diff --git a/api/src/org/labkey/api/security/SecurityManager.java b/api/src/org/labkey/api/security/SecurityManager.java index 238ca522663..3a04eee7908 100644 --- a/api/src/org/labkey/api/security/SecurityManager.java +++ b/api/src/org/labkey/api/security/SecurityManager.java @@ -90,6 +90,7 @@ import org.labkey.api.security.roles.ReaderRole; import org.labkey.api.security.roles.Role; import org.labkey.api.security.roles.RoleManager; +import org.labkey.api.settings.AppProps; import org.labkey.api.settings.LenientStartupPropertyHandler; import org.labkey.api.settings.StartupProperty; import org.labkey.api.settings.StartupPropertyEntry; @@ -558,6 +559,9 @@ public static Pair attemptAuthentication(HttpServletRe { Cookie sessionCookie = new Cookie(JSESSIONID, session.getId()); sessionCookie.setPath("/"); + sessionCookie.setHttpOnly(true); + if (AppProps.getInstance().isSSLRequired() || request.isSecure()) + sessionCookie.setSecure(true); response.addCookie(sessionCookie); request = new SessionReplacingRequest(request, session); } diff --git a/api/src/org/labkey/api/util/ExceptionUtil.java b/api/src/org/labkey/api/util/ExceptionUtil.java index 0434f794d78..843a2c826b4 100644 --- a/api/src/org/labkey/api/util/ExceptionUtil.java +++ b/api/src/org/labkey/api/util/ExceptionUtil.java @@ -1020,7 +1020,7 @@ else if (ex instanceof ConfigurationException) response.getWriter().println(); response.getWriter().println(); response.getWriter().println("
");
-                    ex.printStackTrace(response.getWriter());
+                    response.getWriter().println(PageFlowUtil.filter(ex.toString()));
                     response.getWriter().println("
"); } catch (IOException | IllegalStateException e) @@ -1232,7 +1232,7 @@ public static void unsafeRedirect(HttpServletResponse response, String url, int { PrintWriter out = response.getWriter(); out.println("\"'>-->"); } } diff --git a/api/src/org/labkey/api/util/PageFlowUtil.java b/api/src/org/labkey/api/util/PageFlowUtil.java index 1ea8883b00a..ea35519fe1c 100644 --- a/api/src/org/labkey/api/util/PageFlowUtil.java +++ b/api/src/org/labkey/api/util/PageFlowUtil.java @@ -449,6 +449,12 @@ public static String jsString(String s) case '\"': js.append("\\\""); break; + case '\u2028': + js.append("\\u2028"); + break; + case '\u2029': + js.append("\\u2029"); + break; default: js.append(c); break; @@ -1403,12 +1409,12 @@ public static HtmlString generateBackButton(String text) } /* Renders text and a drop down arrow image wrapped in a link not of type labkey-button */ - public static HtmlString generateDropDownTextLink(String text, String href, String onClick, boolean bold, String offset, + public static HtmlString generateDropDownTextLink(String text, String href, boolean bold, String id, Map properties) { if (StringUtils.isBlank(id)) id = HttpView.currentPageConfig().makeId("dropdown_"); - String onclick = "if (this.className.indexOf('labkey-disabled-button') != -1) return false; " + (onClick == null ? "" :onClick); + String onclick = "if (this.className.indexOf('labkey-disabled-button') != -1) return false; "; HttpView.currentPageConfig().addHandler(id+"PopupLink", "click", onclick); return DOM.createHtmlFragment( A(at(properties).id(id+"PopupLink").cl("labkey-menu-text-link","dropdown-toggle").at(bold, style, "font-weight:bold;").at(DOM.Attribute.href, href), @@ -1419,13 +1425,13 @@ public static HtmlString generateDropDownTextLink(String text, String href, Stri } /* Renders image and a drop down wrapped in an unstyled link */ - public static HtmlString generateDropDownImage(String text, String href, String onClick, String imageSrc, String imageId, + public static HtmlString generateDropDownImage(String text, String href, String imageSrc, String imageId, Integer imageHeight, Integer imageWidth, Map properties) { var page = HttpView.currentPageConfig(); String anchorId = page.makeId("A_"); - String onclick="if (this.className.indexOf('labkey-disabled-button') != -1) return false; " + (onClick == null ? "" : onClick); + String onclick="if (this.className.indexOf('labkey-disabled-button') != -1) return false; "; page.addHandler(anchorId, "click", onclick); return DOM.createHtmlFragment( A(at(properties).id(anchorId).at(DOM.Attribute.href,href), @@ -1434,8 +1440,8 @@ public static HtmlString generateDropDownImage(String text, String href, String } /* Renders image using font icon and a drop down wrapped in an unstyled link */ - public static HtmlString generateDropDownFontIconImage(String text, String href, String onClick, String imageCls, - String imageId, Map properties) + public static HtmlString generateDropDownFontIconImage(String text, String href, String imageCls, + String imageId, Map properties) { PageConfig page = HttpView.currentPageConfig(); String id = page.makeId("a_"); diff --git a/api/src/org/labkey/api/view/PopupMenu.java b/api/src/org/labkey/api/view/PopupMenu.java index 10ebd261687..7892554df2d 100644 --- a/api/src/org/labkey/api/view/PopupMenu.java +++ b/api/src/org/labkey/api/view/PopupMenu.java @@ -49,7 +49,6 @@ public class PopupMenu extends DisplayElement private Align _align = Align.LEFT; private ButtonStyle _buttonStyle = ButtonStyle.MENUBUTTON; private String _imageId = ""; - private String _offset = "-1"; private String _safeID = "lk-menu-" + UniqueID.getServerSessionScopedUID(); public PopupMenu() @@ -69,11 +68,6 @@ public PopupMenu(NavTree navTree, Align align, ButtonStyle buttonStyle) _buttonStyle = buttonStyle; } - public void setOffset(String offset) - { - _offset = offset; - } - public NavTree getNavTree() { return _navTree; @@ -130,7 +124,6 @@ public void renderMenuButton(@Nullable RenderContext ctx, HtmlWriter out, boolea _safeID = _navTree.getId(); Map attributes = new HashMap<>(); - String onClickScript = null; attributes.put("data-toggle", "dropdown"); @@ -148,7 +141,7 @@ public void renderMenuButton(@Nullable RenderContext ctx, HtmlWriter out, boolea if (_buttonStyle == ButtonStyle.TEXTBUTTON) { assert !requiresSelection : "Only button-style popups can require selection."; - out.write(LinkBuilder.labkeyLink(_navTree.getText()).onClick(onClickScript).attributes(attributes).addClass("dropdown-toggle")); + out.write(LinkBuilder.labkeyLink(_navTree.getText()).attributes(attributes).addClass("dropdown-toggle")); } else if (_buttonStyle == ButtonStyle.MENUBUTTON) { @@ -157,7 +150,6 @@ else if (_buttonStyle == ButtonStyle.MENUBUTTON) ButtonBuilder bldr = PageFlowUtil.button(_navTree.getText()) .dropdown(true) - .onClick(onClickScript) .attributes(attributes); if (button != null) @@ -174,14 +166,13 @@ else if (_buttonStyle == ButtonStyle.IMAGE || _buttonStyle == ButtonStyle.IMAGE_ assert !requiresSelection : "Only button-style popups can require selection."; if (_navTree.getImageCls() != null && !_navTree.getImageCls().isEmpty()) { - out.write(PageFlowUtil.generateDropDownFontIconImage(_navTree.getText(), "#", - onClickScript, _navTree.getImageCls(), _imageId, attributes)); + out.write(PageFlowUtil.generateDropDownFontIconImage(_navTree.getText(), "#", _navTree.getImageCls(), _imageId, attributes)); } else { assert _navTree.getImageSrc() != null && !_navTree.getImageSrc().isEmpty() : "Must provide an image source or image cls for image based popups."; out.write(PageFlowUtil.generateDropDownImage(_navTree.getText(), "#", - onClickScript, _navTree.getImageSrc(), _imageId, _navTree.getImageHeight(), _navTree.getImageWidth(), attributes)); + _navTree.getImageSrc(), _imageId, _navTree.getImageHeight(), _navTree.getImageWidth(), attributes)); } if (_buttonStyle == ButtonStyle.IMAGE_AND_TEXT) @@ -194,7 +185,7 @@ else if (_buttonStyle == ButtonStyle.IMAGE || _buttonStyle == ButtonStyle.IMAGE_ { assert !requiresSelection : "Only button-style popups can require selection."; out.write(PageFlowUtil.generateDropDownTextLink(_navTree.getText(), "#", - onClickScript, _buttonStyle == ButtonStyle.BOLDTEXT, _offset, _navTree.getId(), attributes)); + _buttonStyle == ButtonStyle.BOLDTEXT, _navTree.getId(), attributes)); } UL( diff --git a/core/src/org/labkey/core/view/template/bootstrap/ViewServiceImpl.java b/core/src/org/labkey/core/view/template/bootstrap/ViewServiceImpl.java index 23885cce85e..352604ee49b 100644 --- a/core/src/org/labkey/core/view/template/bootstrap/ViewServiceImpl.java +++ b/core/src/org/labkey/core/view/template/bootstrap/ViewServiceImpl.java @@ -526,9 +526,7 @@ else if (!config._isWebpart) { try { - link.setText(link.getText()); // Huh? Looks like a total no-op to me. PopupMenu more = new PopupMenu(link, PopupMenu.Align.RIGHT, PopupMenu.ButtonStyle.TEXT); - more.setOffset("-7"); more.render(out); } catch (Exception e) diff --git a/experiment/src/org/labkey/experiment/XarExporter.java b/experiment/src/org/labkey/experiment/XarExporter.java index c2159405c05..9fe8f2cb4d2 100644 --- a/experiment/src/org/labkey/experiment/XarExporter.java +++ b/experiment/src/org/labkey/experiment/XarExporter.java @@ -1532,8 +1532,7 @@ public void writeAsArchive(OutputStream out) throws IOException, ExperimentExcep zOut.putNextEntry(errorEntry); final PrintStream ps = new PrintStream(zOut, true); - ps.println("Failed to complete export of the XAR file: "); - e.printStackTrace(ps); + ps.println("Failed to complete export of the XAR file: " + e); zOut.closeEntry(); throw e; }