boxtec
/
yacy_search_server
mirror of https://github.com/yacy/yacy_search_server
4
1
Fork 0
Code Issues Projects Releases Wiki Activity

Enforced controls on vocabulary editing operations.

Browse Source
pull/167/head
luccioman 7 years ago
parent 2532db2ce6
commit 348d07a999
2 changed files with 22 additions and 4 deletions
Show Stats Download Patch File Download Diff File

4
htroot/Vocabulary_p.html
Unescape View File

@ -106,7 +106,8 @@ To see a list of all APIs, please visit the <a href="http://www.yacy-websuche.de
</form>
#(create)#::
<form action="Vocabulary_p.html" id="searchform" method="get" accept-charset="UTF-8" class="form-horizontal">
<form action="Vocabulary_p.html" id="searchform" method="post" accept-charset="UTF-8" class="form-horizontal">
<input type="hidden" name="transactionToken" value="#[transactionToken]#" />
<fieldset>
<legend>Vocabulary Production</legend>
#(csvFileStatus)#
@ -253,6 +254,7 @@ To see a list of all APIs, please visit the <a href="http://www.yacy-websuche.de
#(edit)#::
<form action="Vocabulary_p.html" method="post" enctype="multipart/form-data" accept-charset="UTF-8" class="form-horizontal">
<input type="hidden" name="transactionToken" value="#[transactionToken]#" />
<fieldset><legend>Vocabulary Editor</legend>
<dl>
<dt>Vocabulary Name</dt><dd>#[name]#</dd>

22
htroot/Vocabulary_p.java
Unescape View File

@ -47,6 +47,7 @@ import net.yacy.cora.lod.vocabulary.Tagging.SOTuple;
import net.yacy.cora.protocol.RequestHeader;
import net.yacy.cora.util.CommonPattern;
import net.yacy.cora.util.ConcurrentLog;
import net.yacy.data.TransactionManager;
import net.yacy.data.WorkTables;
import net.yacy.document.LibraryProvider;
import net.yacy.kelondro.data.meta.URIMetadataNode;
@ -65,18 +66,30 @@ public class Vocabulary_p {
/** Logger */
private final static ConcurrentLog LOG = new ConcurrentLog(Vocabulary_p.class.getSimpleName());
public static serverObjects respond(@SuppressWarnings("unused") final RequestHeader header, final serverObjects post, final serverSwitch env) {
public static serverObjects respond(final RequestHeader header, final serverObjects post, final serverSwitch env) {
final Switchboard sb = (Switchboard) env;
final serverObjects prop = new serverObjects();
/* Acquire a transaction token for the next POST form submission */
final String nextToken = TransactionManager.getTransactionToken(header);
prop.put(TransactionManager.TRANSACTION_TOKEN_PARAM, nextToken);
prop.put("edit_" + TransactionManager.TRANSACTION_TOKEN_PARAM, nextToken);
prop.put("create_" + TransactionManager.TRANSACTION_TOKEN_PARAM, nextToken);
Collection<Tagging> vocs = LibraryProvider.autotagging.getVocabularies();
String vocabularyName = (post == null) ? null : post.get("vocabulary", null);
String discovername = (post == null) ? null : post.get("discovername", null);
Tagging vocabulary = vocabularyName == null ? null : LibraryProvider.autotagging.getVocabulary(vocabularyName);
if (vocabulary == null) vocabularyName = null;
if (vocabulary == null) {
vocabularyName = null;
}
if (post != null) {
// create a vocabulary
if (vocabulary == null && discovername != null && discovername.length() > 0) {
/* Check the transaction is valid */
TransactionManager.checkPostTransaction(header, post);
// get details of creation
String discoverobjectspace = post.get("discoverobjectspace", "");
MultiProtocolURL discoveruri = null;
@ -189,7 +202,10 @@ public class Vocabulary_p {
LOG.severe("Could not write vocabulary file at " + vocabPath, e);
}
}
} else if (vocabulary != null) {
} else if (vocabulary != null && post.containsKey("set")) {
/* Check the transaction is valid */
TransactionManager.checkPostTransaction(header, post);
try {
// check if objectspace was set
vocabulary.setObjectspace(post.get("objectspace", vocabulary.getObjectspace() == null ? "" : vocabulary.getObjectspace()));

Write Preview
Loading…
Cancel
Save