From 5a20a863d085ef4a81bd23a0611a7b794dd4e0b8 Mon Sep 17 00:00:00 2001
From: Andreas Svanberg <andreass@dsv.su.se>
Date: Tue, 16 Apr 2024 14:17:07 +0200
Subject: [PATCH 1/4] 3207 TR
---
.../components/DisableSubmitButtonsOnSubmit.java | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/view/src/main/java/se/su/dsv/scipro/components/DisableSubmitButtonsOnSubmit.java b/view/src/main/java/se/su/dsv/scipro/components/DisableSubmitButtonsOnSubmit.java
index 3a98b9e500..616410edb9 100644
--- a/view/src/main/java/se/su/dsv/scipro/components/DisableSubmitButtonsOnSubmit.java
+++ b/view/src/main/java/se/su/dsv/scipro/components/DisableSubmitButtonsOnSubmit.java
@@ -7,7 +7,7 @@ import org.apache.wicket.markup.head.OnEventHeaderItem;
import org.apache.wicket.markup.html.form.Form;
/**
- * Disables all elements with {@code [type=submit]}
+ * {@link Form} behavior that disables all elements with {@code [type=submit]} when the form is submitted.
*/
public class DisableSubmitButtonsOnSubmit extends Behavior {
@Override
@@ -21,10 +21,12 @@ public class DisableSubmitButtonsOnSubmit extends Behavior {
@Override
public void renderHead(Component component, IHeaderResponse response) {
super.renderHead(component, response);
- final String javaScript = "const submitButtons = event.target.querySelectorAll(\"[type=submit]\");\n" +
- "for (const button of submitButtons) {\n" +
- " button.disabled = true;\n" +
- "}\n";
+ final String javaScript = """
+ const submitButtons = event.target.querySelectorAll("[type=submit]");
+ for (const button of submitButtons) {
+ button.disabled = true;
+ }
+ """;
response.render(OnEventHeaderItem.forComponent(component, "submit", javaScript));
}
}
\ No newline at end of file
From fb39fa9c64c4034ca47a5f6550deea5c17e60154 Mon Sep 17 00:00:00 2001
From: Wayne Westmoreland <wayne@dsv.su.se>
Date: Tue, 16 Apr 2024 21:31:12 +0200
Subject: [PATCH 2/4] 3359 Bristande info under Final thesis and reflection
---
.../FinalThesisPanel$RevisionPanel.html | 2 +-
.../project/pages/ProjectDetailsPage.java | 26 +++++++++++++------
2 files changed, 19 insertions(+), 9 deletions(-)
diff --git a/view/src/main/java/se/su/dsv/scipro/finalthesis/FinalThesisPanel$RevisionPanel.html b/view/src/main/java/se/su/dsv/scipro/finalthesis/FinalThesisPanel$RevisionPanel.html
index 4794a766db..e3af36075e 100644
--- a/view/src/main/java/se/su/dsv/scipro/finalthesis/FinalThesisPanel$RevisionPanel.html
+++ b/view/src/main/java/se/su/dsv/scipro/finalthesis/FinalThesisPanel$RevisionPanel.html
@@ -5,7 +5,7 @@
<strong>Status:</strong> <span class="text-danger">REVISION NEEDED</span>
<div class="help-box">
<span wicket:id="rejectedDateLabel"></span><br>
- Your supervisor have decided that you need to revise your final thesis and then upload it again.<br>
+ Your supervisor has decided that you need to revise your final thesis and then upload it again.<br>
<a href="#" wicket:id="forumLink">Go to the forum to view the reason behind this decision</a>.
</div>
</wicket:panel>
diff --git a/view/src/main/java/se/su/dsv/scipro/project/pages/ProjectDetailsPage.java b/view/src/main/java/se/su/dsv/scipro/project/pages/ProjectDetailsPage.java
index 5f9aa03211..4f3674ed8b 100755
--- a/view/src/main/java/se/su/dsv/scipro/project/pages/ProjectDetailsPage.java
+++ b/view/src/main/java/se/su/dsv/scipro/project/pages/ProjectDetailsPage.java
@@ -11,7 +11,9 @@ import se.su.dsv.scipro.activityplan.UpcomingActivitiesPanel;
import se.su.dsv.scipro.checklists.ChecklistOverviewPanel;
import se.su.dsv.scipro.components.menuhighlighting.MenuHighlightAuthorMyProjects;
import se.su.dsv.scipro.finalseminar.OverviewSeminarPanel;
+import se.su.dsv.scipro.finalthesis.FinalThesis;
import se.su.dsv.scipro.finalthesis.FinalThesisPanel;
+import se.su.dsv.scipro.finalthesis.FinalThesisService;
import se.su.dsv.scipro.group.AuthorGroupPage;
import se.su.dsv.scipro.group.GroupsOverviewPanel;
import se.su.dsv.scipro.latestevents.LatestEventsPanel;
@@ -42,12 +44,23 @@ public class ProjectDetailsPage extends AbstractProjectDetailsPage implements Me
public static final String EXTERNAL_RESOURCES = "externalResources";
public static final String EXTERNAL_LINK = "externalLink";
+ private final boolean shouldFillOutSurvey;
+
@Inject
private SurveyService surveyService;
+ @Inject
+ private FinalThesisService finalThesisService;
+
+
public ProjectDetailsPage(PageParameters pp) {
super(pp);
+ FinalThesis finalThesis = finalThesisService.findByProject(getActiveProject());
+ boolean finalThesisIsRejected = (finalThesis != null && finalThesis.isRejected());
+ shouldFillOutSurvey = surveyService.shouldFillOutSurvey(getActiveProject(), SciProSession.get().getUser())
+ && !finalThesisIsRejected;
+
add(new ExternalResourcesPanel(EXTERNAL_RESOURCES, LambdaModel.of(projectModel, se.su.dsv.scipro.project.Project::getProjectType, se.su.dsv.scipro.project.Project::setProjectType)));
add(new ExternalLinkPanel(EXTERNAL_LINK, projectModel));
@@ -90,7 +103,6 @@ public class ProjectDetailsPage extends AbstractProjectDetailsPage implements Me
@Override
protected void onConfigure() {
super.onConfigure();
- final boolean shouldFillOutSurvey = surveyService.shouldFillOutSurvey(getActiveProject(), SciProSession.get().getUser());
setVisibilityAllowed(shouldFillOutSurvey);
}
});
@@ -103,13 +115,11 @@ public class ProjectDetailsPage extends AbstractProjectDetailsPage implements Me
@Override
protected void onConfigure() {
super.onConfigure();
- if (surveyService.shouldFillOutSurvey(getActiveProject(), SciProSession.get().getUser())) {
- if (getSession().getMetaData(ProjectFinalSurveyPage.SURVEY_VISITED) == null) {
- getFeedbackMessages().forEach(getSession().getFeedbackMessages()::add);
- throw new RestartResponseException(
- ProjectFinalSurveyPage.class,
- ProjectFinalSurveyPage.getPageParameters(getActiveProject()));
- }
+ if (shouldFillOutSurvey && getSession().getMetaData(ProjectFinalSurveyPage.SURVEY_VISITED) == null) {
+ getFeedbackMessages().forEach(getSession().getFeedbackMessages()::add);
+ throw new RestartResponseException(
+ ProjectFinalSurveyPage.class,
+ ProjectFinalSurveyPage.getPageParameters(getActiveProject()));
}
}
From fea88cfcc6323b01a45284e00b174b29d742a507 Mon Sep 17 00:00:00 2001
From: Andreas Svanberg <andreass@dsv.su.se>
Date: Thu, 18 Apr 2024 09:57:24 +0200
Subject: [PATCH 3/4] 3207 Disabling the button will break Wickets specific
submit button behavior. Disable buttons with CSS instead
---
.../su/dsv/scipro/components/DisableSubmitButtonsOnSubmit.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/view/src/main/java/se/su/dsv/scipro/components/DisableSubmitButtonsOnSubmit.java b/view/src/main/java/se/su/dsv/scipro/components/DisableSubmitButtonsOnSubmit.java
index 616410edb9..119359b2f6 100644
--- a/view/src/main/java/se/su/dsv/scipro/components/DisableSubmitButtonsOnSubmit.java
+++ b/view/src/main/java/se/su/dsv/scipro/components/DisableSubmitButtonsOnSubmit.java
@@ -24,7 +24,7 @@ public class DisableSubmitButtonsOnSubmit extends Behavior {
final String javaScript = """
const submitButtons = event.target.querySelectorAll("[type=submit]");
for (const button of submitButtons) {
- button.disabled = true;
+ button.classList.add('disabled');
}
""";
response.render(OnEventHeaderItem.forComponent(component, "submit", javaScript));
From 9654fea43974f4005f048b9c3a1695e2b96da8e4 Mon Sep 17 00:00:00 2001
From: Andreas Svanberg <andreass@dsv.su.se>
Date: Mon, 22 Apr 2024 09:30:47 +0200
Subject: [PATCH 4/4] Supress bogus security vulnerability
---
owasp.xml | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/owasp.xml b/owasp.xml
index d851f615c4..c504d51e0f 100644
--- a/owasp.xml
+++ b/owasp.xml
@@ -65,4 +65,11 @@
</notes>
<cve>CVE-2023-52070</cve>
</suppress>
+ <suppress>
+ <notes>
+ This is a complete nonsense vulnerability. Some automated tool has
+ gone completely bananas.
+ </notes>
+ <cve>CVE-2024-23076</cve>
+ </suppress>
</suppressions>