From f2b42e9478552650fa385a13d4bf0a44d0df16d0 Mon Sep 17 00:00:00 2001
From: Costantino Perciante <costantino.perciante@isti.cnr.it>
Date: Wed, 11 May 2016 12:26:38 +0000
Subject: [PATCH] Fixed text when editing background summary

git-svn-id: http://svn.research-infrastructures.eu/public/d4science/gcube/trunk/portlets/user/social-profile@128561 82a268e6-3cf1-43bd-a215-b396298e98cf
---
 .../client/ui/DisplaySummary.java             | 26 ++++--
 .../server/SocialServiceImpl.java             | 85 +------------------
 2 files changed, 25 insertions(+), 86 deletions(-)

diff --git a/src/main/java/org/gcube/portlets/user/socialprofile/client/ui/DisplaySummary.java b/src/main/java/org/gcube/portlets/user/socialprofile/client/ui/DisplaySummary.java
index 5fb63e3..2202fa1 100644
--- a/src/main/java/org/gcube/portlets/user/socialprofile/client/ui/DisplaySummary.java
+++ b/src/main/java/org/gcube/portlets/user/socialprofile/client/ui/DisplaySummary.java
@@ -46,7 +46,10 @@ public class DisplaySummary extends Composite {
 	 */
 	public void setSummary(String summaryText){
 		summary.setHTML(summaryText);
-		summaryEditingArea.setText(summaryText);
+
+		// convert back to text
+		String text = fromEscapedHTMLToString(summaryText);
+		summaryEditingArea.setText(text);
 	}
 
 	/**
@@ -76,7 +79,7 @@ public class DisplaySummary extends Composite {
 
 				// save the new sanitizedHtml html as summary
 				if(result != null){
-					summary.setHTML(result);
+					setSummary(result);
 					summary.setVisible(true);
 					summaryEditingArea.setVisible(false);
 					saveSummary.setVisible(false);
@@ -119,15 +122,28 @@ public class DisplaySummary extends Composite {
 		// enable save button
 		saveSummary.setEnabled(true);
 	}
-	
+
 	@UiHandler("cancelEditSummary")
 	void onCancelClick(ClickEvent e){
-		
+
 		// reset changes and exit
-		summaryEditingArea.setText(summary.getText());
 		summary.setVisible(true);
 		summaryEditingArea.setVisible(false);
 		saveSummary.setVisible(false);
 		cancelEditSummary.setVisible(false);
 	}
+	
+	/**
+	 * Convert back escaped html to text
+	 * @param htmlEscaped
+	 * @return
+	 */
+	private static String fromEscapedHTMLToString(String htmlEscaped){
+		String descWithoutHTML = htmlEscaped;		
+		descWithoutHTML = descWithoutHTML.replaceAll("&nbsp;&nbsp;","  ");
+		descWithoutHTML = descWithoutHTML.replaceAll(" <br/> ","\r\n");
+		descWithoutHTML = descWithoutHTML.replaceAll("&lt;","<").replaceAll("&gt;",">");
+		descWithoutHTML = descWithoutHTML.replaceAll("&amp;","&");
+		return descWithoutHTML;
+	}
 }
diff --git a/src/main/java/org/gcube/portlets/user/socialprofile/server/SocialServiceImpl.java b/src/main/java/org/gcube/portlets/user/socialprofile/server/SocialServiceImpl.java
index 8ab68f9..543286e 100644
--- a/src/main/java/org/gcube/portlets/user/socialprofile/server/SocialServiceImpl.java
+++ b/src/main/java/org/gcube/portlets/user/socialprofile/server/SocialServiceImpl.java
@@ -4,8 +4,6 @@ import static org.gcube.resources.discovery.icclient.ICFactory.clientFor;
 import static org.gcube.resources.discovery.icclient.ICFactory.queryFor;
 
 import java.io.InputStream;
-import java.net.MalformedURLException;
-import java.net.URL;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.LinkedHashMap;
@@ -126,20 +124,20 @@ public class SocialServiceImpl extends RemoteServiceServlet implements SocialSer
 	@Override
 	public String saveProfessionalBackground(String summary) {
 		// parse (html sanitize)
-		String toSave = escapeHtmlAndTransformUrl(summary);
+		String toReturn = transformSummary(summary);
 		if(isWithinPortal()){
 			UserManager um = new LiferayUserManager();
 			ASLSession session = getASLSession();
 			try{
 				GCubeUser user = um.getUserByUsername(session.getUsername());
-				um.setUserProfessionalBackground(user.getUserId(), toSave);
-				return toSave; // sanitized
+				um.setUserProfessionalBackground(user.getUserId(), summary); // save as it is
+				return toReturn; // sanitized
 			}catch(Exception e){
 				_log.error("Unable to save the professional background " + summary + " for user " + session.getUsername());
 				return null;
 			}
 		}else
-			return toSave; // development mode
+			return toReturn; // development mode
 	}
 
 	private UserContext getUserProfile(String username) {
@@ -578,79 +576,4 @@ public class SocialServiceImpl extends RemoteServiceServlet implements SocialSer
 		return html.replaceAll("&", "&amp;").replaceAll("<", "&lt;")
 				.replaceAll(">", "&gt;");
 	}
-
-	/**
-	 * Escape an html string. Escaping data received from the client helps to
-	 * prevent cross-site script vulnerabilities.
-	 * 
-	 * @param html the html string to escape
-	 * @return the escaped string
-	 */
-	private static String escapeHtmlAndTransformUrl(String html) {
-		if (html == null) {
-			return null;
-		}
-		String toReturn = html.replaceAll("&", "&amp;").replaceAll("<", "&lt;")
-				.replaceAll(">", "&gt;");
-
-		// replace all the line breaks by <br/>
-		toReturn = toReturn.replaceAll("(\r\n|\n)"," <br/> ");
-		//transfrom the URL in a clickable URL
-		toReturn = transformUrls(toReturn);
-		// then replace all the double spaces by the html version &nbsp;
-		toReturn = toReturn.replaceAll("\\s\\s","&nbsp;&nbsp;");
-		return toReturn;
-	}
-
-	/**
-	 * utility method that convert a url ina text in a clickable url by the browser
-	 * and if the user has just pasted a link, converts the link in: shared a link
-	 * @param feedText
-	 * @return the text with the clickable url in it
-	 */
-	protected static String transformUrls(String feedText) {
-		StringBuilder sb = new StringBuilder();
-		// separate input by spaces ( URLs have no spaces )
-		String [] parts = feedText.split("\\s");
-		// Attempt to convert each item into an URL.
-		for (int i = 0; i < parts.length; i++) {			
-			String toCheck = getHttpToken(parts[i]);
-			if (toCheck != null) {
-				try {					
-					URL url = new URL(toCheck);
-					if (i == 0 && parts.length == 1) //then he shared just a link 
-						return sb.append("<span style=\"color:gray; font-size:12px;\">shared </span><a class=\"link\" href=\"").append(url).append("\" target=\"_blank\">").append("a link.").append("</a> ").toString();
-					// If possible then replace with anchor...
-					sb.append("<a class=\"link\" style=\"font-size:14px;\" href=\"").append(url).append("\" target=\"_blank\">").append(url).append("</a> ");    
-				} catch (MalformedURLException e) {
-					// If there was an URL then it's not valid
-					_log.error("MalformedURLException returning... ");
-					return feedText;
-				}
-			} else {
-				sb.append(parts[i]);
-				sb.append(" ");
-			}
-		}
-		return sb.toString();
-	}
-
-	/**
-	 * check the tokens of a pasted text and see if there's any http link in it
-	 * @param item a text token
-	 * @return the actual http link
-	 */
-	private static String getHttpToken(String item) {
-		if (item.startsWith("http") || item.startsWith("www") || item.startsWith("(www") || item.startsWith("(http")) {
-			if (item.startsWith("(")) 
-				item = item.substring(1, item.length());
-			if (item.endsWith(".") || item.endsWith(")")) { //sometimes people write the url and close the phrase with a .
-				item = item.substring(0, item.length()-1);
-			}
-			item = item.startsWith("www") ? "http://"+item : item;
-			System.out.println("getHttpToken returns -> " + item);
-			return item;
-		}
-		return null;
-	}
 }