RE: Doing string operations over sitemap values
From: Tobia Conforto [mailto:[EMAIL PROTECTED]
Sent: Thursday, February 14, 2008 1:43 PM
Hola Tobia:
I would write a custom input module that can be called safely
like this:
{translate:-: :{1}}
It can be implemented using basic java.lang.String methods.
As a policy for this website we are trying avoid doing any custom java
programming, only little tiny features added here and there to cocoon
itself, and clearing some minor gotchas i've found in my way but apart from
that, adding a custom java inputModule is not an option, until discovered
the jxpath way i did a draft input module to do the translate, but finally
no needed to break the no custom java code policy of this site..
I think your solution doesn't quote the argument correctly
and is susceptible to JX code injection or other problems.
For example the user might go to:
http://localhost:8080/b/hello',nasty.java.call(),'world
If I'm not mistaken, the ' after hello would close the Jx
string and damage would ensue.
After Joerg comments, JXPath itself doesnt have access to arbitrary Classes,
and i'm only declaring String i fail to view a bad use where one can use
this tiny traslation to break the site.. I'm converting - to spaces and
reverse..
Saludos,
Ignacio J. Ortega
-Original Message-
To: users@cocoon.apache.org
Subject: Re: Doing string operations over sitemap values
Nacho (Derecho.com) wrote:
* I have this URL http://localhost:8080/b/menores-de-edad;
* In sitemap i have a match like b/**
* I need to do replace - in {1} to spaces
* I do this using an input module inheriting from
AbstractJXPathModule, and using a xpath like expression,
{request:translate('{1}','-','')}
Tobia
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: Doing string operations over sitemap values
From: Joerg Heinicke [mailto:[EMAIL PROTECTED] Sent: Thursday, February 14, 2008 2:07 PM It's JXPath, not JXTemplate. Does it evaluate Java calls at all? If your example really works, http://localhost:8080/b/nasty.java.call() will as well. None the should work as JXPath doesnt have access to arbitrary Classes, i'm correct on this? Thanks for your help, i think i'll stick with this technique for now.., it's wonderfull, isn't it, i was amazed to make it work after some days strungling here and there.. ;) Saludos, Ignacio J. Ortega - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Doing string operations over sitemap values
On 15.02.2008 07:09, [EMAIL PROTECTED] wrote: None the should work as JXPath doesnt have access to arbitrary Classes, i'm correct on this? I doubt it, but I would at least try it out. Something like java.lang.System.exit(1) (don't do this on a production server ;)). Even if that does not work try something without a parameter. Joerg - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Doing string operations over sitemap values
On 15/02/2008, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: As a policy for this website we are trying avoid doing any custom java programming, only little tiny features added here and there to cocoon itself, and clearing some minor gotchas i've found in my way but apart from that, adding a custom java inputModule is not an option, until discovered the jxpath way i did a draft input module to do the translate, but finally no needed to break the no custom java code policy of this site.. You could always upload a patch to Cocoon's JIRA for an input module that does what you need and ask nicely on the dev list to get it applied. That way there's no custom code needed as it's part of the standard distribution :-) Andy. -- http://pseudoq.sourceforge.net/ Open source java Sudoku solver - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Doing string operations over sitemap values
Hola a todos:
I've needed to do some of string transformations over sitemap parameters
obtained from parts of a url, and i'm lookng for the smart way to it,
rigth now i have done it using the method described below:
* I have this URL http://localhost:8080/b/menores-de-edad;
* In sitemap i have a match like b/**
* I need to do replace - in {1} to spaces
* I dothis using any input module inheriting from AbstractJXPathModule,
and using a xpath like expression, {request:translate('{1}','-','')}
Is there any othe way ( a more smart or polite one :) to do this?
TIA
Ignacio J. Ortega
Dpto. soporte y desarrollo
http://www.derecho.com
http://www.elabogado.com
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Doing string operations over sitemap values
Nacho (Derecho.com) wrote:
* I have this URL http://localhost:8080/b/menores-de-edad;
* In sitemap i have a match like b/**
* I need to do replace - in {1} to spaces
* I do this using an input module inheriting from
AbstractJXPathModule, and using a xpath like expression,
{request:translate('{1}','-','')}
I would write a custom input module that can be called safely like this:
{translate:-: :{1}}
It can be implemented using basic java.lang.String methods.
I think your solution doesn't quote the argument correctly and is
susceptible to JX code injection or other problems.
For example the user might go to:
http://localhost:8080/b/hello',nasty.java.call(),'world
If I'm not mistaken, the ' after hello would close the Jx string and
damage would ensue.
Tobia
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Doing string operations over sitemap values
On 14.02.2008 07:42, Tobia Conforto wrote:
Nacho (Derecho.com) wrote:
* I have this URL http://localhost:8080/b/menores-de-edad;
* In sitemap i have a match like b/**
* I need to do replace - in {1} to spaces
* I do this using an input module inheriting from
AbstractJXPathModule, and using a xpath like expression,
{request:translate('{1}','-','')}
I would write a custom input module that can be called safely like this:
{translate:-: :{1}}
It can be implemented using basic java.lang.String methods.
I think your solution doesn't quote the argument correctly and is
susceptible to JX code injection or other problems.
For example the user might go to:
http://localhost:8080/b/hello',nasty.java.call(),'world
If I'm not mistaken, the ' after hello would close the Jx string and
damage would ensue.
It's JXPath, not JXTemplate. Does it evaluate Java calls at all?
If your example really works, http://localhost:8080/b/nasty.java.call()
will as well.
Joerg
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Doing string operations over sitemap values
Joerg Heinicke wrote:
Nacho (Derecho.com) wrote:
{request:translate('{1}','-','')}
the user might go to: http://localhost:8080/b/hello',nasty.java.call(),'world
It's JXPath, not JXTemplate. Does it evaluate Java calls at all?
If your example really works, http://localhost:8080/b/nasty.java.call()
will as well.
To be honest I don't know what JXPath can and cannot evaluate
(Java calls? any extensions to XPath? Java objects? request and
session objects?)
I just saw some bad/unusual quotation
{request:translate('{1}','-','')} and I thought I'd alert against
possible problems. But maybe I'm wrong.
Tobia
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
