001    package railo.runtime.functions.owasp;
002    
003    import java.io.PrintStream;
004    
005    import org.owasp.esapi.ESAPI;
006    import org.owasp.esapi.Encoder;
007    import org.owasp.esapi.errors.EncodingException;
008    
009    import railo.commons.io.DevNullOutputStream;
010    import railo.commons.lang.StringUtil;
011    import railo.runtime.PageContext;
012    import railo.runtime.exp.ApplicationException;
013    import railo.runtime.exp.FunctionException;
014    import railo.runtime.exp.PageException;
015    import railo.runtime.ext.function.Function;
016    import railo.runtime.op.Caster;
017    
018    public class ESAPIDecode implements Function {
019            
020            private static final long serialVersionUID = 7054200748398531363L;
021            
022            public static final short DEC_BASE64=1;
023            public static final short DEC_URL=2;
024            
025            public static String decode(String item, short decFrom) throws PageException  {
026                    
027                    PrintStream out = System.out;
028                    try {
029                             System.setOut(new PrintStream(DevNullOutputStream.DEV_NULL_OUTPUT_STREAM));
030                             Encoder encoder = ESAPI.encoder();
031                             switch(decFrom){
032                             case DEC_URL:return encoder.decodeFromURL(item);
033                             }
034                             throw new ApplicationException("invalid target decoding defintion");
035                    }
036                    catch(EncodingException ee){
037                            throw Caster.toPageException(ee);
038                    }
039                    finally {
040                             System.setOut(out);
041                    }
042            }
043            
044            public static String call(PageContext pc , String strDecodeFrom, String value) throws PageException{
045                    short decFrom;
046                    strDecodeFrom=StringUtil.emptyIfNull(strDecodeFrom).trim().toLowerCase();
047                    if("url".equals(strDecodeFrom)) decFrom=DEC_URL;
048                    else 
049                            throw new FunctionException(pc, "ESAPIDecode", 1, "decodeFrom", "value ["+strDecodeFrom+"] is invalid, valid values are " +
050                                            "[url]");
051                    return decode(value, decFrom);
052            }
053            
054    }