From 1de29c202fb52d6f724b545de8f3208d8fce7179 Mon Sep 17 00:00:00 2001 From: toddn Date: Wed, 20 Mar 2024 15:11:51 -0500 Subject: [PATCH 1/8] remove file from folders if we are moving it into the same dataset --- app/api/Datasets.scala | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/app/api/Datasets.scala b/app/api/Datasets.scala index b59e67e8a..f43aee69b 100644 --- a/app/api/Datasets.scala +++ b/app/api/Datasets.scala @@ -716,7 +716,15 @@ class Datasets @Inject()( } Logger.debug("----- Adding file to dataset completed") } else { + val foldersContainingFile = folders.findByFileId(file.id).sortBy(_.name) Logger.debug("File was already in dataset.") + val foldersContainingFile = folders.findByFileId(file.id).sortBy(_.name) + Logger.debug("Remove file from folders in dataset") + folders.get(foldersContainingFile).foreach(folder => { + if (folder.parentDatasetId == dsId){ + folders.removeFile(folder.id, fileId) + } + }) } } From a4ae13d3ff3acfaeebeda67e281ed9ff96559ce1 Mon Sep 17 00:00:00 2001 From: toddn Date: Fri, 22 Mar 2024 15:32:24 -0500 Subject: [PATCH 2/8] duplicate line --- app/api/Datasets.scala | 1 - docker-compose.yml | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/app/api/Datasets.scala b/app/api/Datasets.scala index f43aee69b..48cf0163f 100644 --- a/app/api/Datasets.scala +++ b/app/api/Datasets.scala @@ -718,7 +718,6 @@ class Datasets @Inject()( } else { val foldersContainingFile = folders.findByFileId(file.id).sortBy(_.name) Logger.debug("File was already in dataset.") - val foldersContainingFile = folders.findByFileId(file.id).sortBy(_.name) Logger.debug("Remove file from folders in dataset") folders.get(foldersContainingFile).foreach(folder => { if (folder.parentDatasetId == dsId){ diff --git a/docker-compose.yml b/docker-compose.yml index 1e9f05fcb..30f9f98e3 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -51,7 +51,7 @@ services: # main clowder application clowder: - image: clowder/clowder:${CLOWDER_VERSION:-latest} + image: clowder:bugfix restart: unless-stopped networks: - clowder From 4bde973b1c9eac5e1c6238db406b74d56c3af5cc Mon Sep 17 00:00:00 2001 From: toddn Date: Fri, 22 Mar 2024 15:36:46 -0500 Subject: [PATCH 3/8] fixing the iteration --- app/api/Datasets.scala | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/app/api/Datasets.scala b/app/api/Datasets.scala index 48cf0163f..dd3a02526 100644 --- a/app/api/Datasets.scala +++ b/app/api/Datasets.scala @@ -719,9 +719,10 @@ class Datasets @Inject()( val foldersContainingFile = folders.findByFileId(file.id).sortBy(_.name) Logger.debug("File was already in dataset.") Logger.debug("Remove file from folders in dataset") - folders.get(foldersContainingFile).foreach(folder => { + foldersContainingFile.foreach(folder => { if (folder.parentDatasetId == dsId){ folders.removeFile(folder.id, fileId) + } }) } From 7df66015132d63441fb3f205b0b86bd204dba587 Mon Sep 17 00:00:00 2001 From: toddn Date: Sun, 28 Apr 2024 15:34:03 -0500 Subject: [PATCH 4/8] escaping the javascript --- app/api/Users.scala | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/app/api/Users.scala b/app/api/Users.scala index 866e8e9c2..72d25cae7 100644 --- a/app/api/Users.scala +++ b/app/api/Users.scala @@ -1,5 +1,6 @@ package api +import org.apache.commons.lang.StringEscapeUtils import javax.inject.Inject import play.api.libs.json._ import play.api.Play.current @@ -61,10 +62,12 @@ class Users @Inject()(users: UserService, events: EventService) extends ApiContr /** @deprecated use id instead of email */ def updateName(id: UUID, firstName: String, lastName: String) = PermissionAction(Permission.EditUser, Some(ResourceRef(ResourceRef.user, id))) { implicit request => implicit val user = request.user - users.updateUserField(id, "firstName", firstName) - users.updateUserField(id, "lastName", lastName) - users.updateUserField(id, "fullName", firstName + " " + lastName) - users.updateUserFullName(id, firstName + " " + lastName) + val escapedFirstName = StringEscapeUtils.escapeJavaScript(firstName) + val escapedLastName = StringEscapeUtils.escapeJavaScript(lastName) + users.updateUserField(id, "firstName", escapedFirstName) + users.updateUserField(id, "lastName", escapedLastName) + users.updateUserField(id, "fullName", escapedFirstName + " " + escapedLastName) + users.updateUserFullName(id, escapedFirstName + " " + escapedLastName) Ok(Json.obj("status" -> "success")) } From b6a4c7c2706c7a3dbc6838fd3a0596e22d472df9 Mon Sep 17 00:00:00 2001 From: toddn Date: Sun, 28 Apr 2024 15:41:17 -0500 Subject: [PATCH 5/8] escaping the javascript --- app/api/Users.scala | 1 - 1 file changed, 1 deletion(-) diff --git a/app/api/Users.scala b/app/api/Users.scala index 72d25cae7..d9fd497e9 100644 --- a/app/api/Users.scala +++ b/app/api/Users.scala @@ -62,7 +62,6 @@ class Users @Inject()(users: UserService, events: EventService) extends ApiContr /** @deprecated use id instead of email */ def updateName(id: UUID, firstName: String, lastName: String) = PermissionAction(Permission.EditUser, Some(ResourceRef(ResourceRef.user, id))) { implicit request => implicit val user = request.user - val escapedFirstName = StringEscapeUtils.escapeJavaScript(firstName) val escapedLastName = StringEscapeUtils.escapeJavaScript(lastName) users.updateUserField(id, "firstName", escapedFirstName) users.updateUserField(id, "lastName", escapedLastName) From 52a5c732c91f3112dcdfc4a18ed62205fa848c31 Mon Sep 17 00:00:00 2001 From: toddn Date: Sun, 28 Apr 2024 15:49:35 -0500 Subject: [PATCH 6/8] this does not work --- app/api/Users.scala | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/app/api/Users.scala b/app/api/Users.scala index d9fd497e9..8c75ebc6c 100644 --- a/app/api/Users.scala +++ b/app/api/Users.scala @@ -1,6 +1,6 @@ package api - -import org.apache.commons.lang.StringEscapeUtils +// import org.springframework.web.util.HtmlUtils.htmlEscape +import org.apache.commons.lang.StringEscapeUtils.escapeJavaScript import javax.inject.Inject import play.api.libs.json._ import play.api.Play.current @@ -62,7 +62,10 @@ class Users @Inject()(users: UserService, events: EventService) extends ApiContr /** @deprecated use id instead of email */ def updateName(id: UUID, firstName: String, lastName: String) = PermissionAction(Permission.EditUser, Some(ResourceRef(ResourceRef.user, id))) { implicit request => implicit val user = request.user - val escapedLastName = StringEscapeUtils.escapeJavaScript(lastName) +// val escapedFirstName = htmlEscape(firstName) +// val escapedLastName = htmlEscape(lastName) + val escapedFirstName = org.apache.commons.lang.StringEscapeUtils.escapeJavaScript(firstName) + val escapedLastName = org.apache.commons.lang.StringEscapeUtils.escapeJavaScript(lastName) users.updateUserField(id, "firstName", escapedFirstName) users.updateUserField(id, "lastName", escapedLastName) users.updateUserField(id, "fullName", escapedFirstName + " " + escapedLastName) From 82383b47b0b64c9514a5868768e82ddf40041531 Mon Sep 17 00:00:00 2001 From: toddn Date: Sun, 28 Apr 2024 15:53:23 -0500 Subject: [PATCH 7/8] using different method, this seems to work --- app/api/Users.scala | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/api/Users.scala b/app/api/Users.scala index 8c75ebc6c..88608b405 100644 --- a/app/api/Users.scala +++ b/app/api/Users.scala @@ -64,8 +64,8 @@ class Users @Inject()(users: UserService, events: EventService) extends ApiContr implicit val user = request.user // val escapedFirstName = htmlEscape(firstName) // val escapedLastName = htmlEscape(lastName) - val escapedFirstName = org.apache.commons.lang.StringEscapeUtils.escapeJavaScript(firstName) - val escapedLastName = org.apache.commons.lang.StringEscapeUtils.escapeJavaScript(lastName) + val escapedFirstName = scala.xml.Text(firstName).toString + val escapedLastName = scala.xml.Text(lastName).toString users.updateUserField(id, "firstName", escapedFirstName) users.updateUserField(id, "lastName", escapedLastName) users.updateUserField(id, "fullName", escapedFirstName + " " + escapedLastName) From 03d1885992d8cb0ce5a1b91fba15f5b96d100ed9 Mon Sep 17 00:00:00 2001 From: toddn Date: Thu, 2 May 2024 15:50:12 -0500 Subject: [PATCH 8/8] this method is not being imported --- app/views/profile.scala.html | 2 +- public/javascripts/htmlEncodeDecode.js | 9 +++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/app/views/profile.scala.html b/app/views/profile.scala.html index 69693cd07..c891e3ea2 100644 --- a/app/views/profile.scala.html +++ b/app/views/profile.scala.html @@ -65,7 +65,7 @@

@profile.fullName

} else { @if(ownProfile){
-

@Html(profile.firstName)

+

@Html(escapeString(""))

diff --git a/public/javascripts/htmlEncodeDecode.js b/public/javascripts/htmlEncodeDecode.js index 84ab0aee4..b34244b1b 100644 --- a/public/javascripts/htmlEncodeDecode.js +++ b/public/javascripts/htmlEncodeDecode.js @@ -11,4 +11,13 @@ function htmlEncode(value){ function htmlDecode(value){ return $('
').html(value).text(); +} + +function escapeString(htmlStr) { + return htmlStr.replace(/&/g, "&") + .replace(//g, ">") + .replace(/"/g, """) + .replace(/'/g, "'"); + } \ No newline at end of file