Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
Devrim Gunyel
core
Commits
e74cd689
Commit
e74cd689
authored
Feb 12, 2018
by
Piotr Gawron
Browse files
Merge branch 'devel_11.0.x'
parents
7bd30279
2d738b4b
Changes
68
Expand all
Hide whitespace changes
Inline
Side-by-side
CHANGELOG
View file @
e74cd689
...
...
@@ -3,6 +3,22 @@ minerva (12.0.0) stable; urgency=medium
--
Piotr
Gawron
<
piotr
.
gawron
@
uni
.
lu
>
Thu
,
14
Dec
2017
16
:
00
:
00
+
0200
minerva
(
11.0.8
)
stable
;
urgency
=
medium
*
Bug
fix
:
XSS
vulnerability
*
Bug
fix
:
"java.lang.IllegalStateException: getWriter()"
exceptions
in
logs
*
Bug
fix
:
crash
for
uploading
and
caching
chemical
data
*
Bug
fix
:
disappearing
tiles
in
submodels
*
Bug
fix
:
max
number
of
results
is
properly
taken
from
configuration
*
Bug
fix
:
overlay
cannot
be
hidden
before
process
of
fetching
data
during
opening
is
finished
*
Bug
fix
:
redirection
to
login
page
when
session
expired
and
access
to
export
page
is
requested
*
Bug
fix
:
sometimes
overlays
couldn
't be hidden in submaps
* Bug fix: comments on submaps are visualized properly
-- Piotr Gawron <piotr.gawron@uni.lu> Mon, 05 Feb 2018 18:00:00 +0200
minerva (11.0.7) stable; urgency=medium
* Bug fix: redirection added when anonymous tries to access secured map
* Bug fix: loading time of custom overlays is reduced
...
...
annotation/src/main/java/lcsb/mapviewer/annotation/data/Chemical.java
View file @
e74cd689
...
...
@@ -291,13 +291,17 @@ public class Chemical implements Serializable, TargettingStructure {
}
@Override
public
Collection
<
MiriamData
>
getSources
()
{
List
<
MiriamData
>
sources
=
new
ArrayList
<>();
sources
.
add
(
getCasID
());
sources
.
add
(
getChemicalId
());
return
sources
;
}
@Override
public
Collection
<
MiriamData
>
getSources
()
{
List
<
MiriamData
>
sources
=
new
ArrayList
<>();
if
(
getCasID
()
!=
null
)
{
sources
.
add
(
getCasID
());
}
if
(
getChemicalId
()
!=
null
)
{
sources
.
add
(
getChemicalId
());
}
return
sources
;
}
@Override
public
Collection
<
Target
>
getTargets
()
{
...
...
frontend-js/package.json
View file @
e74cd689
...
...
@@ -49,6 +49,7 @@
"pileup"
:
"^0.6.8"
,
"request"
:
"^2.82.0"
,
"spectrum-colorpicker"
:
"^1.8.0"
,
"text-encoding"
:
"^0.6.4"
"text-encoding"
:
"^0.6.4"
,
"xss"
:
"^0.3.7"
}
}
frontend-js/src/main/js/ConfigurationType.js
View file @
e74cd689
...
...
@@ -12,6 +12,7 @@ var ConfigurationType = {
REQUEST_ACCOUNT_EMAIL
:
"
REQUEST_ACCOUNT_EMAIL
"
,
SIMPLE_COLOR_VAL
:
"
SIMPLE_COLOR_VAL
"
,
SEARCH_DISTANCE
:
"
SEARCH_DISTANCE
"
,
SEARCH_RESULT_NUMBER
:
"
SEARCH_RESULT_NUMBER
"
,
USER_MANUAL_FILE
:
"
USER_MANUAL_FILE
"
};
...
...
frontend-js/src/main/js/ServerConnector.js
View file @
e74cd689
...
...
@@ -1396,6 +1396,13 @@ ServerConnector.getElementsByQuery = function (params) {
return
self
.
getProjectId
(
params
.
projectId
).
then
(
function
(
result
)
{
queryParams
.
projectId
=
result
;
return
self
.
getConfigurationParam
(
ConfigurationType
.
SEARCH_RESULT_NUMBER
);
}).
then
(
function
(
defaultCount
)
{
if
(
params
.
count
!==
undefined
)
{
filterParams
.
count
=
params
.
count
;
}
else
{
filterParams
.
count
=
defaultCount
;
}
return
self
.
sendGetRequest
(
self
.
getSearchUrl
(
queryParams
,
filterParams
));
}).
then
(
function
(
content
)
{
var
array
=
JSON
.
parse
(
content
);
...
...
frontend-js/src/main/js/gui/leftPanel/OverlayPanel.js
View file @
e74cd689
...
...
@@ -161,11 +161,17 @@ OverlayPanel.prototype.createOverlayRow = function (overlay, checked) {
checkbox
.
type
=
"
checkbox
"
;
checkbox
.
checked
=
checked
;
checkbox
.
onclick
=
function
()
{
if
(
this
.
checked
)
{
return
self
.
getMap
().
openDataOverlay
(
overlay
.
getId
()).
then
(
null
,
GuiConnector
.
alert
);
var
thisCheckbox
=
this
;
var
toggleOverlayPromise
;
if
(
thisCheckbox
.
checked
)
{
toggleOverlayPromise
=
self
.
getMap
().
openDataOverlay
(
overlay
.
getId
());
}
else
{
return
self
.
getMap
().
removeSelectedLayout
(
overlay
.
getId
())
.
then
(
null
,
GuiConnector
.
alert
)
;
toggleOverlayPromise
=
self
.
getMap
().
removeSelectedLayout
(
overlay
.
getId
());
}
$
(
thisCheckbox
).
prop
(
"
disabled
"
,
true
);
return
toggleOverlayPromise
.
then
(
null
,
GuiConnector
.
alert
).
finally
(
function
()
{
$
(
thisCheckbox
).
prop
(
"
disabled
"
,
false
);
});
};
viewTd
.
appendChild
(
checkbox
);
}
else
{
...
...
frontend-js/src/main/js/gui/leftPanel/ProjectInfoPanel.js
View file @
e74cd689
...
...
@@ -151,6 +151,12 @@ ProjectInfoPanel.prototype._createInfoPanelGui = function () {
type
:
"
a
"
,
href
:
ServerConnector
.
getServerBaseUrl
()
+
"
/export.xhtml?id=
"
+
projectId
,
content
:
'
<i class="fa fa-mail-forward"> EXPORT
'
,
onclick
:
function
()
{
//TODO session expired hack (it should be done on the export.xhtml web page)
if
(
ServerConnector
.
getSessionData
().
getToken
()
===
undefined
)
{
exportButton
.
href
=
ServerConnector
.
getServerBaseUrl
()
+
"
login.xhtml?from=
"
+
encodeURI
(
exportButton
.
href
);
}
}
});
liElement
=
Functions
.
createElement
({
type
:
"
li
"
,
...
...
frontend-js/src/main/js/map/CustomMap.js
View file @
e74cd689
This diff is collapsed.
Click to expand it.
frontend-js/src/main/js/map/Submap.js
View file @
e74cd689
...
...
@@ -61,27 +61,26 @@ Submap.prototype.open = function (htmlTag) {
mapDiv
.
style
.
height
=
"
100%
"
;
contentDiv
.
appendChild
(
mapDiv
);
$
(
self
.
htmlTag
).
dialog
({
title
:
self
.
getModel
().
getName
(),
width
:
Math
.
floor
(
window
.
innerWidth
*
2
/
3
),
height
:
Math
.
floor
(
window
.
innerHeight
*
2
/
3
),
position
:
{
my
:
"
center
"
,
at
:
"
center
"
,
of
:
$
(
self
.
getTopMap
().
getElement
()),
},
});
$
(
self
.
htmlTag
).
dialog
({
title
:
self
.
getModel
().
getName
(),
width
:
Math
.
floor
(
window
.
innerWidth
*
2
/
3
),
height
:
Math
.
floor
(
window
.
innerHeight
*
2
/
3
),
position
:
{
my
:
"
center
"
,
at
:
"
center
"
,
of
:
$
(
self
.
getTopMap
().
getElement
()),
},
resize
:
function
()
{
google
.
maps
.
event
.
trigger
(
self
.
getGoogleMap
(),
'
resize
'
);
}
});
$
(
self
.
htmlTag
).
dialog
(
"
open
"
);
self
.
setGoogleMap
(
new
google
.
maps
.
Map
(
mapDiv
,
mapOptions
));
self
.
_createMapChangedCallbacks
();
$
(
self
.
htmlTag
).
bind
(
"
resize
"
,
function
()
{
google
.
maps
.
event
.
trigger
(
self
.
getGoogleMap
(),
'
resize
'
);
});
google
.
maps
.
event
.
trigger
(
self
.
getGoogleMap
(),
'
resize
'
);
google
.
maps
.
event
.
trigger
(
self
.
getGoogleMap
(),
'
resize
'
);
if
(
self
.
isCustomTouchInterface
())
{
self
.
_touchInterface
=
new
TouchMap
(
self
);
...
...
frontend-js/src/main/js/map/overlay/AbstractDbOverlay.js
View file @
e74cd689
...
...
@@ -253,11 +253,12 @@ AbstractDbOverlay.prototype.getColor = function (colorId) {
};
AbstractDbOverlay
.
prototype
.
getIcon
=
function
(
colorId
,
id
)
{
var
suffix
=
"
_
"
+
id
;
if
(
id
>=
100
)
{
id
=
1
;
suffix
=
""
;
}
var
color
=
this
.
getColor
(
colorId
);
return
"
marker/
"
+
this
.
_iconType
+
"
/
"
+
this
.
_iconType
+
"
_
"
+
color
+
"
_
"
+
id
+
"
.png
"
;
return
"
marker/
"
+
this
.
_iconType
+
"
/
"
+
this
.
_iconType
+
"
_
"
+
color
+
suffix
+
"
.png
"
;
};
AbstractDbOverlay
.
prototype
.
splitQuery
=
function
(
query
,
useFullName
)
{
...
...
frontend-js/src/main/js/map/window/AbstractInfoWindow.js
View file @
e74cd689
"
use strict
"
;
var
Promise
=
require
(
"
bluebird
"
);
var
xss
=
require
(
"
xss
"
);
var
logger
=
require
(
'
../../logger
'
);
var
Functions
=
require
(
'
../../Functions
'
);
...
...
@@ -262,7 +263,8 @@ AbstractInfoWindow.prototype._createCommentInfoDiv = function (overlay, data) {
result
.
appendChild
(
commentId
);
result
.
appendChild
(
document
.
createElement
(
"
br
"
));
var
commentContent
=
document
.
createElement
(
"
div
"
);
commentContent
.
innerHTML
=
comment
.
getContent
();
commentContent
.
innerHTML
=
xss
(
comment
.
getContent
());
result
.
appendChild
(
commentContent
);
}
}
else
{
...
...
frontend-js/src/test/js/map/CustomMap-test.js
View file @
e74cd689
This diff is collapsed.
Click to expand it.
frontend-js/src/test/js/map/window/AliasInfoWindow-test.js
View file @
e74cd689
...
...
@@ -153,36 +153,65 @@ describe('AliasInfoWindow', function () {
});
});
it
(
"
createCommentOverlayInfoDiv
"
,
function
()
{
var
map
=
helper
.
createCustomMap
();
describe
(
"
createOverlayInfoDiv
"
,
function
()
{
it
(
"
for comment
"
,
function
()
{
var
map
=
helper
.
createCustomMap
();
var
oc
=
helper
.
createCommentDbOverlay
(
map
);
var
oc
=
helper
.
createCommentDbOverlay
(
map
);
var
alias
=
helper
.
createAlias
();
alias
.
setId
(
3001
);
alias
.
setIsComplete
(
true
);
alias
.
setModelId
(
map
.
getId
());
map
.
getModel
().
addAlias
(
alias
);
var
alias
=
helper
.
createAlias
();
alias
.
setId
(
3001
);
alias
.
setIsComplete
(
true
);
alias
.
setModelId
(
map
.
getId
());
map
.
getModel
().
addAlias
(
alias
);
var
aliasWindow
=
new
AliasInfoWindow
({
alias
:
alias
,
map
:
map
});
var
aliasWindow
=
new
AliasInfoWindow
({
alias
:
alias
,
map
:
map
});
return
oc
.
getDetailDataByIdentifiedElement
(
new
IdentifiedElement
(
alias
),
true
).
then
(
function
(
data
)
{
var
comment
=
helper
.
createComment
(
alias
);
comment
.
setContent
(
"
test comment Content
"
);
return
oc
.
getDetailDataByIdentifiedElement
(
new
IdentifiedElement
(
alias
),
true
).
then
(
function
(
data
)
{
var
comment
=
helper
.
createComment
(
alias
);
comment
.
setContent
(
"
test comment Content
"
);
data
[
0
]
=
comment
;
data
[
'
__FULL__
'
]
=
null
;
data
[
0
]
=
comment
;
data
[
'
__FULL__
'
]
=
null
;
var
overlayDiv
=
aliasWindow
.
createOverlayInfoDiv
(
oc
,
data
);
var
overlayDiv
=
aliasWindow
.
createOverlayInfoDiv
(
oc
,
data
);
assert
.
ok
(
functions
.
isDomElement
(
overlayDiv
));
assert
.
ok
(
overlayDiv
.
innerHTML
.
indexOf
(
comment
.
getContent
())
>=
0
);
assert
.
ok
(
overlayDiv
.
innerHTML
.
indexOf
(
comment
.
getId
())
>=
0
);
});
assert
.
ok
(
functions
.
isDomElement
(
overlayDiv
));
assert
.
ok
(
overlayDiv
.
innerHTML
.
indexOf
(
comment
.
getContent
())
>=
0
);
assert
.
ok
(
overlayDiv
.
innerHTML
.
indexOf
(
comment
.
getId
())
>=
0
);
});
it
(
"
xss
"
,
function
()
{
var
map
=
helper
.
createCustomMap
();
var
oc
=
helper
.
createCommentDbOverlay
(
map
);
var
alias
=
helper
.
createAlias
(
map
);
alias
.
setId
(
3001
);
alias
.
setIsComplete
(
true
);
var
aliasWindow
=
new
AliasInfoWindow
({
alias
:
alias
,
map
:
map
});
return
oc
.
getDetailDataByIdentifiedElement
(
new
IdentifiedElement
(
alias
),
true
).
then
(
function
(
data
)
{
var
comment
=
helper
.
createComment
(
alias
);
// noinspection HtmlUnknownTarget
comment
.
setContent
(
"
<img id=
\"
xss-id
\"
src=
\"
invalid/path
\"
onerror='alert(
\"
XSS test
\"
)' />
"
);
data
[
0
]
=
comment
;
data
[
'
__FULL__
'
]
=
null
;
var
overlayDiv
=
aliasWindow
.
createOverlayInfoDiv
(
oc
,
data
);
assert
.
ok
(
overlayDiv
.
innerHTML
.
indexOf
(
"
alert
"
)
===
-
1
);
});
});
});
it
(
"
createGeneticsDiv
"
,
function
()
{
...
...
frontend-js/testFiles/apiCalls/projects/sample/models/all/bioEntities.search/perfectMatch=false&query=s1&token=MOCK_TOKEN_ID&
→
frontend-js/testFiles/apiCalls/projects/sample/models/all/bioEntities.search/
count=100&
perfectMatch=false&query=s1&token=MOCK_TOKEN_ID&
View file @
e74cd689
File moved
frontend-js/testFiles/apiCalls/projects/sample/models/all/bioEntities.search/perfectMatch=true&query=s1&token=MOCK_TOKEN_ID&
→
frontend-js/testFiles/apiCalls/projects/sample/models/all/bioEntities.search/
count=100&
perfectMatch=true&query=s1&token=MOCK_TOKEN_ID&
View file @
e74cd689
File moved
frontend-js/testFiles/apiCalls/projects/sample/models/all/bioEntities.search/query=s1&token=MOCK_TOKEN_ID&
→
frontend-js/testFiles/apiCalls/projects/sample/models/all/bioEntities.search/
count=100&
query=s1&token=MOCK_TOKEN_ID&
View file @
e74cd689
File moved
frontend-js/testFiles/apiCalls/projects/sample/models/all/bioEntities.search/token=MOCK_TOKEN_ID&
→
frontend-js/testFiles/apiCalls/projects/sample/models/all/bioEntities.search/
count=100&
token=MOCK_TOKEN_ID&
View file @
e74cd689
File moved
persist/src/db/11.0.8/fix_db_20180118.sql
0 → 100644
View file @
e74cd689
-- empty file to force directory to be commited to git repo
rest-api/src/main/java/lcsb/mapviewer/api/projects/comments/CommentRestImpl.java
View file @
e74cd689
...
...
@@ -25,6 +25,8 @@ import lcsb.mapviewer.persist.dao.map.ReactionDao;
import
lcsb.mapviewer.persist.dao.map.species.ElementDao
;
import
lcsb.mapviewer.services.SecurityException
;
import
lcsb.mapviewer.services.interfaces.ICommentService
;
import
lcsb.mapviewer.services.interfaces.IModelService
;
import
lcsb.mapviewer.services.interfaces.IUserService
;
import
lcsb.mapviewer.services.overlay.IconManager
;
import
lcsb.mapviewer.services.search.data.ElementIdentifier.ElementIdentifierType
;
import
lcsb.mapviewer.services.view.AuthenticationToken
;
...
...
rest-api/src/main/java/lcsb/mapviewer/api/users/UserController.java
View file @
e74cd689
...
...
@@ -73,13 +73,11 @@ public class UserController extends BaseController {
cookie
.
setMaxAge
(
expiryTime
);
cookie
.
setPath
(
cookiePath
);
response
.
addCookie
(
cookie
);
response
.
getWriter
().
write
(
"{\"info\":\"Login successful. TOKEN returned as a cookie\"}"
);
response
.
getWriter
().
flush
();
response
.
getWriter
().
close
();
return
result
;
}
}
response
.
addCookie
(
cookie
);
result
.
put
(
"info"
,
"Login successful. TOKEN returned as a cookie"
);
return
result
;
}
}
@RequestMapping
(
value
=
"/users/{login:.+}"
,
method
=
{
RequestMethod
.
GET
},
produces
=
{
MediaType
.
APPLICATION_JSON_VALUE
})
...
...
@@ -132,12 +130,12 @@ public class UserController extends BaseController {
Authentication
auth
=
SecurityContextHolder
.
getContext
().
getAuthentication
();
logger
.
debug
(
"LOGOUT"
);
logger
.
debug
(
auth
);
if
(
auth
!=
null
){
if
(
auth
!=
null
){
new
SecurityContextLogoutHandler
().
logout
(
request
,
response
,
auth
);
}
//our session manager logout
userService
.
logout
(
token
);
Map
<
String
,
String
>
result
=
new
HashMap
<>();
result
.
put
(
"status"
,
"OK"
);
...
...
@@ -150,12 +148,10 @@ public class UserController extends BaseController {
cookie
.
setMaxAge
(
0
);
cookie
.
setPath
(
cookiePath
);
response
.
addCookie
(
cookie
);
response
.
getWriter
().
write
(
"{\"status\":\"OK\"}"
);
response
.
getWriter
().
flush
();
response
.
getWriter
().
close
();
return
result
;
}
response
.
addCookie
(
cookie
);
result
.
put
(
"status"
,
"OK"
);
return
result
;
}
@RequestMapping
(
value
=
"/users/{login:.+}"
,
method
=
{
RequestMethod
.
PATCH
},
produces
=
{
MediaType
.
APPLICATION_JSON_VALUE
})
public
Map
<
String
,
Object
>
updateUser
(
//
...
...
Prev
1
2
3
4
Next
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment