package org.sakaiproject.portlets;

import java.io.File;
import java.io.IOException;
import java.io.PrintWriter;
import java.net.HttpURLConnection;
import java.net.URL;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Properties;
import java.util.regex.Pattern;
import javax.portlet.ActionRequest;
import javax.portlet.ActionResponse;
import javax.portlet.GenericPortlet;
import javax.portlet.PortletConfig;
import javax.portlet.PortletContext;
import javax.portlet.PortletException;
import javax.portlet.PortletMode;
import javax.portlet.PortletSession;
import javax.portlet.RenderRequest;
import javax.portlet.RenderResponse;
import javax.servlet.ServletRequest;
import org.apache.commons.httpclient.HttpState;
import org.apache.commons.httpclient.cookie.CookieSpec;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.commons.validator.routines.UrlValidator;
import org.apache.velocity.VelocityContext;
import org.apache.velocity.app.VelocityEngine;
import org.apache.velocity.context.Context;
import org.apache.velocity.runtime.resource.loader.StringResourceLoader;
import org.apache.velocity.servlet.VelocityServlet;
import org.sakaiproject.authz.api.AuthzGroup;
import org.sakaiproject.authz.api.GroupNotDefinedException;
import org.sakaiproject.authz.api.Role;
import org.sakaiproject.authz.cover.AuthzGroupService;
import org.sakaiproject.component.cover.ComponentManager;
import org.sakaiproject.component.cover.ServerConfigurationService;
import org.sakaiproject.entity.api.Reference;
import org.sakaiproject.entity.cover.EntityManager;
import org.sakaiproject.event.api.EventTrackingService;
import org.sakaiproject.event.cover.UsageSessionService;
import org.sakaiproject.exception.IdUnusedException;
import org.sakaiproject.portlet.util.JSPHelper;
import org.sakaiproject.portlet.util.VelocityHelper;
import org.sakaiproject.site.api.Site;
import org.sakaiproject.site.api.SitePage;
import org.sakaiproject.site.api.ToolConfiguration;
import org.sakaiproject.site.cover.SiteService;
import org.sakaiproject.thread_local.cover.ThreadLocalManager;
import org.sakaiproject.tool.api.Placement;
import org.sakaiproject.tool.api.Session;
import org.sakaiproject.tool.cover.SessionManager;
import org.sakaiproject.tool.cover.ToolManager;
import org.sakaiproject.user.api.User;
import org.sakaiproject.user.api.UserNotDefinedException;
import org.sakaiproject.user.cover.UserDirectoryService;
import org.sakaiproject.util.FormattedText;
import org.sakaiproject.util.ResourceLoader;

/* loaded from: input_file:WEB-INF/classes/org/sakaiproject/portlets/PortletIFrame.class */
public class PortletIFrame extends GenericPortlet {
    protected static final String EVENT_ACCESS_WEB_CONTENT = "webcontent.read";
    protected static final String EVENT_REVISE_WEB_CONTENT = "webcontent.revise";
    private PortletContext pContext;
    protected static final String SOURCE = "source";
    protected static final String URL = "url";
    protected static final String HEIGHT = "height";
    protected static final String CUSTOM_HEIGHT = "customNumberField";
    protected static final String TITLE = "title";
    private static final String FORM_PAGE_TITLE = "title-of-page";
    private static final int MAX_TITLE_LENGTH = 99;
    private static final int MAX_SITE_INFO_URL_LENGTH = 255;
    protected static final String TARGETPAGE_URL = "TargetPageUrl";
    protected static final String TARGETPAGE_NAME = "TargetPageName";
    protected static final String ANNOTATED_TEXT = "desp";
    protected static final String SPECIAL = "special";
    protected static final String SPECIAL_SITE = "site";
    protected static final String SPECIAL_ANNOTATEDURL = "annotatedurl";
    protected static final String SPECIAL_WORKSPACE = "workspace";
    protected static final String SPECIAL_WORKSITE = "worksite";
    protected static final String SAKAI_PROPERTIES_URL_KEY = "sakai.properties.url.key";
    protected static final String HIDE_OPTIONS = "hide.options";
    private static final String PASS_PID = "passthroughPID";
    private static final String MACRO_EXPANSION = "expandMacros";
    protected static final String MACRO_SITE_ID = "${SITE_ID}";
    protected static final String MACRO_USER_ID = "${USER_ID}";
    protected static final String MACRO_USER_EID = "${USER_EID}";
    protected static final String MACRO_USER_FIRST_NAME = "${USER_FIRST_NAME}";
    protected static final String MACRO_USER_LAST_NAME = "${USER_LAST_NAME}";
    protected static final String MACRO_USER_ROLE = "${USER_ROLE}";
    protected static final String MACRO_SESSION_ID = "${SESSION_ID}";
    private static final String MACRO_CLASS_SITE_PROP = "SITE_PROP:";
    private static final String IFRAME_ALLOWED_MACROS_PROPERTY = "iframe.allowed.macros";
    private static final String MACRO_DEFAULT_ALLOWED = "${USER_ID},${USER_EID},${USER_FIRST_NAME},${USER_LAST_NAME},${SITE_ID},${USER_ROLE}";
    private static final String IFRAME_XFRAME_CACHETIME = "iframe.xframe.cachetime";
    private static final int IFRAME_XFRAME_CACHETIME_DEFAULT = 21600000;
    private static final String XFRAME_LAST_TIME = "xframe-last-time";
    private static final String XFRAME_LAST_STATUS = "xframe-last-status";
    private static final String IFRAME_XFRAME_LOADTIME = "iframe.xframe.loadtime";
    private static final int IFRAME_XFRAME_LOADTIME_DEFAULT = 8000;
    private static long xframeCache;
    private static long xframeLoad;
    private static final String IFRAME_XFRAME_POPUP = "iframe.xframe.popup";
    private static final String IFRAME_XFRAME_INLINE = "iframe.xframe.inline";
    public static final String CURRENT_HTTP_REQUEST = "org.sakaiproject.util.RequestFilter.http_request";
    private static ArrayList allowedMacrosList;
    protected static final String VALID_DIGITS = "0123456789";
    private static final String PROTOCOL_PREFIX = "http:";
    private static final String HOST_PREFIX = "http://127.0.0.1";
    private static final String ABOUT_BLANK = "about:blank";
    private static final Log M_log = LogFactory.getLog(PortletIFrame.class);
    protected static ResourceLoader rb = new ResourceLoader("iframe");
    private static String ALERT_MESSAGE = "sakai:alert-message";
    protected final FormattedText validator = new FormattedText();
    private final VelocityHelper vHelper = new VelocityHelper();
    VelocityEngine vengine = null;
    protected final String POPUP = "popup";
    protected final String MAXIMIZE = "maximize";
    public String[] ourPixels = {"300px", "450px", "600px", "750px", "900px", "1200px", "1800px", "2400px"};

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/classes/org/sakaiproject/portlets/PortletIFrame$SessionDataException.class */
    public static class SessionDataException extends Exception {
        public SessionDataException(String str) {
            super(str);
        }
    }

    public String getTitleString(RenderRequest renderRequest) {
        return ToolManager.getCurrentPlacement().getTitle();
    }

    public void init(PortletConfig portletConfig) throws PortletException {
        super.init(portletConfig);
        this.pContext = portletConfig.getPortletContext();
        try {
            VelocityHelper velocityHelper = this.vHelper;
            this.vengine = VelocityHelper.makeEngine(this.pContext);
            M_log.info("iFrame Portlet vengine=" + this.vengine + " rb=" + rb);
        } catch (Exception e) {
            throw new PortletException("Cannot initialize Velocity ", e);
        }
    }

    private void addAlert(ActionRequest actionRequest, String str) {
        actionRequest.getPortletSession(true).setAttribute(ALERT_MESSAGE, str);
    }

    private void sendAlert(RenderRequest renderRequest, Context context) {
        PortletSession portletSession = renderRequest.getPortletSession(true);
        String str = (String) portletSession.getAttribute(ALERT_MESSAGE);
        portletSession.removeAttribute(ALERT_MESSAGE);
        if (str == null || str.length() <= 0) {
            return;
        }
        FormattedText formattedText = this.validator;
        context.put("alertMessage", FormattedText.escapeHtml(str, false));
    }

    public void doView(RenderRequest renderRequest, RenderResponse renderResponse) throws PortletException, IOException {
        EventTrackingService eventTrackingService;
        renderResponse.setContentType(VelocityServlet.DEFAULT_CONTENT_TYPE);
        String parameter = ((ServletRequest) ThreadLocalManager.get(CURRENT_HTTP_REQUEST)).getParameter("sakai.popup");
        PrintWriter writer = renderResponse.getWriter();
        VelocityContext velocityContext = new VelocityContext();
        Placement currentPlacement = ToolManager.getCurrentPlacement();
        Properties allProperties = getAllProperties(currentPlacement);
        renderResponse.setTitle(currentPlacement.getTitle());
        String property = allProperties.getProperty(SOURCE);
        if (property == null) {
            property = "";
        }
        String property2 = allProperties.getProperty(HEIGHT);
        if (property2 == null) {
            property2 = "1200px";
        }
        String property3 = allProperties.getProperty(SAKAI_PROPERTIES_URL_KEY);
        allProperties.getProperty(HIDE_OPTIONS);
        String special = getSpecial(allProperties);
        if (SPECIAL_WORKSITE.equals(special)) {
            try {
                Site site = SiteService.getSite(currentPlacement.getContext());
                if (StringUtils.trimToNull(site.getInfoUrlFull()) == null) {
                    String trimToNull = StringUtils.trimToNull(site.getDescription());
                    if (trimToNull == null) {
                        trimToNull = StringUtils.trimToNull(site.getTitle());
                    }
                    StringBuilder sb = new StringBuilder();
                    if (trimToNull != null) {
                        FormattedText formattedText = this.validator;
                        trimToNull = FormattedText.processFormattedText(trimToNull, sb);
                    }
                    velocityContext.put("siteInfo", trimToNull);
                    VelocityHelper velocityHelper = this.vHelper;
                    VelocityHelper.doTemplate(this.vengine, "/vm/info.vm", velocityContext, writer);
                    return;
                }
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
        boolean equals = "true".equals(currentPlacement.getPlacementConfig().getProperty("popup"));
        boolean equals2 = "true".equals(currentPlacement.getPlacementConfig().getProperty("maximize"));
        String sourceUrl = sourceUrl(special, property, currentPlacement.getContext(), !HttpState.PREEMPTIVE_DEFAULT.equalsIgnoreCase(allProperties.getProperty(MACRO_EXPANSION, "true")), "true".equalsIgnoreCase(allProperties.getProperty(PASS_PID, HttpState.PREEMPTIVE_DEFAULT)), currentPlacement.getId(), property3);
        if (sourceUrl == null || sourceUrl.trim().length() <= 0) {
            writer.println("Not yet configured");
            return;
        }
        String sanitizeHrefURL = sanitizeHrefURL(sourceUrl);
        if (sanitizeHrefURL == null || !validateURL(sanitizeHrefURL)) {
            M_log.warn("invalid URL suppressed placement=" + currentPlacement.getId() + " site=" + currentPlacement.getContext() + " url=" + sanitizeHrefURL);
            sanitizeHrefURL = ABOUT_BLANK;
        }
        boolean z = equals || popupXFrame(renderRequest, currentPlacement, sanitizeHrefURL);
        String str = (String) SessionManager.getCurrentSession().getAttribute(UsageSessionService.SAKAI_CSRF_SESSION_ATTRIBUTE);
        if (str != null) {
            velocityContext.put("sakai_csrf_token", str);
        }
        velocityContext.put("tlang", rb);
        velocityContext.put("validator", this.validator);
        velocityContext.put(SOURCE, sanitizeHrefURL);
        velocityContext.put(HEIGHT, property2);
        sendAlert(renderRequest, velocityContext);
        velocityContext.put("popup", Boolean.valueOf(z));
        velocityContext.put("popupdone", Boolean.valueOf(parameter != null));
        velocityContext.put("maximize", Boolean.valueOf(equals2));
        velocityContext.put("placement", currentPlacement.getId().replaceAll("[^a-zA-Z0-9]", "_"));
        velocityContext.put("loadTime", new Long(xframeLoad));
        if (currentPlacement != null && currentPlacement.getContext() != null && currentPlacement.getId() != null && (eventTrackingService = (EventTrackingService) ComponentManager.get(EventTrackingService.class)) != null) {
            eventTrackingService.post(eventTrackingService.newEvent(StringUtils.trimToNull(allProperties.getProperty(EVENT_ACCESS_WEB_CONTENT)) != null ? allProperties.getProperty(EVENT_ACCESS_WEB_CONTENT) : EVENT_ACCESS_WEB_CONTENT, StringUtils.abbreviate("/web/" + currentPlacement.getContext() + "/id/" + currentPlacement.getId() + "/url/" + URLEncoder.encode(sanitizeHrefURL, StringResourceLoader.REPOSITORY_ENCODING_DEFAULT), 240), false));
        }
        VelocityHelper velocityHelper2 = this.vHelper;
        VelocityHelper.doTemplate(this.vengine, "/vm/main.vm", velocityContext, writer);
    }

    public boolean popupXFrame(RenderRequest renderRequest, Placement placement, String str) {
        long j;
        if (xframeCache < 1) {
            return false;
        }
        if (!str.startsWith("http://") && !str.startsWith("https://")) {
            return false;
        }
        String string = ServerConfigurationService.getString(IFRAME_XFRAME_POPUP, (String) null);
        if (string != null && string.length() > 1 && Pattern.compile(string).matcher(str.toLowerCase()).find()) {
            return true;
        }
        String string2 = ServerConfigurationService.getString(IFRAME_XFRAME_INLINE, (String) null);
        if (string2 != null && string2.length() > 1 && Pattern.compile(string2).matcher(str.toLowerCase()).find()) {
            return false;
        }
        String serverUrl = ServerConfigurationService.getServerUrl();
        if (str.startsWith(serverUrl) || str.startsWith(ServerConfigurationService.getAccessUrl())) {
            return false;
        }
        if ((renderRequest.isSecure() || (serverUrl != null && serverUrl.startsWith("https://"))) && str.startsWith("http://")) {
            return true;
        }
        long time = new Date().getTime();
        try {
            j = Long.parseLong(placement.getPlacementConfig().getProperty(XFRAME_LAST_TIME));
        } catch (NumberFormatException e) {
            j = -1;
        }
        M_log.debug("lastTime=" + j + " nowTime=" + time);
        if (j > 0 && time < j + xframeCache) {
            String property = placement.getPlacementConfig().getProperty(XFRAME_LAST_STATUS);
            M_log.debug("Status from placement=" + property);
            return "true".equals(property);
        }
        placement.getPlacementConfig().setProperty(XFRAME_LAST_TIME, String.valueOf(time));
        boolean z = false;
        try {
            HttpURLConnection.setFollowRedirects(true);
            HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(str).openConnection();
            httpURLConnection.setRequestMethod("HEAD");
            Iterator<Map.Entry<String, List<String>>> it = httpURLConnection.getHeaderFields().entrySet().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                String key = it.next().getKey();
                if (key != null && "x-frame-options".equals(key.toLowerCase())) {
                    z = true;
                    break;
                }
            }
        } catch (Exception e2) {
            M_log.debug(e2.getMessage());
            z = false;
        }
        placement.getPlacementConfig().setProperty(XFRAME_LAST_STATUS, String.valueOf(z));
        if (z) {
            placement.getPlacementConfig().setProperty("popup", "true");
        }
        placement.save();
        M_log.debug("Retrieved=" + str + " XFrame=" + z);
        return z;
    }

    public void doEdit(RenderRequest renderRequest, RenderResponse renderResponse) throws PortletException, IOException {
        EventTrackingService eventTrackingService;
        renderResponse.setContentType(VelocityServlet.DEFAULT_CONTENT_TYPE);
        PrintWriter writer = renderResponse.getWriter();
        String titleString = getTitleString(renderRequest);
        if (titleString != null) {
            renderResponse.setTitle(titleString);
        }
        VelocityContext velocityContext = new VelocityContext();
        String str = (String) SessionManager.getCurrentSession().getAttribute(UsageSessionService.SAKAI_CSRF_SESSION_ATTRIBUTE);
        if (str != null) {
            velocityContext.put("sakai_csrf_token", str);
        }
        velocityContext.put("tlang", rb);
        velocityContext.put("validator", this.validator);
        sendAlert(renderRequest, velocityContext);
        velocityContext.put("actionUrl", renderResponse.createActionURL().toString());
        velocityContext.put("doCancel", "sakai.cancel");
        velocityContext.put("doUpdate", "sakai.update");
        Placement currentPlacement = ToolManager.getCurrentPlacement();
        Properties allProperties = getAllProperties(currentPlacement);
        String special = getSpecial(allProperties);
        FormattedText formattedText = this.validator;
        velocityContext.put(TITLE, FormattedText.escapeHtml(currentPlacement.getTitle(), false));
        String property = currentPlacement.getPlacementConfig().getProperty(SOURCE);
        if (property == null) {
            property = "";
        }
        if (special == null) {
            velocityContext.put(SOURCE, property);
        }
        String property2 = currentPlacement.getPlacementConfig().getProperty(HEIGHT);
        if (property2 == null) {
            property2 = "1200px";
        }
        velocityContext.put(HEIGHT, property2);
        ToolConfiguration findTool = SiteService.findTool(currentPlacement.getId());
        if (findTool != null) {
            try {
                Site site = SiteService.getSite(findTool.getSiteId());
                String id = site.getId();
                SitePage page = site.getPage(findTool.getPageId());
                velocityContext.put("siteId", id);
                if (page.getTools() != null && page.getTools().size() == 1) {
                    velocityContext.put("showPopup", Boolean.TRUE);
                    velocityContext.put("popup", Boolean.valueOf("true".equals(currentPlacement.getPlacementConfig().getProperty("popup"))));
                    velocityContext.put("maximize", Boolean.valueOf("true".equals(currentPlacement.getPlacementConfig().getProperty("maximize"))));
                    velocityContext.put("pageTitleEditable", Boolean.TRUE);
                    FormattedText formattedText2 = this.validator;
                    velocityContext.put("page_title", FormattedText.escapeHtml(page.getTitle(), false));
                }
            } catch (Throwable th) {
            }
        }
        if (special == null) {
            velocityContext.put("heading", rb.getString("gen.custom"));
        } else if (SPECIAL_SITE.equals(special)) {
            velocityContext.put("heading", rb.getString("gen.custom.site"));
        } else if (SPECIAL_WORKSPACE.equals(special)) {
            velocityContext.put("heading", rb.getString("gen.custom.workspace"));
        } else if (SPECIAL_WORKSITE.equals(special)) {
            velocityContext.put("heading", rb.getString("gen.custom.worksite"));
            try {
                Site site2 = SiteService.getSite(ToolManager.getCurrentPlacement().getContext());
                site2.getId();
                String trimToNull = StringUtils.trimToNull(site2.getInfoUrl());
                if (trimToNull != null) {
                    velocityContext.put("info_url", FormattedText.escapeHtmlFormattedTextarea(trimToNull));
                }
                String trimToNull2 = StringUtils.trimToNull(site2.getDescription());
                if (trimToNull2 != null) {
                    velocityContext.put("description", FormattedText.escapeHtmlFormattedTextarea(trimToNull2));
                }
            } catch (Throwable th2) {
            }
        } else if (SPECIAL_ANNOTATEDURL.equals(special)) {
            velocityContext.put("heading", rb.getString("gen.custom.annotatedurl"));
            try {
                velocityContext.put("description", allProperties.getProperty(ANNOTATED_TEXT));
            } catch (Throwable th3) {
            }
        } else {
            velocityContext.put("heading", rb.getString("gen.custom"));
        }
        boolean z = false;
        for (int i = 0; i < this.ourPixels.length; i++) {
            if (property2.equals(this.ourPixels[i])) {
                z = true;
            }
        }
        if (!z) {
            velocityContext.put("custom_height", property2.trim().split("px")[0]);
            property2 = rb.getString("gen.heisomelse");
        }
        velocityContext.put(HEIGHT, property2);
        velocityContext.put("max_length_title", Integer.valueOf(MAX_TITLE_LENGTH));
        velocityContext.put("max_length_info_url", Integer.valueOf(MAX_SITE_INFO_URL_LENGTH));
        String str2 = SPECIAL_SITE.equals(special) ? "/vm/edit-site.vm" : "/vm/edit.vm";
        if (SPECIAL_WORKSITE.equals(special)) {
            str2 = "/vm/edit-site.vm";
        }
        if (SPECIAL_ANNOTATEDURL.equals(special)) {
            str2 = "/vm/edit-annotatedurl.vm";
        }
        if (currentPlacement != null && currentPlacement.getContext() != null && currentPlacement.getId() != null && (eventTrackingService = (EventTrackingService) ComponentManager.get(EventTrackingService.class)) != null) {
            eventTrackingService.post(eventTrackingService.newEvent(StringUtils.trimToNull(allProperties.getProperty(EVENT_REVISE_WEB_CONTENT)) != null ? allProperties.getProperty(EVENT_REVISE_WEB_CONTENT) : EVENT_REVISE_WEB_CONTENT, StringUtils.abbreviate("/web/" + currentPlacement.getContext() + "/id/" + currentPlacement.getId() + "/url/" + URLEncoder.encode(property, StringResourceLoader.REPOSITORY_ENCODING_DEFAULT), 240), false));
        }
        VelocityHelper velocityHelper = this.vHelper;
        VelocityHelper.doTemplate(this.vengine, str2, velocityContext, writer);
    }

    public void doHelp(RenderRequest renderRequest, RenderResponse renderResponse) throws PortletException, IOException {
        JSPHelper.sendToJSP(this.pContext, renderRequest, renderResponse, "/help.jsp");
    }

    public void processAction(ActionRequest actionRequest, ActionResponse actionResponse) throws PortletException, IOException {
        PortletSession portletSession = actionRequest.getPortletSession(true);
        String parameter = actionRequest.getParameter("sakai.cancel");
        String parameter2 = actionRequest.getParameter("sakai.update");
        portletSession.removeAttribute("error.message");
        if (parameter != null) {
            actionResponse.setPortletMode(PortletMode.VIEW);
        } else if (parameter2 != null) {
            processActionEdit(actionRequest, actionResponse);
        } else {
            actionResponse.setPortletMode(PortletMode.VIEW);
        }
    }

    public void processActionEdit(ActionRequest actionRequest, ActionResponse actionResponse) throws PortletException, IOException {
        actionResponse.setPortletMode(PortletMode.EDIT);
        Placement currentPlacement = ToolManager.getCurrentPlacement();
        ToolConfiguration findTool = SiteService.findTool(currentPlacement.getId());
        String special = getSpecial(getAllProperties(currentPlacement));
        String trimToEmpty = StringUtils.trimToEmpty(actionRequest.getParameter(SOURCE));
        if (special == null && StringUtils.isBlank(trimToEmpty)) {
            addAlert(actionRequest, rb.getString("gen.url.empty"));
            return;
        }
        if (!StringUtils.isBlank(trimToEmpty) && !validateURL(trimToEmpty)) {
            addAlert(actionRequest, rb.getString("gen.url.invalid"));
            return;
        }
        if (trimToEmpty == null) {
            trimToEmpty = "";
        }
        currentPlacement.getPlacementConfig().setProperty(SOURCE, trimToEmpty);
        String trimToNull = StringUtils.trimToNull(actionRequest.getParameter("infourl"));
        if (trimToNull != null && trimToNull.length() > MAX_SITE_INFO_URL_LENGTH) {
            addAlert(actionRequest, rb.getString("gen.info.url.toolong"));
            return;
        }
        if (!StringUtils.isBlank(trimToNull) && !validateURL(trimToNull)) {
            addAlert(actionRequest, rb.getString("gen.url.invalid"));
            return;
        }
        String parameter = actionRequest.getParameter(HEIGHT);
        if (parameter.equals(rb.getString("gen.heisomelse"))) {
            String parameter2 = actionRequest.getParameter(CUSTOM_HEIGHT);
            if (parameter2 == null || parameter2.equals("")) {
                addAlert(actionRequest, rb.getString("java.alert.pleentval"));
                return;
            } else if (!checkDigits(parameter2)) {
                addAlert(actionRequest, rb.getString("java.alert.pleentval"));
                return;
            } else {
                currentPlacement.getPlacementConfig().setProperty(HEIGHT, parameter2 + "px");
            }
        } else {
            currentPlacement.getPlacementConfig().setProperty(HEIGHT, parameter);
        }
        String parameter3 = actionRequest.getParameter(TITLE);
        if (StringUtils.isBlank(parameter3)) {
            addAlert(actionRequest, rb.getString("gen.tootit.empty"));
            return;
        }
        if (parameter3.length() > MAX_TITLE_LENGTH) {
            addAlert(actionRequest, rb.getString("gen.tootit.toolong"));
            return;
        }
        currentPlacement.setTitle(parameter3);
        try {
            Site site = SiteService.getSite(findTool.getSiteId());
            SitePage page = site.getPage(findTool.getPageId());
            page.setTitleCustom(true);
            if (findTool != null && !SPECIAL_WORKSITE.equals(special) && !SPECIAL_WORKSPACE.equals(special) && page.getTools() != null && page.getTools().size() == 1) {
                String parameter4 = actionRequest.getParameter(FORM_PAGE_TITLE);
                if (StringUtils.isBlank(parameter4)) {
                    addAlert(actionRequest, rb.getString("gen.pagtit.empty"));
                    return;
                } else {
                    if (parameter4.length() > MAX_TITLE_LENGTH) {
                        addAlert(actionRequest, rb.getString("gen.pagtit.toolong"));
                        return;
                    }
                    page.setTitle(parameter4);
                }
            }
            SiteService.save(site);
        } catch (Exception e) {
            M_log.warn("doConfigure_update: " + e);
        }
        String parameter5 = actionRequest.getParameter("popup");
        if (!"true".equals(parameter5)) {
            parameter5 = HttpState.PREEMPTIVE_DEFAULT;
        }
        currentPlacement.getPlacementConfig().setProperty("popup", parameter5);
        String parameter6 = actionRequest.getParameter("maximize");
        if (!"true".equals(parameter6)) {
            parameter6 = HttpState.PREEMPTIVE_DEFAULT;
        }
        currentPlacement.getPlacementConfig().setProperty("maximize", parameter6);
        currentPlacement.getPlacementConfig().setProperty(XFRAME_LAST_STATUS, "");
        currentPlacement.getPlacementConfig().setProperty(XFRAME_LAST_TIME, "-1");
        currentPlacement.save();
        if (SPECIAL_WORKSITE.equals(special)) {
            if (trimToNull != null && trimToNull.length() > 0 && !trimToNull.startsWith(CookieSpec.PATH_DELIM) && trimToNull.indexOf("://") == -1) {
                trimToNull = "http://" + trimToNull;
            }
            try {
                SiteService.saveSiteInfo(ToolManager.getCurrentPlacement().getContext(), FormattedText.processFormattedText(StringUtils.trimToNull(actionRequest.getParameter("description")), new StringBuilder()), trimToNull);
            } catch (Throwable th) {
                M_log.warn("doConfigure_update: " + th);
            }
        }
        actionResponse.setPortletMode(PortletMode.VIEW);
    }

    private boolean checkDigits(String str) {
        for (int i = 0; i < str.length(); i++) {
            if (VALID_DIGITS.indexOf(str.charAt(i)) == -1) {
                return false;
            }
        }
        return true;
    }

    protected String getSpecial(Properties properties) {
        String property = properties.getProperty(SPECIAL);
        if (property == null) {
            if ("true".equals(properties.getProperty(SPECIAL_SITE))) {
                property = SPECIAL_SITE;
            } else if ("true".equals(properties.getProperty(SPECIAL_WORKSPACE))) {
                property = SPECIAL_WORKSPACE;
            } else if ("true".equals(properties.getProperty(SPECIAL_WORKSITE))) {
                property = SPECIAL_WORKSITE;
            } else if ("true".equals(properties.getProperty(SPECIAL_ANNOTATEDURL))) {
                property = SPECIAL_ANNOTATEDURL;
            }
        }
        return property;
    }

    protected String sourceUrl(String str, String str2, String str3, boolean z, boolean z2, String str4, String str5) {
        String trimToNull = StringUtils.trimToNull(str2);
        if (SPECIAL_SITE.equals(str)) {
            trimToNull = StringUtils.trimToNull(getLocalizedURL("server.info.url"));
        } else if (SPECIAL_WORKSPACE.equals(str)) {
            trimToNull = StringUtils.trimToNull(getLocalizedURL("myworkspace.info.url"));
        } else if (SPECIAL_WORKSITE.equals(str)) {
            try {
                Site site = SiteService.getSite(str3);
                trimToNull = StringUtils.trimToNull(site.getInfoUrlFull());
                if (trimToNull == null) {
                    trimToNull = ServerConfigurationService.getAccessUrl() + site.getReference();
                }
            } catch (Exception e) {
            }
        } else if (str5 != null && str5.length() > 1) {
            trimToNull = StringUtils.trimToNull(ServerConfigurationService.getString(str5));
        }
        if (trimToNull == null || trimToNull.equals("http://") || trimToNull.equals("https://")) {
            trimToNull = StringUtils.trimToNull(getLocalizedURL("webcontent.instructions.url"));
        }
        if (trimToNull != null) {
            trimToNull = convertReferenceUrl(trimToNull);
            if (z2) {
                trimToNull = (trimToNull.indexOf("?") < 0 ? trimToNull + "?" : trimToNull + "&") + "pid=" + str4;
            }
            if (z) {
                trimToNull = doMacroExpansion(trimToNull);
            }
        }
        return trimToNull;
    }

    private String getLocalizedURL(String str) {
        String string = ServerConfigurationService.getString(str);
        if (string == null || string.trim().length() == 0) {
            return string;
        }
        String trim = string.trim();
        int lastIndexOf = trim.lastIndexOf(".") >= 0 ? trim.lastIndexOf(".") : trim.length() - 1;
        String substring = trim.substring(lastIndexOf);
        String substring2 = trim.substring(0, lastIndexOf);
        Locale locale = new ResourceLoader().getLocale();
        if (locale != null) {
            String str2 = substring2 + "_" + locale.toString() + substring;
            if (new File(getPortletConfig().getPortletContext().getRealPath(".." + str2)).exists()) {
                return str2;
            }
            String str3 = substring2 + "_" + locale.getLanguage() + substring;
            if (new File(getPortletConfig().getPortletContext().getRealPath(".." + str3)).exists()) {
                return str3;
            }
        }
        return trim;
    }

    protected String convertReferenceUrl(String str) {
        String url;
        Reference newReference = EntityManager.newReference(str);
        return (!newReference.isKnownType() || (url = newReference.getUrl()) == null) ? str : url;
    }

    private String getUserId() throws SessionDataException {
        Session currentSession = SessionManager.getCurrentSession();
        if (currentSession == null) {
            throw new SessionDataException("No current user session");
        }
        return currentSession.getUserId();
    }

    private String getSessionId() throws SessionDataException {
        Session currentSession = SessionManager.getCurrentSession();
        if (currentSession == null) {
            throw new SessionDataException("No current user session");
        }
        return currentSession.getId();
    }

    private String getUserEid() throws SessionDataException {
        Session currentSession = SessionManager.getCurrentSession();
        if (currentSession == null) {
            throw new SessionDataException("No current user session");
        }
        return currentSession.getUserEid();
    }

    private User getUser() throws IdUnusedException, SessionDataException, UserNotDefinedException {
        return UserDirectoryService.getUser(getUserId());
    }

    private String getSiteId() throws SessionDataException {
        Placement currentPlacement = ToolManager.getCurrentPlacement();
        if (currentPlacement == null) {
            throw new SessionDataException("No current tool placement");
        }
        return currentPlacement.getContext();
    }

    private String getUserRole() throws IdUnusedException, SessionDataException, GroupNotDefinedException {
        AuthzGroup authzGroup = AuthzGroupService.getAuthzGroup("/site/" + getSiteId());
        if (authzGroup == null) {
            throw new SessionDataException("No current group");
        }
        Role userRole = authzGroup.getUserRole(getUserId());
        if (userRole == null) {
            throw new SessionDataException("No current role");
        }
        return userRole.getId();
    }

    private String getSiteProperty(String str) throws IdUnusedException, SessionDataException {
        return SiteService.getSite(getSiteId()).getProperties().getProperty(str);
    }

    private String getMacroValue(String str) {
        try {
            if (str.equals(MACRO_USER_ID)) {
                return getUserId();
            }
            if (str.equals(MACRO_USER_EID)) {
                return getUserEid();
            }
            if (str.equals(MACRO_USER_FIRST_NAME)) {
                return getUser().getFirstName();
            }
            if (str.equals(MACRO_USER_LAST_NAME)) {
                return getUser().getLastName();
            }
            if (str.equals(MACRO_SITE_ID)) {
                return getSiteId();
            }
            if (str.equals(MACRO_USER_ROLE)) {
                return getUserRole();
            }
            if (str.equals(MACRO_SESSION_ID)) {
                return getSessionId();
            }
            if (str.startsWith("${SITE_PROP:")) {
                String substring = str.substring(2);
                str = substring.substring(0, substring.length() - 1);
                String[] split = str.split(":");
                if (split != null && split.length > 1) {
                    String siteProperty = getSiteProperty(split[1]);
                    return siteProperty == null ? "" : siteProperty;
                }
            }
            return str;
        } catch (Throwable th) {
            return "";
        }
    }

    private void expand(StringBuilder sb, String str) {
        int indexOf = sb.indexOf(str);
        while (true) {
            int i = indexOf;
            if (i == -1) {
                return;
            }
            String encode = URLEncoder.encode(getMacroValue(str));
            sb.replace(i, i + str.length(), encode);
            indexOf = sb.indexOf(str, i + encode.length());
        }
    }

    private String doMacroExpansion(String str) {
        if (str.indexOf("${") == -1) {
            return str;
        }
        StringBuilder sb = new StringBuilder(str);
        Iterator it = allowedMacrosList.iterator();
        while (it.hasNext()) {
            expand(sb, (String) it.next());
        }
        return sb.toString();
    }

    private Properties getAllProperties(Placement placement) {
        Properties registeredConfig = placement.getTool().getRegisteredConfig();
        Properties placementConfig = placement.getPlacementConfig();
        for (String str : placementConfig.keySet()) {
            registeredConfig.setProperty(str, placementConfig.getProperty(str));
        }
        return registeredConfig;
    }

    public boolean validateURL(String str) {
        if (StringUtils.isBlank(str)) {
            return false;
        }
        if (ABOUT_BLANK.equals(str)) {
            return true;
        }
        if (sanitizeHrefURL(str) == null) {
            return false;
        }
        if (str.startsWith("//") && str.indexOf("://") == -1) {
            str = PROTOCOL_PREFIX + str;
        }
        if (str.startsWith(CookieSpec.PATH_DELIM) && str.indexOf("://") == -1) {
            str = HOST_PREFIX + str;
        }
        return new UrlValidator(8L).isValid(str);
    }

    public String sanitizeHrefURL(String str) {
        return FormattedText.sanitizeHrefURL(str);
    }

    static {
        xframeCache = 21600000L;
        xframeLoad = 8000L;
        xframeCache = 21600000L;
        String string = ServerConfigurationService.getString(IFRAME_XFRAME_CACHETIME, (String) null);
        if (string != null) {
            try {
                xframeCache = Long.parseLong(string);
            } catch (NumberFormatException e) {
                xframeCache = 21600000L;
            }
        }
        xframeLoad = 8000L;
        String string2 = ServerConfigurationService.getString(IFRAME_XFRAME_LOADTIME, (String) null);
        if (string2 != null) {
            try {
                xframeLoad = Long.parseLong(string2);
            } catch (NumberFormatException e2) {
                xframeLoad = 8000L;
            }
        }
        allowedMacrosList = new ArrayList();
        String[] split = ServerConfigurationService.getString(IFRAME_ALLOWED_MACROS_PROPERTY, MACRO_DEFAULT_ALLOWED).split(",");
        if (split != null) {
            for (String str : split) {
                allowedMacrosList.add(str);
            }
        }
    }
}
