[PATCH] Encode print URL with GWT-means

Wald Commits scm-commit at wald.intevation.org
Fri Jan 12 17:53:40 CET 2018 

# HG changeset patch
# User Tom Gottfried <tom at intevation.de>
# Date 1515773262 -3600
# Node ID 890f708b18d68cc99723c5bbbf5018036785f9dd
# Parent  3ecf1f76b2b891e9d0612982f920170e58b54a13
Encode print URL with GWT-means.

The homebrew encoding partly resulted in URLs not accepted by Tomcat 7
due to the fix for CVE-2016-6816.

diff -r 3ecf1f76b2b8 -r 890f708b18d6 gwt-client/src/main/java/org/dive4elements/river/client/client/ui/map/MapPrintPanel.java
--- a/gwt-client/src/main/java/org/dive4elements/river/client/client/ui/map/MapPrintPanel.java	Fri Jan 12 12:12:27 2018 +0100
+++ b/gwt-client/src/main/java/org/dive4elements/river/client/client/ui/map/MapPrintPanel.java	Fri Jan 12 17:07:42 2018 +0100
@@ -22,9 +22,9 @@
 import org.dive4elements.river.client.shared.model.Property;
 import org.dive4elements.river.client.shared.model.PropertySetting;
 import org.dive4elements.river.client.shared.model.Settings;
-import org.dive4elements.river.client.shared.MapUtils;
 
 import com.google.gwt.core.client.GWT;
+import com.google.gwt.http.client.URL;
 import com.google.gwt.user.client.Window;
 import com.google.gwt.user.client.rpc.AsyncCallback;
 import com.smartgwt.client.types.Alignment;
@@ -258,7 +258,7 @@
 
         appendPrintToUrl(collection, url);
 
-        return url.toString();
+        return URL.encode(url.toString());
     }
 
     private void appendPrintToUrl(Collection collection, StringBuilder url) {
@@ -275,16 +275,15 @@
                 catch (MissingResourceException mre) {
                     localized = props.getName();
                 }
-                url.append(MapUtils.toSaveHTMLJavaString(localized));
+                url.append(localized);
                 url.append("=");
-                url.append(MapUtils.toSaveHTMLJavaString((String)props.getValue()));
+                url.append((String)props.getValue());
             }
         }
         // O.o
         String river = findRiver(((MapOutputTab)mapToolbar.getOutputTab()
                     ).getCollectionView().getArtifact());
-        url.append("&" + MapUtils.toSaveHTMLJavaString(MSG.getString(MAPFISH_RIVER)) + "=" +
-                MapUtils.toSaveHTMLJavaString(river));
+        url.append("&" + MSG.getString(MAPFISH_RIVER) + "=" + river);
     }
 
     // Copy of DatacageWindow's findRiver with added state for map.river
diff -r 3ecf1f76b2b8 -r 890f708b18d6 gwt-client/src/main/java/org/dive4elements/river/client/shared/MapUtils.java
--- a/gwt-client/src/main/java/org/dive4elements/river/client/shared/MapUtils.java	Fri Jan 12 12:12:27 2018 +0100
+++ b/gwt-client/src/main/java/org/dive4elements/river/client/shared/MapUtils.java	Fri Jan 12 17:07:42 2018 +0100
@@ -10,8 +10,6 @@
 
 import java.util.Date;
 
-import com.google.gwt.safehtml.shared.SafeHtmlUtils;
-
 
 public class MapUtils {
 
@@ -50,9 +48,6 @@
         return url;
     }
 
-    public static String toSaveHTMLJavaString(String str) {
-        return str == null ? null : SafeHtmlUtils.htmlEscape(toJavaEncodedString(str));
-    }
 
     public static String toJavaEncodedString(String str) {
         if (str == null) {

More information about the Dive4Elements-commits mailing list