OO-906: hardened the meta info factory against null file and other unexpected inputs

pom.xml

@@ -1644,7 +1644,7 @@
 		<dependency>
 			<groupId>org.apache.pdfbox</groupId>
 			<artifactId>pdfbox</artifactId>
-			<version>1.8.2</version>
+			<version>1.8.3</version>
 		</dependency>
 		<dependency>
 			<groupId>org.bouncycastle</groupId>

src/main/java/org/olat/admin/bc/BriefcaseAdminController.java

@@ -23,7 +23,7 @@ import java.io.File;
 
 import org.olat.core.CoreSpringFactory;
 import org.olat.core.commons.modules.bc.FolderConfig;
-import org.olat.core.commons.modules.bc.meta.MetaInfoFileImpl;
+import org.olat.core.commons.modules.bc.meta.MetaInfoFactory;
 import org.olat.core.commons.services.taskexecutor.TaskExecutorManager;
 import org.olat.core.gui.UserRequest;
 import org.olat.core.gui.components.form.flexible.FormItem;
@@ -45,11 +45,13 @@ public class BriefcaseAdminController extends FormBasicController {
 	
 	private FormLink thumbnailReset;
 	private final TaskExecutorManager taskExecutor;
+	private final MetaInfoFactory metaInfoFactory;
 
 	public BriefcaseAdminController(UserRequest ureq, WindowControl wControl) {
 		super(ureq, wControl, "bc_admin");
 		
 		taskExecutor = CoreSpringFactory.getImpl(TaskExecutorManager.class);
+		metaInfoFactory = CoreSpringFactory.getImpl(MetaInfoFactory.class);
 		
 		initForm(ureq);
 	}
@@ -101,18 +103,9 @@ public class BriefcaseAdminController extends FormBasicController {
 				} else if(file.isDirectory()) {
 					resetThumbnails(file);
 				} else if(file.getName().endsWith(".xml")) {
-					resetThumbnailsInMeta(file);
+					metaInfoFactory.resetThumbnails(file);
 				}
 			}
 		}
-		
-		private void resetThumbnailsInMeta(File metafile) {
-			try {
-				MetaInfoFileImpl metaInfo = new MetaInfoFileImpl(metafile);
-				metaInfo.clearThumbnails();
-			} catch (Exception e) {
-				logError("", e);
-			}
-		}
 	}
 }

src/main/java/org/olat/commons/file/filechooser/FileChooseCreateEditController.java

@@ -221,7 +221,7 @@ public class FileChooseCreateEditController extends BasicController{
 		FolderComponent folderComponent = new FolderComponent(ureq, "foldercomp", namedCourseFolder, null, null);
 		folderComponent.addListener(this);
 		cmdUpload = new CmdUpload(ureq, getWindowControl(), false, false);
-		cmdUpload.execute(folderComponent, ureq, getWindowControl(), getTranslator(), true);		
+		cmdUpload.execute(folderComponent, ureq, getTranslator(), true);		
 		cmdUpload.hideFieldset();
 		listenTo(cmdUpload);
 		Panel mainPanel = new Panel("upl");

src/main/java/org/olat/core/commons/modules/bc/commands/CmdDelete.java

@@ -83,7 +83,7 @@ public class CmdDelete extends BasicController implements FolderCommand {
 			// create dialog controller
 			dialogCtr = activateYesNoDialog(ureq, trans.translate("del.header"), msg, dialogCtr);
 		} else {
-			String msg = FolderCommandHelper.renderLockedMessageAsHtml(trans, currentContainer, lockedFiles);
+			String msg = FolderCommandHelper.renderLockedMessageAsHtml(trans, lockedFiles);
 			List<String> buttonLabels = Collections.singletonList(trans.translate("ok"));
 			lockedFiledCtr = activateGenericDialog(ureq, trans.translate("lock.title"), msg, buttonLabels, lockedFiledCtr);
 		}

src/main/java/org/olat/core/commons/modules/bc/commands/CmdEditContent.java

@@ -104,7 +104,7 @@ public class CmdEditContent extends BasicController implements FolderCommand {
 		
 		if(vfsLockManager.isLockedForMe(currentItem, ureq.getIdentity(), ureq.getUserSession().getRoles())) {
 			List<String> lockedFiles = Collections.singletonList(currentItem.getName());
-			String msg = FolderCommandHelper.renderLockedMessageAsHtml(translator, folderComponent.getCurrentContainer(), lockedFiles);
+			String msg = FolderCommandHelper.renderLockedMessageAsHtml(translator, lockedFiles);
 			List<String> buttonLabels = Collections.singletonList(translator.translate("ok"));
 			lockedFiledCtr = activateGenericDialog(ureq, translator.translate("lock.title"), msg, buttonLabels, lockedFiledCtr);
 			return null;

src/main/java/org/olat/core/commons/modules/bc/commands/CmdUnzip.java

@@ -94,7 +94,7 @@ public class CmdUnzip extends BasicController implements FolderCommand {
 		}
 		
 		if(!lockedFiles.isEmpty()) {
-			String msg = FolderCommandHelper.renderLockedMessageAsHtml(trans, null, lockedFiles);
+			String msg = FolderCommandHelper.renderLockedMessageAsHtml(trans, lockedFiles);
 			List<String> buttonLabels = Collections.singletonList(trans.translate("ok"));
 			lockedFiledCtr = activateGenericDialog(ureq, trans.translate("lock.title"), msg, buttonLabels, lockedFiledCtr);
 			return null;

src/main/java/org/olat/core/commons/modules/bc/commands/CmdUpload.java

@@ -94,10 +94,10 @@ public class CmdUpload extends BasicController implements FolderCommand {
 	}
 
 	public Controller execute(FolderComponent fc, UserRequest ureq, WindowControl windowControl, Translator trans) {
-		return execute(fc, ureq, windowControl, trans, false);
+		return execute(fc, ureq, trans, false);
 	}
 
-	public Controller execute(FolderComponent fc, UserRequest ureq, WindowControl windowControl, Translator trans, boolean cancelResetsForm) {
+	public Controller execute(FolderComponent fc, UserRequest ureq, Translator trans, boolean cancelResetsForm) {
 		this.folderComponent = fc;
 		this.cancelResetsForm = cancelResetsForm;
 		

src/main/java/org/olat/core/commons/modules/bc/commands/FolderCommandHelper.java

@@ -42,9 +42,9 @@ import org.olat.core.util.vfs.VFSManager;
  */
 public class FolderCommandHelper {
 	
-	public static String renderLockedMessageAsHtml(Translator trans, VFSContainer container, List<String> files) {
+	public static String renderLockedMessageAsHtml(Translator trans, List<String> files) {
 		StringBuilder sb = new StringBuilder();
-		sb.append(trans.translate("lock.description")).append("<p>").append(renderAsHtml(container, files)).append("</p>");
+		sb.append(trans.translate("lock.description")).append("<p>").append(renderAsHtml(files)).append("</p>");
 		return sb.toString();
 	}
 
@@ -53,7 +53,7 @@ public class FolderCommandHelper {
 	 * 
 	 * @return HTML Fragment.
 	 */
-	private static String renderAsHtml(VFSContainer container, List<String> files) {
+	private static String renderAsHtml(List<String> files) {
 		StringBuilder sb = new StringBuilder();
 		sb.append("<ul>");
 		for (String file : files) {

src/main/java/org/olat/core/commons/modules/bc/components/FolderComponentRenderer.java

@@ -53,8 +53,8 @@ import org.olat.core.util.vfs.VFSItem;
  */
 public class FolderComponentRenderer implements ComponentRenderer {
 
-	private ListRenderer listRenderer;
-	private CrumbRenderer crumbRenderer;
+	private final ListRenderer listRenderer;
+	private final CrumbRenderer crumbRenderer;
 
 	/**
 	 * Constructor for TableRenderer. Singleton and must be reentrant
@@ -111,7 +111,7 @@ public class FolderComponentRenderer implements ComponentRenderer {
 		}
 		
 		String formName = "folder" + CodeHelper.getRAMUniqueID();
-		target.append("<form  method=\"post\" id=\"" + formName + "\" action=\"");
+		target.append("<form  method=\"post\" id=\"").append(formName).append("\" action=\"");
 		ubu.buildURI(target, new String[] { VelocityContainer.COMMAND_ID }, new String[] {FolderRunController.FORM_ACTION }, iframePostEnabled ? AJAXFlags.MODE_TOBGIFRAME : AJAXFlags.MODE_NORMAL);
 		target.append("\" onsubmit=\"if ( b_briefcase_isChecked('").append(formName)
 			.append("', '").append(Formatter.escapeSingleAndDoubleQuotes(StringHelper.escapeHtml(translator.translate("alert")).toString())) 

src/main/java/org/olat/core/commons/modules/bc/meta/MetaInfoFactory.java

@@ -24,12 +24,19 @@
 */
 package org.olat.core.commons.modules.bc.meta;
 
+import java.io.File;
+
+import org.olat.core.commons.modules.bc.FolderConfig;
 import org.olat.core.commons.services.thumbnail.ThumbnailService;
+import org.olat.core.logging.OLog;
+import org.olat.core.logging.Tracing;
 import org.olat.core.util.vfs.OlatRelPathImpl;
 
 
 public class MetaInfoFactory {
 	
+	private static final OLog log = Tracing.createLoggerFor(MetaInfoFactory.class);
+	
 	private ThumbnailService thumbnailService;
 	
 	/**
@@ -41,8 +48,47 @@ public class MetaInfoFactory {
 	}
 
 	public MetaInfo createMetaInfoFor(OlatRelPathImpl path) {
-		MetaInfoFileImpl meta = new MetaInfoFileImpl(path);
+		File originFile = getOriginFile(path);
+		if(originFile == null) {
+			return null;
+		}
+		String canonicalMetaPath = getCanonicalMetaPath(originFile, path);
+		if (canonicalMetaPath == null) {
+			return null;
+		}
+		
+		File metaFile = new File(canonicalMetaPath);
+		MetaInfoFileImpl meta = new MetaInfoFileImpl(canonicalMetaPath, metaFile, originFile);
 		meta.setThumbnailService(thumbnailService);
 		return meta;
 	}
+	
+	public void resetThumbnails(File metafile) {
+		try {
+			new MetaInfoFileImpl(metafile).clearThumbnails();
+		} catch (Exception e) {
+			log.error("", e);
+		}
+	}
+	
+	protected static String getCanonicalMetaPath(OlatRelPathImpl olatRelPathImpl) {
+		File f = getOriginFile(olatRelPathImpl);
+		return getCanonicalMetaPath(f, olatRelPathImpl);
+	}
+	
+	private static String getCanonicalMetaPath(File originFile, OlatRelPathImpl olatRelPathImpl) {
+		String canonicalMetaPath;
+		if (originFile == null || !originFile.exists()) {
+			canonicalMetaPath = null;
+		} else if (originFile.isDirectory()) {
+			canonicalMetaPath = FolderConfig.getCanonicalMetaRoot() + olatRelPathImpl.getRelPath() + "/.xml";
+		} else {
+			canonicalMetaPath = FolderConfig.getCanonicalMetaRoot() + olatRelPathImpl.getRelPath() + ".xml";
+		}
+		return canonicalMetaPath;
+	}
+	
+	protected static File getOriginFile(OlatRelPathImpl olatRelPathImpl) {
+		return new File(FolderConfig.getCanonicalRoot() + olatRelPathImpl.getRelPath());
+	}
 }
\ No newline at end of file

src/main/java/org/olat/core/commons/modules/bc/meta/MetaInfoFileImpl.java

@@ -48,10 +48,10 @@ import java.util.UUID;
 import javax.xml.parsers.SAXParser;
 import javax.xml.parsers.SAXParserFactory;
 
+import org.apache.poi.util.IOUtils;
 import org.dom4j.Document;
 import org.dom4j.Element;
 import org.olat.basesecurity.BaseSecurityManager;
-import org.olat.core.commons.modules.bc.FolderConfig;
 import org.olat.core.commons.services.thumbnail.CannotGenerateThumbnailException;
 import org.olat.core.commons.services.thumbnail.FinalSize;
 import org.olat.core.commons.services.thumbnail.ThumbnailService;
@@ -116,24 +116,18 @@ public class MetaInfoFileImpl extends DefaultHandler implements MetaInfo {
 	
 
 	// make it a factory
-	public MetaInfoFileImpl() { 
-		
+	private MetaInfoFileImpl() { 
+		//
 	}
 
-	public MetaInfoFileImpl(File metaFile) { 
+	protected MetaInfoFileImpl(File metaFile) { 
 		this.metaFile = metaFile;
 		parseSAX(metaFile);
 	}
 	
-	public MetaInfoFileImpl(OlatRelPathImpl olatRelPathImpl) { 
-		init(olatRelPathImpl);
-	}
-
-	private boolean init(OlatRelPathImpl olatRelPathImpl) {
-		String canonicalMetaPath = getCanonicalMetaPath(olatRelPathImpl);
-		if (canonicalMetaPath == null) return false;
-		originFile = getOriginFile(olatRelPathImpl);
-		metaFile = new File(canonicalMetaPath);
+	protected MetaInfoFileImpl(String canonicalMetaPath, File metaFile, File originFile) { 
+		this.metaFile = metaFile;
+		this.originFile = originFile;
 		// set
 		if (!parseSAX(metaFile)) {
 			String metaDirPath = canonicalMetaPath.substring(0, canonicalMetaPath.lastIndexOf('/'));
@@ -143,31 +137,11 @@ public class MetaInfoFileImpl extends DefaultHandler implements MetaInfo {
 			}
 			write();
 		}
-		return true;
 	}
 
 	public void setThumbnailService(ThumbnailService thumbnailService) {
 		this.thumbnailService = thumbnailService;
 	}
-
-	private File getOriginFile(OlatRelPathImpl olatRelPathImpl) {
-		return new File(FolderConfig.getCanonicalRoot() + olatRelPathImpl.getRelPath());
-	}
-	/**
-	 * Get the canonical path to the file's meta file.
-	 * 
-	 * @param bcPath
-	 * @return String
-	 */
-	private String getCanonicalMetaPath(OlatRelPathImpl olatRelPathImpl) {
-		File f = getOriginFile(olatRelPathImpl);
-		if (!f.exists()) return null;
-		if (f.isDirectory()) {
-			return FolderConfig.getCanonicalMetaRoot() + olatRelPathImpl.getRelPath() + "/.xml";
-		} else {
-			return FolderConfig.getCanonicalMetaRoot() + olatRelPathImpl.getRelPath() + ".xml";
-		}
-	}
 	
 	/**
 	 * Rename the given meta info file
@@ -192,7 +166,7 @@ public class MetaInfoFileImpl extends DefaultHandler implements MetaInfo {
 	 */
 	public void moveCopyToDir(OlatRelPathImpl target, boolean move) {
 		File fSource = metaFile;
-		File fTarget = new File(getCanonicalMetaPath(target));
+		File fTarget = new File(MetaInfoFactory.getCanonicalMetaPath(target));
 		if (isDirectory()) { // move/copy whole meta directory
 			fSource = fSource.getParentFile();
 			fTarget = fTarget.getParentFile();
@@ -443,7 +417,7 @@ public class MetaInfoFileImpl extends DefaultHandler implements MetaInfo {
 	  } catch(Exception ex) {
 	  	log.error("Error while parsing " + fMeta, ex);
 	  } finally {
-	  	FileUtils.closeSafely(in);
+	  	IOUtils.closeQuietly(in);
 	  }
 		return true;
 	}
@@ -1043,14 +1017,14 @@ public class MetaInfoFileImpl extends DefaultHandler implements MetaInfo {
 		return cssClass;
 	}
 	
-	public class XmlFilter implements FileFilter {
+	public static class XmlFilter implements FileFilter {
 		@Override
 		public boolean accept(File file) {
 			return file.getName().endsWith(".xml");
 		}
 	}
 	
-	public class Thumbnail {
+	public static class Thumbnail {
 		private int maxWidth;
 		private int maxHeight;
 		private int finalWidth;