Skip to content
This repository has been archived by the owner on Oct 5, 2021. It is now read-only.

Commit

Permalink
Merge pull request #954 from malithie/input-validation-user.mgt.ui
Browse files Browse the repository at this point in the history 
applying input validation for user.mgt.ui
  • Loading branch information
@malithie
malithie committed Sep 13, 2015
2 parents 89f1812 + 4be2f2a commit 91e753e
Show file tree
Hide file tree
Showing 11 changed files with 148 additions and 69 deletions.
4 changes: 4 additions & 0 deletions components/user-mgt/org.wso2.carbon.user.mgt.ui/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,10 @@
<groupId>org.wso2.orbit.org.owasp.encoder</groupId>
<artifactId>encoder</artifactId>
</dependency>
<dependency>
<groupId>org.wso2.carbon.identity</groupId>
<artifactId>org.wso2.carbon.identity.core.ui</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
Expand Down
2 changes: 2 additions & 0 deletions ...bon.user.mgt.ui/src/main/resources/org/wso2/carbon/userstore/ui/i18n/Resources.properties
View file
Original file line number Diff line number Diff line change
Expand Up @@ -255,6 +255,8 @@ error.while.loading.users.of=Error while loading users of {0}. Error is : {1}
error.while.loading.roles=Error while loading roles. Error is : {0}
error.while.loading.user.store.info=Error while loading user store info. Error is : {0}
error.while.loading.roles.of=Error while loading roles of {0}. Error is : {1}
error.while.reading.input=Error while reading input parameter {0}. Error is : {1}
error.input.validation.msg=The provided input for {0} contains illegal characters matching one of the black list patterns [ {2} ]
roles.of.user=Roles of User
role.list.of.user=Roles List of User :
assigned.roles=Assigned roles
Expand Down
18 changes: 12 additions & 6 deletions components/user-mgt/org.wso2.carbon.user.mgt.ui/src/main/resources/web/role/add-step3.jsp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@
<%@ page import="java.util.ResourceBundle" %>
<script type="text/javascript" src="../userstore/extensions/js/vui.js"></script>
<script type="text/javascript" src="../admin/js/main.js"></script>
<script type="text/javascript" src="../identity/validation/js/identity-validate.js"></script>
<jsp:useBean id="roleBean" type="org.wso2.carbon.user.mgt.ui.RoleBean" scope="session"/>
<jsp:setProperty name="roleBean" property="*"/>

Expand Down Expand Up @@ -172,9 +173,6 @@
topPage="false" request="<%=request%>"/>

<script type="text/javascript">
function doValidation() {
return true;
}
function doCancel() {
location.href = 'role-mgt.jsp?ordinal=1';
Expand Down Expand Up @@ -241,7 +239,8 @@
<td><fmt:message key="list.users"/></td>
<td>
<input type="text" name="<%=UserAdminUIConstants.ROLE_LIST_ASSIGN_USER_FILTER%>"
value="<%=Encode.forHtmlAttribute(filter)%>"/>
value="<%=Encode.forHtmlAttribute(filter)%>"
label="<fmt:message key="list.users"/>" black-list-patterns="xml-meta-exists"/>
</td>
<td>
<input class="button" type="submit" value="<fmt:message key="user.search"/>"/>
Expand Down Expand Up @@ -414,7 +413,6 @@
</form>
</div>
</div>
</fmt:bundle>

<script type="text/javascript">
Expand Down Expand Up @@ -445,4 +443,12 @@
form.submit();
}
</script>
$(document).ready(function () {
$('form[name=filterForm]').submit(function(){
return doValidateForm(this, '<fmt:message key="error.input.validation.msg"/>');
})
});
</script>

</fmt:bundle>
10 changes: 9 additions & 1 deletion components/user-mgt/org.wso2.carbon.user.mgt.ui/src/main/resources/web/role/edit-users.jsp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@
<%@ page import="org.wso2.carbon.user.mgt.ui.UserManagementWorkflowServiceClient" %>
<script type="text/javascript" src="../userstore/extensions/js/vui.js"></script>
<script type="text/javascript" src="../admin/js/main.js"></script>
<script type="text/javascript" src="../identity/validation/js/identity-validate.js"></script>
<jsp:include page="../dialog/display_messages.jsp"/>
<jsp:include page="../userstore/display-messages.jsp"/>

Expand Down Expand Up @@ -298,6 +299,12 @@
form.submit();
}
$(document).ready(function () {
$('form[name=filterForm]').submit(function(){
return doValidateForm(this, '<fmt:message key="error.input.validation.msg"/>');
})
});
</script>


Expand All @@ -324,7 +331,8 @@
<td><fmt:message key="list.users"/></td>
<td>
<input type="text" name="<%=UserAdminUIConstants.ROLE_LIST_UNASSIGNED_USER_FILTER%>"
value="<%=Encode.forHtmlAttribute(filter)%>"/>
value="<%=Encode.forHtmlAttribute(filter)%>" label="<fmt:message key="list.users"/>"
black-list-patterns="xml-meta-exists"/>
</td>
<td>
<input class="button" type="submit"
Expand Down
10 changes: 9 additions & 1 deletion components/user-mgt/org.wso2.carbon.user.mgt.ui/src/main/resources/web/role/role-mgt.jsp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@
<%@ page import="org.wso2.carbon.user.mgt.ui.UserManagementWorkflowServiceClient" %>
<script type="text/javascript" src="../userstore/extensions/js/vui.js"></script>
<script type="text/javascript" src="../admin/js/main.js"></script>
<script type="text/javascript" src="../identity/validation/js/identity-validate.js"></script>
<jsp:include page="../dialog/display_messages.jsp"/>

<%
Expand Down Expand Up @@ -354,7 +355,8 @@
key="list.roles"/></td>
<td>
<input type="text" name="<%=UserAdminUIConstants.ROLE_LIST_FILTER%>"
value="<%=Encode.forHtmlAttribute(filter)%>"/>
value="<%=Encode.forHtmlAttribute(filter)%>" label="<fmt:message key="list.roles"/>"
black-list-patterns="xml-meta-exists"/>

<input class="button" type="submit"
value="<fmt:message key="role.search"/>"/>
Expand Down Expand Up @@ -579,5 +581,11 @@
</div>
<script type="text/javascript">
alternateTableRows('roleTable', 'tableEvenRow', 'tableOddRow');
$(document).ready(function () {
$('form[name=filterForm]').submit(function(){
return doValidateForm(this, '<fmt:message key="error.input.validation.msg"/>');
})
});
</script>
</fmt:bundle>
11 changes: 10 additions & 1 deletion components/user-mgt/org.wso2.carbon.user.mgt.ui/src/main/resources/web/role/view-users.jsp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@
<%@ page import="org.wso2.carbon.user.mgt.ui.UserManagementWorkflowServiceClient" %>
<script type="text/javascript" src="../userstore/extensions/js/vui.js"></script>
<script type="text/javascript" src="../admin/js/main.js"></script>
<script type="text/javascript" src="../identity/validation/js/identity-validate.js"></script>
<jsp:include page="../dialog/display_messages.jsp"/>
<jsp:include page="../userstore/display-messages.jsp"/>

Expand Down Expand Up @@ -334,6 +335,12 @@
form.submit();
}
$(document).ready(function () {
$('form[name=filterForm]').submit(function(){
return doValidateForm(this, '<fmt:message key="error.input.validation.msg"/>');
})
});
</script>


Expand All @@ -356,7 +363,9 @@
<td><fmt:message key="list.users"/></td>
<td>
<input type="text" name="<%=UserAdminUIConstants.ROLE_LIST_VIEW_USER_FILTER%>"
value="<%=Encode.forHtmlAttribute(filter)%>"/>
value="<%=Encode.forHtmlAttribute(filter)%>" label="<fmt:message
key="list.users"/>"
black-list-patterns="xml-meta-exists"/>
</td>
<td>
<input class="button" type="submit"
Expand Down
14 changes: 11 additions & 3 deletions components/user-mgt/org.wso2.carbon.user.mgt.ui/src/main/resources/web/user/add-step2.jsp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@

<script type="text/javascript" src="../userstore/extensions/js/vui.js"></script>
<script type="text/javascript" src="../admin/js/main.js"></script>
<script type="text/javascript" src="../identity/validation/js/identity-validate.js"></script>
<jsp:include page="../dialog/display_messages.jsp"/>
<jsp:include page="../userstore/display-messages.jsp"/>

Expand Down Expand Up @@ -242,7 +243,8 @@
<td style="white-space:nowrap" class="leftCol-med"><fmt:message key="list.roles"/></td>
<td class="leftCol-small">
<input type="text" name="<%=UserAdminUIConstants.USER_LIST_ASSIGN_ROLE_FILTER%>"
value="<%=Encode.forHtmlAttribute(filter)%>"/>
value="<%=Encode.forHtmlAttribute(filter)%>" label="<fmt:message key="list.roles"/>"
black-list-patterns="xml-meta-exists"/>
</td>
<td style="text-align:left;">
<input class="button" type="submit" value="<fmt:message key="user.search"/>"/>
Expand Down Expand Up @@ -421,7 +423,6 @@
</form>
</div>
</div>
</fmt:bundle>

<script type="text/javascript">
Expand Down Expand Up @@ -456,4 +457,11 @@
form.submit();
}
</script>
$(document).ready(function () {
$('form[name=filterForm]').submit(function () {
return doValidateForm(this, '<fmt:message key="error.input.validation.msg"/>');
})
});
</script>
</fmt:bundle>
12 changes: 10 additions & 2 deletions ...ents/user-mgt/org.wso2.carbon.user.mgt.ui/src/main/resources/web/user/edit-user-roles.jsp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@
<%@ page import="org.wso2.carbon.user.mgt.ui.UserManagementWorkflowServiceClient" %>
<script type="text/javascript" src="../userstore/extensions/js/vui.js"></script>
<script type="text/javascript" src="../admin/js/main.js"></script>
<script type="text/javascript" src="../identity/validation/js/identity-validate.js"></script>
<jsp:include page="../dialog/display_messages.jsp"/>
<jsp:include page="../userstore/display-messages.jsp"/>

Expand Down Expand Up @@ -204,7 +205,7 @@
%>
<script type="text/javascript">
jQuery(document).ready(function () {
CARBON.showErrorDialog('<%=message%>', function () {
CARBON.showErrorDialog('<%=Encode.forJavaScript(Encode.forHtml(message))%>', function () {
location.href = "user-mgt.jsp";
});
});
Expand Down Expand Up @@ -314,6 +315,12 @@
form.submit();
}
$(document).ready(function () {
$('form[name=filterForm]').submit(function(){
return doValidateForm(this, '<fmt:message key="error.input.validation.msg"/>');
})
});
</script>


Expand Down Expand Up @@ -342,7 +349,8 @@
<td><fmt:message key="list.roles"/></td>
<td>
<input type="text" name="<%=UserAdminUIConstants.USER_LIST_UNASSIGNED_ROLE_FILTER%>"
value="<%=Encode.forHtmlAttribute(filter)%>"/>
value="<%=Encode.forHtmlAttribute(filter)%>" label="<fmt:message key="list.roles"/>"
black-list-patterns="xml-meta-exists"/>
</td>
<td>
<input class="button" type="submit"
Expand Down
11 changes: 10 additions & 1 deletion components/user-mgt/org.wso2.carbon.user.mgt.ui/src/main/resources/web/user/user-mgt.jsp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@
<%@ page import="org.wso2.carbon.user.mgt.ui.UserManagementWorkflowServiceClient" %>
<script type="text/javascript" src="../userstore/extensions/js/vui.js"></script>
<script type="text/javascript" src="../admin/js/main.js"></script>
<script type="text/javascript" src="../identity/validation/js/identity-validate.js"></script>

<jsp:include page="../dialog/display_messages.jsp"/>
<title>WSO2 Carbon - Security Configuration</title>
Expand Down Expand Up @@ -314,6 +315,13 @@
CARBON.showConfirmationDialog("<fmt:message key="confirm.delete.user"/> \'" + user + "\'?", doDelete, null);
}
$(document).ready(function () {
debugger;
$('form[name=filterForm]').submit(function(){
return doValidateForm(this, '<fmt:message key="error.input.validation.msg"/>');
})
});
<%if (showFilterMessage == true) {%>
jQuery(document).ready(function () {
CARBON.showInfoDialog('<fmt:message key="no.users.filtered"/>', null, null);
Expand Down Expand Up @@ -370,7 +378,8 @@
key="list.users"/></td>
<td>
<input type="text" name="<%=UserAdminUIConstants.USER_LIST_FILTER%>"
value="<%=Encode.forHtmlAttribute(filter)%>"/>
value="<%=Encode.forHtmlAttribute(filter)%>" label="<fmt:message key="list.users"/>"
black-list-patterns="xml-meta-exists"/>

<input class="button" type="submit"
value="<fmt:message key="user.search"/>"/>
Expand Down
10 changes: 9 additions & 1 deletion components/user-mgt/org.wso2.carbon.user.mgt.ui/src/main/resources/web/user/view-roles.jsp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@
<%@ page import="org.wso2.carbon.user.mgt.ui.UserManagementWorkflowServiceClient" %>
<script type="text/javascript" src="../userstore/extensions/js/vui.js"></script>
<script type="text/javascript" src="../admin/js/main.js"></script>
<script type="text/javascript" src="../identity/validation/js/identity-validate.js"></script>
<jsp:include page="../dialog/display_messages.jsp"/>
<jsp:include page="../userstore/display-messages.jsp"/>

Expand Down Expand Up @@ -305,6 +306,12 @@
form.submit();
}
$(document).ready(function () {
$('form[name=filterForm]').submit(function(){
return doValidateForm(this, '<fmt:message key="error.input.validation.msg"/>');
})
});
</script>


Expand All @@ -327,7 +334,8 @@
<td><fmt:message key="list.roles"/></td>
<td>
<input type="text" name="<%=UserAdminUIConstants.USER_LIST_VIEW_ROLE_FILTER%>"
value="<%=Encode.forHtmlAttribute(filter)%>"/>
value="<%=Encode.forHtmlAttribute(filter)%>" label="<fmt:message key="list.roles"/>"
black-list-patterns="xml-meta-exists"/>
</td>
<td>
<input class="button" type="submit"
Expand Down
Loading

0 comments on commit 91e753e

Please sign in to comment.