diff --git a/src/java/fr/paris/lutece/plugins/newsletter/service/NewsLetterRegistrationService.java b/src/java/fr/paris/lutece/plugins/newsletter/service/NewsLetterRegistrationService.java index 471a048..79a7bf6 100644 --- a/src/java/fr/paris/lutece/plugins/newsletter/service/NewsLetterRegistrationService.java +++ b/src/java/fr/paris/lutece/plugins/newsletter/service/NewsLetterRegistrationService.java @@ -33,11 +33,11 @@ */ package fr.paris.lutece.plugins.newsletter.service; +import java.security.SecureRandom; import java.sql.Timestamp; import java.util.Date; import java.util.HashMap; import java.util.Map; -import java.util.Random; import java.util.Collection; import javax.servlet.http.HttpServletRequest; import org.apache.commons.lang3.StringUtils; @@ -189,7 +189,7 @@ public void doSubscription( HttpServletRequest request ) throws SiteMessageExcep if ( properties.isValidationActive( ) ) { // generate validation key - Random random = new Random( ); + SecureRandom random = new SecureRandom( ); int nAlea = random.nextInt( ); // add pair in db AwaitingActivationHome.create( subscriber.getId( ), nAlea, getPlugin( ) ); diff --git a/src/java/fr/paris/lutece/plugins/newsletter/util/HtmlDomDocNewsletter.java b/src/java/fr/paris/lutece/plugins/newsletter/util/HtmlDomDocNewsletter.java index 040ab7c..474dfa5 100644 --- a/src/java/fr/paris/lutece/plugins/newsletter/util/HtmlDomDocNewsletter.java +++ b/src/java/fr/paris/lutece/plugins/newsletter/util/HtmlDomDocNewsletter.java @@ -40,8 +40,8 @@ import java.io.StringWriter; import java.io.UnsupportedEncodingException; +import javax.xml.XMLConstants; import javax.xml.transform.Transformer; -import javax.xml.transform.TransformerConfigurationException; import javax.xml.transform.TransformerException; import javax.xml.transform.TransformerFactory; import javax.xml.transform.dom.DOMSource; @@ -206,6 +206,8 @@ public String getContent( ) StringWriter writer = new StringWriter( ); StreamResult result = new StreamResult( writer ); TransformerFactory tf = TransformerFactory.newInstance( ); + tf.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); + tf.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ""); Transformer transformer; try @@ -213,12 +215,6 @@ public String getContent( ) transformer = tf.newTransformer( ); transformer.transform( domSource, result ); } - catch( TransformerConfigurationException e ) - { - AppLogService.error( e.getMessage( ) ); - - return null; - } catch( TransformerException e ) { AppLogService.error( e.getMessage( ) ); @@ -226,9 +222,8 @@ public String getContent( ) return null; } - String stringResult = writer.toString( ); + return writer.toString( ); - return stringResult; } /** diff --git a/src/java/fr/paris/lutece/plugins/newsletter/web/NewsletterTemplateJspBean.java b/src/java/fr/paris/lutece/plugins/newsletter/web/NewsletterTemplateJspBean.java index 9157755..c91973f 100644 --- a/src/java/fr/paris/lutece/plugins/newsletter/web/NewsletterTemplateJspBean.java +++ b/src/java/fr/paris/lutece/plugins/newsletter/web/NewsletterTemplateJspBean.java @@ -74,6 +74,7 @@ import java.io.FileReader; import java.io.FileWriter; import java.io.IOException; +import java.nio.file.Files; import java.util.ArrayList; import java.util.Collection; import java.util.HashMap; @@ -444,7 +445,9 @@ public String doModifyNewsletterTemplate( HttpServletRequest request ) String strPathFileNewsletterTemplate = AppPathService.getPath( PROPERTY_PATH_TEMPLATE ) + AppPropertiesService.getProperty( NewsLetterConstants.PROPERTY_PATH_FILE_NEWSLETTER_TEMPLATE ); File file = new File( strPathFileNewsletterTemplate + File.separator + newsletterTemplate.getFileKey() ); - file.delete( ); + if( file.exists( ) ) { + Files.delete( file.toPath( ) ); + } } newsletterTemplate.setFileKey( templateFileKey ); } @@ -462,7 +465,9 @@ public String doModifyNewsletterTemplate( HttpServletRequest request ) { String strPathFileNewsletterTemplate = AppPathService.getPath( PROPERTY_PATH_IMAGE_NEWSLETTER_TEMPLATE ); File file = new File( strPathFileNewsletterTemplate + File.separator + newsletterTemplate.getPictureKey() ); - file.delete( ); + if( file.exists( ) ) { + Files.delete( file.toPath( ) ); + } } newsletterTemplate.setPictureKey( strImageKey ); } @@ -536,7 +541,9 @@ public String getModifyNewsLetterTemplateFile( HttpServletRequest request ) fileWriter.close( ); fileReader = new BufferedReader( new FileReader( file ) ); // delete the temporary file - file.delete( ); + if( file.exists( ) ) { + Files.delete( file.toPath( ) ); + } String strFileName = luteceTemplateFile.getTitle( ); model.put( NewsLetterConstants.MARK_TEMPLATE_FILE_NAME, strFileName ); model.put( fr.paris.lutece.plugins.newsletter.util.NewsLetterConstants.MARK_TEMPLATE_FILE, luteceTemplateFile.getPhysicalFile().getValue() ); @@ -641,7 +648,9 @@ public String doModifyNewsletterTemplateFile( HttpServletRequest request ) { String strPathFileNewsletterTemplate = AppPathService.getPath( PROPERTY_PATH_IMAGE_NEWSLETTER_TEMPLATE ); File file = new File( strPathFileNewsletterTemplate + File.separator + strOldImageName ); - file.delete( ); + if( file.exists( ) ) { + Files.delete(file.toPath()); + } } } @@ -671,7 +680,9 @@ public String doModifyNewsletterTemplateFile( HttpServletRequest request ) luteceFile.setPhysicalFile( physicalFile ); String newFileKey = NewsletterFileService.storeFile( luteceFile ); newsletterTemplate.setFileKey( newFileKey ); - file.delete(); + if( file.exists( ) ) { + Files.delete( file.toPath( ) ); + } } @@ -756,30 +767,34 @@ public String doRemoveNewsLetterTemplate( HttpServletRequest request ) return AdminMessageService.getMessageUrl( request, Messages.USER_ACCESS_DENIED, AdminMessage.TYPE_ERROR ); } - String strFileName = newsLetterTemplate.getFileKey( ); - String strPictureName = newsLetterTemplate.getPictureKey( ); + try { + String strFileName = newsLetterTemplate.getFileKey( ); + String strPictureName = newsLetterTemplate.getPictureKey( ); - // removes the file - String strPathFileNewsletterTemplate = AppPathService.getPath( PROPERTY_PATH_TEMPLATE ) - + AppPropertiesService.getProperty( NewsLetterConstants.PROPERTY_PATH_FILE_NEWSLETTER_TEMPLATE ); - File file = new File( strPathFileNewsletterTemplate + NewsLetterConstants.CONSTANT_SLASH + strFileName ); + // removes the file + String strPathFileNewsletterTemplate = AppPathService.getPath( PROPERTY_PATH_TEMPLATE ) + + AppPropertiesService.getProperty( NewsLetterConstants.PROPERTY_PATH_FILE_NEWSLETTER_TEMPLATE ); + File file = new File( strPathFileNewsletterTemplate + NewsLetterConstants.CONSTANT_SLASH + strFileName ); - if ( file.exists( ) ) - { - file.delete( ); - } + if ( file.exists( ) ) + { + Files.delete( file.toPath( ) ); + } - // removes the picture - String strPathImageNewsletterTemplate = AppPathService.getPath( PROPERTY_PATH_IMAGE_NEWSLETTER_TEMPLATE ); - File picture = new File( strPathImageNewsletterTemplate + NewsLetterConstants.CONSTANT_SLASH + strPictureName ); + // removes the picture + String strPathImageNewsletterTemplate = AppPathService.getPath( PROPERTY_PATH_IMAGE_NEWSLETTER_TEMPLATE ); + File picture = new File( strPathImageNewsletterTemplate + NewsLetterConstants.CONSTANT_SLASH + strPictureName ); - if ( picture.exists( ) ) - { - picture.delete( ); - } + if ( picture.exists( ) ) + { + Files.delete( picture.toPath( ) ); + } - // removes the newsletter template from the database - NewsLetterTemplateHome.remove( nNewsletterTemplateId, getPlugin( ) ); + // removes the newsletter template from the database + NewsLetterTemplateHome.remove( nNewsletterTemplateId, getPlugin( ) ); + } catch (IOException e) { + AppLogService.error( e.getMessage( ), e ); + } // loads the newsletter templates management page // If the operation occurred well returns on the info of the newsletter