package org.apache.velocity.app.event.implement; /* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ import org.apache.velocity.app.event.ReferenceInsertionEventHandler; import org.apache.velocity.context.Context; import org.apache.velocity.runtime.RuntimeServices; import org.apache.velocity.util.RuntimeServicesAware; import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import java.util.regex.PatternSyntaxException; /** * Base class for escaping references. To use it, override the following methods: * <DL> * <DT><code>String escape(String text)</code></DT> * <DD>escape the provided text</DD> * <DT><code>String getMatchAttribute()</code></DT> * <DD>retrieve the configuration attribute used to match references (see below)</DD> * </DL> * * <P>By default, all references are escaped. However, by setting the match attribute * in the configuration file to a regular expression, users can specify which references * to escape. For example the following configuration property tells the EscapeSqlReference * event handler to only escape references that start with "sql". * (e.g. <code>$sql</code>, <code>$sql.toString(),</code>, etc). * * <PRE> * <CODE>eventhandler.escape.sql.match = sql.*</CODE> * </PRE> * * Regular expressions should follow the format used by the Java language. More info in the * <a href="http://docs.oracle.com/javase/7/docs/api/java/util/regex/Pattern.html">Pattern class documentation</a>. * * @author <a href="mailto:[email protected]">Will Glass-Husain </a> * @version $Id$ * @since 1.5 */ public abstract class EscapeReference implements ReferenceInsertionEventHandler,RuntimeServicesAware { private RuntimeServices rs; private String matchRegExp = null; protected Logger log; /** * Escape the given text. Override this in a subclass to do the actual * escaping. * * @param text the text to escape * @return the escaped text */ protected abstract String escape(Object text); /** * Specify the configuration attribute that specifies the * regular expression. Ideally should be in a form * <pre><code>eventhandler.escape.XYZ.match</code></pre> * * <p>where <code>XYZ</code> is the type of escaping being done. * @return configuration attribute */ protected abstract String getMatchAttribute(); /** * Escape the provided text if it matches the configured regular expression. * * @param reference * @param value * @return Escaped text. */ public Object referenceInsert(Context context, String reference, Object value) { if(value == null) { return value; } if (matchRegExp == null) { return escape(value); } else if (reference.matches(matchRegExp)) { return escape(value); } else { return value; } } /** * Called automatically when event cartridge is initialized. * * @param rs instance of RuntimeServices */ public void setRuntimeServices(RuntimeServices rs) { this.rs = rs; log = rs.getLog("event"); // Get the regular expression pattern. matchRegExp = StringUtils.trim(rs.getString(getMatchAttribute())); if (org.apache.commons.lang3.StringUtils.isEmpty(matchRegExp)) { matchRegExp = null; } // Test the regular expression for a well formed pattern if (matchRegExp != null) { try { "".matches(matchRegExp); } catch (PatternSyntaxException E) { log.error("Invalid regular expression '{}'. No escaping will be performed.", matchRegExp, E); matchRegExp = null; } } } /** * Retrieve a reference to RuntimeServices. Use this for checking additional * configuration properties. * * @return The current runtime services object. */ protected RuntimeServices getRuntimeServices() { return rs; } }