Index: lams_central/src/java/org/lamsfoundation/lams/web/LAMSUploadServlet.java
===================================================================
diff -u -r1f1e2dc03c0ce50b07e8dd165cb8c566326d5814 -rf78211d8d91db7e763371407f0ea29973542b5c2
--- lams_central/src/java/org/lamsfoundation/lams/web/LAMSUploadServlet.java (.../LAMSUploadServlet.java) (revision 1f1e2dc03c0ce50b07e8dd165cb8c566326d5814)
+++ lams_central/src/java/org/lamsfoundation/lams/web/LAMSUploadServlet.java (.../LAMSUploadServlet.java) (revision f78211d8d91db7e763371407f0ea29973542b5c2)
@@ -1,338 +1,319 @@
/*
- * FCKeditor - The text editor for internet
- * Copyright (C) 2003-2005 Frederico Caldeira Knabben
- *
- * Licensed under the terms of the GNU Lesser General Public License:
- * http://www.opensource.org/licenses/lgpl-license.php
- *
- * For further information visit:
- * http://www.fckeditor.net/
- *
- * File Name: ConnectorServlet.java
- * Java Connector for Resource Manager class.
- *
- * Version: 2.3
- * Modified: 2005-08-11 16:29:00
- *
- * File Authors:
- * Simone Chiaretta (simo@users.sourceforge.net)
- */
-
+Copyright (c) 2003-2011, CKSource - Frederico Knabben. All rights reserved.
+For licensing, see LICENSE.html or http://ckeditor.com/license
+*/
+
package org.lamsfoundation.lams.web;
-import java.io.*;
+import java.io.File;
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.Hashtable;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
-import javax.servlet.*;
-import javax.servlet.http.*;
-import java.util.*;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.fileupload.*;
+import org.apache.commons.fileupload.DiskFileUpload;
+import org.apache.commons.fileupload.FileItem;
+import org.apache.log4j.Logger;
import org.lamsfoundation.lams.authoring.web.AuthoringConstants;
import org.lamsfoundation.lams.util.Configuration;
import org.lamsfoundation.lams.util.ConfigurationKeys;
import org.lamsfoundation.lams.util.FileUtil;
/**
* Servlet to upload files.
- *
+ *
* This servlet accepts just file uploads, eventually with a parameter specifying file type
- *
- * This servlet has been modified for LAMS to support the lams_www/secure/[design folder] format. The design folder is
- * a folder with a unique numeric name. Whenever a new design is created (using "New" in the client), a new design
- * folder name is assigned. The [design folder] is passed in as the CurrentFolder. This servlet supports the image and link
+ *
+ * This servlet has been modified for LAMS to support the lams_www/secure/[design folder] format. The design folder is a
+ * folder with a unique numeric name. Whenever a new design is created (using "New" in the client), a new design folder
+ * name is assigned. The [design folder] is passed in as the CurrentFolder. This servlet supports the image and link
* windows, not the browse window.
*
- *
+ *
* @author Simone Chiaretta (simo@users.sourceforge.net)
* @author Mitchell Seaton
*
* @web:servlet name="SimpleUploader" load-on-startup = "1"
- * @web.servlet-init-param name = "baseDir"
- * value = "secure"
- * @web.servlet-init-param name = "debug"
- * value = "true"
- * @web.servlet-init-param name = "enabled"
- * value = "true"
- * @web.servlet-init-param name = "AllowedExtensionsFile"
- * value = ""
- * @web.servlet-init-param name = "DeniedExtensionsFile"
- * value = "php|php3|php5|phtml|asp|aspx|ascx|jsp|cfm|cfc|pl|bat|exe|dll|reg|cg"
- * @web.servlet-init-param name = "AllowedExtensionsImage"
- * value = "jpg|gif|jpeg|png|bmp"
- * @web.servlet-init-param name = "DeniedExtensionsImage"
- * value = ""
- * @web.servlet-init-param name = "AllowedExtensionsFlash"
- * value = "swf|fla"
- * @web.servlet-init-param name = "DeniedExtensionsFlash"
- * value = ""
+ * @web.servlet-init-param name = "baseDir" value = "secure"
+ * @web.servlet-init-param name = "debug" value = "true"
+ * @web.servlet-init-param name = "enabled" value = "true"
+ * @web.servlet-init-param name = "AllowedExtensionsFile" value = ""
+ * @web.servlet-init-param name = "DeniedExtensionsFile" value =
+ * "php|php3|php5|phtml|asp|aspx|ascx|jsp|cfm|cfc|pl|bat|exe|dll|reg|cg"
+ * @web.servlet-init-param name = "AllowedExtensionsImage" value = "jpg|gif|jpeg|png|bmp"
+ * @web.servlet-init-param name = "DeniedExtensionsImage" value = ""
+ * @web.servlet-init-param name = "AllowedExtensionsFlash" value = "swf|fla"
+ * @web.servlet-init-param name = "DeniedExtensionsFlash" value = ""
* @web:servlet-mapping url-pattern="/ckeditor/filemanager/upload/simpleuploader"
*
*/
public class LAMSUploadServlet extends HttpServlet {
-
- private static String baseDir;
- private String realBaseDir;
- private String lamsContextPath;
- private static boolean debug=false;
- private static boolean enabled=false;
- private static Hashtable allowedExtensions;
- private static Hashtable deniedExtensions;
-
- /**
- * Initialize the servlet.
- * Retrieve from the servlet configuration the "baseDir" which is the root of the file repository:
- * If not specified the value of "/UserFiles/" will be used.
- * Also it retrieve all allowed and denied extensions to be handled.
- *
- */
- public void init() throws ServletException {
-
- debug=(new Boolean(getInitParameter("debug"))).booleanValue();
-
- if(debug) System.out.println("\r\n---- SimpleUploaderServlet initialization started ----");
-
- baseDir=getInitParameter("baseDir");
- enabled=(new Boolean(getInitParameter("enabled"))).booleanValue();
-
- if(baseDir==null)
- baseDir="secure";
-
- getConfigKeyValues();
-
- File baseFile=new File(realBaseDir);
- if(!baseFile.exists()){
- baseFile.mkdir();
- }
-
- allowedExtensions = new Hashtable(3);
- deniedExtensions = new Hashtable(3);
-
- allowedExtensions.put("File",stringToArrayList(getInitParameter("AllowedExtensionsFile")));
- deniedExtensions.put("File",stringToArrayList(getInitParameter("DeniedExtensionsFile")));
- allowedExtensions.put("Image",stringToArrayList(getInitParameter("AllowedExtensionsImage")));
- deniedExtensions.put("Image",stringToArrayList(getInitParameter("DeniedExtensionsImage")));
-
- allowedExtensions.put("Flash",stringToArrayList(getInitParameter("AllowedExtensionsFlash")));
- deniedExtensions.put("Flash",stringToArrayList(getInitParameter("DeniedExtensionsFlash")));
-
- if(debug) System.out.println("---- SimpleUploaderServlet initialization completed ----\r\n");
-
+ private static final Logger log = Logger.getLogger(LAMSUploadServlet.class);
+
+ private static String baseDir;
+ private static boolean debug = false;
+ private static boolean enabled = false;
+ private static Hashtable> allowedExtensions;
+ private static Hashtable> deniedExtensions;
+
+ private String realBaseDir;
+ private String lamsContextPath;
+
+ /**
+ * Initialize the servlet.
+ * Retrieve from the servlet configuration the "baseDir" which is the root of the file repository:
+ * If not specified the value of "/UserFiles/" will be used.
+ * Also it retrieve all allowed and denied extensions to be handled.
+ *
+ */
+ @Override
+ public void init() throws ServletException {
+
+ LAMSUploadServlet.debug = (new Boolean(getInitParameter("debug"))).booleanValue()
+ && LAMSUploadServlet.log.isDebugEnabled();
+
+ if (LAMSUploadServlet.debug) {
+ LAMSUploadServlet.log.debug("Initialization started");
}
-
- /**
- * Manage the Upload requests.
- *
- * The servlet accepts commands sent in the following format:
- * simpleUploader?Type=ResourceType
- * It store the file (renaming it in case a file with the same name exists) and then return an HTML file
- * with a javascript command in it.
- *
- */
- public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+ LAMSUploadServlet.baseDir = getInitParameter("baseDir");
+ LAMSUploadServlet.enabled = (new Boolean(getInitParameter("enabled"))).booleanValue();
- if (debug) System.out.println("--- BEGIN DOPOST ---");
+ if (LAMSUploadServlet.baseDir == null) {
+ LAMSUploadServlet.baseDir = "secure";
+ }
- // get realBaseDir and lamsContextPath at request time from config values in memory
- getConfigKeyValues();
-
- response.setContentType("text/html; charset=UTF-8");
- response.setHeader("Cache-Control","no-cache");
- PrintWriter out = response.getWriter();
-
- String retVal="0";
- String newName="";
- String fileUrl="";
- String errorMessage="";
-
- String typeStr=request.getParameter("Type");
- String currentFolderStr=request.getParameter("CurrentFolder");
- String ckeditorSetUrlFuncNum = request.getParameter("CKEditorFuncNum");
+ getConfigKeyValues();
- if(!isEnabled(currentFolderStr) && ckeditorSetUrlFuncNum != null) {
- retVal="203";
- out.println("");
- out.flush();
- out.close();
- return;
- }
-
-
- //String currentPath=baseDir+typeStr;
- //String currentDirPath=getServletContext().getRealPath(currentPath);
- //currentPath=request.getContextPath()+currentPath;
-
- // create content directory if non-existant
- String currentDirPath=realBaseDir + currentFolderStr;
- String validCurrentDirPath = currentDirPath.replace('/', File.separatorChar);
-
- String currentWebPath= lamsContextPath + AuthoringConstants.LAMS_WWW_FOLDER + FileUtil.LAMS_WWW_SECURE_DIR + currentFolderStr + typeStr;
-
- File currentContentDir=new File(validCurrentDirPath);
- if(!currentContentDir.exists()){
- currentContentDir.mkdir();
- }
-
- // create content type directory if non-existant
- validCurrentDirPath += typeStr;
-
- File currentDir=new File(validCurrentDirPath);
- if(!currentDir.exists()){
- currentDir.mkdir();
- }
-
- if (debug) System.out.println(currentDirPath);
-
- if(enabled) {
- DiskFileUpload upload = new DiskFileUpload();
- try {
- List items = upload.parseRequest(request);
-
- Map fields=new HashMap();
-
- Iterator iter = items.iterator();
- while (iter.hasNext()) {
- FileItem item = (FileItem) iter.next();
- if (item.isFormField())
- fields.put(item.getFieldName(),item.getString());
- else
- fields.put(item.getFieldName(),item);
- }
- FileItem uplFile=(FileItem)fields.get("NewFile");
- if (uplFile == null) {
- // form field name used by CKEditor 3.x
- uplFile = (FileItem) fields.get("upload");
- }
- String fileNameLong=uplFile.getName();
- fileNameLong=fileNameLong.replace('\\','/');
- String[] pathParts=fileNameLong.split("/");
- String fileName=pathParts[pathParts.length-1];
-
- String nameWithoutExt=getNameWithoutExtension(fileName);
- String ext=getExtension(fileName);
- File pathToSave=new File(validCurrentDirPath,fileName);
- fileUrl=currentWebPath+'/'+fileName;
- if(extIsAllowed(typeStr,ext)) {
- int counter=1;
- while(pathToSave.exists()){
- newName=nameWithoutExt+"_"+counter+"."+ext;
- fileUrl=currentWebPath+'/'+newName;
- retVal="201";
- pathToSave=new File(validCurrentDirPath,newName);
- counter++;
- }
- uplFile.write(pathToSave);
- }
- else {
- retVal="202";
- errorMessage="";
- if (debug) System.out.println("Invalid file type: " + ext);
- }
- }catch (Exception ex) {
- if (debug) ex.printStackTrace();
- retVal="203";
+ File baseFile = new File(realBaseDir);
+ if (!baseFile.exists()) {
+ baseFile.mkdir();
+ }
+
+ LAMSUploadServlet.allowedExtensions = new Hashtable>(3);
+ LAMSUploadServlet.deniedExtensions = new Hashtable>(3);
+
+ LAMSUploadServlet.allowedExtensions.put("File", stringToArrayList(getInitParameter("AllowedExtensionsFile")));
+ LAMSUploadServlet.deniedExtensions.put("File", stringToArrayList(getInitParameter("DeniedExtensionsFile")));
+
+ LAMSUploadServlet.allowedExtensions.put("Image", stringToArrayList(getInitParameter("AllowedExtensionsImage")));
+ LAMSUploadServlet.deniedExtensions.put("Image", stringToArrayList(getInitParameter("DeniedExtensionsImage")));
+
+ LAMSUploadServlet.allowedExtensions.put("Flash", stringToArrayList(getInitParameter("AllowedExtensionsFlash")));
+ LAMSUploadServlet.deniedExtensions.put("Flash", stringToArrayList(getInitParameter("DeniedExtensionsFlash")));
+
+ if (LAMSUploadServlet.debug) {
+ LAMSUploadServlet.log.debug("Initialization completed");
+ }
+ }
+
+ /**
+ * Manage the Upload requests.
+ *
+ * The servlet accepts commands sent in the following format:
+ * simpleUploader?Type=ResourceType
+ *
+ * It store the file (renaming it in case a file with the same name exists) and then return an HTML file with a
+ * javascript command in it.
+ *
+ */
+ @Override
+ public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+ if (LAMSUploadServlet.debug) {
+ LAMSUploadServlet.log.debug("Upload started");
+ }
+
+ String currentFolderStr = request.getParameter("CurrentFolder");
+
+ String newName = null;
+ String fileUrl = null;
+ String returnMessage = null;
+
+ if (currentFolderStr.equals("/-1/")) {
+ returnMessage = "Security error. You probably don't have enough permissions to upload. Please check your server.";
+ } else {
+ // get realBaseDir and lamsContextPath at request time from config values in memory
+ getConfigKeyValues();
+ String typeStr = request.getParameter("Type");
+
+ // create content directory if non-existant
+ String currentDirPath = realBaseDir + currentFolderStr;
+ String validCurrentDirPath = currentDirPath.replace('/', File.separatorChar);
+ String currentWebPath = lamsContextPath + AuthoringConstants.LAMS_WWW_FOLDER + FileUtil.LAMS_WWW_SECURE_DIR
+ + currentFolderStr + typeStr;
+
+ File currentContentDir = new File(validCurrentDirPath);
+ if (!currentContentDir.exists()) {
+ currentContentDir.mkdir();
+ }
+
+ // create content type directory if non-existant
+ validCurrentDirPath += typeStr;
+
+ File currentDir = new File(validCurrentDirPath);
+ if (!currentDir.exists()) {
+ currentDir.mkdir();
+ }
+
+ if (LAMSUploadServlet.debug) {
+ LAMSUploadServlet.log.debug(currentDirPath);
+ }
+
+ if (LAMSUploadServlet.enabled) {
+ DiskFileUpload upload = new DiskFileUpload();
+ try {
+ List items = upload.parseRequest(request);
+
+ Map fields = new HashMap();
+
+ Iterator iter = items.iterator();
+ while (iter.hasNext()) {
+ FileItem item = iter.next();
+ if (item.isFormField()) {
+ fields.put(item.getFieldName(), item.getString());
+ } else {
+ fields.put(item.getFieldName(), item);
}
+ }
+ FileItem uplFile = (FileItem) fields.get("NewFile");
+ if (uplFile == null) {
+ // form field name used by CKEditor 3.x
+ uplFile = (FileItem) fields.get("upload");
+ }
+ String fileNameLong = uplFile.getName();
+ fileNameLong = fileNameLong.replace('\\', '/');
+ String[] pathParts = fileNameLong.split("/");
+ String fileName = pathParts[pathParts.length - 1];
+
+ String nameWithoutExt = LAMSUploadServlet.getNameWithoutExtension(fileName);
+ String ext = getExtension(fileName);
+ File pathToSave = new File(validCurrentDirPath, fileName);
+ fileUrl = currentWebPath + '/' + fileName;
+ if (extIsAllowed(typeStr, ext)) {
+ int counter = 1;
+ newName = fileName;
+ while (pathToSave.exists()) {
+ newName = nameWithoutExt + "_" + counter + "." + ext;
+ fileUrl = currentWebPath + '/' + newName;
+ returnMessage = "A file with the same name is already available. The uploaded file has been renamed to: "
+ + newName;
+ pathToSave = new File(validCurrentDirPath, newName);
+ counter++;
+ }
+ uplFile.write(pathToSave);
+ } else {
+ returnMessage = "Invalid file type";
+ }
+ } catch (Exception e) {
+ LAMSUploadServlet.log.error(e);
+ returnMessage = "Error while uploading file";
}
- else {
- retVal="1";
- errorMessage="This file uploader is disabled. Please check the WEB-INF/web.xml file";
- }
-
- if (ckeditorSetUrlFuncNum != null) {
- out.println("");
- } else if (debug) {
- System.out
- .println("LAMSUploadServlet: Upload successful but no CKEditor method found to run after completion. ");
- }
+ } else {
+ returnMessage = "This file uploader is disabled. Please check the WEB-INF/web.xml file";
+ }
+ }
- out.flush();
- out.close();
-
- if (debug) System.out.println("--- END DOPOST ---");
-
+ if (returnMessage == null) {
+ returnMessage = "File successfully uploaded: " + newName;
}
+ String ckeditorSetUrlFuncNum = request.getParameter("CKEditorFuncNum");
- /*
- * This method was fixed after Kris Barnhoorn (kurioskronic) submitted SF bug #991489
- */
- private static String getNameWithoutExtension(String fileName) {
- return fileName.substring(0, fileName.lastIndexOf("."));
- }
-
- /*
- * This method was fixed after Kris Barnhoorn (kurioskronic) submitted SF bug #991489
- */
- private String getExtension(String fileName) {
- return fileName.substring(fileName.lastIndexOf(".")+1);
+ if (ckeditorSetUrlFuncNum != null) {
+ response.setContentType("text/html; charset=UTF-8");
+ response.setHeader("Cache-Control", "no-cache");
+ PrintWriter out = response.getWriter();
+
+ out.println("");
+ out.flush();
+ out.close();
+ } else if (LAMSUploadServlet.debug) {
+ LAMSUploadServlet.log
+ .debug("No CKEditor method found to run after completion, but upload finished with message: "
+ + returnMessage);
}
+ if (LAMSUploadServlet.debug) {
+ LAMSUploadServlet.log.debug("Upload finished");
+ }
+ }
+ /*
+ * This method was fixed after Kris Barnhoorn (kurioskronic) submitted SF bug #991489
+ */
+ private static String getNameWithoutExtension(String fileName) {
+ return fileName.substring(0, fileName.lastIndexOf("."));
+ }
- /**
- * Helper function to convert the configuration string to an ArrayList.
- */
-
- private ArrayList stringToArrayList(String str) {
-
- if(debug) System.out.println(str);
- String[] strArr=str.split("\\|");
-
- ArrayList tmp=new ArrayList();
- if(str.length()>0) {
- for(int i=0;i stringToArrayList(String str) {
+
+ if (LAMSUploadServlet.debug) {
+ LAMSUploadServlet.log.debug(str);
+ }
+ String[] strArr = str.split("\\|");
+
+ ArrayList tmp = new ArrayList();
+ if (str.length() > 0) {
+ for (int i = 0; i < strArr.length; ++i) {
+ if (LAMSUploadServlet.debug) {
+ LAMSUploadServlet.log.debug(i + " - " + strArr[i]);
}
- return tmp;
- }
+ tmp.add(strArr[i].toLowerCase());
+ }
+ }
+ return tmp;
+ }
+ /**
+ * Helper function to verify if a file extension is allowed or not allowed.
+ */
- /**
- * Helper function to verify if a file extension is allowed or not allowed.
- */
-
- private boolean extIsAllowed(String fileType, String ext) {
-
- ext=ext.toLowerCase();
-
- ArrayList allowList=(ArrayList)allowedExtensions.get(fileType);
- ArrayList denyList=(ArrayList)deniedExtensions.get(fileType);
-
- if(allowList.size()==0)
- if(denyList.contains(ext))
- return false;
- else
- return true;
+ private boolean extIsAllowed(String fileType, String ext) {
- if(denyList.size()==0)
- if(allowList.contains(ext))
- return true;
- else
- return false;
-
- return false;
- }
-
- private boolean isEnabled(String contentID) {
- if(contentID.equals("/-1/"))
- return false;
- else
- return true;
- }
+ String extLower = ext.toLowerCase();
- private void getConfigKeyValues() {
- realBaseDir = Configuration.get(ConfigurationKeys.LAMS_EAR_DIR) + File.separator + FileUtil.LAMS_WWW_DIR + File.separator + baseDir;
- lamsContextPath = "/" + Configuration.get(ConfigurationKeys.SERVER_URL_CONTEXT_PATH) +"/";
- }
-}
+ ArrayList allowList = LAMSUploadServlet.allowedExtensions.get(fileType);
+ ArrayList denyList = LAMSUploadServlet.deniedExtensions.get(fileType);
+ if (allowList.size() == 0) {
+ return !denyList.contains(extLower);
+ }
+
+ if (denyList.size() == 0) {
+ return allowList.contains(extLower);
+ }
+
+ return false;
+ }
+
+ private void getConfigKeyValues() {
+ realBaseDir = Configuration.get(ConfigurationKeys.LAMS_EAR_DIR) + File.separator + FileUtil.LAMS_WWW_DIR
+ + File.separator + LAMSUploadServlet.baseDir;
+ lamsContextPath = "/" + Configuration.get(ConfigurationKeys.SERVER_URL_CONTEXT_PATH) + "/";
+ }
+}
\ No newline at end of file