1 package org.apache.fulcrum.parser;
2
3 /*
4 * Licensed to the Apache Software Foundation (ASF) under one
5 * or more contributor license agreements. See the NOTICE file
6 * distributed with this work for additional information
7 * regarding copyright ownership. The ASF licenses this file
8 * to you under the Apache License, Version 2.0 (the
9 * "License"); you may not use this file except in compliance
10 * with the License. You may obtain a copy of the License at
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17 * KIND, either express or implied. See the License for the
18 * specific language governing permissions and limitations
19 * under the License.
20 */
21
22 import java.io.UnsupportedEncodingException;
23 import java.net.URLDecoder;
24 import java.util.Arrays;
25 import java.util.Collection;
26 import java.util.Enumeration;
27 import java.util.List;
28 import java.util.StringTokenizer;
29 import java.util.regex.Matcher;
30 import java.util.regex.Pattern;
31 import java.util.stream.Collectors;
32
33 import javax.servlet.http.HttpServletRequest;
34 import javax.servlet.http.Part;
35
36 import org.apache.avalon.framework.service.ServiceException;
37 import org.apache.commons.lang3.ArrayUtils;
38
39 /**
40 * DefaultParameterParser is a utility object to handle parsing and
41 * retrieving the data passed via the GET/POST/PATH_INFO arguments.
42 *
43 * <p>NOTE: The name= portion of a name=value pair may be converted
44 * to lowercase or uppercase when the object is initialized and when
45 * new data is added. This behaviour is determined by the url.case.folding
46 * property in TurbineResources.properties. Adding a name/value pair may
47 * overwrite existing name=value pairs if the names match:
48 *
49 * <pre>
50 * ParameterParser pp = data.getParameters();
51 * pp.add("ERROR",1);
52 * pp.add("eRrOr",2);
53 * int result = pp.getInt("ERROR");
54 * </pre>
55 *
56 * In the above example, result is 2.
57 *
58 * @author <a href="mailto:ilkka.priha@simsoft.fi">Ilkka Priha</a>
59 * @author <a href="mailto:jon@clearink.com">Jon S. Stevens</a>
60 * @author <a href="mailto:sean@informage.net">Sean Legassick</a>
61 * @author <a href="mailto:jh@byteaction.de">Jürgen Hoffmann</a>
62 * @version $Id$
63 */
64 public class DefaultParameterParser
65 extends BaseValueParser
66 implements ParameterParser
67 {
68 /**
69 * The servlet request to parse.
70 */
71 private HttpServletRequest request = null;
72
73 /**
74 * The raw data of a file upload.
75 */
76 private byte[] uploadData = null;
77
78 /**
79 * Create a new empty instance of ParameterParser. Uses the
80 * default character encoding (US-ASCII).
81 *
82 * <p>To add name/value pairs to this set of parameters, use the
83 * <code>add()</code> methods.
84 *
85 */
86 public DefaultParameterParser()
87 {
88 super();
89 }
90
91 /**
92 * Create a new empty instance of ParameterParser. Takes a
93 * character encoding name to use when converting strings to
94 * bytes.
95 *
96 * <p>To add name/value pairs to this set of parameters, use the
97 * <code>add()</code> methods.
98 *
99 * @param characterEncoding The character encoding of strings.
100 */
101 public DefaultParameterParser(String characterEncoding)
102 {
103 super (characterEncoding);
104 }
105
106 /**
107 * Disposes the parser.
108 */
109 @Override
110 public void dispose()
111 {
112 this.request = null;
113 this.uploadData = null;
114 super.dispose();
115 }
116
117 /**
118 * Gets the parsed servlet request.
119 *
120 * @return the parsed servlet request or null.
121 */
122 @Override
123 public HttpServletRequest getRequest()
124 {
125 return request;
126 }
127
128 /**
129 * Sets the servlet request to the parser. This requires a
130 * valid HttpServletRequest object. It will attempt to parse out
131 * the GET/POST/PATH_INFO data and store the data into a Map.
132 * There are convenience methods for retrieving the data as a
133 * number of different datatypes. The PATH_INFO data must be a
134 * URLEncoded() string.
135 * <p>
136 * Sets the request character encoding to the parser.
137 * <p>
138 * Sets the request encoding, if it is not set and {@link ParserService#getParameterEncoding()}
139 * is set to a non-default value {@link ParserService#PARAMETER_ENCODING_DEFAULT}
140 * (if {@link HttpServletRequest#getCharacterEncoding()} returns null,
141 * it has the default set to ISO-8859-1, cft. Servlet 2.4, 2.5, 3.0, 3.1 Specs).
142 * This will only succeed, if no data was read yet, cft. spec.
143 * <p>
144 * To add name/value pairs to this set of parameters, use the
145 * <code>add()</code> methods.
146 *
147 * @param request An HttpServletRequest.
148 */
149 @Override
150 public void setRequest(HttpServletRequest request)
151 {
152 clear();
153
154 uploadData = null;
155
156 handleEncoding( request );
157
158 String contentType = request.getContentType();
159
160 if (parserService.getAutomaticUpload()
161 && contentType != null
162 && contentType.startsWith("multipart/form-data"))
163 {
164 try
165 {
166 List<Part> parts = parserService.parseUpload(request);
167
168 if (parts != null)
169 {
170 for (Part p : parts)
171 {
172 getLogger().debug("Found an uploaded file: " + p.getName());
173 getLogger().debug("It has " + p.getSize() + " Bytes");
174 getLogger().debug("Adding Part as " + p.getName() + " to the params");
175 add(p.getName(), p);
176 }
177 }
178 }
179 catch (ServiceException e)
180 {
181 getLogger().error("File upload failed", e);
182 }
183 }
184
185 for (Enumeration<?> names = request.getParameterNames();
186 names.hasMoreElements();)
187 {
188 String paramName = (String) names.nextElement();
189 add(paramName,
190 request.getParameterValues(paramName));
191 }
192
193 handlePathInfo( request );
194
195 this.request = request;
196
197 if (getLogger().isDebugEnabled())
198 {
199 getLogger().debug("Parameters found in the Request:");
200 for (String key : keySet())
201 {
202 getLogger().debug("Key: " + key + " -> " + getString(key));
203 }
204 }
205 }
206
207 private void handlePathInfo( HttpServletRequest request )
208 {
209 // Also cache any pathinfo variables that are passed around as
210 // if they are query string data.
211 try
212 {
213 boolean isNameTok = true;
214 String paramName = null;
215 String paramValue = null;
216
217 for ( StringTokenizer st =
218 new StringTokenizer(request.getPathInfo(), "/");
219 st.hasMoreTokens();)
220 {
221 if (isNameTok)
222 {
223 paramName = URLDecoder.decode(st.nextToken(), getCharacterEncoding());
224 isNameTok = false;
225 }
226 else
227 {
228 paramValue = URLDecoder.decode(st.nextToken(), getCharacterEncoding());
229 if (paramName != null && paramName.length() > 0)
230 {
231 add(paramName, paramValue);
232 }
233 isNameTok = true;
234 }
235 }
236 }
237 catch (Exception e)
238 {
239 // If anything goes wrong above, don't worry about it.
240 // Chances are that the path info was wrong anyways and
241 // things that depend on it being right will fail later
242 // and should be caught later.
243 }
244 }
245
246 protected void handleEncoding( HttpServletRequest request )
247 {
248 String enc = request.getCharacterEncoding();
249
250 if (enc == null && !parserService.getParameterEncoding().equals(ParserService.PARAMETER_ENCODING_DEFAULT ))
251 {
252 try
253 {
254 // no-op if data was read (parameter, POST..), see javadoc setCharacterEncoding
255 request.setCharacterEncoding( parserService.getParameterEncoding() );
256 // this is not (?) testable with mock
257 enc = request.getCharacterEncoding();
258 if (enc != null)
259 {
260 getLogger().debug("Set the request encoding successfully to parameterEncoding of parser: "+enc );
261 }
262 else
263 {
264 getLogger().warn("Unsuccessfully (data read happened) tried to set the request encoding to "+ parserService.getParameterEncoding() );
265 }
266 }
267 catch ( UnsupportedEncodingException e )
268 {
269 getLogger().error("Found only unsupported encoding "+ e.getMessage());
270 }
271 }
272
273 setCharacterEncoding(enc != null
274 ? enc
275 : parserService.getParameterEncoding());
276 }
277
278 /**
279 * Sets the uploadData byte[]
280 *
281 * @param uploadData A byte[] with data.
282 */
283 @Override
284 public void setUploadData ( byte[] uploadData )
285 {
286 // copy contents into our own representation for safety re: EI_EXPOSE_REP
287 this.uploadData = Arrays.copyOf(uploadData, uploadData.length);
288 }
289
290 /**
291 * Gets the uploadData byte[]
292 *
293 * @return uploadData A byte[] with data.
294 */
295 @Override
296 public byte[] getUploadData ()
297 {
298 // return a clone safety re: EI_EXPOSE_REP
299 return this.uploadData.clone();
300 }
301
302 /**
303 * Add a Part object as a parameters. If there are any
304 * Parts already associated with the name, append to the
305 * array. The reason for this is that RFC 1867 allows multiple
306 * files to be associated with single HTML input element.
307 *
308 * @param name A String with the name.
309 * @param value A Part with the value.
310 */
311 @Override
312 public void add( String name, Part value )
313 {
314 Part[] items = this.getParts(name);
315 items = ArrayUtils.add(items, value);
316 parameters.put(convert(name), items);
317 }
318
319 /**
320 * @see org.apache.fulcrum.parser.ParameterParser#getPart(java.lang.String)
321 *
322 * Return a Part object for the given name. If the name does
323 * not exist or the object stored is not a Part, return null.
324 *
325 * @param name A String with the name.
326 * @return A Part.
327 */
328 @Override
329 public Part getPart(String name)
330 {
331 try
332 {
333 Part value = null;
334 Object object = parameters.get(convert(name));
335 if (object != null)
336 {
337 value = ((Part[])object)[0];
338 }
339 return value;
340 }
341 catch ( ClassCastException e )
342 {
343 return null;
344 }
345 }
346
347 /**
348 * @see org.apache.fulcrum.parser.ParameterParser#getParts(java.lang.String)
349 *
350 * Return an array of Part objects for the given name. If the
351 * name does not exist or the object stored is not a Part
352 * array, return null.
353 *
354 * @param name A String with the name.
355 * @return A Part[]
356 */
357 @Override
358 public Part[] getParts(String name)
359 {
360 try
361 {
362 return (Part[])parameters.get(convert(name));
363 }
364 catch ( ClassCastException e )
365 {
366 return new Part[0];// empty array
367 }
368 }
369
370 /* (non-Javadoc)
371 * @see org.apache.fulcrum.parser.ParameterParser#getParts()
372 */
373 @Override
374 public Collection<Part> getParts()
375 {
376 return parameters.values().stream().
377 filter( p-> p instanceof Part[]).
378 flatMap(c -> Arrays.stream( (Part[]) c )).
379 collect( Collectors.toList() );
380
381 }
382
383 /* (non-Javadoc)
384 * @see org.apache.fulcrum.parser.ParameterParser#getFileName(javax.servlet.http.Part)
385 */
386 @Override
387 public String getFileName(Part part)
388 {
389 final String partHeader = part.getHeader("content-disposition");
390
391 // rfc2183, rfc5987 quoted string, but attachments may have not?
392 Pattern regex = Pattern.compile("filename\\*?=\"?(.[^\"]+)\"?");
393
394 for (String content : partHeader.split(";"))
395 {
396 // could also filename*=<encoding>''<value>
397 if (content.trim().contains( "filename" ))
398 {
399 String fnTmp = "";
400 String srcStr = content.trim();
401 Matcher regexMatcher = regex.matcher(srcStr);
402 if (regexMatcher.find())
403 {
404 fnTmp = regexMatcher.group(1);
405 if (getLogger().isDebugEnabled())
406 {
407 getLogger().debug( "matched fileName:" + fnTmp );
408 }
409 } else {
410 // last resort
411 fnTmp = srcStr.substring(srcStr.indexOf('=')+1).replace( "\"", "" );
412 getLogger().debug( "second fileName match:" + fnTmp );
413 }
414 return fnTmp.trim();
415 }
416 }
417 return null;
418 }
419 }