mirror of
https://github.com/vanitasvitae/Smack.git
synced 2024-11-26 14:02:06 +01:00
1) SMACK-170 - Added JID escaping capabilities to SMACK.
2) Escaping form field values to prevent bad xml. git-svn-id: http://svn.igniterealtime.org/svn/repos/smack/trunk@5363 b35dd754-fafc-0310-a699-88a17e54d16e
This commit is contained in:
parent
1df8baa6f7
commit
85781a7158
8 changed files with 83 additions and 35 deletions
|
@ -425,6 +425,7 @@ public class XMPPConnection {
|
|||
}
|
||||
// Do partial version of nameprep on the username.
|
||||
username = username.toLowerCase().trim();
|
||||
username = StringUtils.escapeNode(username);
|
||||
|
||||
String response;
|
||||
if (configuration.isSASLAuthenticationEnabled() &&
|
||||
|
|
|
@ -112,7 +112,7 @@ public abstract class Packet {
|
|||
* value has not been set.
|
||||
*/
|
||||
public String getTo() {
|
||||
return to;
|
||||
return StringUtils.escapeJID(to);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -134,7 +134,7 @@ public abstract class Packet {
|
|||
* valud has not been set.
|
||||
*/
|
||||
public String getFrom() {
|
||||
return from;
|
||||
return StringUtils.escapeJID(from);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -198,7 +198,7 @@ public class RosterPacket extends IQ {
|
|||
|
||||
public String toXML() {
|
||||
StringBuilder buf = new StringBuilder();
|
||||
buf.append("<item jid=\"").append(user).append("\"");
|
||||
buf.append("<item jid=\"").append(StringUtils.escapeJID(user)).append("\"");
|
||||
if (name != null) {
|
||||
buf.append(" name=\"").append(StringUtils.escapeForXML(name)).append("\"");
|
||||
}
|
||||
|
|
|
@ -47,7 +47,7 @@ public class StringUtils {
|
|||
if (XMPPAddress == null) {
|
||||
return null;
|
||||
}
|
||||
int atIndex = XMPPAddress.indexOf("@");
|
||||
int atIndex = XMPPAddress.lastIndexOf("@");
|
||||
if (atIndex <= 0) {
|
||||
return "";
|
||||
}
|
||||
|
@ -68,7 +68,7 @@ public class StringUtils {
|
|||
if (XMPPAddress == null) {
|
||||
return null;
|
||||
}
|
||||
int atIndex = XMPPAddress.indexOf("@");
|
||||
int atIndex = XMPPAddress.lastIndexOf("@");
|
||||
// If the String ends with '@', return the empty string.
|
||||
if (atIndex + 1 > XMPPAddress.length()) {
|
||||
return "";
|
||||
|
@ -127,6 +127,8 @@ public class StringUtils {
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* Escapes the node portion of a JID according to "JID Escaping" (JEP-0106).
|
||||
* Escaping replaces characters prohibited by node-prep with escape sequences,
|
||||
|
@ -166,15 +168,9 @@ public class StringUtils {
|
|||
for (int i=0, n=node.length(); i<n; i++) {
|
||||
char c = node.charAt(i);
|
||||
switch (c) {
|
||||
case '"': buf.append("\\22"); break;
|
||||
case '&': buf.append("\\26"); break;
|
||||
case '\'': buf.append("\\27"); break;
|
||||
case '/': buf.append("\\2f"); break;
|
||||
case ':': buf.append("\\3a"); break;
|
||||
case '<': buf.append("\\3c"); break;
|
||||
case '>': buf.append("\\3e"); break;
|
||||
|
||||
case '@': buf.append("\\40"); break;
|
||||
case '\\': buf.append("\\5c"); break;
|
||||
|
||||
default: {
|
||||
if (Character.isWhitespace(c)) {
|
||||
buf.append("\\20");
|
||||
|
@ -188,6 +184,43 @@ public class StringUtils {
|
|||
return buf.toString();
|
||||
}
|
||||
|
||||
/**
|
||||
* Escapes a complete JID by examing the Node itself and escaping
|
||||
* when neccessary.
|
||||
* @param jid the users JID
|
||||
* @return the escaped JID.
|
||||
*/
|
||||
public static String escapeJID(String jid){
|
||||
if(jid == null){
|
||||
return null;
|
||||
}
|
||||
|
||||
final StringBuilder builder = new StringBuilder();
|
||||
String node = parseName(jid);
|
||||
String restOfJID = jid.substring(node.length());
|
||||
builder.append(escapeNode(node));
|
||||
builder.append(restOfJID);
|
||||
return builder.toString();
|
||||
}
|
||||
|
||||
/**
|
||||
* Unescapes a complete JID by examing the node itself and unescaping when necessary.
|
||||
* @param jid the users jid.
|
||||
* @return the unescaped JID.
|
||||
*/
|
||||
public static String unescapeJID(String jid){
|
||||
if(jid == null){
|
||||
return null;
|
||||
}
|
||||
|
||||
final StringBuilder builder = new StringBuilder();
|
||||
String node = parseName(jid);
|
||||
String restOfJID = jid.substring(node.length());
|
||||
builder.append(unescapeNode(node));
|
||||
builder.append(restOfJID);
|
||||
return builder.toString();
|
||||
}
|
||||
|
||||
/**
|
||||
* Un-escapes the node portion of a JID according to "JID Escaping" (JEP-0106).<p>
|
||||
* Escaping replaces characters prohibited by node-prep with escape sequences,
|
||||
|
|
|
@ -20,6 +20,8 @@
|
|||
|
||||
package org.jivesoftware.smackx;
|
||||
|
||||
import org.jivesoftware.smack.util.StringUtils;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collections;
|
||||
import java.util.Iterator;
|
||||
|
@ -288,7 +290,7 @@ public class FormField {
|
|||
}
|
||||
// Loop through all the values and append them to the string buffer
|
||||
for (Iterator<String> i = getValues(); i.hasNext();) {
|
||||
buf.append("<value>").append(i.next()).append("</value>");
|
||||
buf.append("<value>").append(StringUtils.escapeForXML(i.next())).append("</value>");
|
||||
}
|
||||
// Loop through all the values and append them to the string buffer
|
||||
for (Iterator i = getOptions(); i.hasNext();) {
|
||||
|
|
|
@ -20,6 +20,8 @@
|
|||
|
||||
package org.jivesoftware.smackx;
|
||||
|
||||
import org.jivesoftware.smack.util.StringUtils;
|
||||
|
||||
import java.util.*;
|
||||
|
||||
/**
|
||||
|
@ -100,7 +102,7 @@ public class RemoteRosterEntry {
|
|||
|
||||
public String toXML() {
|
||||
StringBuilder buf = new StringBuilder();
|
||||
buf.append("<item jid=\"").append(user).append("\"");
|
||||
buf.append("<item jid=\"").append(StringUtils.escapeJID(user)).append("\"");
|
||||
if (name != null) {
|
||||
buf.append(" name=\"").append(name).append("\"");
|
||||
}
|
||||
|
|
|
@ -21,6 +21,7 @@
|
|||
package org.jivesoftware.smackx.packet;
|
||||
|
||||
import org.jivesoftware.smack.packet.PacketExtension;
|
||||
import org.jivesoftware.smack.util.StringUtils;
|
||||
|
||||
/**
|
||||
* Represents extended presence information about roles, affiliations, full JIDs,
|
||||
|
@ -496,7 +497,7 @@ public class MUCUser implements PacketExtension {
|
|||
buf.append(" affiliation=\"").append(getAffiliation()).append("\"");
|
||||
}
|
||||
if (getJid() != null) {
|
||||
buf.append(" jid=\"").append(getJid()).append("\"");
|
||||
buf.append(" jid=\"").append(StringUtils.escapeJID(getJid())).append("\"");
|
||||
}
|
||||
if (getNick() != null) {
|
||||
buf.append(" nick=\"").append(getNick()).append("\"");
|
||||
|
@ -513,7 +514,7 @@ public class MUCUser implements PacketExtension {
|
|||
buf.append("<reason>").append(getReason()).append("</reason>");
|
||||
}
|
||||
if (getActor() != null) {
|
||||
buf.append("<actor jid=\"").append(getActor()).append("\"/>");
|
||||
buf.append("<actor jid=\"").append(StringUtils.escapeJID(getActor())).append("\"/>");
|
||||
}
|
||||
buf.append("</item>");
|
||||
}
|
||||
|
@ -608,7 +609,7 @@ public class MUCUser implements PacketExtension {
|
|||
StringBuilder buf = new StringBuilder();
|
||||
buf.append("<destroy");
|
||||
if (getJid() != null) {
|
||||
buf.append(" jid=\"").append(getJid()).append("\"");
|
||||
buf.append(" jid=\"").append(StringUtils.escapeJID(getJid())).append("\"");
|
||||
}
|
||||
if (getReason() == null) {
|
||||
buf.append("/>");
|
||||
|
|
|
@ -49,7 +49,7 @@ public class UserSearchManager {
|
|||
/**
|
||||
* Creates a new UserSearchManager.
|
||||
*
|
||||
* @param con the XMPPConnection to use.
|
||||
* @param con the XMPPConnection to use.
|
||||
*/
|
||||
public UserSearchManager(XMPPConnection con) {
|
||||
this.con = con;
|
||||
|
@ -71,7 +71,7 @@ public class UserSearchManager {
|
|||
* Submits a search form to the server and returns the resulting information
|
||||
* in the form of <code>ReportedData</code>
|
||||
*
|
||||
* @param searchForm the <code>Form</code> to submit for searching.
|
||||
* @param searchForm the <code>Form</code> to submit for searching.
|
||||
* @param searchService the name of the search service to use.
|
||||
* @return the ReportedData returned by the server.
|
||||
* @throws XMPPException thrown if a server error has occurred.
|
||||
|
@ -88,18 +88,27 @@ public class UserSearchManager {
|
|||
* @throws XMPPException thrown if a server error has occurred.
|
||||
*/
|
||||
public Collection getSearchServices() throws XMPPException {
|
||||
List searchServices = new ArrayList();
|
||||
final List<String> searchServices = new ArrayList<String>();
|
||||
ServiceDiscoveryManager discoManager = ServiceDiscoveryManager.getInstanceFor(con);
|
||||
DiscoverItems items = discoManager.discoverItems(con.getServiceName());
|
||||
for (Iterator it = items.getItems(); it.hasNext();) {
|
||||
DiscoverItems.Item item = (DiscoverItems.Item) it.next();
|
||||
Iterator iter = items.getItems();
|
||||
while (iter.hasNext()) {
|
||||
DiscoverItems.Item item = (DiscoverItems.Item) iter.next();
|
||||
try {
|
||||
DiscoverInfo info = discoManager.discoverInfo(item.getEntityID());
|
||||
DiscoverInfo info = null;
|
||||
try {
|
||||
info = discoManager.discoverInfo(item.getEntityID());
|
||||
}
|
||||
catch (XMPPException e) {
|
||||
// Ignore Case
|
||||
continue;
|
||||
}
|
||||
|
||||
if (info.containsFeature("jabber:iq:search")) {
|
||||
searchServices.add(item.getEntityID());
|
||||
}
|
||||
}
|
||||
catch (XMPPException e) {
|
||||
catch (Exception e) {
|
||||
// No info found.
|
||||
break;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue