6.8.10 release

Former-commit-id: 6444abcb56ee76868af15e9a2adf3affdbaeeec9

ChangeLog

@@ -1,3 +1,7 @@
+03-JUL-2017: 6.8.10
+
+- Uses mxGraph 3.7.5 beta 1
+
 29-JUN-2017: 6.8.9
 
 - Fixes execution order and ignored state parameter

VERSION

@@ -1 +1 @@
-6.8.9
+6.8.10

src/com/mxgraph/online/SaveServlet.java

@@ -2,7 +2,9 @@ package com.mxgraph.online;
 
 import java.io.IOException;
 import java.io.OutputStream;
+import java.io.UnsupportedEncodingException;
 import java.net.URLDecoder;
+import java.net.URLEncoder;
 import java.util.logging.Logger;
 
 import javax.servlet.ServletException;
@@ -46,6 +48,48 @@ public class SaveServlet extends HttpServlet
 		handlePost(request, response);
 	}
 
+	/**
+	 * 
+	 * @param request
+	 * @param response
+	 * @throws ServletException
+	 * @throws IOException
+	 */
+	protected static String validateFilename(String filename)
+	{
+		// Only limited characters allowed
+		try
+		{
+			filename = URLDecoder.decode(filename, "UTF-8");
+		}
+		catch (UnsupportedEncodingException e)
+		{
+			// ignore unsupported encoding
+		}
+		
+		filename = filename.replaceAll("[\\/:;*?\"<>|]", "");
+		
+		if (filename.length() == 0)
+		{
+			filename = "export.xml";
+		}
+		else if (!filename.toLowerCase().endsWith(".svg") &&
+			!filename.toLowerCase().endsWith(".html") &&
+			!filename.toLowerCase().endsWith(".xml") &&
+			!filename.toLowerCase().endsWith(".png") &&
+			!filename.toLowerCase().endsWith(".jpg") &&
+			!filename.toLowerCase().endsWith(".pdf") &&
+			!filename.toLowerCase().endsWith(".vsdx") &&
+			!filename.toLowerCase().endsWith(".txt"))
+		{
+			filename = filename + ".xml";
+		}
+		
+		filename = Utils.encodeURIComponent(filename, "UTF-8");
+		
+		return filename;
+	}
+
 	public static void handlePost(HttpServletRequest request,
 			HttpServletResponse response) throws ServletException, IOException
 	{
@@ -90,6 +134,8 @@ public class SaveServlet extends HttpServlet
 
 					if (filename != null)
 					{
+						filename = validateFilename(filename);
+
 						response.setContentType("application/x-unknown");
 						response.setHeader("Content-Disposition",
 								"attachment; filename=\"" + filename
@@ -124,9 +170,11 @@ public class SaveServlet extends HttpServlet
 					}
 
 					response.setStatus(HttpServletResponse.SC_OK);
-					
+
 					if (filename != null)
 					{
+						filename = validateFilename(filename);
+
 						if (mime != null)
 						{
 							response.setContentType(mime);
@@ -135,7 +183,7 @@ public class SaveServlet extends HttpServlet
 						{
 							response.setContentType("application/x-unknown");
 						}
-						
+
 						response.setHeader("Content-Disposition",
 								"attachment; filename=\"" + filename
 										+ "\"; filename*=UTF-8''" + filename);

war/cache.manifest

@@ -1,7 +1,7 @@
 CACHE MANIFEST
 
 # THIS FILE WAS GENERATED. DO NOT MODIFY!
-# 06/29/2017 10:51 PM
+# 07/03/2017 03:41 PM
 
 app.html
 index.html?offline=1

war/js/diagramly/EditorUi.js

@@ -9028,6 +9028,7 @@
 		this.actions.get('editDiagram').setEnabled((urlParams['embed'] == '1'  &&
 			this.editor.graph.isEnabled()) || (file != null && !file.isRestricted()));
 		this.actions.get('publishLink').setEnabled(file != null && !file.isRestricted());
+		this.actions.get('tags').setEnabled(file != null && file.isEditable());
 		this.menus.get('publish').setEnabled(file != null && !file.isRestricted());
 		
 		var state = graph.view.getState(graph.getSelectionCell());

war/js/diagramly/vsdx/VsdxExport.js

@@ -761,7 +761,7 @@ function VsdxExport(editorUi)
 		{
     		for (var i = 0; i < imgs.length; i++)
 			{
-    			var relationship = createElt(pagesRelsXmlDoc, that.RELS_XMLNS, "Relationship");
+    			var relationship = createElt(pageRelDoc, that.RELS_XMLNS, "Relationship");
     	        relationship.setAttribute("Type", that.XMLNS_R + "/image");
     	        relationship.setAttribute("Id", "rId" + (i+2));
     	        relationship.setAttribute("Target", "../media/" + imgs[i]);