Source code

001/*
002 * This library is part of OpenCms -
003 * the Open Source Content Management System
004 *
005 * Copyright (c) Alkacon Software GmbH & Co. KG (http://www.alkacon.com)
006 *
007 * This library is free software; you can redistribute it and/or
008 * modify it under the terms of the GNU Lesser General Public
009 * License as published by the Free Software Foundation; either
010 * version 2.1 of the License, or (at your option) any later version.
011 *
012 * This library is distributed in the hope that it will be useful,
013 * but WITHOUT ANY WARRANTY; without even the implied warranty of
014 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
015 * Lesser General Public License for more details.
016 *
017 * For further information about Alkacon Software, please see the
018 * company website: http://www.alkacon.com
019 *
020 * For further information about OpenCms, please see the
021 * project website: http://www.opencms.org
022 *
023 * You should have received a copy of the GNU Lesser General Public
024 * License along with this library; if not, write to the Free Software
025 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
026 */
027
028package org.opencms.ugc;
029
030import org.opencms.file.CmsObject;
031import org.opencms.main.CmsException;
032import org.opencms.main.CmsLog;
033import org.opencms.ugc.shared.CmsUgcConstants;
034import org.opencms.ugc.shared.CmsUgcException;
035
036import java.util.List;
037
038import org.apache.commons.logging.Log;
039
040/**
041 * Helper class which implements some of the security checks for user generated content creation.<p>
042 */
043public class CmsUgcSessionSecurityUtil {
044
045    /** The log instance for this class. */
046    private static final Log LOG = CmsLog.getLog(CmsUgcSessionSecurityUtil.class);
047
048    /**
049     * Hidden default constructor.<p>
050     */
051    private CmsUgcSessionSecurityUtil() {
052
053        // empty
054    }
055
056    /**
057     * Checks whether a new XML content may be created and throws an exception if this is not the case.<p>
058     *
059     * @param cms the current CMS context
060     * @param config the form configuration
061     *
062     *  @throws CmsUgcException if something goes wrong
063     */
064    public static void checkCreateContent(CmsObject cms, CmsUgcConfiguration config) throws CmsUgcException {
065
066        if (config.getMaxContentNumber().isPresent()) {
067            int maxContents = config.getMaxContentNumber().get().intValue();
068            String sitePath = cms.getSitePath(config.getContentParentFolder());
069            try {
070                if (cms.getFilesInFolder(sitePath).size() >= maxContents) {
071
072                    String message = Messages.get().getBundle(cms.getRequestContext().getLocale()).key(
073                        Messages.ERR_TOO_MANY_CONTENTS_1,
074                        config.getContentParentFolder());
075                    throw new CmsUgcException(CmsUgcConstants.ErrorCode.errMaxContentsExceeded, message);
076                }
077            } catch (CmsException e) {
078                LOG.error(e.getLocalizedMessage(), e);
079                throw new CmsUgcException(e);
080            }
081        }
082    }
083
084    /**
085     * Checks whether an  uploaded file can be created in the VFS, and throws an exception otherwise.
086     *
087     * @param cms the current CMS context
088     * @param config the form configuration
089     * @param name the file name of the uploaded file
090     * @param size the size of the uploaded file
091     *
092     *  @throws CmsUgcException if something goes wrong
093     *
094     */
095    public static void checkCreateUpload(CmsObject cms, CmsUgcConfiguration config, String name, long size)
096    throws CmsUgcException {
097
098        if (!config.getUploadParentFolder().isPresent()) {
099            String message = Messages.get().container(Messages.ERR_NO_UPLOADS_ALLOWED_0).key(
100                cms.getRequestContext().getLocale());
101            throw new CmsUgcException(CmsUgcConstants.ErrorCode.errNoUploadAllowed, message);
102        }
103
104        if (config.getMaxUploadSize().isPresent()) {
105            if (config.getMaxUploadSize().get().longValue() < size) {
106                String message = Messages.get().container(Messages.ERR_UPLOAD_TOO_BIG_1, name).key(
107                    cms.getRequestContext().getLocale());
108                throw new CmsUgcException(CmsUgcConstants.ErrorCode.errMaxUploadSizeExceeded, message);
109            }
110        }
111
112        if (config.getValidExtensions().isPresent()) {
113            List<String> validExtensions = config.getValidExtensions().get();
114            boolean foundExtension = false;
115            for (String extension : validExtensions) {
116                if (name.toLowerCase().endsWith(extension.toLowerCase())) {
117                    foundExtension = true;
118                    break;
119                }
120            }
121            if (!foundExtension) {
122                String message = Messages.get().container(Messages.ERR_UPLOAD_FILE_EXTENSION_NOT_ALLOWED_1, name).key(
123                    cms.getRequestContext().getLocale());
124                throw new CmsUgcException(CmsUgcConstants.ErrorCode.errInvalidExtension, message);
125            }
126        }
127    }
128}