diff --git a/src/main/java/org/olat/core/gui/components/form/flexible/impl/FormBasicController.java b/src/main/java/org/olat/core/gui/components/form/flexible/impl/FormBasicController.java
index c66a2673ed4c3c90cfa34defa593a9aeb49baf27..2274ce8da6b935b594bc57d3e2c65dd140324c7f 100644
--- a/src/main/java/org/olat/core/gui/components/form/flexible/impl/FormBasicController.java
+++ b/src/main/java/org/olat/core/gui/components/form/flexible/impl/FormBasicController.java
@@ -306,7 +306,6 @@ public abstract class FormBasicController extends BasicController {
* org.olat.core.gui.components.Component,
* org.olat.core.gui.control.Event)
*/
- @SuppressWarnings("unused")
@Override
public void event(UserRequest ureq, Component source, Event event) {
if (source == mainForm.getInitialComponent()) {
diff --git a/src/main/java/org/olat/core/gui/components/form/flexible/impl/FormWrapperContainerRenderer.java b/src/main/java/org/olat/core/gui/components/form/flexible/impl/FormWrapperContainerRenderer.java
index aec5a331ef4198d4ccac648a4307fd42edbf12e4..08add6ddf378fe23d77fe388c6f2e6a6f45c4e3d 100644
--- a/src/main/java/org/olat/core/gui/components/form/flexible/impl/FormWrapperContainerRenderer.java
+++ b/src/main/java/org/olat/core/gui/components/form/flexible/impl/FormWrapperContainerRenderer.java
@@ -62,7 +62,7 @@ class FormWrapperContainerRenderer implements ComponentRenderer {
* org.olat.core.gui.translator.Translator,
* org.olat.core.gui.render.RenderResult, java.lang.String[])
*/
- @SuppressWarnings("unused")
+ @Override
public void render(Renderer renderer, StringOutput sb, Component source, URLBuilder ubu, Translator translator,
RenderResult renderResult, String[] args) {
FormWrapperContainer formC = (FormWrapperContainer) source;
@@ -135,6 +135,7 @@ class FormWrapperContainerRenderer implements ComponentRenderer {
* org.olat.core.gui.components.Component,
* org.olat.core.gui.render.RenderingState)
*/
+ @Override
public void renderBodyOnLoadJSFunctionCall(Renderer renderer, StringOutput sb, Component source, RenderingState rstate) {
FormWrapperContainer formC = (FormWrapperContainer) source;
Container toRender = formC.getFormLayout();
@@ -151,7 +152,7 @@ class FormWrapperContainerRenderer implements ComponentRenderer {
* org.olat.core.gui.translator.Translator,
* org.olat.core.gui.render.RenderingState)
*/
- @SuppressWarnings("unused")
+ @Override
public void renderHeaderIncludes(Renderer renderer, StringOutput sb, Component source, URLBuilder ubu, Translator translator,
RenderingState rstate) {
FormWrapperContainer formC = (FormWrapperContainer) source;
diff --git a/src/main/java/org/olat/core/util/StringHelper.java b/src/main/java/org/olat/core/util/StringHelper.java
index 63e499abab2234804e675c89ab5af2205d08ea28..1df68d2a6fec3d94040f64dcbb963b40f1b8da9d 100644
--- a/src/main/java/org/olat/core/util/StringHelper.java
+++ b/src/main/java/org/olat/core/util/StringHelper.java
@@ -358,6 +358,12 @@ public class StringHelper {
return new OWASPAntiSamyXSSFilter().filter(str);
}
+ public static final boolean xssScanForErrors(String str) {
+ OWASPAntiSamyXSSFilter filter = new OWASPAntiSamyXSSFilter();
+ filter.filter(str);
+ return filter.getNumOfErrors() > 0;
+ }
+
public static final String escapeJavaScript(String str) {
return StringEscapeUtils.escapeJavaScript(str);
}
diff --git a/src/main/java/org/olat/core/util/filter/impl/OWASPAntiSamyXSSFilter.java b/src/main/java/org/olat/core/util/filter/impl/OWASPAntiSamyXSSFilter.java
index b93860573dabd37ecc9ab0d75105417d9de38c53..464f9d2726bf439c8bb479d805b56f021f6fbaa3 100644
--- a/src/main/java/org/olat/core/util/filter/impl/OWASPAntiSamyXSSFilter.java
+++ b/src/main/java/org/olat/core/util/filter/impl/OWASPAntiSamyXSSFilter.java
@@ -164,6 +164,13 @@ public class OWASPAntiSamyXSSFilter implements Filter {
return output;
}
+
+ public int getNumOfErrors() {
+ if (cr != null) {
+ return cr.getNumberOfErrors();
+ }
+ return -1;
+ }
/**
* get Errors/Messages from filter.
diff --git a/src/main/java/org/olat/modules/wiki/WikiArticleSearchForm.java b/src/main/java/org/olat/modules/wiki/WikiArticleSearchForm.java
index 0d8e428a263afaa704d6cf727e6e210105ddac09..da50a2f7cf35be78d6a7fdd2602c7066c9487b6f 100644
--- a/src/main/java/org/olat/modules/wiki/WikiArticleSearchForm.java
+++ b/src/main/java/org/olat/modules/wiki/WikiArticleSearchForm.java
@@ -28,10 +28,10 @@ import org.olat.core.gui.UserRequest;
import org.olat.core.gui.components.form.flexible.FormItemContainer;
import org.olat.core.gui.components.form.flexible.elements.TextElement;
import org.olat.core.gui.components.form.flexible.impl.FormBasicController;
-import org.olat.core.gui.components.form.flexible.impl.elements.FormSubmit;
import org.olat.core.gui.control.Controller;
import org.olat.core.gui.control.Event;
import org.olat.core.gui.control.WindowControl;
+import org.olat.core.util.StringHelper;
/**
* Description:<br>
@@ -47,7 +47,7 @@ public class WikiArticleSearchForm extends FormBasicController {
public WikiArticleSearchForm(UserRequest ureq, WindowControl control) {
super(ureq, control, "articleSearch");
- initForm(this.flc, this, ureq);
+ initForm(ureq);
}
/**
@@ -67,20 +67,34 @@ public class WikiArticleSearchForm extends FormBasicController {
/**
* @see org.olat.core.gui.components.form.flexible.impl.FormBasicController#initForm(org.olat.core.gui.components.form.flexible.FormItemContainer, org.olat.core.gui.control.Controller, org.olat.core.gui.UserRequest)
*/
- @SuppressWarnings("unused")
@Override
protected void initForm(FormItemContainer formLayout, Controller listener, UserRequest ureq) {
searchQuery = uifactory.addTextElement("search", null, 250, null, formLayout);
searchQuery.setDisplaySize(40);
- FormSubmit submit = new FormSubmit("subm", "navigation.create.article");
- formLayout.add(submit);
+ uifactory.addFormSubmitButton("subm", "navigation.create.article", formLayout);
}
-
+
+ @Override
+ protected boolean validateFormLogic(UserRequest ureq) {
+ boolean allOk = true;
+
+ String val = searchQuery.getValue();
+ searchQuery.clearError();
+ if(!StringHelper.containsNonWhitespace(val)) {
+ searchQuery.setErrorKey("form.legende.mandatory", null);
+ allOk = false;
+ } else if(StringHelper.xssScanForErrors(val)) {
+ searchQuery.setErrorKey("form.legende.mandatory", null);
+ searchQuery.setValue("");
+ allOk = false;
+ }
+
+ return allOk & super.validateFormLogic(ureq);
+ }
+
public String getQuery() {
String query = searchQuery.getValue();
- searchQuery.setValue(null);
return query;
}
-
-}
+}
\ No newline at end of file
diff --git a/src/main/java/org/olat/modules/wiki/WikiMainController.java b/src/main/java/org/olat/modules/wiki/WikiMainController.java
index d0bccb9ec7de03859df271ccb43f3cf51c093902..8a69b3c5217adf2fd82c073a3224b4d337a3a7c3 100644
--- a/src/main/java/org/olat/modules/wiki/WikiMainController.java
+++ b/src/main/java/org/olat/modules/wiki/WikiMainController.java
@@ -73,6 +73,7 @@ import org.olat.core.logging.Tracing;
import org.olat.core.logging.activity.LearningResourceLoggingAction;
import org.olat.core.logging.activity.OlatResourceableType;
import org.olat.core.logging.activity.ThreadLocalUserActivityLogger;
+import org.olat.core.util.StringHelper;
import org.olat.core.util.coordinate.CoordinatorManager;
import org.olat.core.util.coordinate.LockResult;
import org.olat.core.util.notifications.ContextualSubscriptionController;
@@ -409,7 +410,7 @@ public class WikiMainController extends BasicController implements CloneableCont
if (!(event instanceof RequestNewPageEvent) && !(event instanceof RequestMediaEvent) && !(event instanceof RequestImageEvent)) {
page = wiki.getPage(pageId, true);
//set recent page id to the page currently used
- if (page != null) this.pageId = page.getPageId();
+ if (page != null) pageId = page.getPageId();
}
if (source == content) {
@@ -807,7 +808,9 @@ public class WikiMainController extends BasicController implements CloneableCont
else if (source == searchOrCreateArticleForm) {
String query = searchOrCreateArticleForm.getQuery();
- if (query == null) query = WikiPage.WIKI_INDEX_PAGE;
+ if (!StringHelper.containsNonWhitespace(query)) {
+ query = WikiPage.WIKI_INDEX_PAGE;
+ }
page = wiki.findPage(query);
pageId = page.getPageId();
if (page.getPageName().equals(Wiki.NEW_PAGE)) setTabsEnabled(false);
diff --git a/src/main/java/org/olat/modules/wiki/_content/articleSearch.html b/src/main/java/org/olat/modules/wiki/_content/articleSearch.html
index 2f49be025ffacd925b3d4c5532ea404da63103cb..a8883a0b3c0f0025aa64e2f7541768fa810a6df9 100644
--- a/src/main/java/org/olat/modules/wiki/_content/articleSearch.html
+++ b/src/main/java/org/olat/modules/wiki/_content/articleSearch.html
@@ -1,4 +1,5 @@
$r.render("search")
+$r.render("search_ERROR")
<div class="b_button_group o_sel_wiki_search">
$r.render("subm")
</div>
\ No newline at end of file