Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitc40a454

Browse files
author
zhourenjian
committed
Update Simple RPC:
1. Support cross domain HttpRequest errors2. Update de-serialization algorithm3. Update SimpleRPCRequest, exact some useful protected methods
1 parent1eafc06 commitc40a454

File tree

4 files changed

+200
-132
lines changed

4 files changed

+200
-132
lines changed

‎sources/net.sf.j2s.ajax/ajaxrpc/net/sf/j2s/ajax/SimpleRPCRequest.java

Lines changed: 108 additions & 88 deletions
Original file line numberDiff line numberDiff line change
@@ -92,21 +92,11 @@ private static void ajaxRequest(final SimpleRPCRunnable runnable) {
9292
if (checkXSS(url,serialize,runnable)) {
9393
return;
9494
}
95-
if ("get".equals(method.toLowerCase())) {
96-
try {
97-
Stringquery =URLEncoder.encode(serialize,"UTF-8");
98-
if (url.indexOf('?') != -1) {
99-
/* should not come to this branch! */
100-
url +="&jzz=" +query;
101-
}else {
102-
url +="?" +query;
103-
}
104-
serialize =null;
105-
}catch (UnsupportedEncodingExceptione) {
106-
// should never throws such exception!
107-
//e.printStackTrace();
108-
}
95+
Stringurl2 =adjustRequestURL(method,url,serialize);
96+
if (url2 !=url) {
97+
serialize =null;
10998
}
99+
110100
finalHttpRequestrequest =newHttpRequest();
111101
request.open(method,url,true);
112102
request.registerOnReadyStateChange(newXHRCallbackAdapter() {
@@ -123,17 +113,29 @@ public void onLoaded() {
123113
request.send(serialize);
124114
}
125115

116+
protectedstaticStringadjustRequestURL(Stringmethod,Stringurl,Stringserialize) {
117+
if ("GET".equals(method.toUpperCase())) {
118+
try {
119+
Stringquery =URLEncoder.encode(serialize,"UTF-8");
120+
if (url.indexOf('?') != -1) {
121+
/* should not come to this branch! */
122+
url +="&jzz=" +query;
123+
}else {
124+
url +="?" +query;
125+
}
126+
}catch (UnsupportedEncodingExceptione) {
127+
// should never throws such exception!
128+
//e.printStackTrace();
129+
}
130+
}
131+
returnurl;
132+
}
133+
126134
/**
127-
* Check cross site script. Only make senses for JavaScript.
128-
*
135+
* Check that whether it is in cross site script mode or not.
129136
* @param url
130-
* @param serialize
131-
* @param runnable
132137
* @return
133-
*/
134-
protectedstaticbooleancheckXSS(Stringurl,Stringserialize,SimpleRPCRunnablerunnable) {
135-
/**
136-
* @j2sNative
138+
* @j2sNative
137139
if (url != null && (url.indexOf ("http://") == 0
138140
|| url.indexOf ("https://") == 0)) {
139141
var host = null;
@@ -143,61 +145,79 @@ protected static boolean checkXSS(String url, String serialize, SimpleRPCRunnabl
143145
} else {
144146
host = url.substring (url.indexOf ("//") + 2);
145147
}
146-
if (window.location.host != host || window.location.protocol == "file:") {
147-
var g = net.sf.j2s.ajax.SimpleRPCRequest;
148-
if (g.idSet == null) {
149-
g.idSet = new Object ();
150-
}
151-
var rnd = null;
152-
while (true) {
153-
var rnd = Math.random () + "0000000.*";
154-
rnd = rnd.substring (2, 8);
155-
if (g.idSet["o" + rnd] == null) {
156-
g.idSet["o" + rnd] = runnable;
157-
break;
158-
}
159-
}
160-
var limit = 7168; //8192;
161-
if (window["script.get.url.limit"] != null) {
162-
limit = window["script.get.url.limit"];
163-
}
164-
var ua = navigator.userAgent.toLowerCase ();
165-
if (ua.indexOf ("msie")!=-1 && ua.indexOf ("opera") == -1){
166-
limit = 2048;
167-
limit = 2048 - 44; // ;jsessionid=
148+
return (window.location.host != host || window.location.protocol == "file:");
149+
}
150+
return false; // ftp ...
151+
*/
152+
protectedstaticbooleanisXSSMode(Stringurl) {
153+
returnfalse;
154+
}
155+
156+
/**
157+
* Check cross site script. Only make senses for JavaScript.
158+
*
159+
* @param url
160+
* @param serialize
161+
* @param runnable
162+
* @return
163+
*/
164+
protectedstaticbooleancheckXSS(Stringurl,Stringserialize,SimpleRPCRunnablerunnable) {
165+
/**
166+
* @j2sNative
167+
if (net.sf.j2s.ajax.SimpleRPCRequest.isXSSMode (url)) {
168+
var g = net.sf.j2s.ajax.SimpleRPCRequest;
169+
if (g.idSet == null) {
170+
g.idSet = new Object ();
171+
}
172+
var rnd = null;
173+
while (true) {
174+
var rnd = Math.random () + "0000000.*";
175+
rnd = rnd.substring (2, 8);
176+
if (g.idSet["o" + rnd] == null) {
177+
g.idSet["o" + rnd] = runnable;
178+
break;
168179
}
169-
limit -= url.length + 36; // 5 + 6 + 5 + 2 + 5 + 2 + 5;
170-
var contents = [];
171-
var content = encodeURIComponent(serialize);
172-
if (content.length > limit) {
173-
parts = Math.ceil (content.length / limit);
174-
var lastEnd = 0;
175-
for (var i = 0; i < parts; i++) {
176-
var end = (i + 1) * limit;
177-
if (end > content.length) {
178-
end = content.length;
179-
} else {
180-
for (var j = 0; j < 3; j++) {
181-
var ch = content.charAt (end - j);
182-
if (ch == '%') {
183-
end -= j;
184-
break;
185-
}
180+
}
181+
var limit = 7168; //8192;
182+
if (window["script.get.url.limit"] != null) {
183+
limit = window["script.get.url.limit"];
184+
}
185+
var ua = navigator.userAgent.toLowerCase ();
186+
if (ua.indexOf ("msie")!=-1 && ua.indexOf ("opera") == -1){
187+
limit = 2048;
188+
limit = 2048 - 44; // ;jsessionid=
189+
}
190+
limit -= url.length + 36; // 5 + 6 + 5 + 2 + 5 + 2 + 5;
191+
var contents = [];
192+
var content = encodeURIComponent(serialize);
193+
if (content.length > limit) {
194+
parts = Math.ceil (content.length / limit);
195+
var lastEnd = 0;
196+
for (var i = 0; i < parts; i++) {
197+
var end = (i + 1) * limit;
198+
if (end > content.length) {
199+
end = content.length;
200+
} else {
201+
for (var j = 0; j < 3; j++) {
202+
var ch = content.charAt (end - j);
203+
if (ch == '%') {
204+
end -= j;
205+
break;
186206
}
187207
}
188-
contents[i] = content.substring (lastEnd, end);
189-
lastEnd = end;
190208
}
191-
} else {
192-
contents[0] =content;
209+
contents[i] = content.substring (lastEnd, end);
210+
lastEnd =end;
193211
}
194-
g.idSet["x" + rnd] = contents;
195-
// Only send the first request, later server return "continue", and client will get
196-
// the session id and continue later requests.
197-
net.sf.j2s.ajax.SimpleRPCRequest.callByScript(rnd, contents.length, 0, contents[0]);
198-
contents[0] = null;
199-
return true; // cross site script!
212+
} else {
213+
contents[0] = content;
200214
}
215+
g.idSet["x" + rnd] = contents;
216+
// Only send the first request, later server return "continue", and client will get
217+
// the session id and continue later requests.
218+
net.sf.j2s.ajax.SimpleRPCRequest.callByScript(rnd, contents.length, 0, contents[0]);
219+
contents[0] = null;
220+
return true; // cross site script!
201221
}
202222
*/ { }
203223
returnfalse;
@@ -284,23 +304,23 @@ static void xssNotify(String nameID, String response, String session) {
284304
if (response =="continue") {
285305
/**
286306
* @j2sNative
287-
*var g = net.sf.j2s.ajax.SimpleRPCRequest;
288-
*if (session != null){
289-
*g.idSet["s" + nameID] = session;
290-
*}
291-
*var xcontent = g.idSet["x" + nameID];
292-
*if (xcontent != null) {
293-
*//The following codes may be modified to send out requests one by one.
294-
*if (xcontent != null) {
295-
*for (var i = 0; i < xcontent.length; i++) {
296-
*if (xcontent[i] != null) {
297-
*g.callByScript(nameID, xcontent.length, i, xcontent[i]);
298-
*xcontent[i] = null;
299-
*}
300-
*}
301-
*g.idSet["x" + nameID] = null;
302-
*}
303-
*}
307+
var g = net.sf.j2s.ajax.SimpleRPCRequest;
308+
if (session != null){
309+
g.idSet["s" + nameID] = session;
310+
}
311+
var xcontent = g.idSet["x" + nameID];
312+
if (xcontent != null) {
313+
//The following codes may be modified to send out requests one by one.
314+
if (xcontent != null) {
315+
for (var i = 0; i < xcontent.length; i++) {
316+
if (xcontent[i] != null) {
317+
g.callByScript(nameID, xcontent.length, i, xcontent[i]);
318+
xcontent[i] = null;
319+
}
320+
}
321+
g.idSet["x" + nameID] = null;
322+
}
323+
}
304324
*/ {}
305325
return;
306326
}

‎sources/net.sf.j2s.ajax/ajaxrpc/net/sf/j2s/ajax/SimpleRPCSWTRequest.java

Lines changed: 3 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -11,8 +11,6 @@
1111

1212
packagenet.sf.j2s.ajax;
1313

14-
importjava.io.UnsupportedEncodingException;
15-
importjava.net.URLEncoder;
1614
importorg.eclipse.swt.widgets.Display;
1715

1816
/**
@@ -71,20 +69,9 @@ private static void swtAJAXRequest(final SimpleRPCRunnable runnable) {
7169
if (checkXSS(url,serialize,runnable)) {
7270
return;
7371
}
74-
if ("get".equals(method.toLowerCase())) {
75-
try {
76-
Stringquery =URLEncoder.encode(serialize,"UTF-8");
77-
if (url.indexOf('?') != -1) {
78-
/* should not come to this branch! */
79-
url +="&jzz=" +query;
80-
}else {
81-
url +="?" +query;
82-
}
83-
serialize =null;
84-
}catch (UnsupportedEncodingExceptione) {
85-
// should never throws such exception!
86-
//e.printStackTrace();
87-
}
72+
Stringurl2 =SimpleRPCRequest.adjustRequestURL(method,url,serialize);
73+
if (url2 !=url) {
74+
serialize =null;
8875
}
8976
finalHttpRequestrequest =newHttpRequest();
9077
request.open(method,url,true);

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp