Merge pull request #326 from appirio-tech/dev

sanitize project name and desc

Author: ajefts

build-dependencies.xml

@@ -399,6 +399,7 @@
     <property name="ejb3-persistence.jar" value="${ext_libdir}/ejb-api/ejb3-persistence.jar"/>
     <property name="javaee.jar" value="${ext_libdir}/j2ee/1.5/javaee.jar"/>
     <property name="jaxb.jar" value="${ext_libdir}/jaxb/2.1.7/jaxb-api.jar"/>
+    <property name="encoder.jar" value="${ext_libdir}/owasp/encoder-1.2.1.jar" />
     <property name="jsr311.jar" value="${ext_libdir}/j2ee/jsr311-api-1.1.1.jar"/>
 
     <property name="jai_codec-1.1.3.jar" value="${ext_libdir}/jai/jai_codec-1.1.3.jar"/>
@@ -643,6 +644,7 @@
         <pathelement location="${jira-soapclient-all.jar}"/>
         <pathelement location="${servlet-api.jar}"/>
         <pathelement location="${jaxb.jar}"/>
+        <pathelement location="${encoder.jar}"/>
         <pathelement location="${javaee.jar}"/>
         <pathelement location="${aws-java-sdk.jar}"/>
         <pathelement location="${jrss.jar}"/>

build.xml

@@ -316,6 +316,7 @@
         <copy file="${jackson-annotations-2.3.0.jar}" todir="${ear_shared_libdir}" overwrite="true"/>
         <copy file="${jackson-core-2.3.2.jar}" todir="${ear_shared_libdir}" overwrite="true"/>
         <copy file="${jackson-databind-2.3.2.jar}" todir="${ear_shared_libdir}" overwrite="true"/>
+        <copy file="${encoder.jar}" todir="${ear_shared_libdir}" overwrite="true" />
 
     	<copy file="${yuicompressor.jar}" todir="${ear_shared_libdir}" overwrite="true"/>
         <copy file="${java-jwt-1.0.0.jar}" todir="${ear_shared_libdir}" overwrite="true"/>

lib/third_party/owasp/encoder-1.2.1.jar

@@ -49,6 +49,7 @@
     <property name="jboss-jaxws.jar" value="${jboss_home}/server/${jboss_config_name}/lib/jboss-jaxws.jar" />
     <property name="log4j.jar" value="${jboss_home}/server/${jboss_config_name}/lib/log4j.jar" />
     <property name="jaxb-api.jar" value="${ext_libdir}/jaxb/2.1.7/jaxb-api.jar" />
+    <property name="encoder.jar" value="${ext_libdir}/owasp/encoder-1.2.1.jar" />
 
     <property name="jboss-ejb3x.jar" value="${jboss_home}/client/jboss-ejb3x.jar" />
     <property name="ejb3-persistence.jar" value="${jboss_home}/client/ejb3-persistence.jar" />
@@ -80,6 +81,7 @@
         <pathelement location="${jbossall-client.jar}" />
         <pathelement location="${jboss-jaxws.jar}" />
         <pathelement location="${jaxb-api.jar}" />
+        <pathelement location="${encoder.jar}" />
     </path>
 
     <path id="component.test.3rdParty-dependencies">

services/project_service/build-dependencies.xml

@@ -61,6 +61,7 @@
 import com.topcoder.util.log.Level;
 import com.topcoder.util.log.Log;
 import com.topcoder.util.log.LogManager;
+import org.owasp.encoder.Encode;
 
 /**
  * <p>
@@ -870,10 +871,12 @@ public ProjectData createProject(TCSubject tcSubject, ProjectData projectData) t
             // Validate
             checkProjectData(projectData, true);
 
-            // Create a new Project, copy name and description
+            // Create a new Project, copy name and description, and sanitize them
             Project project = new Project();
-            project.setName(projectData.getName());
-            project.setDescription(projectData.getDescription());
+            String projectName = Encode.forHtml(projectData.getName());
+            project.setName(projectName);
+            String description = Encode.forHtml(projectData.getDescription());
+            project.setDescription(description);
             if (projectData.getProjectBillingAccountId() > 0) {
                 // if there is billing account, activate the project
                 project.setProjectStatusId(PROJECT_STATUS_ACTIVE);

services/project_service/src/java/main/com/topcoder/service/project/impl/ProjectServiceBean.java

@@ -518,12 +518,12 @@ public class SaveDraftContestAction extends ContestAction {
      * Checkpoint date of the contest if any.
      * </p>
      */
-    private Date checkpointDate = new Date();
+    private Date checkpointDate = null;
 
     /**
      * The registration end date
      */
-    private Date regEndDate = new Date();
+    private Date regEndDate = null;
 
     /**
      * <p>

src/java/main/com/topcoder/direct/services/view/action/contest/launch/SaveDraftContestAction.java

@@ -803,6 +803,20 @@
 
                 <div class="bottom_spec">
                </div>
+
+               <div class="hide">
+               <p class="det_font">
+                    <span class="name"><strong>Environment </strong></span>
+                     <br />
+                     <span class="small_info_spec" id="rswEnvironment"></span>
+                    <br /><br/>
+                    <span class="name"><strong>Code repo </strong> </span>
+                    <br />
+                    <span class="small_info_spec" id="rswRepo"></span>
+               </p>
+               <div class="bottom_spec"></div>
+               </div>
+
                <p class="det_font">
                <span class="name"><strong>Final Deliverables</strong></span>
                <br />
@@ -869,6 +883,12 @@
 
                 </div>
                 <!-- end .guidelines -->
+                <div class="envRepo hide">
+                 <h3>Environment</h3>
+                 <input class="environmentEdit" name="environmentEdit" type="text" maxlength="500"/>
+                 <h3>Code Repo</h3>
+                 <input type="text" class="repoEdit" maxlength="500" />
+                </div>
             </div> <!-- end .contestDetail -->
            <div class="deliverables">  
                <h3><span class="icon">Final Deliverables:</span><a href="javascript:;" class="helpIcon"><span class="hide">Help</span></a></h3>        

src/web/WEB-INF/includes/contest/editTab.jsp

@@ -260,7 +260,7 @@
                 <span class="name fixWidthName" title="Enter challenge groups"><strong>Group(s):</strong></span>
                 <div id="groupDiv"><div id="groups"></div></div>
             </div>
-            <br/><br/>
+                 <br /><br />
                 <span class="name fixWidthName"><strong>Created By</strong></span>
                 <span class ='small_info_spec' id="challegneCreatorLabel"></span>
             <br/>
@@ -529,6 +529,19 @@
                    </span>
         </div>
         </p>
+         <div class="bottom_spec"></div>
+               <div class="hide">
+               <p class="det_font">
+                    <span class="name"><strong>Environment </strong></span>
+                     <br />
+                     <span class="small_info_spec" id="rswEnvironment"></span>
+                    <br /><br/>
+                    <span class="name"><strong>Code repo </strong> </span>
+                    <br />
+                    <span class="small_info_spec" id="rswRepo"></span>
+               </p>
+               <div class="bottom_spec"></div>
+               </div>
     </div><!-- End .detailsContent -->
 </div><!-- End .details -->
 <!-- END Spec Display -->
@@ -576,6 +589,12 @@
 
                 </div>
                 <!-- end .guidelines -->
+                <div class="envRepo hide">
+                 <h3>Environment</h3>
+                 <input class="environmentEdit" name="environmentEdit" type="text" maxlength="500"/>
+                 <h3>Code Repo</h3>
+                 <input type="text" class="repoEdit" maxlength="500" />
+                </div>
             </div> <!-- end .contestDetail -->
 
         </div> <!-- End .launchContestOut -->

src/web/WEB-INF/includes/contest/editTabMarathon.jsp

@@ -352,7 +352,7 @@
               </div>
           </div>
           <div class="ms-group-display">
-              <span class="name fixWidthName" title="Enter challenge groups"><strong>Group(s):</strong></span>
+              <span class="name fixWidthName" title="Enter challenge groups"><strong>Group(s)</strong></span>
               <div class="ms-group-div"><div id="groups"></div></div>
           </div>
           <br/>
@@ -838,7 +838,20 @@
 
                     <div class="bottom_spec">
                    </div>     
-               </div> <!-- End .component -->
+               </div>
+               <!-- End .component -->
+               <div class="hide">
+               <p class="det_font">
+                    <span class="name"><strong>Environment </strong></span>
+                     <br />
+                     <span class="small_info_spec" id="rswEnvironment"></span>
+                    <br /><br/>
+                    <span class="name"><strong>Code repo </strong> </span>
+                    <br />
+                    <span class="small_info_spec" id="rswRepo"></span>
+               </p>
+               <div class="bottom_spec"></div>
+               </div>
 					</div><!-- End .detailsContent -->												
 </div><!-- End .details -->
 <!-- END Spec Display -->
@@ -944,6 +957,12 @@
 	              		</div> <!-- end of prizesInner_tech -->
 	              	</div>
                 </s:if>
+                <div class="envRepo hide">
+                 <h3>Environment</h3>
+                 <input class="environmentEdit" name="environmentEdit" type="text" maxlength="500"/>
+                 <h3>Code Repo</h3>
+                 <input type="text" class="repoEdit" maxlength="500" />
+                </div>
             </div> <!-- end .contestDetail -->
 		    </div> <!-- End .launchContestOut -->
 

src/web/WEB-INF/includes/contest/editTabSoftware.jsp

@@ -68,6 +68,17 @@
         </div>
   </div>
   <!-- end round 2 information -->
+  <!-- Environment -->
+  <div class="prizes hide">
+      <h3>Environment :</h3>
+      <input class="environmentEdit text" name="environmentEdit" type="text" maxlength="500"/>
+  </div>
+
+  <!-- repo -->
+  <div class="prizes hide">
+      <h3>Code Repo :</h3>
+      <input class="repoEdit text" name="repo" type="text" maxlength="500"/>
+  </div>
   <!-- upload -->
 	<div id="uploadSection">
 

src/web/WEB-INF/includes/launch/overview.jsp

@@ -46,6 +46,17 @@
         </div>        
     </div>
     <!-- end Match Rules -->
+  <!-- Environment -->
+  <div class="prizes hide">
+      <h3>Environment :</h3>
+      <input class="environmentEdit text" name="environmentEdit" type="text" maxlength="500"/>
+  </div>
+
+  <!-- repo -->
+  <div class="prizes hide">
+      <h3>Code Repo :</h3>
+      <input class="repoEdit text" name="repo" type="text" maxlength="500"/>
+  </div>
     <!-- upload -->
     <div id="alUploadSection">
         <h3>File Upload (20MB maximum):</h3>       

src/web/WEB-INF/includes/launch/overviewAlgorithm.jsp

@@ -109,6 +109,17 @@
 				</select>
 			</div> <!-- end of prizesInner_tech -->
 		</div>
+      <!-- Environment -->
+      <div class="prizes hide">
+          <h3>Environment :</h3>
+          <input class="environmentEdit text" name="environmentEdit" type="text" maxlength="500"/>
+      </div>
+
+      <!-- repo -->
+      <div class="prizes hide">
+          <h3>Code Repo :</h3>
+          <input class="repoEdit text" name="repo" type="text" maxlength="500"/>
+      </div>
 <!-- Contest Detail -->
 
   <!-- upload -->

src/web/WEB-INF/includes/launch/overviewSoftware.jsp

@@ -79,6 +79,12 @@
 
         <dt class="rMultiInfo">Round Two Information :</dt>
         <dd class="rMultiInfo"><span id="rRound2Info"></span><a href="javascript: showPage('overviewPage');" class="tipLink"><img src="/images/edit-icon.png" alt="Edit"/></a> </dd>
+        
+        <dt>Environment :</dt>
+        <dd class="rEnvironment"><a href="javascript: backReview();" class="tipLink"><img src="/images/edit-icon.png" alt="Edit"/></a> </dd>
+
+        <dt>Code Repo :</dt>
+        <dd class="rRepo"><a href="javascript: backReview();" class="tipLink"><img src="/images/edit-icon.png" alt="Edit"/></a> </dd>
     </dl>
 </div>
 <!-- end .contentList -->

src/web/WEB-INF/includes/launch/review.jsp

@@ -62,6 +62,12 @@
 
 		<dt>Match Rules :</dt>
 		<dd><span id="ralMatchRules"></span><a href="javascript: showPage('overviewAlgorithmPage');" class="tipLink"><img src="/images/edit-icon.png" alt="Edit"/></a> </dd>
+
+        <dt>Environment :</dt>
+        <dd class="rEnvironment"><a href="javascript: backReview();" class="tipLink"><img src="/images/edit-icon.png" alt="Edit"/></a> </dd>
+
+        <dt>Code Repo :</dt>
+        <dd class="rRepo"><a href="javascript: backReview();" class="tipLink"><img src="/images/edit-icon.png" alt="Edit"/></a> </dd>
 	</dl>
 </div>
 <!-- end .contentList -->

src/web/WEB-INF/includes/launch/reviewAlgorithm.jsp

@@ -83,6 +83,12 @@
 
         <dt>Technologies :</dt>
         <dd id="rTechnologies"><a href="javascript: backReview();" class="tipLink"><img src="/images/edit-icon.png" alt="Edit"/></a> </dd>
+
+        <dt>Environment :</dt>
+        <dd class="rEnvironment"><a href="javascript: backReview();" class="tipLink"><img src="/images/edit-icon.png" alt="Edit"/></a> </dd>
+
+        <dt>Code Repo :</dt>
+        <dd class="rRepo"><a href="javascript: backReview();" class="tipLink"><img src="/images/edit-icon.png" alt="Edit"/></a> </dd>
 	</dl>
 </div>
 <!-- end .contentList -->

src/web/WEB-INF/includes/launch/reviewSoftware.jsp

@@ -3267,4 +3267,19 @@ div.ms-group-display .ms-group-div{
     border: 1px solid rgba(0,0,0,.15);
     background-clip: padding-box;
     margin-top: -2px;
+}
+
+.prizes input.text {
+    width: 396px;
+    height: 25px;
+    padding: 0 5px;
+    line-height: 25px;
+    border-radius: 4px;
+    border: 1px solid #C1C1C1;
+    font-size: 12px;
+}
+
+.envRepo input {
+    width: 401px;
+    height: 25px;
 }