Merge pull request #184 from cip4/zapptext

remove idiotic dependency

Author: rainer-prosi

build.gradle

@@ -151,19 +151,18 @@ dependencies {
 
     implementation 'org.eclipse.jetty.ee10:jetty-ee10-servlet:12.0.22'
     implementation("org.apache.commons:commons-lang3:3.20.0")
-    implementation 'org.apache.commons:commons-text:1.11.0'
     implementation 'org.apache.commons:commons-fileupload2-jakarta-servlet6:2.+'
     implementation 'jakarta.servlet:jakarta.servlet-api:6.1.0'  
     implementation 	'com.sun.mail:jakarta.mail:2.0.1'
-   implementation 'org.apache.commons:commons-lang3:3.18.0'
+    implementation 'org.apache.commons:commons-lang3:3.18.0'
 
 
     implementation 'org.apache.logging.log4j:log4j-core:2.25.2'
     implementation 'org.apache.logging.log4j:log4j-jcl:2.25.2'
 
     testImplementation 'org.junit.jupiter:junit-jupiter-api:5.13.4'
     testRuntimeOnly 'org.junit.jupiter:junit-jupiter-engine:5.13.4'
-testRuntimeOnly 'org.junit.platform:junit-platform-launcher:1.13.4'
+    testRuntimeOnly 'org.junit.platform:junit-platform-launcher:1.13.4'
     testImplementation 'org.springframework:spring-test:6.2.+'
     testImplementation 'org.springframework:spring-web:6.2.+'
     testImplementation 'org.mockito:mockito-core:5.20.0'

src/main/java/org/cip4/jdfutility/GetFileServlet.java

@@ -2,7 +2,7 @@
  * The CIP4 Software License, Version 1.0
  *
  *
- * Copyright (c) 2001-2022 The International Cooperation for the Integration of Processes in Prepress, Press and Postpress (CIP4). All rights reserved.
+ * Copyright (c) 2001-2026 The International Cooperation for the Integration of Processes in Prepress, Press and Postpress (CIP4). All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
  *
@@ -44,10 +44,10 @@
 import java.nio.file.InvalidPathException;
 import java.nio.file.Path;
 
-import org.apache.commons.text.StringEscapeUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.cip4.jdflib.util.StreamUtil;
+import org.cip4.jdflib.util.StringUtil;
 import org.cip4.jdflib.util.UrlUtil;
 
 import jakarta.servlet.ServletConfig;
@@ -92,8 +92,8 @@ public void destroy()
 
 	/**
 	 * Handles the HTTP <code>GET</code> method.
-	 * 
-	 * @param request servlet request
+	 *
+	 * @param request  servlet request
 	 * @param response servlet response
 	 */
 	@Override
@@ -104,8 +104,8 @@ protected void doGet(final HttpServletRequest request, final HttpServletResponse
 
 	/**
 	 * Handles the HTTP <code>POST</code> method.
-	 * 
-	 * @param request servlet request
+	 *
+	 * @param request  servlet request
 	 * @param response servlet response
 	 */
 	@Override
@@ -140,7 +140,7 @@ void processRequest(final HttpServletRequest request, final HttpServletResponse
 			response.setContentType(UrlUtil.TEXT_HTML);
 			response.setStatus(404);
 			os.write("<HTML><H1>Error</H1><br/>Cannot find file: ".getBytes());
-			os.write(StringEscapeUtils.escapeHtml3(localName).getBytes());
+			os.write(StringUtil.replaceCharSet(localName, "<>", "_", 0).getBytes());
 			os.write("</HTML>".getBytes());
 		}
 		StreamUtil.close(os);

src/test/java/org/cip4/jdfutility/GetFileServletTest.java

@@ -2,7 +2,7 @@
  * The CIP4 Software License, Version 1.0
  *
  *
- * Copyright (c) 2001-2022 The International Cooperation for the Integration of Processes in Prepress, Press and Postpress (CIP4). All rights reserved.
+ * Copyright (c) 2001-2026 The International Cooperation for the Integration of Processes in Prepress, Press and Postpress (CIP4). All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
  *
@@ -44,31 +44,31 @@
 import java.nio.file.Path;
 import java.nio.file.Paths;
 
-import jakarta.servlet.ServletException;
-
 import org.cip4.jdflib.core.JDFCoreConstants;
 import org.junit.jupiter.api.Test;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.mock.web.MockServletConfig;
 
+import jakarta.servlet.ServletException;
+
 public class GetFileServletTest
 {
 
 	@Test
 	public void processRequest() throws ServletException, URISyntaxException, IOException
 	{
-		Path file = Paths.get(GetFileServlet.class.getResource("/data/resourceInfo.jmf").toURI());
+		final Path file = Paths.get(GetFileServlet.class.getResource("/data/resourceInfo.jmf").toURI());
 
-		MockServletConfig config = new MockServletConfig();
+		final MockServletConfig config = new MockServletConfig();
 		config.addInitParameter("rootDir", file.getParent().toString());
 
-		GetFileServlet servlet = new GetFileServlet();
+		final GetFileServlet servlet = new GetFileServlet();
 		servlet.init(config);
 
-		MockHttpServletRequest request = new MockHttpServletRequest();
+		final MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setPathInfo(file.getFileName().toString());
-		MockHttpServletResponse response = new MockHttpServletResponse();
+		final MockHttpServletResponse response = new MockHttpServletResponse();
 
 		servlet.processRequest(request, response);
 
@@ -80,17 +80,17 @@ public void processRequest() throws ServletException, URISyntaxException, IOExce
 	@Test
 	public void processRequestFileNotExists() throws ServletException, URISyntaxException, IOException
 	{
-		Path root = Paths.get(GetFileServlet.class.getResource("/data").toURI());
+		final Path root = Paths.get(GetFileServlet.class.getResource("/data").toURI());
 
-		MockServletConfig config = new MockServletConfig();
+		final MockServletConfig config = new MockServletConfig();
 		config.addInitParameter("rootDir", root.toString());
 
-		GetFileServlet servlet = new GetFileServlet();
+		final GetFileServlet servlet = new GetFileServlet();
 		servlet.init(config);
 
-		MockHttpServletRequest request = new MockHttpServletRequest();
+		final MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setPathInfo("file_that_does_not_exist.txt");
-		MockHttpServletResponse response = new MockHttpServletResponse();
+		final MockHttpServletResponse response = new MockHttpServletResponse();
 
 		servlet.processRequest(request, response);
 
@@ -102,15 +102,15 @@ public void processRequestFileNotExists() throws ServletException, URISyntaxExce
 	@Test
 	public void processRequestPathTraversal() throws ServletException, IOException
 	{
-		MockServletConfig config = new MockServletConfig();
+		final MockServletConfig config = new MockServletConfig();
 		config.addInitParameter("rootDir", "./");
 
-		GetFileServlet servlet = new GetFileServlet();
+		final GetFileServlet servlet = new GetFileServlet();
 		servlet.init(config);
 
-		MockHttpServletRequest request = new MockHttpServletRequest();
+		final MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setPathInfo("../attack");
-		MockHttpServletResponse response = new MockHttpServletResponse();
+		final MockHttpServletResponse response = new MockHttpServletResponse();
 
 		servlet.processRequest(request, response);
 
@@ -122,20 +122,20 @@ public void processRequestPathTraversal() throws ServletException, IOException
 	@Test
 	public void processRequestInjection() throws ServletException, IOException
 	{
-		MockServletConfig config = new MockServletConfig();
+		final MockServletConfig config = new MockServletConfig();
 		config.addInitParameter("rootDir", "./");
 
-		GetFileServlet servlet = new GetFileServlet();
+		final GetFileServlet servlet = new GetFileServlet();
 		servlet.init(config);
 
-		MockHttpServletRequest request = new MockHttpServletRequest();
+		final MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setPathInfo("<script>attack</script>");
-		MockHttpServletResponse response = new MockHttpServletResponse();
+		final MockHttpServletResponse response = new MockHttpServletResponse();
 
 		servlet.processRequest(request, response);
 
 		assertEquals(404, response.getStatus());
-		assertEquals("<HTML><H1>Error</H1><br/>Cannot find file: &lt;script&gt;attack&lt;/script&gt;</HTML>", response.getContentAsString());
+		assertEquals("<HTML><H1>Error</H1><br/>Cannot find file: _script_attack_/script_</HTML>", response.getContentAsString());
 		assertEquals("text/html", response.getContentType());
 	}
 }