annotate src/global/web/Index.java @ 64:f8a307aa811f

fix security hole
author Franklin Schmidt <fschmidt@gmail.com>
date Mon, 16 Sep 2024 20:53:23 -0600
parents 4987e1a38a6c
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
0
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
2 package global.web;
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
3
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
4 import fschmidt.util.servlet.JtpContext;
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
5 import fschmidt.util.servlet.ServletUtils;
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
6 import global.HtmlGlobalUtils;
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
7 import global.Site;
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
8 import nabble.view.web.more.ForumStart;
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
9 import org.apache.lucene.index.Term;
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
10 import org.apache.lucene.search.IndexSearcher;
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
11 import org.apache.lucene.search.TermQuery;
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
12 import org.apache.lucene.search.Query;
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
13 import org.apache.lucene.search.ScoreDoc;
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
14 import org.apache.lucene.search.TopDocs;
55
11e847f25845 hide private forums
Franklin Schmidt <fschmidt@gmail.com>
parents: 53
diff changeset
15 import org.apache.lucene.search.BooleanClause;
11e847f25845 hide private forums
Franklin Schmidt <fschmidt@gmail.com>
parents: 53
diff changeset
16 import org.apache.lucene.search.BooleanQuery;
0
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
17 import org.slf4j.Logger;
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
18 import org.slf4j.LoggerFactory;
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
19
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
20 import javax.servlet.ServletException;
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
21 import javax.servlet.http.HttpServlet;
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
22 import javax.servlet.http.HttpServletRequest;
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
23 import javax.servlet.http.HttpServletResponse;
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
24 import java.io.IOException;
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
25 import java.io.PrintWriter;
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
26
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
27
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
28 public final class Index extends HttpServlet {
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
29
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
30 private static final Logger logger = LoggerFactory.getLogger(Index.class);
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
31
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
32 // private static boolean hasJobsAtNabble = Init.get("hasJobsAtNabble",false);
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
33
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
34 public static String path() {
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
35 return "/";
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
36 }
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
37
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
38 protected void service(HttpServletRequest request,HttpServletResponse response)
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
39 throws ServletException, IOException
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
40 {
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
41 JtpContext jtpContext = (JtpContext)getServletContext().getAttribute(JtpContext.attrName);
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
42 jtpContext.setEtag(request,response,"x");
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
43 PrintWriter out = response.getWriter();
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
44
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
45 out.print( "\r\n<!DOCTYPE html>\r\n<html lang=\"en\">\r\n <head>\r\n " );
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
46 HtmlGlobalUtils.head(request, response, "Free Forum &bull; Embeddable Web Apps");
63
4987e1a38a6c remove ads from homepage
Franklin Schmidt <fschmidt@gmail.com>
parents: 55
diff changeset
47 out.print( "\r\n <link rel=\"canonical\" href=\"https://www.nabble.com/\">\r\n <meta name=\"description\" content=\"Create a free forum online in less than one minute. All forums are embeddable and fully customizable with scripting language. Choose a unique style and build a discussion board for your community.\" />\r\n <meta name=\"keywords\" content=\"free forum, free photo gallery, free newspaper, free blog, best forum, free message board, message board hosting, bulletin board, customizable, private forum, phpBB, vBulletin, hosted, communities\">\r\n <meta name=\"google-site-verification\" content=\"SUurO4gVJ46SZyzANkH4pJBGH8q-6Bv5P-ZgRBH8Cck\" />\r\n <style>\r\n div[actions] i.fa.fa-chevron-right {\r\n color: #DDD;\r\n float: right;\r\n }\r\n a[fixed] {\r\n margin-top: -3em;\r\n position: absolute;\r\n right: 1em;\r\n text-decoration: none;\r\n background-color: #555;\r\n border-radius: .5em;\r\n padding: .5em;\r\n color: #D0D0D0;\r\n text-shadow: 0px 1px 1px black;\r\n border-bottom: 1px dotted #757474;\r\n }\r\n @media (max-width: 950px) {\r\n div[footer] {\r\n padding-bottom: 5em;\r\n }\r\n }\r\n div[note] {\r\n margin-top: 1em;\r\n text-align: right;\r\n }\r\n </style>\r\n </head>\r\n <body lato>\r\n " );
0
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
48 HtmlGlobalUtils.header(request,response);
21
aba8ed4c8a06 semiprivate
Franklin Schmidt <fschmidt@gmail.com>
parents: 8
diff changeset
49 out.print( "\r\n <div full>\r\n <div content center>\r\n <span style=\"display:inline-block\">\r\n <div col1 center>\r\n <h1 oswald>Free Forum Hosting &amp; Online Web Apps!</h1>\r\n <h2 lato gray>Clean Look <span light>&bull;</span> Embeddable <span light>&bull;</span> Customizable</h2>\r\n <img src=\"/assets/images/home.png\" alt=\"Free forum hosting and online embeddable apps\"/>\r\n </div>\r\n <div col2 actions>\r\n <ul>\r\n <li><a href=\"" );
0
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
50 out.print( (HtmlGlobalUtils.nabbleContextUrl) );
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
51 out.print( (ForumStart.path("forum")) );
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
52 out.print( "\" title=\"Click to create a free forum\">Create Free Forum</a> <i class=\"fa fa-chevron-right\"></i></li>\r\n <li><a href=\"" );
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
53 out.print( (HtmlGlobalUtils.nabbleContextUrl) );
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
54 out.print( (ForumStart.path("gallery")) );
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
55 out.print( "\" title=\"Click to create a free photo gallery\">Create Photo Gallery</a> <i class=\"fa fa-chevron-right\"></i></li>\r\n <li><a href=\"" );
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
56 out.print( (HtmlGlobalUtils.nabbleContextUrl) );
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
57 out.print( (ForumStart.path("newspaper")) );
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
58 out.print( "\" title=\"Click to create a free newspaper\">Create News Site</a> <i class=\"fa fa-chevron-right\"></i></li>\r\n <li><a href=\"" );
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
59 out.print( (HtmlGlobalUtils.nabbleContextUrl) );
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
60 out.print( (ForumStart.path("blog")) );
35
5ea557eece1f remove site.isNew()
Franklin Schmidt <fschmidt@gmail.com>
parents: 24
diff changeset
61 out.print( "\" title=\"Click to create a free blog\">Create Blog</a> <i class=\"fa fa-chevron-right\"></i></li>\r\n </ul>\r\n </div>\r\n </span>\r\n </div>\r\n <div content paddingTop>\r\n <div col33 center>\r\n <h2 oswald>Multi Language</h2>\r\n <ul floating>\r\n <li>English</li>\r\n <li>Čeština (Czech Republic)</li>\r\n <li>Español</li>\r\n <li>Français</li>\r\n <li>Polski</li>\r\n <li>Português (Brasil)</li>\r\n <li>Svenska</li>\r\n <li>Türkçe</li>\r\n <li>Русский</li>\r\n <li>Ελληνικά</li>\r\n <li>中文 (简体)</li>\r\n <li><a href=\"http://support.nabble.com/Nabble-Translations-f6669344.html\">Translate to other languages</a> &raquo;</li>\r\n </ul>\r\n </div>\r\n <div col33 center>\r\n <h2 oswald>Embed into any Website</h2>\r\n <p lineHeight marginHorizontal>All Nabble apps are naturally embeddable, which means that they can be easily displayed inside any web page.\r\n </p>\r\n </div>\r\n <div col33 center>\r\n <h2 oswald>Fully Customizable</h2>\r\n <p lineHeight marginHorizontal>All Nabble apps are built with NAML, a scripting language that gives you full control over the app pages.</p>\r\n </div>\r\n </div>\r\n <div content center paddingTop>\r\n <h2 oswald>Browse Active Nabble Apps</h2>\r\n " );
0
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
62 topSites(out);
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
63 out.print( "\r\n </div>\r\n </div>\r\n " );
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
64 HtmlGlobalUtils.footer(request,response);
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
65 out.print( "\r\n" );
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
66 /*
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
67 out.print( "\r\n <a fixed href=\"http://www.blasma.com\">Help design a new forum <i class=\"fa fa-chevron-right\"></i></a>\r\n" );
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
68 */
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
69 out.print( "\r\n </body>\r\n</html>\r\n" );
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
70
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
71 }
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
72
55
11e847f25845 hide private forums
Franklin Schmidt <fschmidt@gmail.com>
parents: 53
diff changeset
73 static BooleanQuery query = new BooleanQuery();
11e847f25845 hide private forums
Franklin Schmidt <fschmidt@gmail.com>
parents: 53
diff changeset
74 static {
11e847f25845 hide private forums
Franklin Schmidt <fschmidt@gmail.com>
parents: 53
diff changeset
75 query.add(new TermQuery(new Term(Site.EMBARRASSING_FLD,"false")), BooleanClause.Occur.MUST);
11e847f25845 hide private forums
Franklin Schmidt <fschmidt@gmail.com>
parents: 53
diff changeset
76 query.add(new TermQuery(new Term(Site.PRIVATE_FLD,"false")), BooleanClause.Occur.MUST);
11e847f25845 hide private forums
Franklin Schmidt <fschmidt@gmail.com>
parents: 53
diff changeset
77 }
0
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
78
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
79 private static void topSites(PrintWriter out)
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
80 throws ServletException, IOException
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
81 {
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
82 IndexSearcher searcher;
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
83 TopDocs hits;
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
84 try {
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
85 searcher = new IndexSearcher(Site.dir());
53
56accc959f8c remove SORT_BY_VALUE
Franklin Schmidt <fschmidt@gmail.com>
parents: 47
diff changeset
86 hits = searcher.search( query, 60, Site.SORT_BY_ACTIVITY );
0
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
87 } catch(IOException e) {
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
88 logger.error("Index error", e);
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
89
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
90 out.print( "[Rebuilding Index]" );
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
91
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
92 return;
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
93 }
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
94 try {
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
95
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
96 out.print( "\r\n<ul floating center>\r\n" );
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
97
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
98 for( ScoreDoc sd : hits.scoreDocs ) {
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
99 Site site = new Site( searcher.doc(sd.doc) );
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
100
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
101 out.print( "\r\n<li>" );
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
102 out.print( (site.link()) );
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
103 out.print( "</li>\r\n" );
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
104
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
105 }
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
106
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
107 out.print( "\r\n</ul>\r\n<div style=\"padding-top:.5em;clear:both\">\r\n<a bold href=\"" );
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
108 out.print( (RootForums.path()) );
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
109 out.print( "\" title=\"View more active forums and apps\">View More</a></b> <i class=\"fa fa-chevron-right\"></i>\r\n</div>\r\n" );
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
110
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
111 } finally {
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
112 searcher.close();
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
113 }
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
114 }
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
115
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
116 }
7ecd1a4ef557 add content
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
117