f381d03ac1)
+++ lams_tool_scratchie/web/common/taglibs.jsp (.../taglibs.jsp) (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -1,4 +1,5 @@
<%@ page language="java" errorPage="/error.jsp" pageEncoding="UTF-8" contentType="text/html;charset=utf-8" %>
+<%@ taglib uri="csrfguard" prefix="csrf" %>
<%@ taglib uri="tags-function" prefix="fn" %>
<%@ taglib uri="tags-core" prefix="c" %>
<%@ taglib uri="tags-fmt" prefix="fmt" %>
Index: lams_tool_scratchie/web/pages/monitoring/summary.jsp
===================================================================
diff -u -rb745384874257ea8327d82156fec0455e4232ad6 -r1beaa4cc5e224dd433297d543c5511234c0bfc10
--- lams_tool_scratchie/web/pages/monitoring/summary.jsp (.../summary.jsp) (revision b745384874257ea8327d82156fec0455e4232ad6)
+++ lams_tool_scratchie/web/pages/monitoring/summary.jsp (.../summary.jsp) (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -249,7 +249,7 @@
lams: '',
submissionDeadline: '${submissionDeadline}',
submissionDateString: '${submissionDateString}',
- setSubmissionDeadlineUrl: '',
+ setSubmissionDeadlineUrl: '?',
toolContentID: '${param.toolContentID}',
messageNotification: '',
messageRestrictionSet: '',
Index: lams_tool_survey/src/java/org/lamsfoundation/lams/tool/survey/web/controller/MonitoringController.java
===================================================================
diff -u -r7475d08afc280b5e2e5ddf04e8bf35e3166aaf80 -r1beaa4cc5e224dd433297d543c5511234c0bfc10
--- lams_tool_survey/src/java/org/lamsfoundation/lams/tool/survey/web/controller/MonitoringController.java (.../MonitoringController.java) (revision 7475d08afc280b5e2e5ddf04e8bf35e3166aaf80)
+++ lams_tool_survey/src/java/org/lamsfoundation/lams/tool/survey/web/controller/MonitoringController.java (.../MonitoringController.java) (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -65,10 +65,13 @@
import org.lamsfoundation.lams.web.util.SessionMap;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.http.MediaType;
import org.springframework.stereotype.Controller;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.MultiValueMap;
import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.util.HtmlUtils;
import com.fasterxml.jackson.databind.node.ArrayNode;
@@ -514,18 +517,10 @@
/**
* Set Submission Deadline
- *
- * @param mapping
- * @param form
- * @param request
- * @param response
- * @return
- * @throws IOException
*/
-
- @RequestMapping(value = "/setSubmissionDeadline")
- public String setSubmissionDeadline(HttpServletRequest request, HttpServletResponse response) throws IOException {
-
+ @RequestMapping(path = "/setSubmissionDeadline", method = RequestMethod.POST, produces = MediaType.TEXT_PLAIN_VALUE)
+ @ResponseBody
+ public String setSubmissionDeadline(HttpServletRequest request) {
Long contentID = WebUtil.readLongParam(request, AttributeNames.PARAM_TOOL_CONTENT_ID);
Survey survey = surveyService.getSurveyByContentId(contentID);
@@ -543,8 +538,6 @@
survey.setSubmissionDeadline(tzSubmissionDeadline);
surveyService.saveOrUpdateSurvey(survey);
- response.setContentType("text/plain;charset=utf-8");
- response.getWriter().print(formattedDate);
- return null;
+ return formattedDate;
}
}
Index: lams_tool_survey/web/WEB-INF/tlds/security/csrfguard.tld
===================================================================
diff -u
--- lams_tool_survey/web/WEB-INF/tlds/security/csrfguard.tld (revision 0)
+++ lams_tool_survey/web/WEB-INF/tlds/security/csrfguard.tld (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -0,0 +1,70 @@
+
+
+
+ 1.2
+ 2.0
+ Owasp CsrfGuard Tag Library
+ http://www.owasp.org/index.php/Category:OWASP_CSRFGuard_Project/Owasp.CsrfGuard.tld
+
+ token
+ org.owasp.csrfguard.tag.TokenTag
+ empty
+
+ uri
+ false
+ true
+
+
+
+ tokenname
+ org.owasp.csrfguard.tag.TokenNameTag
+ empty
+
+
+ tokenvalue
+ org.owasp.csrfguard.tag.TokenValueTag
+ empty
+
+ uri
+ false
+ true
+
+
+
+ a
+ org.owasp.csrfguard.tag.ATag
+ true
+
+
+ form
+ org.owasp.csrfguard.tag.FormTag
+ true
+
+
Index: lams_tool_survey/web/WEB-INF/web.xml
===================================================================
diff -u -rb935721d25817b83c29d3166a7fa9b4b9b7d3785 -r1beaa4cc5e224dd433297d543c5511234c0bfc10
--- lams_tool_survey/web/WEB-INF/web.xml (.../web.xml) (revision b935721d25817b83c29d3166a7fa9b4b9b7d3785)
+++ lams_tool_survey/web/WEB-INF/web.xml (.../web.xml) (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -62,6 +62,10 @@
UTF-8
+
+ CSRFGuard
+ org.owasp.csrfguard.CsrfGuardFilter
+
hibernateFilter
@@ -75,6 +79,10 @@
LocaleFilter
/*
+
+ CSRFGuard
+ *.do
+
@@ -158,6 +166,13 @@
tags-lams
/WEB-INF/tlds/lams/lams.tld
+
+
+
+
+ csrfguard
+ /WEB-INF/tlds/security/csrfguard.tld
+
Index: lams_tool_survey/web/common/taglibs.jsp
===================================================================
diff -u -r7475d08afc280b5e2e5ddf04e8bf35e3166aaf80 -r1beaa4cc5e224dd433297d543c5511234c0bfc10
--- lams_tool_survey/web/common/taglibs.jsp (.../taglibs.jsp) (revision 7475d08afc280b5e2e5ddf04e8bf35e3166aaf80)
+++ lams_tool_survey/web/common/taglibs.jsp (.../taglibs.jsp) (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -1,4 +1,5 @@
<%@ page language="java" errorPage="/error.jsp" pageEncoding="UTF-8" contentType="text/html;charset=utf-8" %>
+<%@ taglib uri="csrfguard" prefix="csrf" %>
<%@ taglib uri="tags-function" prefix="fn" %>
<%@ taglib uri="tags-core" prefix="c" %>
<%@ taglib uri="tags-fmt" prefix="fmt" %>
Index: lams_tool_survey/web/pages/monitoring/monitoring.jsp
===================================================================
diff -u -r738f324bd6cd4f85fa2419e193830e11787495fc -r1beaa4cc5e224dd433297d543c5511234c0bfc10
--- lams_tool_survey/web/pages/monitoring/monitoring.jsp (.../monitoring.jsp) (revision 738f324bd6cd4f85fa2419e193830e11787495fc)
+++ lams_tool_survey/web/pages/monitoring/monitoring.jsp (.../monitoring.jsp) (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -30,7 +30,7 @@
lams: '${lams}',
submissionDeadline: '${sessionMap.submissionDeadline}',
submissionDateString: '${sessionMap.submissionDateString}',
- setSubmissionDeadlineUrl: '',
+ setSubmissionDeadlineUrl: '?',
toolContentID: '${param.toolContentID}',
messageNotification: '',
messageRestrictionSet: '',
Index: lams_tool_task/src/java/org/lamsfoundation/lams/tool/taskList/web/controller/MonitoringController.java
===================================================================
diff -u -rf23f6693e999a16730433009b95264fa8af9e1a8 -r1beaa4cc5e224dd433297d543c5511234c0bfc10
--- lams_tool_task/src/java/org/lamsfoundation/lams/tool/taskList/web/controller/MonitoringController.java (.../MonitoringController.java) (revision f23f6693e999a16730433009b95264fa8af9e1a8)
+++ lams_tool_task/src/java/org/lamsfoundation/lams/tool/taskList/web/controller/MonitoringController.java (.../MonitoringController.java) (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -64,6 +64,7 @@
import org.springframework.http.MediaType;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.util.HtmlUtils;
@@ -400,10 +401,9 @@
/**
* Set Submission Deadline
*/
- @RequestMapping(path = "/setSubmissionDeadline", produces = MediaType.TEXT_PLAIN_VALUE)
+ @RequestMapping(path = "/setSubmissionDeadline", method = RequestMethod.POST, produces = MediaType.TEXT_PLAIN_VALUE)
@ResponseBody
public String setSubmissionDeadline(HttpServletRequest request) {
-
Long contentID = WebUtil.readLongParam(request, AttributeNames.PARAM_TOOL_CONTENT_ID);
TaskList taskList = taskListService.getTaskListByContentId(contentID);
@@ -421,6 +421,7 @@
}
taskList.setSubmissionDeadline(tzSubmissionDeadline);
taskListService.saveOrUpdateTaskList(taskList);
+
return formattedDate;
}
Index: lams_tool_task/web/WEB-INF/tlds/security/csrfguard.tld
===================================================================
diff -u
--- lams_tool_task/web/WEB-INF/tlds/security/csrfguard.tld (revision 0)
+++ lams_tool_task/web/WEB-INF/tlds/security/csrfguard.tld (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -0,0 +1,70 @@
+
+
+
+ 1.2
+ 2.0
+ Owasp CsrfGuard Tag Library
+ http://www.owasp.org/index.php/Category:OWASP_CSRFGuard_Project/Owasp.CsrfGuard.tld
+
+ token
+ org.owasp.csrfguard.tag.TokenTag
+ empty
+
+ uri
+ false
+ true
+
+
+
+ tokenname
+ org.owasp.csrfguard.tag.TokenNameTag
+ empty
+
+
+ tokenvalue
+ org.owasp.csrfguard.tag.TokenValueTag
+ empty
+
+ uri
+ false
+ true
+
+
+
+ a
+ org.owasp.csrfguard.tag.ATag
+ true
+
+
+ form
+ org.owasp.csrfguard.tag.FormTag
+ true
+
+
Index: lams_tool_task/web/WEB-INF/web.xml
===================================================================
diff -u -rb935721d25817b83c29d3166a7fa9b4b9b7d3785 -r1beaa4cc5e224dd433297d543c5511234c0bfc10
--- lams_tool_task/web/WEB-INF/web.xml (.../web.xml) (revision b935721d25817b83c29d3166a7fa9b4b9b7d3785)
+++ lams_tool_task/web/WEB-INF/web.xml (.../web.xml) (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -58,6 +58,10 @@
UTF-8
+
+ CSRFGuard
+ org.owasp.csrfguard.CsrfGuardFilter
+
hibernateFilter
@@ -71,6 +75,10 @@
LocaleFilter
/*
+
+ CSRFGuard
+ *.do
+
spring
@@ -143,7 +151,6 @@
tags-xml
/WEB-INF/tlds/jstl/x.tld
-
@@ -156,14 +163,20 @@
tags-scriptfree
/WEB-INF/tlds/jstl/scriptfree.tld
-
tags-lams
/WEB-INF/tlds/lams/lams.tld
+
+
+
+
+ csrfguard
+ /WEB-INF/tlds/security/csrfguard.tld
+
Index: lams_tool_task/web/common/taglibs.jsp
===================================================================
diff -u -r7475d08afc280b5e2e5ddf04e8bf35e3166aaf80 -r1beaa4cc5e224dd433297d543c5511234c0bfc10
--- lams_tool_task/web/common/taglibs.jsp (.../taglibs.jsp) (revision 7475d08afc280b5e2e5ddf04e8bf35e3166aaf80)
+++ lams_tool_task/web/common/taglibs.jsp (.../taglibs.jsp) (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -1,5 +1,5 @@
<%@ page language="java" errorPage="/error.jsp" pageEncoding="UTF-8" contentType="text/html;charset=utf-8" %>
-
+<%@ taglib uri="csrfguard" prefix="csrf" %>
<%@ taglib uri="tags-function" prefix="fn" %>
<%@ taglib uri="tags-core" prefix="c" %>
<%@ taglib uri="tags-fmt" prefix="fmt" %>
Index: lams_tool_task/web/pages/monitoring/monitoring.jsp
===================================================================
diff -u -r1ba75f43a383fb925aae69975d748d0a8dfdf9a5 -r1beaa4cc5e224dd433297d543c5511234c0bfc10
--- lams_tool_task/web/pages/monitoring/monitoring.jsp (.../monitoring.jsp) (revision 1ba75f43a383fb925aae69975d748d0a8dfdf9a5)
+++ lams_tool_task/web/pages/monitoring/monitoring.jsp (.../monitoring.jsp) (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -17,7 +17,7 @@
lams: '${lams}',
submissionDeadline: '${sessionMap.submissionDeadline}',
submissionDateString: '${sessionMap.submissionDateString}',
- setSubmissionDeadlineUrl: '',
+ setSubmissionDeadlineUrl: '?',
toolContentID: '${toolContentID}',
messageNotification: '',
messageRestrictionSet: '',
Index: lams_tool_vote/src/java/org/lamsfoundation/lams/tool/vote/web/controller/MonitoringController.java
===================================================================
diff -u -r879fb356ece6075603479b01215a6b05465a59c8 -r1beaa4cc5e224dd433297d543c5511234c0bfc10
--- lams_tool_vote/src/java/org/lamsfoundation/lams/tool/vote/web/controller/MonitoringController.java (.../MonitoringController.java) (revision 879fb356ece6075603479b01215a6b05465a59c8)
+++ lams_tool_vote/src/java/org/lamsfoundation/lams/tool/vote/web/controller/MonitoringController.java (.../MonitoringController.java) (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -59,6 +59,7 @@
import org.springframework.http.MediaType;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.util.HtmlUtils;
@@ -304,33 +305,7 @@
return responseJSON.toString();
}
- /*
- * Possible error: forward "learnerNotebook" is not listed in Struts
- *
- * @RequestMapping("/openNotebook")
- * public ActionForward openNotebook(HttpServletRequest request) throws IOException, ServletException, ToolException
- * {
- * String userId = request.getParameter("userId");
- *
- * String userName = request.getParameter("userName");
- *
- * String sessionId = request.getParameter("sessionId");
- *
- * NotebookEntry notebookEntry = voteService.getEntry(new Long(sessionId), CoreNotebookConstants.NOTEBOOK_TOOL,
- * VoteAppConstants.MY_SIGNATURE, new Integer(userId));
- *
- * VoteGeneralLearnerFlowDTO voteGeneralLearnerFlowDTO = new VoteGeneralLearnerFlowDTO();
- * if (notebookEntry != null) {
- * //String notebookEntryPresentable = VoteUtils.replaceNewLines(notebookEntry.getEntry());
- * voteGeneralLearnerFlowDTO.setNotebookEntry(notebookEntry.getEntry());
- * voteGeneralLearnerFlowDTO.setUserName(userName);
- * }
- * request.setAttribute(VoteAppConstants.VOTE_GENERAL_LEARNER_FLOW_DTO, voteGeneralLearnerFlowDTO);
- *
- * return mapping.findForward(VoteAppConstants.LEARNER_NOTEBOOK);
- * }
- */
- @RequestMapping(path = "/setSubmissionDeadline", produces = MediaType.TEXT_PLAIN_VALUE)
+ @RequestMapping(path = "/setSubmissionDeadline", method = RequestMethod.POST, produces = MediaType.TEXT_PLAIN_VALUE)
@ResponseBody
public String setSubmissionDeadline(HttpServletRequest request) {
Long contentID = WebUtil.readLongParam(request, AttributeNames.PARAM_TOOL_CONTENT_ID);
@@ -350,6 +325,7 @@
}
voteContent.setSubmissionDeadline(tzSubmissionDeadline);
voteService.updateVote(voteContent);
+
return formattedDate;
}
Index: lams_tool_vote/web/WEB-INF/tlds/security/csrfguard.tld
===================================================================
diff -u
--- lams_tool_vote/web/WEB-INF/tlds/security/csrfguard.tld (revision 0)
+++ lams_tool_vote/web/WEB-INF/tlds/security/csrfguard.tld (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -0,0 +1,70 @@
+
+
+
+ 1.2
+ 2.0
+ Owasp CsrfGuard Tag Library
+ http://www.owasp.org/index.php/Category:OWASP_CSRFGuard_Project/Owasp.CsrfGuard.tld
+
+ token
+ org.owasp.csrfguard.tag.TokenTag
+ empty
+
+ uri
+ false
+ true
+
+
+
+ tokenname
+ org.owasp.csrfguard.tag.TokenNameTag
+ empty
+
+
+ tokenvalue
+ org.owasp.csrfguard.tag.TokenValueTag
+ empty
+
+ uri
+ false
+ true
+
+
+
+ a
+ org.owasp.csrfguard.tag.ATag
+ true
+
+
+ form
+ org.owasp.csrfguard.tag.FormTag
+ true
+
+
Index: lams_tool_vote/web/WEB-INF/web.xml
===================================================================
diff -u -rb935721d25817b83c29d3166a7fa9b4b9b7d3785 -r1beaa4cc5e224dd433297d543c5511234c0bfc10
--- lams_tool_vote/web/WEB-INF/web.xml (.../web.xml) (revision b935721d25817b83c29d3166a7fa9b4b9b7d3785)
+++ lams_tool_vote/web/WEB-INF/web.xml (.../web.xml) (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -37,7 +37,6 @@
org.lamsfoundation.lams.web.session.SystemSessionFilter
-
hibernateFilter
@@ -48,13 +47,16 @@
coreSessionFactory
-
LocaleFilter
org.lamsfoundation.lams.web.filter.LocaleFilter
+
+ CSRFGuard
+ org.owasp.csrfguard.CsrfGuardFilter
+
SystemSessionFilter
@@ -70,6 +72,10 @@
LocaleFilter
/*
+
+ CSRFGuard
+ *.do
+
@@ -171,7 +177,6 @@
tags-xml
/WEB-INF/tlds/jstl/x.tld
-
@@ -184,15 +189,20 @@
tags-scriptfree
/WEB-INF/tlds/jstl/scriptfree.tld
-
-
tags-lams
/WEB-INF/tlds/lams/lams.tld
+
+
+
+
+ csrfguard
+ /WEB-INF/tlds/security/csrfguard.tld
+
Index: lams_tool_vote/web/common/taglibs.jsp
===================================================================
diff -u -r7475d08afc280b5e2e5ddf04e8bf35e3166aaf80 -r1beaa4cc5e224dd433297d543c5511234c0bfc10
--- lams_tool_vote/web/common/taglibs.jsp (.../taglibs.jsp) (revision 7475d08afc280b5e2e5ddf04e8bf35e3166aaf80)
+++ lams_tool_vote/web/common/taglibs.jsp (.../taglibs.jsp) (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -1,4 +1,5 @@
<%@ page language="java" pageEncoding="UTF-8" contentType="text/html;charset=utf-8" %>
+<%@ taglib uri="csrfguard" prefix="csrf" %>
<%@ taglib uri="tags-function" prefix="fn" %>
<%@ taglib uri="tags-core" prefix="c" %>
<%@ taglib uri="tags-fmt" prefix="fmt" %>
Index: lams_tool_vote/web/monitoring/SummaryContent.jsp
===================================================================
diff -u -r7475d08afc280b5e2e5ddf04e8bf35e3166aaf80 -r1beaa4cc5e224dd433297d543c5511234c0bfc10
--- lams_tool_vote/web/monitoring/SummaryContent.jsp (.../SummaryContent.jsp) (revision 7475d08afc280b5e2e5ddf04e8bf35e3166aaf80)
+++ lams_tool_vote/web/monitoring/SummaryContent.jsp (.../SummaryContent.jsp) (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -15,7 +15,7 @@
lams: '${lams}',
submissionDeadline: '${submissionDeadline}',
submissionDateString: '${submissionDateString}',
- setSubmissionDeadlineUrl: '',
+ setSubmissionDeadlineUrl: '?',
toolContentID: '${toolContentID}',
messageNotification: '',
messageRestrictionSet: '',
Index: lams_tool_wiki/src/java/org/lamsfoundation/lams/tool/wiki/web/controller/MonitoringController.java
===================================================================
diff -u -rf2ad75cef0c507a64877942631fee13efbc6ed50 -r1beaa4cc5e224dd433297d543c5511234c0bfc10
--- lams_tool_wiki/src/java/org/lamsfoundation/lams/tool/wiki/web/controller/MonitoringController.java (.../MonitoringController.java) (revision f2ad75cef0c507a64877942631fee13efbc6ed50)
+++ lams_tool_wiki/src/java/org/lamsfoundation/lams/tool/wiki/web/controller/MonitoringController.java (.../MonitoringController.java) (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -241,10 +241,9 @@
/**
* Set Submission Deadline
*/
- @RequestMapping(path = "/setSubmissionDeadline", produces = MediaType.TEXT_PLAIN_VALUE)
+ @RequestMapping(path = "/setSubmissionDeadline", method = RequestMethod.POST, produces = MediaType.TEXT_PLAIN_VALUE)
@ResponseBody
- public String setSubmissionDeadline(HttpServletRequest request, HttpServletResponse response) throws IOException {
-
+ public String setSubmissionDeadline(HttpServletRequest request) {
Long contentID = WebUtil.readLongParam(request, AttributeNames.PARAM_TOOL_CONTENT_ID);
Wiki wiki = wikiService.getWikiByContentId(contentID);
@@ -261,7 +260,7 @@
}
wiki.setSubmissionDeadline(tzSubmissionDeadline);
wikiService.saveOrUpdateWiki(wiki);
- response.setContentType("text/plain;charset=utf-8");
+
return formattedDate;
}
Index: lams_tool_wiki/web/WEB-INF/tlds/security/csrfguard.tld
===================================================================
diff -u
--- lams_tool_wiki/web/WEB-INF/tlds/security/csrfguard.tld (revision 0)
+++ lams_tool_wiki/web/WEB-INF/tlds/security/csrfguard.tld (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -0,0 +1,70 @@
+
+
+
+ 1.2
+ 2.0
+ Owasp CsrfGuard Tag Library
+ http://www.owasp.org/index.php/Category:OWASP_CSRFGuard_Project/Owasp.CsrfGuard.tld
+
+ token
+ org.owasp.csrfguard.tag.TokenTag
+ empty
+
+ uri
+ false
+ true
+
+
+
+ tokenname
+ org.owasp.csrfguard.tag.TokenNameTag
+ empty
+
+
+ tokenvalue
+ org.owasp.csrfguard.tag.TokenValueTag
+ empty
+
+ uri
+ false
+ true
+
+
+
+ a
+ org.owasp.csrfguard.tag.ATag
+ true
+
+
+ form
+ org.owasp.csrfguard.tag.FormTag
+ true
+
+
Index: lams_tool_wiki/web/WEB-INF/web.xml
===================================================================
diff -u -rb935721d25817b83c29d3166a7fa9b4b9b7d3785 -r1beaa4cc5e224dd433297d543c5511234c0bfc10
--- lams_tool_wiki/web/WEB-INF/web.xml (.../web.xml) (revision b935721d25817b83c29d3166a7fa9b4b9b7d3785)
+++ lams_tool_wiki/web/WEB-INF/web.xml (.../web.xml) (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -43,6 +43,10 @@
org.lamsfoundation.lams.web.filter.LocaleFilter
+
+ CSRFGuard
+ org.owasp.csrfguard.CsrfGuardFilter
+
SystemSessionFilter
@@ -56,6 +60,10 @@
LocaleFilter
/*
+
+ CSRFGuard
+ *.do
+
@@ -168,6 +176,13 @@
tags-lams
/WEB-INF/tlds/lams/lams.tld
+
+
+
+
+ csrfguard
+ /WEB-INF/tlds/security/csrfguard.tld
+
Index: lams_tool_wiki/web/common/taglibs.jsp
===================================================================
diff -u -rf6959ef7792273a7ff3f05439513533678f9cc1f -r1beaa4cc5e224dd433297d543c5511234c0bfc10
--- lams_tool_wiki/web/common/taglibs.jsp (.../taglibs.jsp) (revision f6959ef7792273a7ff3f05439513533678f9cc1f)
+++ lams_tool_wiki/web/common/taglibs.jsp (.../taglibs.jsp) (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -1,6 +1,6 @@
<%@ page language="java" pageEncoding="UTF-8" contentType="text/html;charset=utf-8"%>
<%@ page import="org.lamsfoundation.lams.tool.wiki.util.WikiConstants"%>
-
+<%@ taglib uri="csrfguard" prefix="csrf" %>
<%@ taglib uri="tags-core" prefix="c"%>
<%@ taglib uri="tags-function" prefix="fn" %>
<%@ taglib uri="tags-fmt" prefix="fmt"%>
Index: lams_tool_wiki/web/pages/monitoring/summary.jsp
===================================================================
diff -u -r5a0c67fe7b338c1f3ad27b7e309d993feb90a0b5 -r1beaa4cc5e224dd433297d543c5511234c0bfc10
--- lams_tool_wiki/web/pages/monitoring/summary.jsp (.../summary.jsp) (revision 5a0c67fe7b338c1f3ad27b7e309d993feb90a0b5)
+++ lams_tool_wiki/web/pages/monitoring/summary.jsp (.../summary.jsp) (revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
@@ -15,7 +15,7 @@
lams: '${lams}',
submissionDeadline: '${submissionDeadline}',
submissionDateString: '${submissionDateString}',
- setSubmissionDeadlineUrl: '',
+ setSubmissionDeadlineUrl: '?',
toolContentID: '${param.toolContentID}',
messageNotification: '',
messageRestrictionSet: '',