Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit73c551c

Browse files
author
zhourenjian
committed
Clear up codes
1 parentf8081a1 commit73c551c

File tree

2 files changed

+96
-115
lines changed

2 files changed

+96
-115
lines changed

‎sources/net.sf.j2s.ajax/ajaxrpc/net/sf/j2s/ajax/SimpleRPCHttpServlet.java‎

Lines changed: 3 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -431,14 +431,9 @@ private String prepareScriptRequest(HttpServletRequest req, HttpServletResponse
431431
if (toContinue) {
432432
resp.setContentType("text/javascript");
433433
//resp.setCharacterEncoding("utf-8");
434-
PrintWriterwriter =resp.getWriter();
435-
if (curPart ==1) {
436-
// Cookie may be disabled in client side!
437-
writer.write("net.sf.j2s.ajax.SimpleRPCRequest" +
438-
".xssSession(\"" +scriptRequestID +"\",\"" +session.getId() +"\");\r\n");
439-
}
440-
writer.write("net.sf.j2s.ajax.SimpleRPCRequest" +
441-
".xssNotify(\"" +scriptRequestID +"\",\"continue\");");
434+
resp.getWriter().write("net.sf.j2s.ajax.SimpleRPCRequest" +
435+
".xssNotify(\"" +scriptRequestID +"\",\"continue\"" +
436+
((curPart ==1) ?",\"" +session.getId() +"\");" :");"));
442437
returnnull;
443438
}
444439

‎sources/net.sf.j2s.ajax/ajaxrpc/net/sf/j2s/ajax/SimpleRPCRequest.java‎

Lines changed: 93 additions & 107 deletions
Original file line numberDiff line numberDiff line change
@@ -130,41 +130,41 @@ public void onLoaded() {
130130
protectedstaticbooleancheckXSS(Stringurl,Stringserialize,SimpleRPCRunnablerunnable) {
131131
/**
132132
* @j2sNative
133-
if (url != null && (url.indexOf ("http://") == 0
134-
|| url.indexOf ("https://") == 0)) {
135-
var host = null;
136-
var idx = url.indexOf ('/', 9);
137-
if (idx != -1) {
138-
host = url.substring (url.indexOf ("//") + 2, idx);
139-
} else {
140-
host = url.substring (url.indexOf ("//") + 2);
141-
}
142-
if (window.location.host != host || window.location.protocol == "file:") {
143-
var g = net.sf.j2s.ajax.SimpleRPCRequest;
144-
if (g.idSet == null) {
145-
g.idSet = new Object ();
146-
}
147-
var rnd = null;
148-
while (true) {
149-
var rnd = Math.random () + "0000000.*";
150-
rnd = rnd.substring (2, 8);
151-
if (g.idSet["o" + rnd] == null) {
152-
g.idSet["o" + rnd] = runnable;
153-
break;
154-
}
155-
}
156-
var limit = 7168; //8192;
157-
if (window["script.get.url.limit"] != null) {
158-
limit = window["script.get.url.limit"];
159-
}
160-
var ua = navigator.userAgent.toLowerCase ();
161-
if (ua.indexOf ("msie")!=-1 && ua.indexOf ("opera") == -1){
162-
limit = 2048;
163-
limit = 2048 - 44; // ;jsessionid=
164-
}
165-
limit -= url.length + 36; // 5 + 6 + 5 + 2 + 5 + 2 + 5;
166-
var contents = [];
167-
var content = encodeURIComponent(serialize);
133+
if (url != null && (url.indexOf ("http://") == 0
134+
|| url.indexOf ("https://") == 0)) {
135+
var host = null;
136+
var idx = url.indexOf ('/', 9);
137+
if (idx != -1) {
138+
host = url.substring (url.indexOf ("//") + 2, idx);
139+
} else {
140+
host = url.substring (url.indexOf ("//") + 2);
141+
}
142+
if (window.location.host != host || window.location.protocol == "file:") {
143+
var g = net.sf.j2s.ajax.SimpleRPCRequest;
144+
if (g.idSet == null) {
145+
g.idSet = new Object ();
146+
}
147+
var rnd = null;
148+
while (true) {
149+
var rnd = Math.random () + "0000000.*";
150+
rnd = rnd.substring (2, 8);
151+
if (g.idSet["o" + rnd] == null) {
152+
g.idSet["o" + rnd] = runnable;
153+
break;
154+
}
155+
}
156+
var limit = 7168; //8192;
157+
if (window["script.get.url.limit"] != null) {
158+
limit = window["script.get.url.limit"];
159+
}
160+
var ua = navigator.userAgent.toLowerCase ();
161+
if (ua.indexOf ("msie")!=-1 && ua.indexOf ("opera") == -1){
162+
limit = 2048;
163+
limit = 2048 - 44; // ;jsessionid=
164+
}
165+
limit -= url.length + 36; // 5 + 6 + 5 + 2 + 5 + 2 + 5;
166+
var contents = [];
167+
var content = encodeURIComponent(serialize);
168168
if (content.length > limit) {
169169
parts = Math.ceil (content.length / limit);
170170
var lastEnd = 0;
@@ -190,11 +190,11 @@ protected static boolean checkXSS(String url, String serialize, SimpleRPCRunnabl
190190
g.idSet["x" + rnd] = contents;
191191
// Only send the first request, later server return "continue", and client will get
192192
// the session id and continue later requests.
193-
net.sf.j2s.ajax.SimpleRPCRequest.callByScript(rnd, contents.length, 0, contents[0]);
194-
contents[0] = null;
195-
return true; // cross site script!
196-
}
197-
}
193+
net.sf.j2s.ajax.SimpleRPCRequest.callByScript(rnd, contents.length, 0, contents[0]);
194+
contents[0] = null;
195+
return true; // cross site script!
196+
}
197+
}
198198
*/ { }
199199
returnfalse;
200200
}
@@ -210,60 +210,42 @@ static void callByScript(String rnd, String length, String i, String content) {
210210
if (session != null && window["script.get.session.url"] != false) {
211211
url += ";jsessionid=" + session;
212212
}
213-
var script = document.createElement ("SCRIPT");
214-
script.type = "text/javascript";
215-
script.src = url + "?jzn=" + rnd + "&jzp=" + length
216-
+ "&jzc=" + (i + 1) + "&jzz=" + content;
217-
if (typeof (script.onreadystatechange) == "undefined") { // W3C
218-
script.onerror = function () {
219-
this.onerror = null;
220-
var idx = this.src.indexOf ("jzn=");
221-
var rid = this.src.substring (idx + 4, this.src.indexOf ("&", idx));
222-
net.sf.j2s.ajax.SimpleRPCRequest.xssNotify (rid, null);
223-
document.getElementsByTagName ("HEAD")[0].removeChild (this);
224-
};
225-
script.onload = function () {
226-
this.onload = null;
227-
if (navigator.userAgent.indexOf ("Opera") >= 0) {
228-
var idx = this.src.indexOf ("jzn=");
229-
var rid = this.src.substring (idx + 4, this.src.indexOf ("&", idx));
230-
net.sf.j2s.ajax.SimpleRPCRequest.xssNotify (rid, null);
231-
}
232-
document.getElementsByTagName ("HEAD")[0].removeChild (this);
233-
};
234-
} else { // IE
235-
script.defer = true;
236-
script.onreadystatechange = function () {
237-
var state = "" + this.readyState;
238-
if (state == "loaded" || state == "complete") {
239-
this.onreadystatechange = null;
240-
var idx = this.src.indexOf ("jzn=");
241-
var rid = this.src.substring (idx + 4, this.src.indexOf ("&", idx));
242-
net.sf.j2s.ajax.SimpleRPCRequest.xssNotify (rid, null);
243-
document.getElementsByTagName ("HEAD")[0].removeChild (this);
244-
}
245-
};
246-
}
247-
var head = document.getElementsByTagName ("HEAD")[0];
248-
head.appendChild (script);
249-
*/ {}
250-
}
251-
252-
staticvoidsendRestRequests(StringnameID) {
253-
/**
254-
* The following codes may be modified to send out requests one by one.
255-
* @j2sNative
256-
* var g = net.sf.j2s.ajax.SimpleRPCRequest;
257-
* var xcontent = g.idSet["x" + nameID];
258-
* if (xcontent != null) {
259-
* for (var i = 0; i < xcontent.length; i++) {
260-
* if (xcontent[i] != null) {
261-
* g.callByScript(nameID, xcontent.length, i, xcontent[i]);
262-
* xcontent[i] = null;
263-
* }
264-
* }
265-
* g.idSet["x" + nameID] = null;
266-
* }
213+
var script = document.createElement ("SCRIPT");
214+
script.type = "text/javascript";
215+
script.src = url + "?jzn=" + rnd + "&jzp=" + length
216+
+ "&jzc=" + (i + 1) + "&jzz=" + content;
217+
if (typeof (script.onreadystatechange) == "undefined") { // W3C
218+
script.onerror = function () {
219+
this.onerror = null;
220+
var idx = this.src.indexOf ("jzn=");
221+
var rid = this.src.substring (idx + 4, this.src.indexOf ("&", idx));
222+
net.sf.j2s.ajax.SimpleRPCRequest.xssNotify (rid, null);
223+
document.getElementsByTagName ("HEAD")[0].removeChild (this);
224+
};
225+
script.onload = function () {
226+
this.onload = null;
227+
if (navigator.userAgent.indexOf ("Opera") >= 0) {
228+
var idx = this.src.indexOf ("jzn=");
229+
var rid = this.src.substring (idx + 4, this.src.indexOf ("&", idx));
230+
net.sf.j2s.ajax.SimpleRPCRequest.xssNotify (rid, null);
231+
}
232+
document.getElementsByTagName ("HEAD")[0].removeChild (this);
233+
};
234+
} else { // IE
235+
script.defer = true;
236+
script.onreadystatechange = function () {
237+
var state = "" + this.readyState;
238+
if (state == "loaded" || state == "complete") {
239+
this.onreadystatechange = null;
240+
var idx = this.src.indexOf ("jzn=");
241+
var rid = this.src.substring (idx + 4, this.src.indexOf ("&", idx));
242+
net.sf.j2s.ajax.SimpleRPCRequest.xssNotify (rid, null);
243+
document.getElementsByTagName ("HEAD")[0].removeChild (this);
244+
}
245+
};
246+
}
247+
var head = document.getElementsByTagName ("HEAD")[0];
248+
head.appendChild (script);
267249
*/ {}
268250
}
269251

@@ -272,8 +254,9 @@ static void sendRestRequests(String nameID) {
272254
*
273255
* @param nameID
274256
* @param response
257+
* @param session
275258
*/
276-
staticvoidxssNotify(StringnameID,Stringresponse) {
259+
staticvoidxssNotify(StringnameID,Stringresponse,Stringsession) {
277260
/**
278261
* @j2sNative
279262
var ua = navigator.userAgent.toLowerCase ();
@@ -295,15 +278,26 @@ static void xssNotify(String nameID, String response) {
295278
}
296279
*/ { }
297280
if (response =="continue") {
298-
booleanrestNotEmpty =false;
299281
/**
300282
* @j2sNative
301283
* var g = net.sf.j2s.ajax.SimpleRPCRequest;
302-
* if (g.idSet["x" + nameID] != null) {
303-
* restNotEmpty = true;
284+
* if (session != null){
285+
* g.idSet["s" + nameID] = session;
286+
* }
287+
* var xcontent = g.idSet["x" + nameID];
288+
* if (xcontent != null) {
289+
* //The following codes may be modified to send out requests one by one.
290+
* if (xcontent != null) {
291+
* for (var i = 0; i < xcontent.length; i++) {
292+
* if (xcontent[i] != null) {
293+
* g.callByScript(nameID, xcontent.length, i, xcontent[i]);
294+
* xcontent[i] = null;
295+
* }
296+
* }
297+
* g.idSet["x" + nameID] = null;
298+
* }
304299
* }
305300
*/ {}
306-
if (restNotEmpty)sendRestRequests(nameID);
307301
return;
308302
}
309303
SimpleRPCRunnablerunnable =null;
@@ -355,12 +349,4 @@ static void xssNotify(String nameID, String response) {
355349
runnable.ajaxOut();
356350
}
357351
}
358-
359-
staticvoidxssSession(StringnameID,StringsessionID) {
360-
/**
361-
* @j2sNative
362-
var g = net.sf.j2s.ajax.SimpleRPCRequest;
363-
g.idSet["s" + nameID] = sessionID;
364-
*/ {}
365-
}
366352
}

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp