From b91de5e64ea8915cbc6045e6dcb074e12bbcf2e8 Mon Sep 17 00:00:00 2001 From: yqjiang Date: Fri, 18 Oct 2013 12:36:41 +0000 Subject: [PATCH 1/7] add filter xss --- includes/dublin_core.inc | 3 +-- theme/islandora-dublin-core-display.tpl.php | 6 +++--- theme/theme.inc | 6 +++--- 3 files changed, 7 insertions(+), 8 deletions(-) diff --git a/includes/dublin_core.inc b/includes/dublin_core.inc index ec058181..ecfcc7b1 100644 --- a/includes/dublin_core.inc +++ b/includes/dublin_core.inc @@ -131,7 +131,7 @@ class DublinCore { $dc_label = explode(':', $field); $element_label = drupal_ucfirst($dc_label[1]); $dc_array[$field]['label'] = $element_label; - $dc_array[$field]['value'] = $value; + $dc_array[$field]['value'] = filter_xss($value); $dc_array[$field]['class'] = drupal_strtolower(preg_replace('/[^A-Za-z0-9]/', '-', $field)); $dc_array[$field]['dcterms'] = preg_replace('/^dc/', 'dcterms', $field); } @@ -140,7 +140,6 @@ class DublinCore { return $dc_array; } - /** * Creates a new instance of the class by parsing dc_xml. * diff --git a/theme/islandora-dublin-core-display.tpl.php b/theme/islandora-dublin-core-display.tpl.php index da67de18..2c2a02ee 100644 --- a/theme/islandora-dublin-core-display.tpl.php +++ b/theme/islandora-dublin-core-display.tpl.php @@ -20,11 +20,11 @@
$value): ?> -
- +
+
- +
diff --git a/theme/theme.inc b/theme/theme.inc index 8ffffc4f..6a80fbb6 100644 --- a/theme/theme.inc +++ b/theme/theme.inc @@ -39,7 +39,7 @@ function islandora_preprocess_islandora_default_edit(array &$variables) { ); $row[] = array( 'class' => 'datastream-label', - 'data' => $ds->label, + 'data' => filter_xss($ds->label), ); $row[] = array( 'class' => 'datastream-control', @@ -47,7 +47,7 @@ function islandora_preprocess_islandora_default_edit(array &$variables) { ); $row[] = array( 'class' => 'datastream-mime', - 'data' => $ds->mimeType, + 'data' => filter_xss($ds->mimeType), ); $row[] = array( 'class' => 'datastream-size', @@ -81,7 +81,7 @@ function islandora_preprocess_islandora_default_edit(array &$variables) { ); $rows[] = $row; } - $caption = $islandora_object->label . ' - ' . $islandora_object->id; + $caption = filter_xss($islandora_object->label) . ' - ' . $islandora_object->id; $table = array( 'colgroups' => NULL, 'sticky' => TRUE, From 0acac35847a8e5b7b874f658edb92119c93b4349 Mon Sep 17 00:00:00 2001 From: yqjiang Date: Fri, 18 Oct 2013 12:49:08 +0000 Subject: [PATCH 2/7] forgot add this file --- includes/ingest.form.inc | 19 ++----------------- 1 file changed, 2 insertions(+), 17 deletions(-) diff --git a/includes/ingest.form.inc b/includes/ingest.form.inc index 0ed75385..95944eb1 100644 --- a/includes/ingest.form.inc +++ b/includes/ingest.form.inc @@ -57,12 +57,6 @@ function islandora_ingest_form(array $form, array &$form_state, array $configura return islandora_ingest_form_execute_step($form, $form_state); } catch (Exception $e) { - watchdog( - 'islandora', - 'Exception during ingest form processing with Message: "@exception", and Trace: @trace', - array('@exception' => $e->getMessage(), '@trace' => $e->getTraceAsString()), - WATCHDOG_ERROR - ); drupal_set_message($e->getMessage(), 'error'); return array(array( '#markup' => l(t('Back'), 'javascript:window.history.back();', array('external' => TRUE)))); @@ -777,17 +771,8 @@ function islandora_ingest_form_submit(array $form, array &$form_state) { catch (Exception $e) { // If post hooks throws it may already exist at this point but may be // invalid, so don't say failed. - watchdog( - 'islandora', - 'Exception during ingest with Message: "@exception", and Trace: @trace', - array('@exception' => $e->getMessage(), '@trace' => $e->getTraceAsString()), - WATCHDOG_ERROR - ); - drupal_set_message( - t('A problem occured while ingesting "@label" (ID: @pid), please notifiy the administrator.', - array('@label' => $object->label, '@pid' => $object->id)), - 'error' - ); + watchdog('islandora', 'Exception Message: @exception.', array('@exception' => $e->getMessage()), WATCHDOG_ERROR); + drupal_set_message(t('A problem occured while ingesting "@label" (ID: @pid), please notifiy the administrator.', array('@label' => $object->label, '@pid' => $object->id)), 'error'); } } // XXX: Foreaching with references can be weird... The reference exists in From 5269b7643b47ed4bf7e295f6eae15b33eb3fd50c Mon Sep 17 00:00:00 2001 From: yqjiang Date: Fri, 18 Oct 2013 12:52:03 +0000 Subject: [PATCH 3/7] convert to the right version --- README.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/README.md b/README.md index c1974352..798e6b33 100644 --- a/README.md +++ b/README.md @@ -36,10 +36,6 @@ Before installing Islandora the XACML policies located in the policies folder should be copied into the Fedora global XACML policies folder. This will allow "authenticated users" in Drupal to access Fedora API-M functions. -You will also have to remove some default policies if you want full functionality as well. - -Remove deny-purge-datastream-if-active-or-inactive.xml to allow for purging of datastream versions. - CONFIGURATION ------------- From 3bc98e9a944c80b6f6e17f70d61c2dbee8197145 Mon Sep 17 00:00:00 2001 From: yqjiang Date: Fri, 18 Oct 2013 12:57:48 +0000 Subject: [PATCH 4/7] convert to islandora 7.x --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 798e6b33..c1974352 100644 --- a/README.md +++ b/README.md @@ -36,6 +36,10 @@ Before installing Islandora the XACML policies located in the policies folder should be copied into the Fedora global XACML policies folder. This will allow "authenticated users" in Drupal to access Fedora API-M functions. +You will also have to remove some default policies if you want full functionality as well. + +Remove deny-purge-datastream-if-active-or-inactive.xml to allow for purging of datastream versions. + CONFIGURATION ------------- From fc33e520e20cbba74e6360720a94977565beb65b Mon Sep 17 00:00:00 2001 From: yqjiang Date: Fri, 18 Oct 2013 13:03:49 +0000 Subject: [PATCH 5/7] recover islandora 7.x --- includes/ingest.form.inc | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/includes/ingest.form.inc b/includes/ingest.form.inc index d0af2084..20e05497 100644 --- a/includes/ingest.form.inc +++ b/includes/ingest.form.inc @@ -57,6 +57,11 @@ function islandora_ingest_form(array $form, array &$form_state, array $configura return islandora_ingest_form_execute_step($form, $form_state); } catch (Exception $e) { + watchdog( + 'islandora', + 'Exception during ingest form processing with Message: "@exception", and Trace: @trace', + array('@exception' => $e->getMessage(), '@trace' => $e->getTraceAsString()), WATCHDOG_ERROR + ); drupal_set_message($e->getMessage(), 'error'); return array(array( '#markup' => l(t('Back'), 'javascript:window.history.back();', array('external' => TRUE)))); @@ -774,8 +779,17 @@ function islandora_ingest_form_submit(array $form, array &$form_state) { catch (Exception $e) { // If post hooks throws it may already exist at this point but may be // invalid, so don't say failed. - watchdog('islandora', 'Exception Message: @exception.', array('@exception' => $e->getMessage()), WATCHDOG_ERROR); - drupal_set_message(t('A problem occured while ingesting "@label" (ID: @pid), please notifiy the administrator.', array('@label' => $object->label, '@pid' => $object->id)), 'error'); + watchdog( + 'islandora', + 'Exception during ingest with Message: "@exception", and Trace: @trace', + array('@exception' => $e->getMessage(), '@trace' => $e->getTraceAsString()), + WATCHDOG_ERROR + ); + drupal_set_message( + t('A problem occured while ingesting "@label" (ID: @pid), please notifiy the administrator.', + array('@label' => $object->label, '@pid' => $object->id)), + 'error' + ); } } // XXX: Foreaching with references can be weird... The reference exists in From 1d0ba1cf4082e512ad0aece3e2338707c8b39dd0 Mon Sep 17 00:00:00 2001 From: yqjiang Date: Fri, 18 Oct 2013 13:06:03 +0000 Subject: [PATCH 6/7] recover islandora 7.x --- includes/ingest.form.inc | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/includes/ingest.form.inc b/includes/ingest.form.inc index 20e05497..b49556d7 100644 --- a/includes/ingest.form.inc +++ b/includes/ingest.form.inc @@ -58,9 +58,10 @@ function islandora_ingest_form(array $form, array &$form_state, array $configura } catch (Exception $e) { watchdog( - 'islandora', - 'Exception during ingest form processing with Message: "@exception", and Trace: @trace', - array('@exception' => $e->getMessage(), '@trace' => $e->getTraceAsString()), WATCHDOG_ERROR + 'islandora', + 'Exception during ingest form processing with Message: "@exception", and Trace: @trace', + array('@exception' => $e->getMessage(), '@trace' => $e->getTraceAsString()), + WATCHDOG_ERROR ); drupal_set_message($e->getMessage(), 'error'); return array(array( From 8d7a4496455b5f6d37c2cece161d768e480e92dc Mon Sep 17 00:00:00 2001 From: yqjiang Date: Fri, 18 Oct 2013 13:57:37 +0000 Subject: [PATCH 7/7] add xss filter to the title --- islandora.module | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/islandora.module b/islandora.module index ba5ec91e..1d951b74 100644 --- a/islandora.module +++ b/islandora.module @@ -993,7 +993,7 @@ function islandora_drupal_title(AbstractObject $object) { module_load_include('inc', 'islandora', 'includes/breadcrumb'); drupal_set_breadcrumb(islandora_get_breadcrumbs($object)); - return $object->label; + return filter_xss($object->label); } /**